Resolve multiple PHP errors (#3841)

Fixed PHP errors in nginx-error.log:
session_start(): Ignoring session_start() because a session is already active in /usr/local/hestia/web/inc/main.php on line 2"
Undefined array key "v_credentials" in /usr/local/hestia/web/edit/mail/index.php on line 754;
Undefined variable $hostname in /usr/local/hestia/web/edit/mail/index.php on line 1073
Undefined array key "error_msg" in /usr/local/hestia/web/add/key/index.php on line 34"
Undefined array key "v_role" in /usr/local/hestia/web/edit/user/index.php on line 346"
Undefined variable $return_var in /usr/local/hestia/web/delete/key/index.php on line 17
Undefined variable $v_aliases in /usr/local/hestia/web/templates/pages/generate_ssl.php on line 23"
Undefined array key "v_upgrade_send_notification_email" in /usr/local/hestia/web/edit/server/index.php on line 692
Undefined array key "v_upgrade_send_notification_email" in /usr/local/hestia/web/edit/server/index.php on line 693
Undefined array key "v_debug_mode" in /usr/local/hestia/web/edit/server/index.php on line 410
Undefined array key "userTheme" in /usr/local/hestia/web/edit/user/index.php on line 443
Trying to access array offset on value of type null in /usr/local/hestia/web/login/index.php on line 85;

* Fix error when using bulk action but nothing selected
* Remove unused endpoints
* Update /suspend/* endpoint
* Fix bug in access-key
* Update renovate.json

renovate.json

@@ -5,10 +5,10 @@
 		":pinAllExceptPeerDependencies",
 		":disableDependencyDashboard",
 		"group:allNonMajor",
-		"schedule:earlyMondays"
+		"schedule:weekdays"
 	],
 	"enabledManagers": ["npm", "composer", "github-actions"],
 	"ignorePaths": ["**/node_modules/**", "install/deb/filemanager/filegator/composer.json"],
-	"reviewers": ["jaapmarcus"],
+	"reviewers": ["jaapmarcus", "krismkenn"],
 	"branchPrefix": "dependencies"
 }

web/add/key/index.php

@@ -31,7 +31,7 @@ if (!empty($_POST["ok"])) {
 		$user = quoteshellarg($_GET["user"]);
 	}
 
-	if (!$_SESSION["error_msg"]) {
+	if (empty($_SESSION["error_msg"])) {
 		if ($_POST) {
 			//key if key already exists
 			exec(HESTIA_CMD . "v-list-user-ssh-key " . $user . " json", $output, $return_var);

web/bulk/access-key/index.php

@@ -23,6 +23,15 @@ if (($user_plain == "admin" && $api_status < 1) || ($user_plain != "admin" && $a
 	exit();
 }
 
+if (empty($_POST["key"])) {
+	header("Location: /list/access-key/");
+	exit();
+}
+if (empty($_POST["action"])) {
+	header("Location: /list/access-key/");
+	exit();
+}
+
 $key = $_POST["key"];
 $action = $_POST["action"];
 

web/bulk/backup/exclusions/index.php

@@ -1,28 +0,0 @@
-<?php
-use function Hestiacp\quoteshellarg\quoteshellarg;
-
-ob_start();
-
-include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
-
-$backup = $_POST["system"];
-$action = $_POST["action"];
-
-// Check token
-verify_csrf($_POST);
-
-switch ($action) {
-	case "delete":
-		$cmd = "v-delete-user-backup-exclusions";
-		break;
-	default:
-		header("Location: /list/backup/exclusions");
-		exit();
-}
-
-foreach ($backup as $value) {
-	$value = quoteshellarg($value);
-	exec(HESTIA_CMD . $cmd . " " . $user . " " . $value, $output, $return_var);
-}
-
-header("Location: /list/backup/exclusions");

web/bulk/backup/index.php

@@ -2,9 +2,17 @@
 use function Hestiacp\quoteshellarg\quoteshellarg;
 
 ob_start();
-
 include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
 
+if (empty($_POST["backup"])) {
+	header("Location: /list/backup/");
+	exit();
+}
+if (empty($_POST["action"])) {
+	header("Location: /list/backup/");
+	exit();
+}
+
 $backup = $_POST["backup"];
 $action = $_POST["action"];
 

web/bulk/cron/index.php

@@ -7,7 +7,16 @@ include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
 // Check token
 verify_csrf($_POST);
 
+if (empty($_POST["job"])) {
+	header("Location: /list/cron/");
+	exit();
+}
 $job = $_POST["job"];
+
+if (empty($_POST["action"])) {
+	header("Location: /list/cron/");
+	exit();
+}
 $action = $_POST["action"];
 
 if ($_SESSION["userContext"] === "admin") {

web/bulk/db/index.php

@@ -8,6 +8,15 @@ include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
 // Check token
 verify_csrf($_POST);
 
+if (empty($_POST["database"])) {
+	header("Location: /list/db/");
+	exit();
+}
+
+if (empty($_POST["action"])) {
+	header("Location: /list/db/");
+	exit();
+}
 $database = $_POST["database"];
 $action = $_POST["action"];
 

web/bulk/dns/index.php

@@ -8,12 +8,26 @@ include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
 // Check token
 verify_csrf($_POST);
 
+if (empty($_POST["domain"])) {
+	header("Location: /list/dns/");
+	exit();
+}
+
+if (empty($_POST["action"])) {
+	header("Location: /list/dns/");
+	exit();
+}
+
 $domain = $_POST["domain"];
-$record = $_POST["record"];
+if (empty($_POST["record"])) {
+	$record = "";
+} else {
+	$record = $_POST["record"];
+}
 $action = $_POST["action"];
 
 if ($_SESSION["userContext"] === "admin") {
-	if (empty($record)) {
+	if (empty($_POST["record"])) {
 		switch ($action) {
 			case "rebuild":
 				$cmd = "v-rebuild-dns-domain";
@@ -48,7 +62,7 @@ if ($_SESSION["userContext"] === "admin") {
 		}
 	}
 } else {
-	if (empty($record)) {
+	if (empty($_POST["record"])) {
 		switch ($action) {
 			case "delete":
 				$cmd = "v-delete-dns-domain";
@@ -69,12 +83,16 @@ if ($_SESSION["userContext"] === "admin") {
 	}
 }
 
-if (empty($record)) {
-	foreach ($domain as $value) {
-		// DNS
-		$value = quoteshellarg($value);
-		exec(HESTIA_CMD . $cmd . " " . $user . " " . $value . " no", $output, $return_var);
-		$restart = "yes";
+if (empty($_POST["record"])) {
+	if (is_array($_POST["domain"])) {
+		foreach ($domain as $value) {
+			// DNS
+			$value = quoteshellarg($value);
+			exec(HESTIA_CMD . $cmd . " " . $user . " " . $value . " no", $output, $return_var);
+			$restart = "yes";
+		}
+	} else {
+		header("Location: /list/dns/?domain=" . $domain);
 	}
 } else {
 	foreach ($record as $value) {
@@ -94,7 +112,7 @@ if (!empty($restart)) {
 	exec(HESTIA_CMD . "v-restart-dns", $output, $return_var);
 }
 
-if (empty($record)) {
+if (empty($_POST["record"])) {
 	header("Location: /list/dns/");
 	exit();
 } else {

web/bulk/firewall/banlist/index.php

@@ -15,6 +15,15 @@ if ($_SESSION["userContext"] != "admin") {
 	exit();
 }
 
+if (empty($_POST["ipchain"])) {
+	header("Location: /list/firewall/banlist/");
+	exit();
+}
+if (empty($_POST["action"])) {
+	header("Location: /list/firewall/banlist/");
+	exit();
+}
+
 $ipchain = $_POST["ipchain"];
 $action = $_POST["action"];
 

web/bulk/firewall/index.php

@@ -15,6 +15,15 @@ if ($_SESSION["userContext"] != "admin") {
 	exit();
 }
 
+if (empty($_POST["rule"])) {
+	header("Location: /list/firewall/");
+	exit();
+}
+if (empty($_POST["action"])) {
+	header("Location: /list/firewall/");
+	exit();
+}
+
 $rule = $_POST["rule"];
 $action = $_POST["action"];
 

web/bulk/firewall/ipset/index.php

@@ -15,6 +15,15 @@ if ($_SESSION["userContext"] != "admin") {
 	exit();
 }
 
+if (empty($_POST["setname"])) {
+	header("Location: /list/firewall/ipset/");
+	exit();
+}
+if (empty($_POST["action"])) {
+	header("Location: /list/firewall/ipset/");
+	exit();
+}
+
 $setname = $_POST["setname"];
 $action = $_POST["action"];
 switch ($action) {

web/bulk/hestia/index.php

@@ -1,29 +0,0 @@
-<?php
-use function Hestiacp\quoteshellarg\quoteshellarg;
-
-ob_start();
-
-include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
-
-// Check token
-verify_csrf($_POST);
-
-$pkg = $_POST["pkg"];
-$action = $_POST["action"];
-
-if ($_SESSION["userContext"] === "admin") {
-	switch ($action) {
-		case "update":
-			$cmd = "v-update-sys-hestia";
-			break;
-		default:
-			header("Location: /list/updates/");
-			exit();
-	}
-	foreach ($pkg as $value) {
-		$value = quoteshellarg($value);
-		exec(HESTIA_CMD . $cmd . " " . $value, $output, $return_var);
-	}
-}
-
-header("Location: /list/updates/");

web/bulk/ip/index.php

@@ -8,6 +8,15 @@ include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
 // Check token
 verify_csrf($_POST);
 
+if (empty($_POST["ip"])) {
+	header("Location: /list/ip");
+	exit();
+}
+if (empty($_POST["action"])) {
+	header("Location: /list/ip");
+	exit();
+}
+
 $ip = $_POST["ip"];
 $action = $_POST["action"];
 

web/bulk/mail/index.php

@@ -8,12 +8,25 @@ include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
 // Check token
 verify_csrf($_POST);
 
+if (empty($_POST["domain"])) {
+	header("Location: /list/mail");
+	exit();
+}
+if (empty($_POST["action"])) {
+	header("Location: /list/mail");
+	exit();
+}
+
 $domain = $_POST["domain"];
-$account = $_POST["account"];
+if (empty($_POST["account"])) {
+	$account = "";
+} else {
+	$account = $_POST["account"];
+}
 $action = $_POST["action"];
 
 if ($_SESSION["userContext"] === "admin") {
-	if (empty($account)) {
+	if (empty($_POST["account"])) {
 		switch ($action) {
 			case "rebuild":
 				$cmd = "v-rebuild-mail-domain";
@@ -32,7 +45,7 @@ if ($_SESSION["userContext"] === "admin") {
 				exit();
 		}
 	} else {
-		switch ($action) {
+		switch ($_POST["account"]) {
 			case "delete":
 				$cmd = "v-delete-mail-account";
 				break;
@@ -48,7 +61,7 @@ if ($_SESSION["userContext"] === "admin") {
 		}
 	}
 } else {
-	if (empty($account)) {
+	if (empty($_POST["account"])) {
 		switch ($action) {
 			case "delete":
 				$cmd = "v-delete-mail-domain";
@@ -64,7 +77,7 @@ if ($_SESSION["userContext"] === "admin") {
 				exit();
 		}
 	} else {
-		switch ($action) {
+		switch ($_POST["account"]) {
 			case "delete":
 				$cmd = "v-delete-mail-account";
 				break;
@@ -81,12 +94,17 @@ if ($_SESSION["userContext"] === "admin") {
 	}
 }
 
-if (empty($account)) {
-	foreach ($domain as $value) {
-		// Mail
-		$value = quoteshellarg($value);
-		exec(HESTIA_CMD . $cmd . " " . $user . " " . $value, $output, $return_var);
-		$restart = "yes";
+if (empty($_POST["account"])) {
+	if (is_array($domain)) {
+		foreach ($domain as $value) {
+			// Mail
+			$value = quoteshellarg($value);
+			exec(HESTIA_CMD . $cmd . " " . $user . " " . $value, $output, $return_var);
+			$restart = "yes";
+		}
+	} else {
+		header("Location: /list/mail/?domain=" . $domain);
+		exit();
 	}
 } else {
 	foreach ($account as $value) {

web/bulk/package/index.php

@@ -8,6 +8,15 @@ include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
 // Check token
 verify_csrf($_POST);
 
+if (empty($_POST["package"])) {
+	header("Location: /list/package");
+	exit();
+}
+if (empty($_POST["action"])) {
+	header("Location: /list/package");
+	exit();
+}
+
 $package = $_POST["package"];
 $action = $_POST["action"];
 

web/bulk/restore/index.php

@@ -8,6 +8,15 @@ include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
 // Check token
 verify_csrf($_POST);
 
+if (empty($_POST["backup"])) {
+	header("Location: /list/backup/");
+	exit();
+}
+if (empty($_POST["action"])) {
+	header("Location: /list/backup");
+	exit();
+}
+
 $action = $_POST["action"];
 $backup = quoteshellarg($_POST["backup"]);
 

web/bulk/service/index.php

@@ -8,6 +8,15 @@ include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
 // Check token
 verify_csrf($_POST);
 
+if (empty($_POST["service"])) {
+	header("Location: /list/server/");
+	exit();
+}
+if (empty($_POST["action"])) {
+	header("Location: /list/server/");
+	exit();
+}
+
 $service = $_POST["service"];
 $action = $_POST["action"];
 

web/bulk/user/index.php

@@ -8,6 +8,14 @@ include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
 // Check token
 verify_csrf($_POST);
 
+if (empty($_POST["user"])) {
+	header("Location: /list/user");
+	exit();
+}
+if (empty($_POST["action"])) {
+	header("Location: /list/user");
+	exit();
+}
 $user = $_POST["user"];
 $action = $_POST["action"];
 

web/bulk/web/index.php

@@ -9,10 +9,12 @@ include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
 verify_csrf($_POST);
 
 if (empty($_POST["domain"])) {
-	$_POST["domain"] = "";
+	header("Location: /list/web/");
+	exit();
 }
 if (empty($_POST["action"])) {
-	$_POST["action"] = "";
+	header("Location: /list/web");
+	exit();
 }
 
 $domain = $_POST["domain"];

web/delete/key/index.php

@@ -13,7 +13,7 @@ if ($_SESSION["userContext"] === "admin" && !empty($_GET["user"])) {
 
 if (!empty($_GET["key"])) {
 	$v_key = quoteshellarg(trim($_GET["key"]));
-	exec(HESTIA_CMD . "v-delete-user-ssh-key " . $user . " " . $v_key);
+	exec(HESTIA_CMD . "v-delete-user-ssh-key " . $user . " " . $v_key, $output, $return_var);
 	check_return_code($return_var, $output);
 }
 

web/edit/mail/index.php

@@ -751,7 +751,6 @@ if (!empty($_POST["save"]) && !empty($_GET["domain"]) && !empty($_GET["account"]
 
 	$v_account = $_POST["v_account"];
 	$v_send_email = $_POST["v_send_email"];
-	$v_credentials = $_POST["v_credentials"];
 
 	exec(
 		HESTIA_CMD .
@@ -1070,6 +1069,7 @@ if (!empty($_POST["save"]) && !empty($_GET["domain"]) && !empty($_GET["account"]
 		}
 	}
 
+	$hostname = get_hostname();
 	$webmail = "http://" . $hostname . "/" . $v_webmail_alias . "/";
 	if (!empty($_SESSION["WEBMAIL_ALIAS"])) {
 		$webmail = $_SESSION["WEBMAIL_ALIAS"];

web/edit/server/index.php

@@ -407,11 +407,16 @@ if (!empty($_POST["save"])) {
 
 	// Update debug mode status
 	if (empty($_SESSION["error_msg"])) {
-		if ($_POST["v_debug_mode"] == "on") {
-			$_POST["v_debug_mode"] = "true";
+		if (!empty($_POST["v_debug_mode"])) {
+			if ($_POST["v_debug_mode"] == "on") {
+				$_POST["v_debug_mode"] = "true";
+			} else {
+				$_POST["v_debug_mode"] = "false";
+			}
 		} else {
 			$_POST["v_debug_mode"] = "false";
 		}
+
 		if ($_POST["v_debug_mode"] != $_SESSION["DEBUG_MODE"]) {
 			exec(
 				HESTIA_CMD .
@@ -689,6 +694,10 @@ if (!empty($_POST["save"])) {
 		} else {
 			$ugrade_send_mail = "";
 		}
+		if (empty($_POST["v_upgrade_send_notification_email"])) {
+			$_POST["v_upgrade_send_notification_email"] = "";
+		}
+
 		if ($_POST["v_upgrade_send_notification_email"] != $ugrade_send_mail) {
 			if ($_POST["v_upgrade_send_notification_email"] == "on") {
 				$_POST["v_upgrade_send_notification_email"] = "true";

web/edit/user/index.php

@@ -342,6 +342,9 @@ if (!empty($_POST["save"])) {
 			check_return_code($return_var, $output);
 			unset($output);
 		}
+
+		$_POST["v_role"] = $_POST["v_role"] ?? "";
+
 		if (
 			$v_role != $_POST["v_role"] &&
 			$_SESSION["userContext"] === "admin" &&
@@ -437,6 +440,9 @@ if (!empty($_POST["save"])) {
 
 	// Update theme
 	if (empty($_SESSION["error_msg"])) {
+		if (empty($_SESSION["userTheme"])) {
+			$_SESSION["userTheme"] = "";
+		}
 		if ($_POST["v_user_theme"] != $_SESSION["userTheme"]) {
 			exec(
 				HESTIA_CMD .

web/generate/ssl/index.php

@@ -12,6 +12,8 @@ if (!empty($_GET["domain"])) {
 } else {
 	$v_domain = "example.tld";
 }
+
+$v_aliases = "";
 $v_email = "";
 $v_country = "US";
 $v_state = "California";

web/login/index.php

@@ -73,7 +73,7 @@ if (isset($_SESSION["user"])) {
 		// Obtain account properties
 		$v_user = quoteshellarg(
 			$_SESSION[
-				$_SESSION["userContext"] === "admin" && isset($_SESSION["look"]) ? "look" : "user"
+				$_SESSION["userContext"] === "admin" && $_SESSION["look"] !== "" ? "look" : "user"
 			],
 		);
 

web/suspend/db/index.php

@@ -1,10 +1,7 @@
 <?php
 use function Hestiacp\quoteshellarg\quoteshellarg;
 
-// Init
-error_reporting(null);
 ob_start();
-session_start();
 include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
 
 // Check token

web/suspend/dns/index.php

@@ -1,10 +1,7 @@
 <?php
 use function Hestiacp\quoteshellarg\quoteshellarg;
 
-// Init
-error_reporting(null);
 ob_start();
-session_start();
 include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
 
 // Check token

web/suspend/firewall/index.php

@@ -1,9 +1,8 @@
 <?php
 use function Hestiacp\quoteshellarg\quoteshellarg;
 
-// Init
-error_reporting(null);
 ob_start();
+
 session_start();
 include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
 

web/suspend/mail/index.php

@@ -1,10 +1,7 @@
 <?php
 use function Hestiacp\quoteshellarg\quoteshellarg;
 
-// Init
-error_reporting(null);
 ob_start();
-session_start();
 include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
 
 // Check token

web/suspend/user/index.php

@@ -1,9 +1,7 @@
 <?php
 use function Hestiacp\quoteshellarg\quoteshellarg;
 
-error_reporting(null);
 ob_start();
-session_start();
 $TAB = "USER";
 include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
 

web/suspend/web/index.php

@@ -1,10 +1,7 @@
 <?php
 use function Hestiacp\quoteshellarg\quoteshellarg;
 
-// Init
-error_reporting(null);
 ob_start();
-session_start();
 include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
 
 // Check token