Merge branch 'main' into feature/user-roles

CHANGELOG.md

@@ -43,6 +43,14 @@ All notable changes to this project will be documented in this file.
 - Fixed xss vulnerability in v-add-sys-ip and user history log (thanks **@numanturle**)
 - Fixed remote execution possibility when deleting ssh key (thanks **@numanturle**)
 
+## [1.3.4] - Service Release
+### Features
+- No new features have been introduced in this release.
+
+### Bugfixes
+- Fixed xss vulnerability in v-add-sys-ip and user history log (thanks **@numanturle**)
+- Fixed remote execution possibility when deleting ssh key (thanks **@numanturle**)
+
 ## [1.3.3] - Service Release
 ### Bugfixes
 - Improved if web folder already exists and do not follow symlink on chmod (thanks @0xGsch and @kikoas1995).

README.md

@@ -2,7 +2,7 @@
 
 [Hestia Control Panel](https://www.hestiacp.com/)
 ==================================================
-**Latest stable release:** Version 1.3.3 | [View Changelog](https://github.com/hestiacp/hestiacp/blob/release/CHANGELOG.md)<br>
+**Latest stable release:** Version 1.3.4 | [View Changelog](https://github.com/hestiacp/hestiacp/blob/release/CHANGELOG.md)<br>
 
 **Web:** [www.hestiacp.com](https://www.hestiacp.com/)<br>
 **Documentation:** [docs.hestiacp.com](https://docs.hestiacp.com/)<br>

bin/v-add-sys-filemanager

@@ -19,8 +19,8 @@ MODE=$1
 user="admin"
 
 FM_INSTALL_DIR="$HESTIA/web/fm"
-FM_FILE="filegator_v${FM_V}.zip"
-FM_URL="https://github.com/filegator/filegator/releases/download/v${FM_V}/${FM_FILE}"
+FM_FILE="filegator_v${fm_v}.zip"
+FM_URL="https://github.com/filegator/filegator/releases/download/v${fm_v}/${FM_FILE}"
 COMPOSER_BIN="$HOMEDIR/$user/.composer/composer"
 
 

bin/v-delete-sys-filemanager

@@ -19,7 +19,6 @@ source $HESTIA/conf/hestia.conf
 
 user='admin'
 FM_INSTALL_DIR="$HESTIA/web/fm"
-FM_V="7.4.1"
 COMPOSER_BIN="$HOMEDIR/$user/.composer/composer"
 
 #----------------------------------------------------------#

func/upgrade.sh

@@ -656,7 +656,7 @@ upgrade_roundcube(){
         if [ ! -z "$(echo "$WEBMAIL_SYSTEM" | grep -w 'roundcube')" ]; then
             rc_version=$(cat /var/lib/roundcube/index.php | grep -o -E '[0-9].[0-9].[0-9]+' | head -1);
             if [ "$rc_version" == "$rc_v" ]; then
-                echo "[ * ] Upgrading RoundCube to version v$rc_v..."
+                echo "[ * ] Upgrading Roundcube to version v$rc_v..."
                 $HESTIA/bin/v-add-sys-roundcube
             fi
         fi
@@ -668,7 +668,7 @@ upgrade_rainloop(){
         if [ ! -z "$(echo "$WEBMAIL_SYSTEM" | grep -w 'rainloop')" ]; then
             rc_version=$(cat /var/lib/rainloop/data/VERSION);
             if [ "$rc_version" == "$rc_v" ]; then
-                echo "[ * ] Upgrading rainloop to version v$rc_v..."
+                echo "[ * ] Upgrading Rainloop to version v$rl_v..."
                 $HESTIA/bin/v-add-sys-rainloop
             fi
         fi

install/deb/filemanager/install-fm.sh

@@ -13,6 +13,7 @@ fi
 user='admin'
 fm_error='no'
 source $HESTIA/func/main.sh
+source $HESTIA/install/upgrade/upgrade.conf
 
 if [ -z "$HOMEDIR" ] || [ -z "$HESTIA_INSTALL_DIR" ]; then
     echo "Error: Hestia environment vars not present"
@@ -21,9 +22,8 @@ fi
 
 FM_INSTALL_DIR="$HESTIA/web/fm"
 
-FM_V="7.4.1"
-FM_FILE="filegator_v${FM_V}.zip"
-FM_URL="https://github.com/filegator/filegator/releases/download/v${FM_V}/${FM_FILE}"
+FM_FILE="filegator_v${fm_v}.zip"
+FM_URL="https://github.com/filegator/filegator/releases/download/v${fm_v}/${FM_FILE}"
 
 
 COMPOSER_BIN="$HOMEDIR/$user/.composer/composer"

install/upgrade/upgrade.conf

@@ -36,7 +36,7 @@ UPGRADE_UPDATE_RAINLOOP='true'
 
 # Update the File Manager or it's configuration file
 # UPGRADE_UPDATE_FILEMANAGER: Performs an upgrade/repair install of the File Manager
-# UPGRADE_UPDATE_FILEMANAGER: Updates only the configuration file
+# UPGRADE_UPDATE_FILEMANAGER_CONFIG: Updates only the configuration file
 UPGRADE_UPDATE_FILEMANAGER='true'
 UPGRADE_UPDATE_FILEMANAGER_CONFIG='false'
 
@@ -59,4 +59,4 @@ rc_v="1.4.11"
 rl_v="1.15.0"
 
 # Set version of File manager to update during upgrade if not already installed
-FM_V="7.5.0"
+fm_v="7.5.0"

install/upgrade/versions/1.3.4.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+# Hestia Control Panel upgrade script for target version 1.3.4
+
+#######################################################################################
+#######                      Place additional commands below.                   #######
+#######################################################################################
+
+echo '[ * ] Updating System Administrator account permissions...'
+$HESTIA/bin/v-change-user-role admin admin
+
+# Send end-of-life notification to admin user on servers running Ubuntu 16.04
+if [ "$OS_TYPE" = "Ubuntu" ]; then
+    if [ "$OS_VERSION" = '16.04' ]; then
+        $HESTIA/bin/v-add-user-notification admin 'IMPORTANT: End of support for Ubuntu 16.04 LTS' '<b>Hestia Control Panel no longer supports Ubuntu 16.04 LTS</b>, as a result your server will no longer receive upgrades or security patches after <b>v1.3.4</b>.<br><br>Please upgrade to a supported operating system.'
+    fi
+fi

web/templates/admin/list_db.html

@@ -7,32 +7,24 @@
             <a href="/add/db/" id="btn-create" class="ui-button cancel" dir="ltr"><i class="fas fa-plus-circle status-icon green"></i><?=_('Add Database')?></a>
           <? } ?>
           <?
-            $mysql = 0;
-            $pgsql = 0;
-
             list($http_host, $port) = explode(':', $_SERVER["HTTP_HOST"].":");
 
-            foreach ($data as $key => $value) {
-              if ($data[$key]['TYPE'] == 'mysql'){
-                $mysql = 1;
-                $db_myadmin_link = "//".$http_host."/phpmyadmin/";
-                if (!empty($_SESSION['DB_PMA_ALIAS']))
-                  $db_myadmin_link = "//".$http_host."/".$_SESSION['DB_PMA_ALIAS'];
-              }
-              if ($data[$key]['TYPE'] == 'pgsql'){
-                $pgsql = 1;
-                $db_pgadmin_link = "//".$http_host."/phppgadmin/";
-                if (!empty($_SESSION['DB_PGA_ALIAS']))
-                  $db_pgadmin_link = "//".$http_host."/".$_SESSION['DB_PGA_ALIAS'];
-              }
-            }
-            if($mysql){
-              echo '<a class="ui-button cancel" dir="ltr" href="'.$db_myadmin_link.'" target="_blank"><i class="fas fa-database status-icon orange"></i>phpMyAdmin</a>';
+            $db_myadmin_link = "//".$http_host."/phpmyadmin/";
+            $db_pgadmin_link = "//".$http_host."/phppgadmin/";
+
+            if (!empty($_SESSION['DB_PMA_ALIAS'])) {
+              $db_myadmin_link = "//".$http_host."/".$_SESSION['DB_PMA_ALIAS']."/";
             }
-            if($pgsql){
-              echo '<a class="ui-button cancel" dir="ltr" href="'.$db_pgadmin_link.'" target="_blank"><i class="fas fa-database status-icon orange"></i>phpPgAdmin</a>';
+            if (!empty($_SESSION['DB_PGA_ALIAS'])) {
+              $db_pgadmin_link = "//".$http_host."/".$_SESSION['DB_PGA_ALIAS']."/";
             }
           ?>
+          <? if (($_SESSION['DB_SYSTEM'] === 'mysql') || ($_SESSION['DB_SYSTEM'] === 'mysql,pgsql') || ($_SESSION['DB_SYSTEM'] === 'pgsql,mysql')) {?>
+            <a class="ui-button cancel" dir="ltr" href="<?php echo $db_myadmin_link; ?>" target="_blank"><i class="fas fa-database status-icon orange"></i>phpMyAdmin</a>
+          <? } ?>
+          <? if (($_SESSION['DB_SYSTEM'] === 'pgsql') || ($_SESSION['DB_SYSTEM'] === 'mysql,pgsql') || ($_SESSION['DB_SYSTEM'] === 'pgsql,mysql')) {?>
+            <a class="ui-button cancel" dir="ltr" href="<?php echo $db_pgadmin_link; ?>" target="_blank"><i class="fas fa-database status-icon orange"></i>phpPgAdmin</a>
+          <? } ?>
         </div>
         <ul class="context-menu sort-order animated fadeIn" style="display:none;">
           <li entity="sort-date" sort_as_int="1"><span class="name active"><?=_('Date')?> <i class="fas fa-sort-amount-down"></i></span><span class="up"><i class="fas fa-sort-amount-up"></i></span></li>

web/templates/user/list_db.html

@@ -3,32 +3,24 @@
         <div class="l-unit-toolbar__buttonstrip">
           <a href="/add/db/" id="btn-create" class="ui-button cancel" dir="ltr"><i class="fas fa-plus-circle status-icon green"></i><?=_('Add Database')?></a>
           <?
-            $mysql = 0;
-            $pgsql = 0;
-
             list($http_host, $port) = explode(':', $_SERVER["HTTP_HOST"].":");
 
-            foreach ($data as $key => $value) {
-              if ($data[$key]['TYPE'] == 'mysql'){
-                $mysql = 1;
-                $db_myadmin_link = "//".$http_host."/phpmyadmin/";
-                if (!empty($_SESSION['DB_PMA_ALIAS']))
-                  $db_myadmin_link = "//".$http_host."/".$_SESSION['DB_PMA_ALIAS'];
-              }
-              if ($data[$key]['TYPE'] == 'pgsql'){
-                $pgsql = 1;
-                $db_pgadmin_link = "//".$http_host."/phppgadmin/";
-                if (!empty($_SESSION['DB_PGA_ALIAS']))
-                  $db_pgadmin_link = "//".$http_host."/".$_SESSION['DB_PGA_ALIAS'];
-              }
-            }
-            if($mysql){
-              echo '<a class="ui-button cancel" dir="ltr" href="'.$db_myadmin_link.'" target="_blank"><i class="fas fa-database status-icon orange"></i>phpMyAdmin</a>';
+            $db_myadmin_link = "//".$http_host."/phpmyadmin/";
+            $db_pgadmin_link = "//".$http_host."/phppgadmin/";
+
+            if (!empty($_SESSION['DB_PMA_ALIAS'])) {
+              $db_myadmin_link = "//".$http_host."/".$_SESSION['DB_PMA_ALIAS']."/";
             }
-            if($pgsql){
-              echo '<a class="ui-button cancel" dir="ltr" href="'.$db_pgadmin_link.'" target="_blank"><i class="fas fa-database status-icon orange"></i>phpPgAdmin</a>';
+            if (!empty($_SESSION['DB_PGA_ALIAS'])) {
+              $db_pgadmin_link = "//".$http_host."/".$_SESSION['DB_PGA_ALIAS']."/";
             }
           ?>
+          <? if (($_SESSION['DB_SYSTEM'] === 'mysql') || ($_SESSION['DB_SYSTEM'] === 'mysql,pgsql') || ($_SESSION['DB_SYSTEM'] === 'pgsql,mysql')) {?>
+            <a class="ui-button cancel" dir="ltr" href="<?php echo $db_myadmin_link; ?>" target="_blank"><i class="fas fa-database status-icon orange"></i>phpMyAdmin</a>
+          <? } ?>
+          <? if (($_SESSION['DB_SYSTEM'] === 'pgsql') || ($_SESSION['DB_SYSTEM'] === 'mysql,pgsql') || ($_SESSION['DB_SYSTEM'] === 'pgsql,mysql')) {?>
+            <a class="ui-button cancel" dir="ltr" href="<?php echo $db_pgadmin_link; ?>" target="_blank"><i class="fas fa-database status-icon orange"></i>phpPgAdmin</a>
+          <? } ?>
         </div>
         <ul class="context-menu sort-order animated fadeIn" style="display:none;">
           <li entity="sort-date" sort_as_int="1"><span class="name active"><?=_('Date')?> <i class="fas fa-sort-amount-down"></i></span><span class="up"><i class="fas fa-sort-amount-up"></i></span></li>