Merge remote-tracking branch 'upstream/main' into ipv6

func/upgrade.sh

@@ -325,6 +325,9 @@ upgrade_init_backup() {
 	if [ -d "/etc/phpmyadmin/" ]; then
 		mkdir -p $HESTIA_BACKUP/conf/phpmyadmin/
 	fi
+	if [ -d "/etc/phppgadmin/" ]; then
+		mkdir -p $HESTIA_BACKUP/conf/phppgadmin/
+	fi
 }
 
 upgrade_init_logging() {
@@ -467,6 +470,12 @@ upgrade_start_backup() {
 		fi
 		cp -fr /etc/phpmyadmin/* $HESTIA_BACKUP/conf/phpmyadmin
 	fi
+	if [ -d "/etc/phppgadmin" ]; then
+		if [ "$DEBUG_MODE" = "true" ]; then
+			echo "      ---- phppgadmin"
+		fi
+		cp -fr /etc/phppgadmin/* $HESTIA_BACKUP/conf/phppgadmin
+	fi
 }
 
 upgrade_refresh_config() {
@@ -541,6 +550,29 @@ upgrade_b2_tool() {
 	fi
 }
 
+upgrade_phppgadmin() {
+	if [ -n "$(echo $DB_SYSTEM | grep -w 'pgsql')" ]; then
+		pga_release=$(cat /usr/share/phppgadmin/libraries/lib.inc.php | grep appVersion | head -n1 | cut -f2 -d\' | cut -f1 -d-)
+		if version_ge "$pga_release" "pga_v"; then
+			echo "[ * ] phppgadmin is up to date ($pga_release)..."
+		else
+			# Display upgrade information
+			echo "[ * ] Upgrading phppgadmin to version $pga_v..."
+			[ -d /usr/share/phpmyadmin ] || mkdir -p /usr/share/phpmyadmin
+			# Download latest phpMyAdmin release
+			wget --retry-connrefused --quiet https://github.com/hestiacp/phppgadmin/releases/download/v$pga_v/phppgadmin-v$pga_v.tar.gz
+			tar xzf phppgadmin-v$pga_v.tar.gz -C /usr/share/phppgadmin/
+
+			if ! version_ge "$pga_release" "7.14.0"; then
+				cp -f $HESTIA_INSTALL_DIR/pga/config.inc.php /etc/phppgadmin/
+			fi
+			if [ ! -f /usr/share/phppgadmin/conf/config.inc.php ]; then
+				ln -s /etc/phppgadmin/config.inc.php /usr/share/phppgadmin/conf
+			fi
+		fi
+	fi
+}
+
 upgrade_phpmyadmin() {
 	# Check if MariaDB/MySQL is installed on the server before attempting to install or upgrade phpMyAdmin
 	if [ -n "$(echo $DB_SYSTEM | grep -w 'mysql')" ]; then

install/deb/pga/config.inc.php

@@ -78,6 +78,15 @@ $conf["default_lang"] = "auto";
 // 'disable' disables AutoComplete.
 $conf["autocomplete"] = "default on";
 
+// If extra session security is true, then PHP's session cookies will have
+// SameSite cookie flags set to prevent CSRF attacks.  If you're using
+// auto-start sessions, autostarted sessions will be destroyed and
+// restarted with SameSite on.  If this this solution is not acceptable for
+// your situation, you will need to either turn off auot-start sessions, or
+// turn off secure sessions.  Versions of PHP below 7.3 do not have access
+// to this feature and will be vulnerable to CSRF attacks.
+$conf["extra_session_security"] = true;
+
 // If extra login security is true, then logins via phpPgAdmin with no
 // password or certain usernames (pgsql, postgres, root, administrator)
 // will be denied. Only set this false once you have read the FAQ and

install/hst-install-debian.sh

@@ -48,7 +48,7 @@ software="nginx apache2 apache2-utils apache2-suexec-custom
   awstats vsftpd proftpd-basic bind9 exim4 exim4-daemon-heavy
   clamav-daemon spamassassin dovecot-imapd dovecot-pop3d dovecot-sieve dovecot-managesieved
   net-tools mariadb-client mariadb-common mariadb-server mysql-client mysql-common mysql-server postgresql
-  postgresql-contrib phppgadmin mc flex whois git idn2 unzip zip sudo bc ftp lsof
+  postgresql-contrib mc flex whois git idn2 unzip zip sudo bc ftp lsof
   rrdtool quota e2fslibs bsdutils e2fsprogs curl imagemagick fail2ban
   dnsutils bsdmainutils cron hestia=${HESTIA_INSTALL_VER} hestia-nginx
   hestia-php expect libmail-dkim-perl unrar-free vim-common acl sysstat
@@ -1655,11 +1655,20 @@ if [ "$postgresql" = 'yes' ]; then
 	systemctl restart postgresql
 	sudo -iu postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'"
 
+	mkdir -p /etc/phppgadmin/
+	mkdir -p /usr/share/phppgadmin/
+
+	cp -f $HESTIA_INSTALL_DIR/pga/config.inc.php /etc/phppgadmin/
+
+	wget --retry-connrefused --quiet https://github.com/hestiacp/phppgadmin/releases/download/v$pga_v/phppgadmin-v$pga_v.tar.gz
+	tar xzf phppgadmin-v$pga_v.tar.gz -C /usr/share/phppgadmin/
+
+	ln -s /etc/phppgadmin/config.inc.php /usr/share/phppgadmin/conf/
+
 	# Configuring phpPgAdmin
 	if [ "$apache" = 'yes' ]; then
 		cp -f $HESTIA_INSTALL_DIR/pga/phppgadmin.conf /etc/apache2/conf.d/phppgadmin.inc
 	fi
-	cp -f $HESTIA_INSTALL_DIR/pga/config.inc.php /etc/phppgadmin/
 
 	write_config_value "DB_PGA_ALIAS" "phppgadmin"
 	$HESTIA/bin/v-change-sys-db-alias 'pga' "phppgadmin"
@@ -1928,23 +1937,10 @@ if [ "$sieve" = 'yes' ]; then
 fi
 
 #----------------------------------------------------------#
-#                  Configure File Manager                  #
-#----------------------------------------------------------#
-
-echo "[ * ] Configuring File Manager..."
-$HESTIA/bin/v-add-sys-filemanager quiet
-
-#----------------------------------------------------------#
-#                  Configure PHPMailer                     #
-#----------------------------------------------------------#
-
-echo "[ * ] Configuring PHP dependencies..."
-$HESTIA/bin/v-add-sys-dependencies quiet
-
-#----------------------------------------------------------#
-#                       Configure API                      #
+#                   Comfigure API                         #
 #----------------------------------------------------------#
 
+# Configuring system IPs
 if [ "$api" = "yes" ]; then
 	# keep legacy api enabled until transition is complete
 	write_config_value "API" "yes"
@@ -1957,6 +1953,23 @@ else
 	$HESTIA/bin/v-change-sys-api disable
 fi
 
+#----------------------------------------------------------#
+#                  Configure File Manager                  #
+#----------------------------------------------------------#
+
+echo "[ * ] Configuring File Manager..."
+$HESTIA/bin/v-add-sys-filemanager quiet
+
+#----------------------------------------------------------#
+#                  Configure dependencies                  #
+#----------------------------------------------------------#
+
+echo "[ * ] Configuring PHP dependencies..."
+$HESTIA/bin/v-add-sys-dependencies quiet
+
+echo "[ * ] Install Rclone"
+curl -s https://rclone.org/install.sh | bash > /dev/null 2>&1
+
 #----------------------------------------------------------#
 #                   Configure IP                           #
 #----------------------------------------------------------#
@@ -2128,9 +2141,12 @@ You have successfully installed Hestia Control Panel on your server.
 
 Ready to get started? Log in using the following credentials:
 
-    Admin URL:  https://$ip:$port
-    Username:   admin
-    Password:   $displaypass
+	Admin URL:  https://$servername:$port"
+if [ "$host_ip" != "$ip" ]; then
+	echo "	Backup URL:  https://$ip:$port"
+fi
+echo -e " 	Username:   admin
+	Password:   $displaypass
 
 Thank you for choosing Hestia Control Panel to power your full stack web server,
 we hope that you enjoy using it as much as we do!

install/hst-install-ubuntu.sh

@@ -46,7 +46,7 @@ software="apache2 apache2.2-common apache2-suexec-custom apache2-utils
     imagemagick libapache2-mod-fcgid libapache2-mod-php$fpm_v libapache2-mod-rpaf
     lsof mc mariadb-client mariadb-common mariadb-server mysql-client mysql-common mysql-server nginx
     php$fpm_v php$fpm_v-cgi php$fpm_v-common php$fpm_v-curl
-    php$fpm_v-mysql php$fpm_v-imap php$fpm_v-ldap php$fpm_v-apcu phppgadmin
+    php$fpm_v-mysql php$fpm_v-imap php$fpm_v-ldap php$fpm_v-apcu
     php$fpm_v-pgsql php$fpm_v-zip php$fpm_v-bz2 php$fpm_v-cli php$fpm_v-gd
     php$fpm_v-imagick php$fpm_v-intl php$fpm_v-mbstring
     php$fpm_v-opcache php$fpm_v-pspell php$fpm_v-readline php$fpm_v-xml
@@ -1738,11 +1738,20 @@ if [ "$postgresql" = 'yes' ]; then
 	systemctl restart postgresql
 	sudo -iu postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'" > /dev/null 2>&1
 
+	mkdir -p /etc/phppgadmin/
+	mkdir -p /usr/share/phppgadmin/
+
+	wget --retry-connrefused --quiet https://github.com/hestiacp/phppgadmin/releases/download/v$pga_v/phppgadmin-v$pga_v.tar.gz
+	tar xzf phppgadmin-v$pga_v.tar.gz -C /usr/share/phppgadmin/
+
+	cp -f $HESTIA_INSTALL_DIR/pga/config.inc.php /etc/phppgadmin/
+
+	ln -s /etc/phppgadmin/config.inc.php /usr/share/phppgadmin/conf/
+
 	# Configuring phpPgAdmin
 	if [ "$apache" = 'yes' ]; then
 		cp -f $HESTIA_INSTALL_DIR/pga/phppgadmin.conf /etc/apache2/conf.d/phppgadmin.inc
 	fi
-	cp -f $HESTIA_INSTALL_DIR/pga/config.inc.php /etc/phppgadmin/
 
 	write_config_value "DB_PGA_ALIAS" "phppgadmin"
 	$HESTIA/bin/v-change-sys-db-alias 'pga' "phppgadmin"
@@ -1769,7 +1778,7 @@ if [ "$named" = 'yes' ]; then
 			systemctl restart apparmor >> $LOG
 		fi
 	fi
-	update-rc.d bind9 defaults
+	update-rc.d bind9 defaults > /dev/null 2>&1
 	systemctl start bind9
 
 	check_result $? "bind9 start failed"
@@ -2030,16 +2039,20 @@ echo "[ * ] Configuring File Manager..."
 $HESTIA/bin/v-add-sys-filemanager quiet
 
 #----------------------------------------------------------#
-#                  Configure PHPMailer                     #
+#                  Configure dependencies                  #
 #----------------------------------------------------------#
 
 echo "[ * ] Configuring PHP dependencies..."
 $HESTIA/bin/v-add-sys-dependencies quiet
 
+echo "[ * ] Install Rclone"
+curl -s https://rclone.org/install.sh | bash > /dev/null 2>&1
+
 #----------------------------------------------------------#
 #                   Configure IP                           #
 #----------------------------------------------------------#
 
+echo "[ * ] Configuring System IP..."
 # Configuring system IPs
 $HESTIA/bin/v-update-sys-ip > /dev/null 2>&1
 
@@ -2053,7 +2066,6 @@ if [ "$iptables" = 'yes' ]; then
 fi
 
 # Get public IP
-echo "[ * ] Configuring System IP..."
 pub_ip=$(curl --ipv4 -s https://ip.hestiacp.com/)
 pub_ipv6=$(curl --ipv6 -s https://ip.hestiacp.com/)
 
@@ -2203,7 +2215,6 @@ fi' >> /root/.bashrc
 #                   Hestia Access Info                     #
 #----------------------------------------------------------#
 
-# Comparing hostname and IP
 host_ip=$(host $servername | head -n 1 | awk '{print $NF}')
 if [ "$host_ip" = "$ip" ]; then
 	ip="$servername"
@@ -2220,9 +2231,12 @@ You have successfully installed Hestia Control Panel on your server.
 
 Ready to get started? Log in using the following credentials:
 
-    Admin URL:  https://$ip:$port
-    Username:   admin
-    Password:   $displaypass
+	Admin URL:  https://$servername:$port"
+if [ "$host_ip" != "$ip" ]; then
+	echo "	Backup URL:  https://$ip:$port"
+fi
+echo -e " 	Username:   admin
+	Password:   $displaypass
 
 Thank you for choosing Hestia Control Panel to power your full stack web server,
 we hope that you enjoy using it as much as we do!

install/rpm/pga/config.inc.php

@@ -148,6 +148,15 @@ $conf["help_base"] = "http://www.postgresql.org/docs/%s/interactive/";
 // Time in seconds. If set to 0, refreshing data using ajax will be disabled (locks and activity pages)
 $conf["ajax_refresh"] = 3;
 
+// If extra session security is true, then PHP's session cookies will have
+// SameSite cookie flags set to prevent CSRF attacks.  If you're using
+// auto-start sessions, autostarted sessions will be destroyed and
+// restarted with SameSite on.  If this this solution is not acceptable for
+// your situation, you will need to either turn off auot-start sessions, or
+// turn off secure sessions.  Versions of PHP below 7.3 do not have access
+// to this feature and will be vulnerable to CSRF attacks.
+$conf["extra_session_security"] = true;
+
 /*****************************************
  * Don't modify anything below this line *
  *****************************************/

install/upgrade/upgrade.conf

@@ -45,6 +45,9 @@ multiphp_v=("5.6" "7.0" "7.1" "7.2" "7.3" "7.4" "8.0" "8.1" "8.2")
 # Set version of phpMyAdmin to install during upgrade if not already installed
 pma_v='5.2.1'
 
+# Set version of phppgadmin to install during upgrade if not already installed
+pga_v='7.14.4'
+
 # Set version of RoundCube (Webmail) to update during upgrade if not already installed
 # Note: only applies to "non-apt installs >= 1.4.0 or manually phased out"
 rc_v='1.6.1'

src/deb/hestia/postinst

@@ -89,6 +89,9 @@ upgrade_dependencies | tee -a $LOG
 # Upgrade phpMyAdmin if applicable
 upgrade_phpmyadmin | tee -a $LOG
 
+# Upgrade phpMyAdmin if applicable
+upgrade_phppgadmin | tee -a $LOG
+
 # Upgrade blackblaze-cli-took if applicable
 upgrade_b2_tool | tee -a $LOG
 

src/rpm/hestia/hestia.spec

@@ -111,6 +111,9 @@ if [ -e "/usr/local/hestia/data/users/admin" ]; then
     # Upgrade phpMyAdmin if applicable
     upgrade_phpmyadmin | tee -a $LOG
 
+	# Upgrade phpMyAdmin if applicable
+	upgrade_phppgadmin | tee -a $LOG
+
     # Upgrade blackblaze-cli-took if applicable
     upgrade_b2_tool | tee -a $LOG
 

web/add/dns/index.php

@@ -331,13 +331,18 @@ $v_template = $user_config[$user_plain]["DNS_TEMPLATE"];
 
 if (empty($_GET["domain"])) {
 	// Display body for dns domain
-
+	if (empty($v_domain)) {
+		$v_domain = "";
+	}
 	if (empty($v_ttl)) {
 		$v_ttl = 14400;
 	}
 	if (empty($v_exp)) {
 		$v_exp = date("Y-m-d", strtotime("+1 year"));
 	}
+	if (empty($v_dnssec)) {
+		$v_dnssec = "";
+	}
 	if (empty($v_ns1)) {
 		exec(HESTIA_CMD . "v-list-user-ns " . $user . " json", $output, $return_var);
 		$nameservers = json_decode(implode("", $output), true);

web/templates/pages/add_dns.php

@@ -150,7 +150,7 @@
 						}
 					?>
 					<div class="u-pt18 js-add-ns" <?php if ($v_ns8) echo 'style="display:none;"'; ?>>
-						<span class="form-link js-add-ns"><?= _("Add one more Name Server") ?></span>
+						<span class="form-link"><?= _("Add one more Name Server") ?></span>
 					</div>
 				</div>
 			<?php } ?>