Michael Kaufmann
1b44ee2e06
Merge pull request from GHSA-x525-54hf-xr53
...
* do not log unvalidated user-input to mysql-log (if enabled)
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
* clean log-text to only allow a subset of special characters
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
* clean log-text when selecting from database to avoid possible previously added malicious entries
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
---------
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2024-05-03 07:54:13 +02:00
Michael Kaufmann
7f8b36e0bd
select homedir/maildir from emails if called interally as it is also called by customers via EmailAccounts.delete()
...
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2024-04-28 14:03:38 +02:00
Michael Kaufmann
71746f8dac
select homedir/maildir from emails if called by admin
...
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2024-04-28 13:58:27 +02:00
Michael Kaufmann
d6b8eb08c0
add delete-userfiles flag for Domain.delete() to remove email-account data on the filesystem (if any); fixes #1239
...
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2024-04-28 13:49:07 +02:00
Michael Kaufmann
7d99244b9d
higher delay and dont reset input to wrong value to avoid not being able to enter a date manually without datetime-picker; fixes #1243
...
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2024-04-28 12:11:42 +02:00
Michael Kaufmann
0109c2d26f
do not hide nameserver settings via js if email-only is selected for the domain; fixes #1248
...
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2024-04-28 12:00:49 +02:00
dependabot[bot]
c1bc422677
Bump vite from 4.5.2 to 4.5.3 ( #1247 )
...
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite ) from 4.5.2 to 4.5.3.
- [Release notes](https://github.com/vitejs/vite/releases )
- [Changelog](https://github.com/vitejs/vite/blob/v4.5.3/packages/vite/CHANGELOG.md )
- [Commits](https://github.com/vitejs/vite/commits/v4.5.3/packages/vite )
---
updated-dependencies:
- dependency-name: vite
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-27 10:23:48 +02:00
Michael Kaufmann
5625503e2d
add compatibility for mariadb-dump executable instead of mysqldump
...
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2024-04-27 10:22:42 +02:00
Michael Kaufmann
61ae182ba7
update updater to latest stable release; refactored modal-action-button for UI fixed
...
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2024-03-29 11:40:08 +01:00
Michael Kaufmann
b49f20af95
fix copy-to-clipboard button
...
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2024-03-27 12:59:48 +01:00
Michael Kaufmann
1f4f1d8203
fix domains speciallogfile ajax-check/note; improve ajax ip check in admin_ipsandports
...
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2024-03-27 11:07:55 +01:00
Michael Kaufmann
ff4c54a9d5
also add logfiles to virtual-host if it's a redirect
...
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2024-03-27 10:17:02 +01:00
Michael Kaufmann
bb83e78c64
fix missing csrf tokens for some ajax requests
...
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2024-03-27 10:08:13 +01:00
Wiebe Cazemier
7c3e89ccc0
Fix "expires" option cannot have a year greater than 9999 ( #1246 )
...
This fixes the exception: '"expires" option cannot have a year greater
than 9999', which happens on upgrade from Debian 11 to 12. The session
timeout in the DB is 9999999999999, so we constrain the value.
2024-03-23 15:14:11 +01:00
Michael Kaufmann
76c23cf9b1
wrap SetHandler to php-fpm in file-exists check, as we do for customer-domains already
...
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2024-03-17 08:23:57 +01:00
Michael Kaufmann
ed6154fa4b
Merge branch 'main' of github.com:Froxlor/Froxlor
2024-03-17 08:10:24 +01:00
dependabot[bot]
f22c1db8cb
Bump follow-redirects from 1.15.4 to 1.15.6 ( #1244 )
...
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects ) from 1.15.4 to 1.15.6.
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases )
- [Commits](https://github.com/follow-redirects/follow-redirects/compare/v1.15.4...v1.15.6 )
---
updated-dependencies:
- dependency-name: follow-redirects
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-17 08:08:20 +01:00
Michael Kaufmann
ee7b47c3c0
correctly save pass_authorizationheader flag for php-configs if FCGID is used; correctly add 'FcgidPassHeader' for froxlor-vhost itself if set
...
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2024-03-11 08:00:26 +01:00
Michael Kaufmann
537b274b4c
correctly validate if a symlink is within the customers home-directory if it's not an absolute path; fixes #1242
...
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2024-03-08 09:23:21 +01:00
Michael Kaufmann
d8b86fc3c5
correctly disabled ssl-related settings when domain update sets ssl-enbled flag to false; fixes #1241
...
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2024-03-04 16:48:35 +01:00
Michael Kaufmann
b675c84ae4
correctly add user-wide mysql-user when creating user with mysql-resources (accesst to all databases starting with the loginname)
...
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2024-03-04 10:21:46 +01:00
Michael Kaufmann
c0fdc62032
correctly convert allowed_mysqlserver json-string to array
...
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2024-03-03 11:44:29 +01:00
Michael Kaufmann
b14eaf454c
reset Database::needRoot flag after root-user session
...
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2024-03-03 11:34:57 +01:00
Michael Kaufmann
3503d605cc
update workflow actions
...
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2024-03-03 10:47:18 +01:00
Michael Kaufmann
2fc319b991
fix typo
...
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2024-03-03 10:39:22 +01:00
Michael Kaufmann
d86da23187
remove unused hidden-settings; correct setting-language-strings-layout; add blacklist for usernames when creating a Customer which may lead to internal issues
...
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2024-03-03 10:35:58 +01:00
Michael Kaufmann
70b3e61f4c
re-trigger vhost regeneration on tmp. ssl-redirect
...
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2024-03-03 10:32:32 +01:00
Michael Kaufmann
fb5958f5d4
fix current stable version in updater for nightly users (switching from stable/testing)
...
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2024-02-11 20:06:38 +01:00
Michael Kaufmann
8132976559
implement 'master database user for customers'; fixes #1227
...
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2024-02-11 10:27:18 +01:00
sro0
686ca84a30
Ensure that DMARC entries are generated as subdomain, Allow overwriting of DMARC and SPF subdomain records ( #1237 )
...
* Ensure that DMARC entries are generated as subdomain
- see https://datatracker.ietf.org/doc/html/rfc7489#section-6.1
* Add tests for DNS DMARC
* Allow custom SPF and DMARC subdomain records to replace default records
* Improve tests for DMARC, add DMARC tests for subdomain
2024-02-09 08:11:41 +01:00
sro0
953baec023
Allow service ftpserver
to be specified via configuration-template-xml default ( #1234 )
2024-02-09 08:06:57 +01:00
Michael Kaufmann
396274d954
fix adding/editing domains as customer when php is not enabled for the domain; don't add custom-vhost-content to deactivated domain-vhosts
...
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2024-02-05 22:09:49 +01:00
Michael Kaufmann
4e23b9652c
fix regression bug in 'incorrect top-5 customers' sorting in traffic-overview which leads to incorrect customer-links due to wrong indexing in the array; fixes #1236
...
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2024-02-04 19:54:19 +01:00
Michael Kaufmann
594e61408d
also fix unittests accordingly
...
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2024-02-03 13:53:08 +01:00
Michael Kaufmann
ece4b34f25
fix password crypt hash being always evaluated to argon2i as the case always returns true if PASSWORD_ARGON2I is defined but the froxlor setting might be set to another hash leading to a useless password
...
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2024-02-03 10:12:36 +01:00
Michael Kaufmann
9c70976018
fix check for allowed_phpconfigs if using mod_php when adding/editing a customer
...
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2024-01-30 19:31:21 +01:00
Michael Kaufmann
594d7d84bb
Merge branch 'main' of github.com:Froxlor/Froxlor
2024-01-29 20:27:12 +01:00
sro0
9d4bc94aef
Rename dovecot config file generated be renew hook to ensure it gets included ( #1233 )
...
after default froxlor config file
2024-01-29 20:26:38 +01:00
Michael Kaufmann
f03b49d0db
api documentation additions for Customers.add()/update() and Admins.add()/update()
...
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2024-01-28 10:03:56 +01:00
Michael Kaufmann
bcf0818faf
set correct channel for update-check if switching from apt-installed stable/testing to nightly
...
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2024-01-26 13:56:01 +01:00
Michael Kaufmann
dd765089c9
fix wrong setting-name for dkim-keylength when generating dkim-keys
...
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2024-01-26 13:55:14 +01:00
Michael Kaufmann
a7ee5e0ae3
create empty dns-server config if no (dns-enabled) domain is determined; fixes #1230
...
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2024-01-24 08:38:32 +01:00
Michael Kaufmann
2629718b22
add new 'http2 on' directive for nginx >=1.25.1
...
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2024-01-23 00:01:12 +01:00
dependabot[bot]
c4cf8ededc
Bump vite from 4.4.12 to 4.5.2 ( #1229 )
...
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite ) from 4.4.12 to 4.5.2.
- [Release notes](https://github.com/vitejs/vite/releases )
- [Changelog](https://github.com/vitejs/vite/blob/v4.5.2/packages/vite/CHANGELOG.md )
- [Commits](https://github.com/vitejs/vite/commits/v4.5.2/packages/vite )
---
updated-dependencies:
- dependency-name: vite
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-20 08:40:05 +01:00
Michael Kaufmann
9b20f4ac39
fix wrong order of ecc/non-ecc in proftpd config adjustment for let's encrypt renew-hook
...
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2024-01-19 16:09:24 +01:00
Michael Kaufmann
616dcb1fda
use correct syntax for postconf in Let's Encrypt renew-hook service-configuration replacement; add missing language strings
...
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2024-01-19 16:01:31 +01:00
Michael Kaufmann
bc1892d4ec
fix incorrect top-5 customers in traffic overview for admins; show manual update command if webupdate is disabled
...
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2024-01-19 09:21:38 +01:00
sro0
83047019b0
Check for argon2 support before using constant PASSWORD_ARGON2X ( #1228 )
2024-01-16 21:34:17 +01:00
dependabot[bot]
8fa286a71d
Bump follow-redirects from 1.15.3 to 1.15.4 ( #1222 )
...
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects ) from 1.15.3 to 1.15.4.
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases )
- [Commits](https://github.com/follow-redirects/follow-redirects/compare/v1.15.3...v1.15.4 )
---
updated-dependencies:
- dependency-name: follow-redirects
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-14 09:41:46 +01:00
Michael Kaufmann
f420551888
added configuration adjustment for prodtpd if renew-hook for lets encrypt is used; updater-compatibility if gui_access field is not present yet (froxlor <2.2); removed depercated gentoo config templates
...
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2024-01-14 09:40:33 +01:00