diff --git a/bin/v-add-access-key b/bin/v-add-access-key index a492a4fa45..6a54929612 100755 --- a/bin/v-add-access-key +++ b/bin/v-add-access-key @@ -61,12 +61,9 @@ date=$(echo "$time_n_date" |cut -f 2 -d \ ) #----------------------------------------------------------# check_args '1' "$#" 'USER [PERMISSIONS] [COMMENT] [FORMAT]' -is_format_valid 'user' +is_format_valid 'user' 'comment' 'format' is_object_valid 'user' 'USER' "$user" is_key_permissions_format_valid "$permissions" "$user" -if [ -n "$comment" ]; then - is_format_valid 'comment' -fi #----------------------------------------------------------# # Action # diff --git a/bin/v-add-backup-host b/bin/v-add-backup-host index c3ca0dd0d1..665ae1b177 100755 --- a/bin/v-add-backup-host +++ b/bin/v-add-backup-host @@ -107,7 +107,8 @@ EOF if [ "$type" != 'local' ];then check_args '4' "$#" "TYPE HOST USERNAME PASSWORD [PATH] [PORT]" is_format_valid 'host' 'path' 'port' - is_username_format_valid "$username" "username" + is_type_valid "$type" 'sftp,ftp,b2' + is_username_format_valid "$user" "username" is_password_valid format_no_quotes "$password" "password" diff --git a/bin/v-add-cron-job b/bin/v-add-cron-job index 059bc05c20..fea441b30a 100755 --- a/bin/v-add-cron-job +++ b/bin/v-add-cron-job @@ -44,6 +44,7 @@ is_object_unsuspended 'user' 'USER' "$user" is_package_full 'CRON_JOBS' get_next_cronjob is_format_valid 'job' +is_format_valid 'restart' is_object_new 'cron' 'JOB' "$job" # Perform verification if read-only mode is enabled diff --git a/bin/v-add-dns-domain b/bin/v-add-dns-domain index 69a707cc39..68014da368 100755 --- a/bin/v-add-dns-domain +++ b/bin/v-add-dns-domain @@ -66,6 +66,10 @@ if [ -z "$(is_ip_format_valid $domain)" ]; then exit 1 fi +if [ -n "$restart" ]; then + is_format_valid 'restart' +fi + is_package_full 'DNS_DOMAINS' template=$(get_user_value '$DNS_TEMPLATE') is_dns_template_valid "$template" diff --git a/bin/v-add-dns-record b/bin/v-add-dns-record index f8b4cd93fd..9912bcb665 100755 --- a/bin/v-add-dns-record +++ b/bin/v-add-dns-record @@ -96,6 +96,9 @@ is_object_new "dns/$domain" 'ID' "$id" is_dns_fqnd "$rtype" "$dvalue" is_dns_nameserver_valid "$domain" "$rtype" "$dvalue" is_format_valid 'ttl' +if [ -n "$restart" ]; then + is_format_valid 'restart' +fi # Perform verification if read-only mode is enabled check_hestia_demo_mode diff --git a/bin/v-add-fastcgi-cache b/bin/v-add-fastcgi-cache index ee94e0829c..982bdbc1d1 100755 --- a/bin/v-add-fastcgi-cache +++ b/bin/v-add-fastcgi-cache @@ -31,7 +31,7 @@ source_conf "$HESTIA/conf/hestia.conf" #----------------------------------------------------------# check_args '2' "$#" 'USER DOMAIN [DURATION] [DEBUG] [RESTART]' -is_format_valid 'user' 'domain' +is_format_valid 'user' 'domain' 'restart' is_object_valid 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user" is_object_valid 'web' 'DOMAIN' "$domain" diff --git a/bin/v-add-firewall-chain b/bin/v-add-firewall-chain index da38decc45..cff298aa44 100755 --- a/bin/v-add-firewall-chain +++ b/bin/v-add-firewall-chain @@ -13,6 +13,7 @@ # Argument definition chain=$(echo $1 | tr '[:lower:]' '[:upper:]') port=$2 +port_ext=$2 protocol=${4-TCP} protocol=$(echo $protocol|tr '[:lower:]' '[:upper:]') @@ -40,7 +41,7 @@ source_conf "$HESTIA/conf/hestia.conf" #----------------------------------------------------------# check_args '1' "$#" 'CHAIN [PORT] [PROTOCOL]' -is_format_valid 'chain' +is_format_valid 'chain' 'port_ext' 'protocol' is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM' # Perform verification if read-only mode is enabled diff --git a/bin/v-add-mail-domain b/bin/v-add-mail-domain index ef0caa845a..bf282e0d59 100755 --- a/bin/v-add-mail-domain +++ b/bin/v-add-mail-domain @@ -50,7 +50,7 @@ domain_utf=$(idn -t --quiet -u "$domain_idn") #----------------------------------------------------------# check_args '2' "$#" 'USER DOMAIN [ANTISPAM] [ANTIVIRUS] [DKIM] [DKIM_SIZE]' -is_format_valid 'user' 'domain' 'antispam' 'antivirus' 'dkim' 'dkim_size' +is_format_valid 'user' 'domain' 'antispam' 'antivirus' 'dkim' 'dkim_size' 'restart' is_system_enabled "$MAIL_SYSTEM" 'MAIL_SYSTEM' is_object_valid 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user" diff --git a/bin/v-add-mail-domain-ssl b/bin/v-add-mail-domain-ssl index 5307c76cf0..37bb48618a 100755 --- a/bin/v-add-mail-domain-ssl +++ b/bin/v-add-mail-domain-ssl @@ -63,6 +63,9 @@ is_web_domain_cert_valid # Perform verification if read-only mode is enabled check_hestia_demo_mode +if [ -n "$restart" ]; then + is_format_valid "$restart" +fi #----------------------------------------------------------# # Action # #----------------------------------------------------------# diff --git a/bin/v-add-mail-domain-webmail b/bin/v-add-mail-domain-webmail index a4542196a8..c4c00404bc 100755 --- a/bin/v-add-mail-domain-webmail +++ b/bin/v-add-mail-domain-webmail @@ -61,7 +61,7 @@ if [ -z "$webmail" ]; then fi check_args '2' "$#" 'USER DOMAIN [WEBMAIL] [RESTART]' -is_format_valid 'user' 'domain' +is_format_valid 'user' 'domain' 'restart' is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM' is_system_enabled "$IMAP_SYSTEM" 'IMAP_SYSTEM' is_type_valid "$WEBMAIL_SYSTEM disabled" "$webmail" diff --git a/bin/v-add-remote-dns-domain b/bin/v-add-remote-dns-domain index 45fbec62ee..aa64c1680d 100755 --- a/bin/v-add-remote-dns-domain +++ b/bin/v-add-remote-dns-domain @@ -32,6 +32,9 @@ source_conf "$HESTIA/conf/hestia.conf" check_args '2' "$#" 'USER DOMAIN [FLUSH]' is_format_valid 'user' 'domain' +if [ -n "$flush" ]; then + is_type_valid "records yes no" "$flush" +fi is_system_enabled "$DNS_CLUSTER" 'DNS_CLUSTER' is_procces_running remote_dns_health_check diff --git a/bin/v-add-remote-dns-host b/bin/v-add-remote-dns-host index 0fd9d2a38b..ff74bd1680 100755 --- a/bin/v-add-remote-dns-host +++ b/bin/v-add-remote-dns-host @@ -46,7 +46,7 @@ source_conf "$HESTIA/conf/hestia.conf" args_usage='HOST PORT USER [PASSWORD] [TYPE] [DNS_USER]' check_args '3' "$#" "$args_usage" -is_format_valid 'host' 'port' 'type' 'dns_user' +is_format_valid 'host' 'port' 'dns_user' if [ -z "$password" ]; then is_format_valid 'hash' else diff --git a/bin/v-change-user-ns b/bin/v-change-user-ns index 4017c27358..f868f1207b 100755 --- a/bin/v-change-user-ns +++ b/bin/v-change-user-ns @@ -38,29 +38,31 @@ check_args '3' "$#" 'USER NS1 NS2 [NS3] [NS4] [NS5] [NS6] [NS7] [NS8]' # Checking argument format is_format_valid 'user' 'ns1' 'ns2' + +ns="$ns1,$ns2" if [ -n "$ns3" ]; then - ns3=$(echo "$4" | sed -e 's/\.*$//g' -e 's/^\.*//g') is_format_valid 'ns3' + ns="$ns,$ns3" fi if [ -n "$ns4" ]; then - ns4=$(echo "$5" | sed -e 's/\.*$//g' -e 's/^\.*//g') is_format_valid 'ns4' + ns="$ns,$ns4" fi if [ -n "$ns5" ]; then - ns5=$(echo "$6" | sed -e 's/\.*$//g' -e 's/^\.*//g') is_format_valid 'ns5' + ns="$ns,$ns5" fi if [ -n "$ns6" ]; then - ns6=$(echo "$7" | sed -e 's/\.*$//g' -e 's/^\.*//g') is_format_valid 'ns6' + ns="$ns,$ns6" fi if [ -n "$ns7" ]; then - ns7=$(echo "$8" | sed -e 's/\.*$//g' -e 's/^\.*//g') is_format_valid 'ns7' + ns="$ns,$ns7" fi if [ -n "$ns8" ]; then - ns8=$(echo "$9" | sed -e 's/\.*$//g' -e 's/^\.*//g') is_format_valid 'ns8' + ns="$ns,$ns8" fi is_object_valid 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user" @@ -72,10 +74,6 @@ check_hestia_demo_mode # Action # #----------------------------------------------------------# -# Merging values -ns="$ns1,$ns2,$ns3,$ns4,$ns5,$ns6,$ns7,$ns8" -ns=$(echo "$ns" | sed -e "s/,,//g" -e "s/,$//") - # Changing ns values update_user_value "$user" '$NS' "$ns" diff --git a/bin/v-change-user-theme b/bin/v-change-user-theme index 85ad40407a..32165fb9ca 100755 --- a/bin/v-change-user-theme +++ b/bin/v-change-user-theme @@ -27,7 +27,7 @@ source_conf "$HESTIA/conf/hestia.conf" # Verifications # #----------------------------------------------------------# -is_format_valid 'user' +is_format_valid 'user' 'theme' is_common_format_valid "$theme" "theme" is_object_valid 'user' 'USER' "$user" diff --git a/bin/v-change-web-domain-name b/bin/v-change-web-domain-name index d6f01e2d56..c954d8cfa2 100755 --- a/bin/v-change-web-domain-name +++ b/bin/v-change-web-domain-name @@ -40,6 +40,7 @@ format_domain_idn check_args '3' "$#" 'USER DOMAIN NEW_DOMAIN [RESTART]' is_format_valid 'user' 'domain' +is_domain_format_valid "$new_domain" is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM' is_object_valid 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user" diff --git a/bin/v-check-access-key b/bin/v-check-access-key index e208f1cb01..9decfd39fd 100755 --- a/bin/v-check-access-key +++ b/bin/v-check-access-key @@ -78,7 +78,7 @@ abort_missmatch() { CHECK_RESULT_CALLBACK="abort_missmatch" check_args '3' "$#" 'ACCESS_KEY_ID SECRET_ACCESS_KEY COMMAND [IP] [FORMAT]' -is_format_valid 'access_key_id' +is_format_valid 'access_key_id' 'ip' 'command' is_object_valid 'key' 'KEY' "$access_key_id" is_format_valid 'secret_access_key' check_access_key_secret "$access_key_id" "$secret_access_key" user diff --git a/bin/v-delete-database-temp-user b/bin/v-delete-database-temp-user index b94a371ee2..df622efbc3 100755 --- a/bin/v-delete-database-temp-user +++ b/bin/v-delete-database-temp-user @@ -33,7 +33,7 @@ source_conf "$HESTIA/conf/hestia.conf" #----------------------------------------------------------# check_args '3' "$#" 'USER DATABASE DBUSER [TYPE] [HOST]' -is_format_valid 'user' 'dbuser' +is_format_valid 'user' 'database' 'dbuser' is_system_enabled "$DB_SYSTEM" 'DB_SYSTEM' is_object_valid 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user" diff --git a/bin/v-delete-dns-on-web-alias b/bin/v-delete-dns-on-web-alias index 5f8c95b774..ca5784a3fa 100755 --- a/bin/v-delete-dns-on-web-alias +++ b/bin/v-delete-dns-on-web-alias @@ -13,6 +13,7 @@ # Argument definition user=$1 domain=$2 +alias=$3 domain_idn=$2 dom_alias=$(idn -t --quiet -u "$3" ) dom_alias=$(echo $dom_alias |sed -e 's/\.*$//g' -e 's/^\.*//g') @@ -43,7 +44,7 @@ check_hestia_demo_mode #----------------------------------------------------------# check_args '3' "$#" 'USER DOMAIN ALIAS [RESTART]' -is_format_valid 'user' 'domain' +is_format_valid 'user' 'domain' 'alias' 'restart' is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM' is_system_enabled "$DNS_SYSTEM" 'DNS_SYSTEM' is_object_valid 'user' 'USER' "$user" diff --git a/bin/v-delete-mail-account-forward b/bin/v-delete-mail-account-forward index dede857232..939b2ee92c 100755 --- a/bin/v-delete-mail-account-forward +++ b/bin/v-delete-mail-account-forward @@ -36,6 +36,7 @@ format_domain_idn #----------------------------------------------------------# check_args '4' "$#" 'USER DOMAIN ACCOUNT FORWARD' +is_format_valid 'user' 'domain' 'account' if [ "$forward" != ':blackhole:' ]; then is_format_valid 'forward' fi diff --git a/bin/v-delete-user-notification b/bin/v-delete-user-notification index 4a1ef9fbb6..6b7e1b0a05 100755 --- a/bin/v-delete-user-notification +++ b/bin/v-delete-user-notification @@ -12,7 +12,7 @@ # Argument definition user=$1 -nid=$2 +id=$2 # Includes # shellcheck source=/etc/hestiacp/hestia.conf @@ -27,7 +27,7 @@ source_conf "$HESTIA/conf/hestia.conf" #----------------------------------------------------------# check_args '2' "$#" 'USER NOTIFICATION' -is_format_valid 'user' 'nid' +is_format_valid 'user' 'id' is_object_valid 'user' 'USER' "$user" # Perform verification if read-only mode is enabled @@ -38,7 +38,7 @@ check_hestia_demo_mode #----------------------------------------------------------# # Deleting notification -sed -i "/NID='$nid' /d" $USER_DATA/notifications.conf 2>/dev/null +sed -i "/NID='$id' /d" $USER_DATA/notifications.conf 2>/dev/null # Checking last notification if [ -e "$USER_DATA/notifications.conf" ]; then diff --git a/bin/v-delete-user-ssh-key b/bin/v-delete-user-ssh-key index 54d00d8857..ec172e1fb6 100755 --- a/bin/v-delete-user-ssh-key +++ b/bin/v-delete-user-ssh-key @@ -29,6 +29,7 @@ source_conf "$HESTIA/conf/hestia.conf" check_args '2' "$#" 'USER KEYID' is_format_valid 'user' +is_no_new_line_format "$key_id" is_object_valid 'user' 'USER' "$user" source "$USER_DATA/user.conf" diff --git a/bin/v-generate-ssl-cert b/bin/v-generate-ssl-cert index 206ed1592f..2abb56338f 100755 --- a/bin/v-generate-ssl-cert +++ b/bin/v-generate-ssl-cert @@ -72,6 +72,11 @@ fi args_usage='DOMAIN EMAIL COUNTRY STATE CITY ORG UNIT [ALIASES] [FORMAT]' check_args '7' "$#" "$args_usage" is_format_valid 'domain' 'aliases' 'format' 'email' +is_common_format_valid $country "country" +is_common_format_valid $state "state" +is_common_format_valid $org "org" +is_common_format_valid $unit "unit" + release="$(lsb_release -s -r)" diff --git a/bin/v-get-user-salt b/bin/v-get-user-salt index 8124ca6f80..b46373d943 100755 --- a/bin/v-get-user-salt +++ b/bin/v-get-user-salt @@ -64,7 +64,7 @@ csv_list() { check_args '1' "$#" 'USER [IP] [SALT]' -is_format_valid 'user' +is_format_valid 'user' 'ip' # Checking user if [ ! -d "$HESTIA/data/users/$user" ]; then diff --git a/bin/v-log-action b/bin/v-log-action index 82d3ae0f77..78b23b88d8 100755 --- a/bin/v-log-action +++ b/bin/v-log-action @@ -31,6 +31,8 @@ event_level=$2 export event_category=$3 event_details=$4 +is_common_format_valid "$event_level" "event level" + # Validate event type input if [ "$event_level" != "Info" ] && [ "$event_level" != "Warning" ] && [ "$event_level" != "Error" ]; then echo "Error: Invalid event type specified." @@ -47,6 +49,7 @@ fi check_args '4' "$#" 'USER TYPE CATEGORY DETAILS' if [ "$user" != "system" ]; then + is_format_valid 'user' is_object_valid 'user' 'USER' "$user" fi diff --git a/bin/v-log-user-logout b/bin/v-log-user-logout index 1cc9026d7e..2713748e6c 100755 --- a/bin/v-log-user-logout +++ b/bin/v-log-user-logout @@ -24,6 +24,7 @@ source_conf "$HESTIA/conf/hestia.conf" check_args '2' "$#" 'USER SESSION_ID' is_format_valid 'user' +is_common_format_valid "$session_id" "Session ID" is_object_valid 'user' 'USER' "$user" if [ ! -f "$USER_DATA/auth.log" ]; then diff --git a/bin/v-purge-nginx-cache b/bin/v-purge-nginx-cache index a4294cc798..4196cb3045 100755 --- a/bin/v-purge-nginx-cache +++ b/bin/v-purge-nginx-cache @@ -13,6 +13,7 @@ # Argument definition user=$1 domain=$2 +rstart=$3 # Includes # shellcheck source=/etc/hestiacp/hestia.conf @@ -28,8 +29,8 @@ source_conf "$HESTIA/conf/hestia.conf" # Verifications # #----------------------------------------------------------# -check_args '2' "$#" 'USER DOMAIN' -is_format_valid 'user' 'domain' +check_args '2' "$#" 'USER DOMAIN [RESTART]' +is_format_valid 'user' 'domain' 'restart' is_object_valid 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user" is_object_valid 'web' 'DOMAIN' "$domain" diff --git a/bin/v-schedule-letsencrypt-domain b/bin/v-schedule-letsencrypt-domain index 8420e5f0f4..05229e8c7c 100755 --- a/bin/v-schedule-letsencrypt-domain +++ b/bin/v-schedule-letsencrypt-domain @@ -30,7 +30,7 @@ source_conf "$HESTIA/conf/hestia.conf" #----------------------------------------------------------# check_args '2' "$#" 'USER DOMAIN [ALIASES]' -is_format_valid 'user' 'domain' +is_format_valid 'user' 'domain' 'aliases' is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM' is_system_enabled "$WEB_SSL" 'SSL_SUPPORT' is_object_valid 'user' 'USER' "$user" diff --git a/bin/v-update-host-certificate b/bin/v-update-host-certificate index 581838ac15..d15f53cd76 100755 --- a/bin/v-update-host-certificate +++ b/bin/v-update-host-certificate @@ -36,6 +36,7 @@ source_conf "$HESTIA/conf/hestia.conf" check_args '1' "$#" '[USER] [HOSTNAME]' is_format_valid 'user' +is_domain_format_valid "$hostname" "hostname" is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM' is_system_enabled "$WEB_SSL" 'SSL_SUPPORT' is_object_valid 'user' 'USER' "$user" diff --git a/bin/v-update-user-backup-exclusions b/bin/v-update-user-backup-exclusions index a6786e45cf..62c00d81ec 100755 --- a/bin/v-update-user-backup-exclusions +++ b/bin/v-update-user-backup-exclusions @@ -40,7 +40,7 @@ is_file_valid() { #----------------------------------------------------------# check_args '2' "$#" 'USER FILE' -is_format_valid 'user' 'vfile' +is_format_valid 'user' is_object_valid 'user' 'USER' "$user" is_file_available is_file_valid diff --git a/func/main.sh b/func/main.sh index 4a9c5ca001..52163c2d1f 100644 --- a/func/main.sh +++ b/func/main.sh @@ -686,13 +686,13 @@ is_user_format_valid() { } # Domain format validator -# removed "" around \.\. and $(printf '\t'): SC2076: Don't quote right-hand side of =~, it'll match literally rather than as a regex. And we need regex match! is_domain_format_valid() { object_name=${2-domain} exclude="[!|@|#|$|^|&|*|(|)|+|=|{|}|:|,|<|>|?|_|/|\|\"|'|;|%|\`| ]" if [[ $1 =~ $exclude ]] || [[ $1 =~ ^[0-9]+$ ]] || [[ $1 =~ \.\. ]] || [[ $1 =~ $(printf '\t') ]] || [[ "$1" = "www" ]]; then check_result "$E_INVALID" "invalid $object_name format :: $1" fi + is_no_new_line_format "$1"; } # Alias forman validator @@ -829,6 +829,7 @@ is_extention_format_valid() { if [[ "$1" =~ $exclude ]]; then check_result "$E_INVALID" "invalid proxy extention format :: $1" fi + is_no_new_line_format "$1"; } # Number format validator @@ -885,6 +886,14 @@ is_common_format_valid() { if [[ $(echo -n "$1" | grep -c '\_\_') -gt 0 ]]; then check_result "$E_INVALID" "invalid $2 format :: $1" fi + is_no_new_line_format "$1"; +} + +is_no_new_line_format() { + test=$(echo $1 | sed -e 's/\.*$//g' -e 's/^\.*//g'); + if [[ "$test" != "$1" ]]; then + check_result "$E_INVALID" "invalid value :: $1" + fi } is_string_format_valid() { @@ -892,6 +901,7 @@ is_string_format_valid() { if [[ "$1" =~ $exclude ]]; then check_result "$E_INVALID" "invalid $2 format :: $1" fi + is_no_new_line_format "$1"; } # Database format validator @@ -900,6 +910,7 @@ is_database_format_valid() { if [[ "$1" =~ $exclude ]] || [ 64 -le ${#1} ]; then check_result "$E_INVALID" "invalid $2 format :: $1" fi + is_no_new_line_format "$1"; } # Date format validator @@ -918,6 +929,7 @@ is_dbuser_format_valid() { if [[ "$1" =~ $exclude ]]; then check_result "$E_INVALID" "invalid $2 format :: $1" fi + is_no_new_line_format "$1" } # DNS record type validator @@ -940,7 +952,7 @@ is_dns_record_format_valid() { is_domain_format_valid "${1::-1}" 'mx_record' is_int_format_valid "$priority" 'priority_record' fi - + is_no_new_line_format "$1"; } # Email format validator @@ -1066,7 +1078,7 @@ is_object_format_valid() { # Role validator is_role_valid (){ - if ! [[ "$1" =~ ^admin|user$ ]]; then + if ! [[ "$1" =~ ^admin$|^user$ ]]; then check_result "$E_INVALID" "invalid $2 format :: $1" fi } @@ -1112,12 +1124,14 @@ is_format_valid() { action) is_fw_action_format_valid "$arg";; active) is_boolean_format_valid "$arg" 'active' ;; aliases) is_alias_format_valid "$arg" ;; + alias) is_alias_format_valid "$arg" ;; antispam) is_boolean_format_valid "$arg" 'antispam' ;; antivirus) is_boolean_format_valid "$arg" 'antivirus' ;; autoreply) is_autoreply_format_valid "$arg" ;; backup) is_object_format_valid "$arg" 'backup' ;; charset) is_object_format_valid "$arg" "$arg_name" ;; charsets) is_common_format_valid "$arg" 'charsets' ;; + chain) is_object_format_valid "$arg" 'chain' ;; comment) is_object_format_valid "$arg" 'comment' ;; database) is_database_format_valid "$arg" 'database';; day) is_cron_format_valid "$arg" $arg_name ;; @@ -1126,11 +1140,13 @@ is_format_valid() { dkim) is_boolean_format_valid "$arg" 'dkim' ;; dkim_size) is_int_format_valid "$arg" ;; domain) is_domain_format_valid "$arg" ;; + dom_alias) is_alias_format_valid "$arg" ;; dvalue) is_dns_record_format_valid "$arg";; email) is_email_format_valid "$arg" ;; email_forward) is_email_format_valid "$arg" ;; exp) is_date_format_valid "$arg" ;; extentions) is_common_format_valid "$arg" 'extentions' ;; + format) is_type_valid 'plain json shell csv' "$arg" ;; ftp_password) is_password_format_valid "$arg" ;; ftp_user) is_user_format_valid "$arg" "$arg_name" ;; hash) is_hash_format_valid "$arg" "$arg_name" ;; @@ -1181,9 +1197,11 @@ is_format_valid() { soa) is_domain_format_valid "$arg" 'SOA' ;; #missing command: is_format_valid_shell shell) is_format_valid_shell "$arg" ;; + ssl_dir) is_folder_exists "$arg" "$arg_name" ;; stats_pass) is_password_format_valid "$arg" ;; stats_user) is_user_format_valid "$arg" "$arg_name" ;; template) is_object_format_valid "$arg" "$arg_name" ;; + theme) is_common_format_valid "$arg" "$arg_name" ;; ttl) is_int_format_valid "$arg" 'ttl';; user) is_user_format_valid "$arg" $arg_name;; wday) is_cron_format_valid "$arg" $arg_name ;; @@ -1193,6 +1211,20 @@ is_format_valid() { done } +is_folder_exists () { + if [ ! -d "$1" ]; then + check_result "$E_NOTEXIST" "folder $1 does not exist" + fi +} + +is_command_valid_format () { + if [[ ! "$1" =~ ^v-[[:alnum:]][-|\.|_[:alnum:]]{0,64}[[:alnum:]]$ ]]; then + check_result "$E_INVALID" "Invalid command format" + fi + if [[ -n $( echo "$1" | grep -e '\-\-' ) ]]; then + check_result "$E_INVALID" "Invalid command format" + fi +} # Check access_key_id name # Don't work with legacy key format is_access_key_id_format_valid() { @@ -1495,6 +1527,7 @@ format_no_quotes() { if [[ "$1" =~ $exclude ]]; then check_result "$E_INVALID" "Invalid $2 contains qoutes (\" or ') :: $1" fi + is_no_new_line_format "$1" } is_username_format_valid(){ diff --git a/test/checks.bats b/test/checks.bats new file mode 100644 index 0000000000..e3789a6ce9 --- /dev/null +++ b/test/checks.bats @@ -0,0 +1,349 @@ +#!/usr/bin/env bats + +if [ "${PATH#*/usr/local/hestia/bin*}" = "$PATH" ]; then + . /etc/profile.d/hestia.sh +fi + +load 'test_helper/bats-support/load' +load 'test_helper/bats-assert/load' +load 'test_helper/bats-file/load' + +function random() { +head /dev/urandom | tr -dc 0-9 | head -c$1 +} + +function setup() { + # echo "# Setup_file" > &3 + if [ $BATS_TEST_NUMBER = 1 ]; then + echo 'user=test-5285' > /tmp/hestia-test-env.sh + echo 'user2=test-5286' >> /tmp/hestia-test-env.sh + echo 'userbk=testbk-5285' >> /tmp/hestia-test-env.sh + echo 'userpass1=test-5285' >> /tmp/hestia-test-env.sh + echo 'userpass2=t3st-p4ssw0rd' >> /tmp/hestia-test-env.sh + echo 'HESTIA=/usr/local/hestia' >> /tmp/hestia-test-env.sh + echo 'domain=test-5285.hestiacp.com' >> /tmp/hestia-test-env.sh + echo 'domainuk=test-5285.hestiacp.com.uk' >> /tmp/hestia-test-env.sh + echo 'rootdomain=testhestiacp.com' >> /tmp/hestia-test-env.sh + echo 'subdomain=cdn.testhestiacp.com' >> /tmp/hestia-test-env.sh + echo 'database=test-5285_database' >> /tmp/hestia-test-env.sh + echo 'dbuser=test-5285_dbuser' >> /tmp/hestia-test-env.sh + fi + + source /tmp/hestia-test-env.sh + source $HESTIA/func/main.sh + source $HESTIA/conf/hestia.conf + source $HESTIA/func/ip.sh +} + +@test "is_access_key_id_format_valid valid" { + run is_access_key_id_format_valid 'M0ocDoIKbsoXSqtk1mgc' "key" + assert_success +} +@test "is_access_key_id_format_valid short" { + run is_access_key_id_format_valid 'M0ocDoIKbsoXSqtk1mg' "key" + assert_failure $E_INVALID +} +@test "is_access_key_id_format_valid long" { + run is_access_key_id_format_valid 'M0ocDoIKbsoXSqtk1mgca' "key" + assert_failure $E_INVALID +} +@test "is_access_key_id_format_valid non alpha" { + run is_access_key_id_format_valid 'M0ocDoIKbsoX$qtk1mgc' "key" + assert_failure $E_INVALID +} + +@test "is_access_key_id_format_valid LHF" { + run is_access_key_id_format_valid 'c +1eshutdown +r' "key" + assert_failure $E_INVALID +} + +@test "is_user_format_valid valid" { + run is_user_format_valid 'hxh54SKbALne4s69VsqJRMbMd8Br' "key" + assert_success +} +@test "is_user_format_valid short" { + run is_user_format_valid 'hxh54SKbALne4s69VsqJR' "key" + assert_success +} +@test "is_user_format_valid long" { + run is_user_format_valid 'hxh54SKbALne4s69VsqJRMbMd8Braaa' "key" + assert_failure $E_INVALID +} +@test "is_user_format_valid dash" { + run is_user_format_valid 'hxh54SKbALne4-s6-VsqJRMbMd8Br' "key" + assert_success +} + +@test "is_user_format_valid dash repeat" { + run is_user_format_valid 'hxh54SKbALne4s6--VsqJRMbMd8Br' "key" + assert_success +} +@test "is_user_format_valid dash start" { + run is_user_format_valid '-hxh54SKbALne4s6VsqJRMbMd8Br' "key" + assert_failure $E_INVALID +} +@test "is_user_format_valid dash end" { + run is_user_format_valid 'hxh54SKbALne4s6VsqJRMbMd8Br-' "key" + assert_failure $E_INVALID +} +@test "is_user_format_valid LHF" { + run is_user_format_valid 'M0ocDoIK + soXSqtk1mgc' "key" + assert_failure $E_INVALID +} + +@test "is_fw_action_format_valid ACCEPT" { + run is_fw_action_format_valid 'ACCEPT' "key" + assert_success +} +@test "is_fw_action_format_valid DROP" { + run is_fw_action_format_valid 'DROP' "key" + assert_success +} +@test "is_fw_action_format_valid TEST" { + run is_fw_action_format_valid 'TEST' "key" + assert_failure $E_INVALID +} +@test "is_fw_action_format_valid LHF" { + run is_fw_protocol_format_valid 'M0ocDoIK + soXSqtk1mgc' "key" + assert_failure $E_INVALID +} + +@test "is_fw_protocol_format_valid ICMP" { + run is_fw_protocol_format_valid 'ICMP' "key" + assert_success +} + +@test "is_fw_protocol_format_valid UDP" { + run is_fw_protocol_format_valid 'UDP' "key" + assert_success +} +@test "is_fw_protocol_format_valid TCP" { + run is_fw_protocol_format_valid 'TCP' "key" + assert_success +} +@test "is_fw_protocol_format_valid TEST" { + run is_fw_protocol_format_valid 'TEST' "key" + assert_failure $E_INVALID +} + + +@test "is_domain_format_valid success" { + run is_domain_format_valid 'hestiacp.com' "key" + assert_success +} + +@test "is_domain_format_valid www" { + run is_domain_format_valid 'www' "key" + assert_failure $E_INVALID +} +@test "is_domain_format_valid number" { + run is_domain_format_valid '12345' "key" + assert_failure $E_INVALID +} + +@test "is_domain_format_valid .." { + run is_domain_format_valid '..' "key" + assert_failure $E_INVALID +} +@test "is_domain_format_valid LF." { + run is_domain_format_valid 'c +1eshutdown +r' "key" + assert_failure $E_INVALID +} + +@test "is_alias_format_valid success" { + run is_domain_format_valid 'hestiacp.com' "key" + assert_success +} + +@test "is_alias_format_valid www" { + run is_domain_format_valid 'www' "key" + assert_failure $E_INVALID +} +@test "is_alias_format_valid number" { + run is_domain_format_valid '12345' "key" + assert_failure $E_INVALID +} + +@test "is_alias_format_valid .." { + run is_domain_format_valid '..' "key" + assert_failure $E_INVALID +} +@test "is_alias_format_valid LF." { + run is_domain_format_valid 'c +1eshutdown +r' "key" + assert_failure $E_INVALID +} + +@test "is_extention_format_valid test" { + run is_extention_format_valid 'c +1eshutdown +r' "key" + assert_failure $E_INVALID +} + +@test "is_string_format_valid test" { + run is_string_format_valid 'c +1eshutdown +r' "key" + assert_failure $E_INVALID +} + +@test "is_database_format_valid test" { + run is_database_format_valid 'c +1eshutdown +r' "key" + assert_failure $E_INVALID +} + +@test "is_date_format_valid test" { + run is_date_format_valid 'c +1eshutdown +r' "key" + assert_failure $E_INVALID +} + +@test "is_dbuser_format_valid test" { + run is_dbuser_format_valid 'c +1eshutdown +r' "key" + assert_failure $E_INVALID +} + +@test "is_dns_type_format_valid test" { + run is_dns_type_format_valid 'c +1eshutdown +r' "key" + assert_failure $E_INVALID +} + +@test "is_dns_record_format_valid test" { + run is_dns_record_format_valid 'c +1eshutdown +r' "key" + assert_failure $E_INVALID +} + +@test "is_email_format_valid test" { + run is_email_format_valid 'c +1eshutdown +r' "key" + assert_failure $E_INVALID +} + +@test "is_fw_port_format_valid test" { + run is_fw_port_format_valid 'c +1eshutdown +r' "key" + assert_failure $E_INVALID +} + +@test "is_int_format_valid test" { + run is_int_format_valid 'c +1eshutdown +r' "key" + assert_failure $E_INVALID +} + +@test "is_interface_format_valid test" { + run is_interface_format_valid 'c +1eshutdown +r' "key" + assert_failure $E_INVALID +} + +@test "is_ip_status_format_valid test" { + run is_ip_status_format_valid 'c +1eshutdown +r' "key" + assert_failure $E_INVALID +} + +@test "is_cron_format_valid test" { + run is_cron_format_valid 'c +1eshutdown +r' "key" + assert_failure $E_INVALID +} + +@test "is_name_format_valid test" { + run is_name_format_valid 'c +1eshutdown +r' "key" + assert_failure $E_INVALID +} + + +@test "is_role_valid test" { + run is_role_valid 'c +1eshutdown +r' "key" + assert_failure $E_INVALID +} + +@test "is_object_format_valid test" { + run is_object_format_valid 'c +1eshutdown +r' "key" + assert_failure $E_INVALID +} + + +@test "is_common_format_valid test" { + run is_common_format_valid 'c +1eshutdown +r' "key" + assert_failure $E_INVALID +} + +@test "format_no_quotes test" { + run format_no_quotes 'c +1eshutdown +r' "key" + assert_failure $E_INVALID +} + +@test "is_type_valid" { + run is_type_valid 'c + 1eshutdown + r' "test,key" + assert_failure $E_INVALID +} + +@test "is_command_valid_format v-list-users" { + run is_command_valid_format 'v-list-users' + assert_success +} + +@test "is_command_valid_format v-list--users (Fail)" { + run is_command_valid_format 'v-list--users' + assert_failure $E_INVALID +} + +@test "is_command_valid_format h-list-users (Fail)" { + run is_command_valid_format 'h-list-users' + assert_failure $E_INVALID +} + +@test "is_command_valid_format list-users (Fail)" { + run is_command_valid_format 'list-users' + assert_failure $E_INVALID +} + +@test "is_command_valid_format vlist-users (Fail)" { + run is_command_valid_format 'vlist-users' + assert_failure $E_INVALID +} + +@test "is_command_valid_format LF (Fail)" { + run is_command_valid_format 'v- +1eshutdown +r' "key" + assert_failure $E_INVALID +} \ No newline at end of file diff --git a/web/inc/main.php b/web/inc/main.php index 128d2a93f9..036fa77180 100644 --- a/web/inc/main.php +++ b/web/inc/main.php @@ -64,7 +64,7 @@ function destroy_sessions() } // Checking user to use session from the same IP he has been logged in -if ($_SESSION['user_combined_ip'] != $user_combined_ip && $_SERVER['REMOTE_ADDR'] != '127.0.0.1') { +if ($_SESSION['user_combined_ip'] != $user_combined_ip) { $v_user = escapeshellarg($_SESSION['user']); $v_session_id = escapeshellarg($_SESSION['token']); exec(HESTIA_CMD . 'v-log-user-logout ' . $v_user . ' ' . $v_session_id, $output, $return_var);