Merge branch 'servicing' into release

.github/workflows/crowdin.yml

@@ -15,7 +15,7 @@ jobs:
         uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         if: github.repository == 'hestiacp/hestiacp'
       - name: crowdin action
-        uses: crowdin/github-action@ecdf564895766b8a6b4b581559b3c6cd955467d1 # v1
+        uses: crowdin/github-action@c858c54aca1629608ec39a54ee0f7ba4389eb59f # v1
         if: github.repository == 'hestiacp/hestiacp'
         with:
           upload_sources: true

CHANGELOG.md

@@ -2,12 +2,33 @@
 
 All notable changes to this project will be documented in this file.
 
+## [1.8.11] - Service release
+
+### Features
+
+- PHP 8.3 Support (#4175)
+- Add new template with Wordpress XMLRPC Blocked by default (Nignx Only) (#4168)
+
+### Bug fixes
+
+- Minimal change to the way BACKUP_LA_LIMIT is calculated (#4162)
+- Change Filegator to 24 hr clock (#4168)
+- Confirm before restoring part of backup (#4147)
+- Multiple Bugfixes v-import-cpanel (#4150, #4149 #4144 #4139, #4120, #4121 thanks @vipxr)
+- Fix an issue with small screens in logs header (#4126)
+- Fixed a few bugs due to the permissions changes with hestiamail user
+- Updated v-list-sys-users to fix issues with new hestiamail user
+- Use -f instead --force=yes (#4097)
+- Delay submit in Desktop Safari (#4137)
+- Fixed an bug in v-add-backup-host to report inability to connect via sftp (#4119)
+- Allow for optional domain directory write permissions #4109 @evonet
+
 ## [1.8.10] - Service release
 
 ### Bug fixes
 
 - Include missed changes
-- Include https://github.com/hestiacp/hestiacp/blob/main/install/upgrade/manual/secure_php.sh
+- Include <https://github.com/hestiacp/hestiacp/blob/main/install/upgrade/manual/secure_php.sh>
 
 ## [1.8.9] - Service release
 

README.md

@@ -4,7 +4,7 @@
 
 <h2 align="center">A lightweight and powerful control panel for the modern web</h2>
 
-<p align="center"><strong>Latest stable release:</strong> Version 1.8.8 | <a href="https://github.com/hestiacp/hestiacp/blob/release/CHANGELOG.md">View Changelog</a></p>
+<p align="center"><strong>Latest stable release:</strong> Version 1.8.11 | <a href="https://github.com/hestiacp/hestiacp/blob/release/CHANGELOG.md">View Changelog</a></p>
 
 <p align="center">
 	<a href="https://www.hestiacp.com/">HestiaCP.com</a> |

bin/v-add-backup-host

@@ -242,10 +242,11 @@ if [ "$type" = 'sftp' ]; then
 		fi
 	fi
 	rc=$?
-	if [[ "$rc" != 0 ]]; then
+	if [[ "$rc" -ne 0 ]]; then
 		case $rc in
 			$E_CONNECT) echo "Error: can't login to sftp $user@$host" ;;
 			$E_FTP) echo "Error: can't create temp folder on the sftp host" ;;
+			*) echo "Error Unable to connect via sftp." ;;
 		esac
 		log_event "$rc" "$ARGUMENTS"
 		exit "$rc"

bin/v-add-mail-domain-webmail

@@ -2,9 +2,9 @@
 # info: add webmail support for a domain
 # options: USER DOMAIN [WEBMAIL] [RESTART] [QUIET]
 #
-# example: v-add-sys-webmail user domain.com
-# example: v-add-sys-webmail user domain.com snappymail
-# example: v-add-sys-webmail user domain.com roundcube
+# example: v-add-mail-domain-webmail user domain.com
+# example: v-add-mail-domain-webmail user domain.com snappymail
+# example: v-add-mail-domain-webmail user domain.com roundcube
 #
 # This function enables webmail client for a mail domain.
 

bin/v-add-sys-roundcube

@@ -116,7 +116,7 @@ if [ "$UPDATE" == "no" ]; then
 	ln -s $RC_CONFIG_DIR/plugins/zipdownload/config.inc.php ./plugins/zipdownload/config.inc.php
 
 	# Set up correct permissions roundcube
-	chown -R root:www-data $RC_CONFIG_DIR/
+	chown -R root:hestiamail $RC_CONFIG_DIR/
 	chmod 751 -R $RC_CONFIG_DIR
 	chmod 644 $RC_CONFIG_DIR/config.inc.php
 	chmod 644 $RC_CONFIG_DIR/plugins/password/config.inc.php
@@ -127,13 +127,13 @@ if [ "$UPDATE" == "no" ]; then
 	echo "User-agent: *" > /var/lib/roundcube/robots.txt
 	echo "Disallow: /" >> /var/lib/roundcube/robots.txt
 
-	chown -R root:www-data $RC_INSTALL_DIR
+	chown -R root:hestiamail $RC_INSTALL_DIR
 
 	# Log file
 	if [ ! -d $RC_LOG ]; then
 		mkdir $RC_LOG
 	fi
-	chown www-data:www-data $RC_LOG
+	chown hestiamail:hestiamail $RC_LOG
 	chmod 751 $RC_LOG
 
 	if [ ! -z "$(echo "$DB_SYSTEM" | grep -E 'mysql|pgsql')" ]; then
@@ -189,9 +189,10 @@ else
 	$RC_INSTALL_DIR/$RC_EXTRACT/bin/installto.sh -y $RC_INSTALL_DIR > /dev/null 2>&1
 	# Use COMPOSER_ALLOW_SUPERUSER=1 to prevent update.sh script from freezing trying
 	# to execute composer as root to update roundcube dependencies
-	COMPOSER_ALLOW_SUPERUSER=1 $RC_INSTALL_DIR/bin/update.sh --version "$version" > /dev/null 2>&1
+	export COMPOSER_ALLOW_SUPERUSER=1
+	$RC_INSTALL_DIR/bin/update.sh --version "$version" > /dev/null 2>&1
 	$RC_INSTALL_DIR/bin/indexcontacts.sh > /dev/null 2>&1
-	chown -R root:www-data $RC_INSTALL_DIR
+	chown -R root:hestiamail $RC_INSTALL_DIR
 
 	#clean up the mess
 	if [ -d "$RC_INSTALL_DIR/installer" ]; then

bin/v-add-sys-snappymail

@@ -144,17 +144,22 @@ if [ "$UPDATE" == "no" ]; then
 
 else
 	[ ! -f "${SM_INSTALL_DIR}/${SM_FILE}" ] && wget "$SM_URL" --quiet -O "${SM_INSTALL_DIR}/${SM_FILE}"
-	version=$(cat $SM_INSTALL_DIR/data/VERSION)
-
-	tar -xzf snappymail-latest.tar.gz "data/VERSION" $SM_INSTALL_DIR/
-	version_source=$(cat $SM_INSTALL_DIR/VERSION)
+	if [ ! -f "${SM_INSTALL_DIR}/${SM_FILE}" ]; then
+		echo "ERROR: Download failed, installation aborted."
+		exit 2
+	fi
 
+	version=$(cat $SM_INSTALL_DIR/data/VERSION)
+	cd $SM_INSTALL_DIR
+	mkdir -p /tmp/snappy/
+	tar -xzf snappymail-latest.tar.gz -C /tmp/snappy/
+	version_source=$(cat /tmp/snappy/data/VERSION)
 	# Check version inside .tar.gz file in case hestia didn't update yet
 	if [ "$version" != "$version_source" ]; then
 		tar -xzf ${SM_INSTALL_DIR}/${SM_FILE}
 		rm $SM_INSTALL_DIR/$SM_FILE
 	fi
-	rm ${SM_INSTALL_DIR}/VERSION
+	rm -fr /tmp/snappy
 fi
 
 #----------------------------------------------------------#

bin/v-add-web-domain

@@ -126,7 +126,12 @@ chmod 640 /var/log/$WEB_SYSTEM/domains/$domain.*
 user_exec chmod 751 $HOMEDIR/$user/web/$domain/*
 user_exec chmod 551 $HOMEDIR/$user/web/$domain/stats $HOMEDIR/$user/web/$domain/logs
 user_exec chmod 644 $HOMEDIR/$user/web/$domain/public_*html/*
-user_exec chmod 551 $HOMEDIR/$user/web/$domain
+
+# domain folder permissions: DOMAINDIR_WRITABLE: default-val:no source:hestia.conf
+DOMAINDIR_MODE=551
+if [ "$DOMAINDIR_WRITABLE" = 'yes' ]; then DOMAINDIR_MODE=751; fi
+
+user_exec chmod $DOMAINDIR_MODE $HOMEDIR/$user/web/$domain
 chown --no-dereference $user:www-data $HOMEDIR/$user/web/$domain/public_*html
 
 # Adding PHP-FPM backend

bin/v-add-web-php

@@ -144,7 +144,7 @@ sed -i "s/;max_input_vars = 1000/max_input_vars = 4000/g" /etc/php/$version/fpm/
 # Disable exec and other harmfull php functions
 sed -i "s/disable_functions =.*/disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,exec,system,passthru,shell_exec,proc_open,popen/g" /etc/php/$version/fpm/php.ini
 
-sed -i "s/disable_functions =.*/disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,exec,system,passthru,shell_exec,proc_open,popen/g" /etc/php/$version/cli/php.ini
+sed -i "s/disable_functions =.*/disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority/g" /etc/php/$version/cli/php.ini
 
 # Other use full changes
 sed -i "s/;opcache.enable=1/opcache.enable=1/g" /etc/php/$version/fpm/php.ini

bin/v-import-cpanel

@@ -243,6 +243,27 @@ rsync -av --exclude-from='exclude_path' homedir/public_html/ /home/$new_user/web
 chown $new_user:$new_user -R /home/$new_user/web/$main_domain1/public_html
 chmod 751 /home/$new_user/web/$main_domain1/public_html
 
+####### Set Domain PHP version
+PHP_VERSION_LINE=$(grep -r "phpversion:" userdata/$main_domain1)
+CPANEL_PHP_VERSION=${PHP_VERSION_LINE#*: }
+CPANEL_PHP_VERSION=$(echo $CPANEL_PHP_VERSION | grep -oP '(?<=php)\d+')
+HESTIA_PHP_VERSION="PHP-${CPANEL_PHP_VERSION:0:1}_${CPANEL_PHP_VERSION:1}"
+
+if $BIN/v-list-web-templates-backend | grep -qw "$HESTIA_PHP_VERSION"; then
+	echo "Setting PHP version to $HESTIA_PHP_VERSION for $main_domain1 under user $new_user"
+	$BIN/v-change-web-domain-backend-tpl $new_user $main_domain1 $HESTIA_PHP_VERSION
+	if [ $? -ne 0 ]; then
+		echo "Failed to set PHP version for $main_domain1"
+		exit 1
+	else
+		echo "PHP version for $main_domain1 set to $HESTIA_PHP_VERSION"
+	fi
+else
+	echo "PHP version $HESTIA_PHP_VERSION is not installed on HestiaCP."
+	echo "Please install it before trying to set it for a domain."
+	exit 1
+fi
+
 ##################
 # mail
 tput setaf 2
@@ -256,24 +277,64 @@ for folder in *; do
 		if [[ "$folder" != "cur" && "$folder" != "new" && "$folder" != "tmp" ]]; then
 			echo "Domain: $folder"
 			cd $folder
+
+			mail_account_count=$(find . -maxdepth 1 -mindepth 1 -type d \( ! -name cur ! -name new ! -name tmp \) | wc -l)
+			if [ "$mail_account_count" -eq 0 ]; then
+				echo "No mail accounts to restore for domain $folder."
+				cd ..
+				continue
+			fi
+
 			for mail_account in *; do
 				echo "Import mail account: $mail_account@$folder"
 				# Doesn't really matter but we don't know the unhashed one
 				tmp_pass=$(generate_password)
 				$BIN/v-add-mail-account $new_user $folder $mail_account $tmp_pass
 				mv $mail_account /home/$new_user/mail/$folder/
 				chown -R $new_user:mail /home/$new_user/mail/$folder/
+
+				# Decompress gzipped emails
+				decompressed_count=0
+				for mail_file in $(find /home/$new_user/mail/$folder -type f); do
+					if file "$mail_file" | grep -q "gzip compressed"; then
+						original_time=$(stat -c %y "$mail_file" 2> /dev/null)
+						gunzip -c "$mail_file" > "${mail_file}.decompressed" && mv "${mail_file}.decompressed" "$mail_file"
+						if [ ! -z "$original_time" ]; then
+							touch -d "$original_time" "$mail_file"
+						fi
+						let decompressed_count++
+					fi
+				done
+
+				echo "$decompressed_count emails decompressed for $mail_account@$folder"
+
 				find /home/$new_user/mail/$folder -type f -name 'dovecot*' -delete
-				pass=$(grep "^$mail_account:" ../../etc/${folder}/shadow | awk -F ":" '{print $2}')
-				USER_DATA=$HESTIA/data/users/$new_user/
-				update_object_value "mail/$folder" 'ACCOUNT' "$mail_account" '$MD5' "$pass"
+
+				# Extract and update password from the shadow file
+				password_file="../../etc/${folder}/shadow"
+				if [ -f "$password_file" ]; then
+					pass_line=$(grep "^$mail_account:" $password_file)
+					if [ $? -eq 0 ]; then
+						# Extract the hashed password from the shadow file
+						pass=$(echo "$pass_line" | awk -F ":" '{print $2}')
+						newline="${mail_account}:{SHA512-CRYPT}$pass:${new_user}:mail::/home/${new_user}:0"
+						newline2="ACCOUNT='${mail_account}' ALIAS='' AUTOREPLY='no' FWD='' FWD_ONLY='' MD5='{SHA512-CRYPT}$pass' QUOTA='unlimited' U_DISK='0' SUSPENDED='no' TIME='$time' DATE='$date'"
+						escaped=$(printf '%s\n' "$newline" | sed -e 's/[\/&]/\\&/g')
+						escaped2=$(printf '%s\n' "$newline2" | sed -e 's/[\/&]/\\&/g')
+						sed -i "s/^${mail_account}:.*/$escaped/g" /home/${new_user}/conf/mail/${folder}/passwd
+						sed -i "s/^ACCOUNT='${mail_account}.*/$escaped2/g" /usr/local/hestia/data/users/${new_user}/mail/${folder}.conf
+					else
+						echo "Warning: Password for $mail_account@$folder not found in shadow file."
+					fi
+				else
+					echo "Warning: Shadow file for $folder not found."
+				fi
 			done
 			cd ..
 			$BIN/v-rebuild-mail-domain $new_user $folder
 		fi
 	fi
 done
-echo "All mail accounts restored"
 
 if [ "$mx" = 'yes' ]; then
 	cd $main_dir/dnszones
@@ -296,6 +357,35 @@ if [ "$mx" = 'yes' ]; then
 	done
 fi
 
+##################
+# Cron Jobs
+tput setaf 2
+echo ""
+echo "Start Restoring Cron Jobs for user $new_user"
+tput sgr0
+
+CRON_DIR="$main_dir/cron"
+cd "$CRON_DIR"
+
+CRON_FILE="${new_user}"
+if [ -f "$CRON_FILE" ] && [ -s "$CRON_FILE" ]; then
+	while IFS= read -r cron_job || [ -n "$cron_job" ]; do
+		[[ "$cron_job" =~ ^(#.*|\s*|MAILTO=.*|SHELL=.*)$ ]] && continue
+
+		min=$(echo "$cron_job" | awk '{print $1}')
+		hour=$(echo "$cron_job" | awk '{print $2}')
+		day=$(echo "$cron_job" | awk '{print $3}')
+		month=$(echo "$cron_job" | awk '{print $4}')
+		dow=$(echo "$cron_job" | awk '{print $5}')
+		cmd=$(echo "$cron_job" | awk '{for (i=6; i<=NF; i++) printf $i " "; print ""}')
+
+		$BIN/v-add-cron-job $new_user "$min" "$hour" "$day" "$month" "$dow" "$cmd"
+	done < "$CRON_FILE"
+	echo "Cron jobs restored for user $new_user."
+else
+	echo "No cron jobs file found or it is empty for user $new_user."
+fi
+
 rm -rf "$tmpdir"
 
 echo "##############################"

bin/v-import-database

@@ -0,0 +1,78 @@
+#!/bin/bash
+# info: import database
+# options: USER DB PATH
+#
+# example: v-import-database alice mydb /full/path/to.sql
+#
+# This function for importing database.
+
+#----------------------------------------------------------#
+#                Variables & Functions                     #
+#----------------------------------------------------------#
+
+# Argument definition
+user=$1
+database=$2
+dump=$3
+
+# Includes
+# shellcheck source=/etc/hestiacp/hestia.conf
+source /etc/hestiacp/hestia.conf
+# shellcheck source=/usr/local/hestia/func/main.sh
+source $HESTIA/func/main.sh
+# shellcheck source=/usr/local/hestia/func/db.sh
+source $HESTIA/func/db.sh
+# shellcheck source=/usr/local/hestia/func/rebuild.sh
+source $HESTIA/func/rebuild.sh
+# load config file
+source_conf "$HESTIA/conf/hestia.conf"
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '3' "$#" 'DATABASE USER'
+is_format_valid 'database' 'user'
+is_system_enabled "$DB_SYSTEM" 'DB_SYSTEM'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+is_object_valid 'db' 'DB' "$database"
+
+if [ ! -f "$dump" ]; then
+	echo "Error: dump file doesn't exist"
+	log_event "$E_NOTEXIST" "$ARGUMENTS"
+	exit "$E_NOTEXIST"
+fi
+
+# Check db existence
+db_data=$(grep "DB='$database'" $HESTIA/data/users/$user/db.conf)
+
+parse_object_kv_list "$db_data"
+#Fix issue #1084 with "Upper case not allowed with PGSQL"
+if [ "$TYPE" == "pgsql" ]; then
+	usersmall=$(echo "$user" | tr '[:upper:]' '[:lower:]')
+else
+	usersmall=$user
+fi
+
+# Perform verification if read-only mode is enabled
+check_hestia_demo_mode
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Import dump
+case $TYPE in
+	mysql) import_mysql_database "$dump" ;;
+	pgsql) import_pgsql_database "$dump" ;;
+esac
+
+#----------------------------------------------------------#
+#                       Hestia                             #
+#----------------------------------------------------------#
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit