Helmo · Helmo · Helmo · Christian · Christian · Christian
--- a/.gitignore
+++ b/.gitignore
 .idea
 /nbproject/private/
+.vscode
 .phplint-cache
 *.swp


--- a/docs/autoinstall_samples/autoinstall.conf_sample.php
+++ b/docs/autoinstall_samples/autoinstall.conf_sample.php
@@ -61,7 +61,7 @@ $autoupdate['ignore_hostname_dns'] = 'n';
 $autoupdate['ispconfig_postfix_ssl_symlink'] = 'y';
 $autoupdate['ispconfig_pureftpd_ssl_symlink'] = 'y';

-/* These are for service-detection (defaulting to old behaviour where alle changes were automatically accepted) */
+/* These are for service-detection (defaulting to old behaviour where all changes were automatically accepted) */
 $autoupdate['svc_detect_change_mail_server'] = 'yes'; // yes (default), no
 $autoupdate['svc_detect_change_web_server'] = 'yes'; // yes (default), no
 $autoupdate['svc_detect_change_dns_server'] = 'yes'; // yes (default), no

--- a/docs/autoinstall_samples/autoinstall.ini.sample
+++ b/docs/autoinstall_samples/autoinstall.ini.sample
@@ -60,7 +60,7 @@ ignore_hostname_dns=n
 ispconfig_postfix_ssl_symlink=y
 ispconfig_pureftpd_ssl_symlink=y

-; These are for service-detection (defaulting to old behaviour where alle changes were automatically accepted)
+; These are for service-detection (defaulting to old behaviour where all changes were automatically accepted)
 svc_detect_change_mail_server=yes
 svc_detect_change_web_server=yes
 svc_detect_change_dns_server=yes

--- a/install/dist/lib/gentoo.lib.php
+++ b/install/dist/lib/gentoo.lib.php
--- a/install/dist/tpl/gentoo/apache_ispconfig.vhost.master
+++ b/install/dist/tpl/gentoo/apache_ispconfig.vhost.master
@@ -4,41 +4,83 @@
 # for the ISPConfig controlpanel
 ######################################################

-{vhost_port_listen} Listen {vhost_port}
-<tmpl_if name='apache_version' op='<' value='2.4' format='version'>
-  # NameVirtualHost *:{vhost_port}
-</tmpl_if>
+<tmpl_var name="vhost_port_listen"> Listen <tmpl_var name="vhost_port">
+NameVirtualHost *:<tmpl_var name="vhost_port">

-<VirtualHost _default_:{vhost_port}>
+<VirtualHost _default_:<tmpl_var name="vhost_port">>
  ServerAdmin webmaster@localhost

  Alias /mail /var/www/ispconfig/mail
  
+  <Directory /var/www/ispconfig/>
+    <FilesMatch "\.ph(p3?|tml)$">
+      SetHandler None
+    </FilesMatch>
+  </Directory>
+  <Directory /usr/local/ispconfig/interface/web/>
+    <FilesMatch "\.ph(p3?|tml)$">
+      SetHandler None
+    </FilesMatch>
+  </Directory>
+  
  <IfModule mod_fcgid.c>
    DocumentRoot /var/www/ispconfig/
    SuexecUserGroup ispconfig ispconfig
    <Directory /var/www/ispconfig/>
-      Options +Indexes +FollowSymLinks +MultiViews +ExecCGI
+      Options -Indexes +FollowSymLinks +MultiViews +ExecCGI
      AllowOverride AuthConfig Indexes Limit Options FileInfo
-      <FilesMatch "\.ph(p[3-5]?|tml)$">
+      <FilesMatch "\.php$">
           SetHandler fcgid-script
      </FilesMatch>
      FCGIWrapper /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter .php
+      <tmpl_if name='apache_version' op='>' value='2.2' format='version'>
+      Require all granted
+      <tmpl_else>
      Order allow,deny
      Allow from all
+      </tmpl_if>
    </Directory>
    DirectoryIndex index.php
+    IPCCommTimeout  7200
+    MaxRequestLen 15728640
+  </IfModule>
+  
+  <IfModule mod_proxy_fcgi.c>
+    DocumentRoot /usr/local/ispconfig/interface/web
+    SuexecUserGroup ispconfig ispconfig
+    DirectoryIndex index.php
+
+    <Directory /usr/local/ispconfig/interface/web>
+      Options -Indexes +FollowSymLinks +MultiViews +ExecCGI
+      AllowOverride AuthConfig Indexes Limit Options FileInfo
+      <tmpl_if name='apache_version' op='>' value='2.2' format='version'>
+      Require all granted
+      <tmpl_else>
+      Order allow,deny
+      Allow from all
+      </tmpl_if>
+      <FilesMatch \.php$>
+         #SetHandler "proxy:unix:/var/lib/php5-fpm/ispconfig.sock|fcgi://localhost"
+         SetHandler "proxy:fcgi://127.0.0.1:9000"
+      </FilesMatch>
+    </Directory>
  </IfModule>

-  <IfModule mod_php5.c>
+  <IfModule mpm_itk_module>
    DocumentRoot /usr/local/ispconfig/interface/web/
+    AssignUserId ispconfig ispconfig
    AddType application/x-httpd-php .php
    <Directory /usr/local/ispconfig/interface/web>
+      # php_admin_value open_basedir "/usr/local/ispconfig/interface:/usr/share:/tmp"
      Options +FollowSymLinks
      AllowOverride None
+      <tmpl_if name='apache_version' op='>' value='2.2' format='version'>
+      Require all granted
+      <tmpl_else>
      Order allow,deny
      Allow from all
-	  php_value magic_quotes_gpc        0
+      </tmpl_if>
+      php_value magic_quotes_gpc        0
    </Directory>
  </IfModule>

@@ -51,20 +93,53 @@
  </IfModule>

  # SSL Configuration
-  {ssl_comment}SSLEngine On
-  {ssl_comment}SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
-  {ssl_comment}SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
+  <tmpl_var name="ssl_comment">SSLEngine On
+  <tmpl_if name='apache_version' op='>=' value='2.3.16' format='version'>
+  <tmpl_var name="ssl_comment">SSLProtocol All -SSLv3 -TLSv1 -TLSv1.1
+  <tmpl_else>
+  <tmpl_var name="ssl_comment">SSLProtocol All -SSLv2 -SSLv3
+  </tmpl_if>
+  <tmpl_var name="ssl_comment">SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
+  <tmpl_var name="ssl_comment">SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
+  <tmpl_var name="ssl_bundle_comment">SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle

-</VirtualHost>
+  <tmpl_var name="ssl_comment">SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+  <tmpl_var name="ssl_comment">SSLHonorCipherOrder On
+  <tmpl_if name='apache_version' op='>=' value='2.4.3' format='version'>
+  <tmpl_var name="ssl_comment">SSLCompression Off
+  </tmpl_if>
+  <tmpl_if name='apache_version' op='>=' value='2.4.11' format='version'>
+  <tmpl_var name="ssl_comment">SSLSessionTickets Off
+  </tmpl_if>

-<Directory /var/www/php-cgi-scripts>
-    AllowOverride None
-    Order Deny,Allow
-    Deny from all
-</Directory>
+  <IfModule mod_headers.c>
+    # ISPConfig 3.1 currently requires unsafe-line for both scripts and styles, as well as unsafe-eval
+    Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'"
+    <tmpl_var name="ssl_comment">Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests"
+    Header set X-Content-Type-Options: nosniff
+    Header set X-Frame-Options: SAMEORIGIN
+    Header set X-XSS-Protection: "1; mode=block"
+    Header always edit Set-Cookie (.*) "$1; HTTPOnly"
+    <tmpl_var name="ssl_comment">Header always edit Set-Cookie (.*) "$1; Secure"
+    <IfModule mod_version.c>
+      <IfVersion >= 2.4.7>
+          Header setifempty Strict-Transport-Security "max-age=15768000"
+      </IfVersion>
+      <IfVersion < 2.4.7>
+          Header set Strict-Transport-Security "max-age=15768000"
+      </IfVersion>
+    </IfModule>
+    RequestHeader unset Proxy early
+  </IfModule>
+
+  <tmpl_if name='apache_version' op='>=' value='2.3.3' format='version'>
+  <tmpl_var name="ssl_comment">SSLUseStapling On
+  <tmpl_var name="ssl_comment">SSLStaplingResponderTimeout 5
+  <tmpl_var name="ssl_comment">SSLStaplingReturnResponderErrors Off
+  </tmpl_if>
+  
+  # Redirect http to https
+  ErrorDocument 400 "<script>document.location.href='https://'+location.hostname+':'+location.port';</script><h1>Error 400 - trying to redirect</h1>"
+
+</VirtualHost>

-<Directory /var/www/php-fcgi-scripts>
-    AllowOverride None
-    Order Deny,Allow
-    Deny from all
-</Directory>
--- a/install/lib/installer_base.lib.php
+++ b/install/lib/installer_base.lib.php
@@ -52,7 +52,7 @@ class installer_base {
 	}

 	public function update_acme() {
-		$acme = explode("\n", shell_exec('which acme.sh /usr/local/ispconfig/server/scripts/acme.sh /root/.acme.sh/acme.sh 2> /dev/null'));
+		$acme = explode("\n", (string)shell_exec('which acme.sh /usr/local/ispconfig/server/scripts/acme.sh /root/.acme.sh/acme.sh 2> /dev/null'));
 		$acme = reset($acme);
 		$val = 0;

@@ -838,9 +838,9 @@ class installer_base {
 			$addr_cleanup = "'%u'";
 			foreach (str_split($out[0]) as $delim) {
 				$recipient_delimiter = $this->db->escape( str_replace('%', '%%', $delim) );
-				$addr_cleanup = "SUBSTRING_INDEX(${addr_cleanup}, '${recipient_delimiter}', 1)";
+				$addr_cleanup = "SUBSTRING_INDEX({$addr_cleanup}, '{$recipient_delimiter}', 1)";
 			}
-			$no_addr_extension = "CONCAT(${addr_cleanup}, '@%d')";
+			$no_addr_extension = "CONCAT({$addr_cleanup}, '@%d')";
 		} else {
 			$no_addr_extension = "''";
 		}
@@ -1525,7 +1525,7 @@ class installer_base {
 		foreach ($options as $value) {
 			$value = trim($value);
 			if ($value == '') continue;
-			if (preg_match("|check_recipient_access\s+proxy:mysql:${quoted_config_dir}/mysql-verify_recipients.cf|", $value)) {
+			if (preg_match("|check_recipient_access\s+proxy:mysql:{$quoted_config_dir}/mysql-verify_recipients.cf|", $value)) {
 				continue;
 			}
 			$new_options[] = $value;
@@ -1533,7 +1533,7 @@ class installer_base {
 		if ($configure_lmtp && (!isset($conf['mail']['content_filter']) || $conf['mail']['content_filter'] === 'amavisd')) {
 			for ($i = 0; isset($new_options[$i]); $i++) {
 				if ($new_options[$i] == 'reject_unlisted_recipient') {
-					array_splice($new_options, $i+1, 0, array("check_recipient_access proxy:mysql:${config_dir}/mysql-verify_recipients.cf"));
+					array_splice($new_options, $i+1, 0, array("check_recipient_access proxy:mysql:{$config_dir}/mysql-verify_recipients.cf"));
 					break;
 				}
 			}
@@ -1712,7 +1712,7 @@ class installer_base {
 			// Check for amavisd -> pure webserver with postfix for mailing without antispam
 			if ($conf['amavis']['installed']) {
 				$content_filter_service = ($configure_lmtp) ? 'lmtp' : 'amavis';
-				$postconf_commands[] = "content_filter = ${content_filter_service}:[127.0.0.1]:10024";
+				$postconf_commands[] = "content_filter = {$content_filter_service}:[127.0.0.1]:10024";
 				$postconf_commands[] = 'receive_override_options = no_address_mappings';
 				$postconf_commands[] = 'address_verify_virtual_transport = smtp:[127.0.0.1]:10025';
 				$postconf_commands[] = 'address_verify_transport_maps = static:smtp:[127.0.0.1]:10025';
@@ -1723,7 +1723,7 @@ class installer_base {
 			foreach ($options as $value) {
 				$value = trim($value);
 				if ($value == '') continue;
-				if (preg_match("|check_recipient_access\s+proxy:mysql:${quoted_config_dir}/mysql-verify_recipients.cf|", $value)) {
+				if (preg_match("|check_recipient_access\s+proxy:mysql:{$quoted_config_dir}/mysql-verify_recipients.cf|", $value)) {
 					continue;
 				}
 				$new_options[] = $value;
@@ -1731,7 +1731,7 @@ class installer_base {
 			if ($configure_lmtp) {
 				for ($i = 0; isset($new_options[$i]); $i++) {
 					if ($new_options[$i] == 'reject_unlisted_recipient') {
-						array_splice($new_options, $i+1, 0, array("check_recipient_access proxy:mysql:${config_dir}/mysql-verify_recipients.cf"));
+						array_splice($new_options, $i+1, 0, array("check_recipient_access proxy:mysql:{$config_dir}/mysql-verify_recipients.cf"));
 						break;
 					}
 				}
@@ -1868,7 +1868,7 @@ class installer_base {
 				if (preg_match('/check_policy_service\s+inet:127.0.0.1:10023/', $value)) {
 					continue;
 				}
-				if (preg_match("|check_recipient_access\s+proxy:mysql:${quoted_config_dir}/mysql-verify_recipients.cf|", $value)) {
+				if (preg_match("|check_recipient_access\s+proxy:mysql:{$quoted_config_dir}/mysql-verify_recipients.cf|", $value)) {
 					continue;
 				}
 				$new_options[] = $value;
@@ -1935,10 +1935,10 @@ class installer_base {
 		);
 		foreach ($local_d as $f) {
 			$tpl = new tpl();
-			if (file_exists($conf['ispconfig_install_dir']."/server/conf-custom/install/rspamd_${f}.master")) {
-				$tpl->newTemplate($conf['ispconfig_install_dir']."/server/conf-custom/install/rspamd_${f}.master");
+			if (file_exists($conf['ispconfig_install_dir']."/server/conf-custom/install/rspamd_{$f}.master")) {
+				$tpl->newTemplate($conf['ispconfig_install_dir']."/server/conf-custom/install/rspamd_{$f}.master");
 			} else {
-				$tpl->newTemplate("rspamd_${f}.master");
+				$tpl->newTemplate("rspamd_{$f}.master");
 			}

 			$tpl->setVar('dkim_path', $mail_config['dkim_path']);
@@ -1950,7 +1950,7 @@ class installer_base {
 				$tpl->setLoop('local_addrs', $local_addrs);
 			}

-			wf("/etc/rspamd/local.d/${f}", $tpl->grab());
+			wf("/etc/rspamd/local.d/{$f}", $tpl->grab());
 		}


@@ -1967,10 +1967,10 @@ class installer_base {
 			'arc.conf',
 		);
 		foreach ($local_d as $f) {
-			if(file_exists($conf['ispconfig_install_dir']."/server/conf-custom/install/rspamd_${f}.master")) {
-				exec('cp '.$conf['ispconfig_install_dir']."/server/conf-custom/install/rspamd_${f}.master /etc/rspamd/local.d/${f}");
+			if(file_exists($conf['ispconfig_install_dir']."/server/conf-custom/install/rspamd_{$f}.master")) {
+				exec('cp '.$conf['ispconfig_install_dir']."/server/conf-custom/install/rspamd_{$f}.master /etc/rspamd/local.d/{$f}");
 			} else {
-				exec("cp tpl/rspamd_${f}.master /etc/rspamd/local.d/${f}");
+				exec("cp tpl/rspamd_{$f}.master /etc/rspamd/local.d/{$f}");
 			}
 		}

@@ -1980,10 +1980,10 @@ class installer_base {
 			'surbl_group.conf',
 		);
 		foreach ($override_d as $f) {
-			if(file_exists($conf['ispconfig_install_dir']."/server/conf-custom/install/rspamd_${f}.master")) {
-				exec('cp '.$conf['ispconfig_install_dir']."/server/conf-custom/install/rspamd_${f}.master /etc/rspamd/override.d/${f}");
+			if(file_exists($conf['ispconfig_install_dir']."/server/conf-custom/install/rspamd_{$f}.master")) {
+				exec('cp '.$conf['ispconfig_install_dir']."/server/conf-custom/install/rspamd_{$f}.master /etc/rspamd/override.d/{$f}");
 			} else {
-				exec("cp tpl/rspamd_${f}.master /etc/rspamd/override.d/${f}");
+				exec("cp tpl/rspamd_{$f}.master /etc/rspamd/override.d/{$f}");
 			}
 		}

@@ -1995,10 +1995,10 @@ class installer_base {
 			'spf_whitelist.inc.ispc',
 		);
 		foreach ($maps_d as $f) {
-			if(file_exists($conf['ispconfig_install_dir']."/server/conf-custom/install/rspamd_${f}.master")) {
-				exec('cp '.$conf['ispconfig_install_dir']."/server/conf-custom/install/rspamd_${f}.master /etc/rspamd/local.d/maps.d/${f}");
+			if(file_exists($conf['ispconfig_install_dir']."/server/conf-custom/install/rspamd_{$f}.master")) {
+				exec('cp '.$conf['ispconfig_install_dir']."/server/conf-custom/install/rspamd_{$f}.master /etc/rspamd/local.d/maps.d/{$f}");
 			} else {
-				exec("cp tpl/rspamd_${f}.master /etc/rspamd/local.d/maps.d/${f}");
+				exec("cp tpl/rspamd_{$f}.master /etc/rspamd/local.d/maps.d/{$f}");
 			}
 		}


--- a/install/tpl/gentoo_postfix.conf.master
+++ b/install/tpl/gentoo_postfix.conf.master
+alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
+alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
 virtual_alias_domains = proxy:mysql:{config_dir}/mysql-virtual_alias_domains.cf
 virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:{config_dir}/mysql-virtual_forwardings.cf, proxy:mysql:{config_dir}/mysql-virtual_alias_maps.cf, proxy:mysql:{config_dir}/mysql-virtual_email2email.cf
 virtual_mailbox_domains = proxy:mysql:{config_dir}/mysql-virtual_domains.cf
@@ -5,6 +7,9 @@ virtual_mailbox_maps = proxy:mysql:{config_dir}/mysql-virtual_mailboxes.cf
 virtual_mailbox_base = {vmail_mailbox_base}
 virtual_uid_maps = proxy:mysql:/etc/postfix/mysql-virtual_uids.cf
 virtual_gid_maps = proxy:mysql:/etc/postfix/mysql-virtual_gids.cf
+sender_bcc_maps = proxy:mysql:{config_dir}/mysql-virtual_outgoing_bcc.cf
+inet_protocols=all
+inet_interfaces = all
 smtpd_sasl_auth_enable = yes
 broken_sasl_auth_clients = yes
 smtpd_sasl_authenticated_header = yes
@@ -35,7 +40,7 @@ header_checks = regexp:{config_dir}/header_checks
 mime_header_checks = regexp:{config_dir}/mime_header_checks
 nested_header_checks = regexp:{config_dir}/nested_header_checks
 body_checks = regexp:{config_dir}/body_checks
-inet_interfaces = all
+owner_request_special = no
 smtp_tls_security_level = may
 smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
 smtpd_tls_protocols = !SSLv2,!SSLv3

--- a/install/update.php
+++ b/install/update.php
@@ -276,33 +276,11 @@ $inst->db->setDBName($conf['mysql']['database']);

 //* initialize the master DB, if we have a multiserver setup
 if($conf['mysql']['master_slave_setup'] == 'y') {
-	//** Get MySQL root credentials
-	$finished = false;
-	do {
-		$tmp_mysql_server_host = $inst->free_query('MySQL master server hostname', $conf['mysql']['master_host'],'mysql_master_hostname');
-		$tmp_mysql_server_port = $inst->free_query('MySQL master server port', $conf['mysql']['master_port'],'mysql_master_port');
-		$tmp_mysql_server_admin_user = $inst->free_query('MySQL master server root username', $conf['mysql']['master_admin_user'],'mysql_master_root_user');
-		$tmp_mysql_server_admin_password = $inst->free_query('MySQL master server root password', $conf['mysql']['master_admin_password'],'mysql_master_root_password');
-		$tmp_mysql_server_database = $inst->free_query('MySQL master server database name', $conf['mysql']['master_database'],'mysql_master_database');
-
-		//* Initialize the MySQL server connection
-		if(@mysqli_connect($tmp_mysql_server_host, $tmp_mysql_server_admin_user, $tmp_mysql_server_admin_password, $tmp_mysql_server_database, (int)$tmp_mysql_server_port)) {
-			$conf['mysql']['master_host'] = $tmp_mysql_server_host;
-			$conf['mysql']['master_port'] = $tmp_mysql_server_port;
-			$conf['mysql']['master_admin_user'] = $tmp_mysql_server_admin_user;
-			$conf['mysql']['master_admin_password'] = $tmp_mysql_server_admin_password;
-			$conf['mysql']['master_database'] = $tmp_mysql_server_database;
-			$finished = true;
-		} else {
-			swriteln($inst->lng('Unable to connect to mysql server').' '.mysqli_connect_error());
-		}
-	} while ($finished == false);
-	unset($finished);

 	// initialize the connection to the master database
 	$inst->dbmaster = new db();
 	if($inst->dbmaster->linkId) $inst->dbmaster->closeConn();
-	$inst->dbmaster->setDBData($conf['mysql']["master_host"], $conf['mysql']["master_admin_user"], $conf['mysql']["master_admin_password"], $conf['mysql']["master_port"]);
+	$inst->dbmaster->setDBData($conf['mysql']["master_host"], $conf['mysql']["master_ispconfig_user"], $conf['mysql']["master_ispconfig_password"], $conf['mysql']["master_port"]);
 	$inst->dbmaster->setDBName($conf['mysql']["master_database"]);
 } else {
 	$inst->dbmaster = $inst->db;
@@ -349,6 +327,35 @@ unset($tmp);
 $reconfigure_master_database_rights_answer = $inst->simple_query('Reconfigure Permissions in master database?', array('yes', 'no'), 'no','reconfigure_permissions_in_master_database');

 if($reconfigure_master_database_rights_answer == 'yes') {
+	//** Get MySQL root credentials, to upgrade the dbmaster connection.
+	$finished = false;
+	do {
+		$tmp_mysql_server_host = $inst->free_query('MySQL master server hostname', $conf['mysql']['master_host'],'mysql_master_hostname');
+		$tmp_mysql_server_port = $inst->free_query('MySQL master server port', $conf['mysql']['master_port'],'mysql_master_port');
+		$tmp_mysql_server_admin_user = $inst->free_query('MySQL master server root username', $conf['mysql']['master_admin_user'],'mysql_master_root_user');
+		$tmp_mysql_server_admin_password = $inst->free_query('MySQL master server root password', $conf['mysql']['master_admin_password'],'mysql_master_root_password');
+		$tmp_mysql_server_database = $inst->free_query('MySQL master server database name', $conf['mysql']['master_database'],'mysql_master_database');
+
+		//* Initialize the MySQL server connection
+		if(@mysqli_connect($tmp_mysql_server_host, $tmp_mysql_server_admin_user, $tmp_mysql_server_admin_password, $tmp_mysql_server_database, (int)$tmp_mysql_server_port)) {
+			$conf['mysql']['master_host'] = $tmp_mysql_server_host;
+			$conf['mysql']['master_port'] = $tmp_mysql_server_port;
+			$conf['mysql']['master_admin_user'] = $tmp_mysql_server_admin_user;
+			$conf['mysql']['master_admin_password'] = $tmp_mysql_server_admin_password;
+			$conf['mysql']['master_database'] = $tmp_mysql_server_database;
+			$finished = true;
+		} else {
+			swriteln($inst->lng('Unable to connect to mysql server').' '.mysqli_connect_error());
+		}
+	} while ($finished == false);
+	unset($finished);
+
+	// initialize the connection to the master database
+	$inst->dbmaster = new db();
+	if($inst->dbmaster->linkId) $inst->dbmaster->closeConn();
+	$inst->dbmaster->setDBData($conf['mysql']["master_host"], $conf['mysql']["master_admin_user"], $conf['mysql']["master_admin_password"], $conf['mysql']["master_port"]);
+	$inst->dbmaster->setDBName($conf['mysql']["master_database"]);
+
 	$inst->grant_master_database_rights();
 }
 //}

--- a/interface/lib/classes/db_mysql.inc.php
+++ b/interface/lib/classes/db_mysql.inc.php
@@ -825,12 +825,13 @@ class db
 		return true;
 	}

-	//** Deletes a record and saves the changes into the datalog
+	// Updates a datalog record to store an error state.
 	public function datalogError($errormsg) {
 		global $app;

-		if(isset($app->modules->current_datalog_id) && $app->modules->current_datalog_id > 0) $this->query("UPDATE sys_datalog set error = ? WHERE datalog_id = ?", $errormsg, $app->modules->current_datalog_id);
-
+		if(isset($app->modules->current_datalog_id) && $app->modules->current_datalog_id > 0) {
+			$this->query("UPDATE sys_datalog set error = ? WHERE datalog_id = ?", $errormsg, $app->modules->current_datalog_id);
+		}
 		return true;
 	}

@@ -844,7 +845,11 @@ class db
 			$login = $_SESSION['s']['user']['username'];
 		}

-		$result = $this->queryAllRecords("SELECT COUNT( * ) AS cnt, sys_datalog.action, sys_datalog.dbtable FROM sys_datalog, server WHERE server.server_id = sys_datalog.server_id AND sys_datalog.user = ? AND sys_datalog.datalog_id > server.updated GROUP BY sys_datalog.dbtable, sys_datalog.action", $login);
+		$result = $this->queryAllRecords("SELECT COUNT( * ) AS cnt, sys_datalog.action, sys_datalog.dbtable
+				FROM sys_datalog, server
+				WHERE server.server_id = sys_datalog.server_id AND sys_datalog.user = ? AND sys_datalog.datalog_id > server.updated
+				GROUP BY sys_datalog.dbtable, sys_datalog.action",
+			$login);
 		foreach($result as $row) {
 			if(!$row['dbtable'] || in_array($row['dbtable'], array('aps_instances', 'aps_instances_settings', 'mail_access', 'mail_content_filter'))) continue; // ignore some entries, maybe more to come
 			$return['entries'][] = array('table' => $row['dbtable'], 'action' => $row['action'], 'count' => $row['cnt'], 'text' => $app->lng('datalog_status_' . $row['action'] . '_' . $row['dbtable'])); $return['count'] += $row['cnt'];

--- a/interface/lib/lang/cn.lng
+++ b/interface/lib/lang/cn.lng
+<?php
+$wb['conf_format_dateshort'] = 'Y-m-d';
+$wb['conf_format_dateshort_human_readable'] = 'yyyy-mm-dd';
+$wb['conf_format_datelong'] = 'l dS of F Y';
+$wb['conf_format_timeshort'] = 'H:i';
+$wb['conf_format_timelong'] = 'H:i:s';
+$wb['conf_format_datetime'] = 'Y-m-d H:i';
+$wb['number_format_decimals'] = '4';
+$wb['number_format_decimals_client'] = '2';
+$wb['number_format_dec_point'] = '.';
+$wb['number_format_thousands_sep'] = '';
+$wb['error_301'] = '当前用户无权访问该模块。';
+$wb['error_302'] = '无效的模块。';
+$wb['error_1001'] = '用户名和密码不能为空！';
+$wb['error_1002'] = '用户名和/或密码不正确！';
+$wb['error_1003'] = '用户名已被停用！';
+$wb['delete_confirmation'] = '你确定要删除这条记录吗？';
+$wb['error_no_view_permission'] = '你没有查看此记录的权限或此记录不存在！';
+$wb['error_no_delete_permission'] = '你没有删除此记录的权限！';
+$wb['page_txt'] = '页';
+$wb['page_of_txt'] = '/';
+$wb['page_and_txt'] = '和';
+$wb['page_next_txt'] = '下一页';
+$wb['page_back_txt'] = '上一页';
+$wb['delete_txt'] = '删除';
+$wb['filter_txt'] = '筛选';
+$wb['add_new_record_txt'] = '添加新记录';
+$wb['btn_save_txt'] = '保存';
+$wb['btn_cancel_txt'] = '取消';
+$wb['top_menu_system'] = '系统';
+$wb['top_menu_client'] = '客户';
+$wb['top_menu_email'] = '邮件';
+$wb['top_menu_monitor'] = '监控';
+$wb['top_menu_sites'] = '站点';
+$wb['top_menu_dns'] = 'DNS';
+$wb['top_menu_tools'] = '工具';
+$wb['top_menu_help'] = '帮助';
+$wb['top_menu_billing'] = '结算';
+$wb['top_menu_mailuser'] = '邮件用户';
+$wb['top_menu_domain'] = '域名';
+$wb['top_menu_dashboard'] = '主页';
+$wb['top_menu_vm'] = '虚拟服务器';
+$wb['toolsarea_head_txt'] = '工具';
+$wb['latest_news_txt'] = '最新新闻';
+$wb['logout_txt'] = '注销';
+$wb['daynamesmin_su'] = '周日';
+$wb['daynamesmin_mo'] = '周一';
+$wb['daynamesmin_tu'] = '周二';
+$wb['daynamesmin_we'] = '周三';
+$wb['daynamesmin_th'] = '周四';
+$wb['daynamesmin_fr'] = '周五';
+$wb['daynamesmin_sa'] = '周六';
+$wb['daynames_sunday'] = '星期日';
+$wb['daynames_monday'] = '星期一';
+$wb['daynames_tuesday'] = '星期二';
+$wb['daynames_wednesday'] = '星期三';
+$wb['daynames_thursday'] = '星期四';
+$wb['daynames_friday'] = '星期五';
+$wb['daynames_saturday'] = '星期六';
+$wb['monthnamesshort_jan'] = '1月';
+$wb['monthnamesshort_feb'] = '2月';
+$wb['monthnamesshort_mar'] = '3月';
+$wb['monthnamesshort_apr'] = '4月';
+$wb['monthnamesshort_may'] = '5月';
+$wb['monthnamesshort_jun'] = '6月';
+$wb['monthnamesshort_jul'] = '7月';
+$wb['monthnamesshort_aug'] = '8月';
+$wb['monthnamesshort_sep'] = '9月';
+$wb['monthnamesshort_oct'] = '10月';
+$wb['monthnamesshort_nov'] = '11月';
+$wb['monthnamesshort_dec'] = '12月';
+$wb['datepicker_nextText'] = '下一个';
+$wb['datepicker_prevText'] = '上一个';
+$wb['submit_confirmation'] = '您确定要执行此操作吗？';
+$wb['globalsearch_resultslimit_of_txt'] = '的';
+$wb['globalsearch_resultslimit_results_txt'] = '结果';
+$wb['globalsearch_noresults_text_txt'] = '没有结果。';
+$wb['globalsearch_noresults_limit_txt'] = '0 结果';
+$wb['globalsearch_searchfield_watermark_txt'] = '搜索';
+$wb['globalsearch_suggestions_text_txt'] = '建议';
+$wb['global_tabchange_warning_txt'] = '如果您按下“确定”按钮，此选项卡中的更改将被更改。如果取消，它们将被丢弃。';
+$wb['global_tabchange_discard_txt'] = '此选项卡中有未保存的更改。如果您继续，更改将被丢弃。';
+
+$wb['datalog_changes_txt'] = '以下更改尚未应用到所有服务器：';
+$wb['datalog_changes_end_txt'] = '存储更新可能需要一分钟时间。请耐心等待。';
+$wb['datalog_status_i_web_database'] = '创建新数据库';
+$wb['datalog_status_u_web_database'] = '更新数据库';
+$wb['datalog_status_d_web_database'] = '删除数据库';
+$wb['datalog_status_i_web_database_user'] = '为数据库创建用户';
+$wb['datalog_status_u_web_database_user'] = '更新数据库用户';
+$wb['datalog_status_d_web_database_user'] = '删除数据库用户';
+$wb['datalog_status_i_web_domain'] = '创建新网站';
+$wb['datalog_status_u_web_domain'] = '更新网站设置';
+$wb['datalog_status_d_web_domain'] = '删除网站';
+$wb['datalog_status_i_ftp_user'] = '创建FTP用户';
+$wb['datalog_status_u_ftp_user'] = '更新FTP用户';
+$wb['datalog_status_d_ftp_user'] = '删除FTP用户';
+$wb['datalog_status_i_mail_domain'] = '创建电子邮件域';
+$wb['datalog_status_u_mail_domain'] = '更新电子邮件域';
+$wb['datalog_status_d_mail_domain'] = '删除电子邮件域';
+$wb['datalog_status_i_mail_user'] = '创建电子邮件用户';
+$wb['datalog_status_u_mail_user'] = '更新电子邮件用户';
+$wb['datalog_status_d_mail_user'] = '删除电子邮件用户';
+$wb['datalog_status_i_spamfilter_users'] = '创建垃圾邮件过滤器设置';
+$wb['datalog_status_u_spamfilter_users'] = '更新垃圾邮件过滤器设置';
+$wb['datalog_status_d_spamfilter_users'] = '删除垃圾邮件过滤器设置';
+$wb['datalog_status_i_mail_forwarding'] = '创建电子邮件地址';
+$wb['datalog_status_u_mail_forwarding'] = '更新电子邮件地址';
+$wb['datalog_status_d_mail_forwarding'] = '删除电子邮件地址';
+$wb['datalog_status_i_dns_rr'] = '创建DNS记录';
+$wb['datalog_status_u_dns_rr'] = '更新DNS记录';
+$wb['datalog_status_d_dns_rr'] = '删除DNS记录';
+$wb['datalog_status_i_dns_soa'] = '创建DNS区域';
+$wb['datalog_status_u_dns_soa'] = '更新DNS区域';
+$wb['datalog_status_d_dns_soa'] = '删除DNS区域';
+$wb['datalog_status_i_dns_slave'] = '创建新的DNS从区域';
+$wb['datalog_status_u_dns_slave'] = '更新DNS从区域';
+$wb['datalog_status_d_dns_slave'] = '删除DNS从区域';
+$wb['datalog_status_i_firewall'] = '创建新的防火墙规则';
+$wb['datalog_status_u_firewall'] = '更新防火墙规则';
+$wb['datalog_status_d_firewall'] = '删除防火墙规则';
+$wb['datalog_status_u_server'] = '更新服务器设置';
+$wb['datalog_status_d_server'] = '删除服务器';
+$wb['datalog_status_i_cron'] = '创建cron作业';
+$wb['datalog_status_u_cron'] = '更新cron作业';
+$wb['datalog_status_i_server_ip'] = '添加服务器IP';
+$wb['datalog_status_u_server_ip'] = '更新服务器IP';
+$wb['datalog_status_d_server_ip'] = '删除服务器IP';
+$wb['datalog_status_d_cron'] = '删除cron作业';
+$wb['datalog_status_i_mail_get'] = '创建邮件获取器账户';
+$wb['datalog_status_u_mail_get'] = '更新邮件获取器账户';
+$wb['datalog_status_d_mail_get'] = '删除邮件获取器账户';
+$wb['datalog_status_i_mail_mailinglist'] = '创建邮件列表';
+$wb['datalog_status_u_mail_mailinglist'] = '更新邮件列表';
+$wb['datalog_status_d_mail_mailinglist'] = '删除邮件列表';
+$wb['datalog_status_i_shell_user'] = '创建 Shell 用户';
+$wb['datalog_status_u_shell_user'] = '更新 Shell 用户';
+$wb['datalog_status_d_shell_user'] = '删除 Shell 用户';
+$wb['datalog_status_i_web_folder'] = '创建文件夹保护';
+$wb['datalog_status_u_web_folder'] = '更新文件夹保护';
+$wb['datalog_status_d_web_folder'] = '删除文件夹保护';
+$wb['datalog_status_i_web_folder_user'] = '创建文件夹保护用户';
+$wb['datalog_status_u_web_folder_user'] = '更新文件夹保护用户';
+$wb['datalog_status_d_web_folder_user'] = '删除文件夹保护用户';
+$wb['datalog_status_i_xmpp_domain'] = '创建 XMPP 域名';
+$wb['datalog_status_u_xmpp_domain'] = '更新 XMPP 域名';
+$wb['datalog_status_d_xmpp_domain'] = '删除 XMPP 域名';
+$wb['datalog_status_i_xmpp_user'] = '创建 XMPP 用户';
+$wb['datalog_status_u_xmpp_user'] = '更新 XMPP 用户';
+$wb['datalog_status_d_xmpp_user'] = '删除 XMPP 用户';
+$wb['err_csrf_attempt_blocked'] = 'CSRF 尝试已被阻止。';
+$wb['login_as_txt'] = '以...身份登录';
+$wb['no_domain_perm'] = '您没有此域的权限。';
+$wb['no_destination_perm'] = '您没有此目标的权限。';
+$wb['client_you_are_locked'] = '您无权更改任何设置。';
+$wb['gender_m_txt'] = '先生';
+$wb['gender_f_txt'] = '女士';
+$wb['client_cannot_be_deleted_because_of_billing_module_txt'] = '此客户在计费模块中有记录，因此无法删除。';
+$wb['yes_txt'] = '是';
+$wb['no_txt'] = '否';
+$wb['None'] = '无';
+$wb['strength_1'] = '弱';
+$wb['strength_2'] = '一般';
+$wb['strength_3'] = '好';
+$wb['strength_4'] = '强';
+$wb['strength_5'] = '非常强';
+$wb['weak_password_txt'] = '所选密码不符合安全指南。它的长度必须至少为 {chars} 个字符，并具有“{strength}”的强度。';
+$wb['weak_password_length_txt'] = '所选密码不符合安全指南。它的长度必须至少为 {chars} 个字符。';
+$wb['security_check1_txt'] = '检查安全权限：';
+$wb['security_check2_txt'] = '失败。';
+$wb['select_directive_snippet_txt'] = '指令片段';
+$wb['select_master_directive_snippet_txt'] = '主指令片段';
+$wb['unlimited_txt'] = '无限制';
+$wb['server_id_0_error_txt'] = '请选择一个有效的服务器。服务器ID必须大于0。';
+$wb['datalog_changes_close_txt'] = '关闭';
+$wb['non_admin_error'] = '需要管理员级别的权限';
+$wb['copy_to_clipboard_txt'] = '复制到剪贴板';
+?>
--- a/interface/web/admin/lib/lang/cn.lng
+++ b/interface/web/admin/lib/lang/cn.lng
+<?php
+
+$wb['Groups'] = '用户组';
+$wb['groups_description'] = '编辑系统用户组的表单。';
+
+$wb['Servers'] = '服务器';
+$wb['Config'] = '配置';
+
+$wb['Add user'] = '添加用户';
+$wb['Edit user'] = '编辑用户';
+$wb['Add group'] = '添加组';
+$wb['Edit group'] = '编辑组';
+$wb['Edit server'] = '编辑服务器';
+
+$wb['Sync. Now'] = '立即同步';
+$wb['DB Sync.'] = '数据库同步。';
+
+$wb['User Management'] = '用户管理';
+$wb['CP Users'] = '控制面板用户';
+$wb['Remote Users'] = '远程用户';
+
+$wb['System'] = '系统';
+$wb['Server Services'] = '服务器服务';
+$wb['Services'] = '服务';
+$wb['Server Config'] = '服务器配置';
+$wb['Server'] = '服务器';
+$wb['Mail'] = '邮件';
+$wb['Getmail'] = 'Getmail';
+$wb['Web'] = 'Web';
+$wb['FastCGI'] = 'FastCGI';
+$wb['Jailkit'] = 'Jailkit';
+$wb['Rescue'] = '救援';
+$wb['Server IP addresses'] = '服务器IP地址';
+$wb['Additional PHP Versions'] = '额外的PHP版本';
+$wb['Directive Snippets'] = '指令片段';
+$wb['Firewall'] = '防火墙';
+
+$wb['Interface'] = '界面';
+$wb['Interface Config'] = '主配置';
+$wb['Sites'] = '网站';
+$wb['DNS'] = 'DNS';
+$wb['Domains'] = '域名';
+$wb['Misc'] = '杂项';
+
+$wb['Software'] = '应用与插件';
+$wb['Repositories'] = '软件源';
+$wb['Packages'] = '软件包';
+$wb['Updates'] = '更新';
+
+$wb['Language Editor'] = '语言编辑器';
+$wb['Languages'] = '语言';
+$wb['New Language'] = '新语言';
+$wb['Merge'] = '合并';
+$wb['Export'] = '导出';
+$wb['Import'] = '导入';
+
+$wb['Remote Actions'] = '远程操作';
+$wb['Do OS-Update'] = '执行操作系统更新';
+$wb['Do ISPConfig-Update'] = '执行ISPConfig更新';
+?>
--- a/interface/web/admin/lib/lang/cn_directive_snippets.lng
+++ b/interface/web/admin/lib/lang/cn_directive_snippets.lng
+<?php
+$wb['Directive Snippets'] = '指令片段';
+$wb['name_txt'] = '片段名称';
+$wb['type_txt'] = '类型';
+$wb['snippet_txt'] = '指令片段';
+$wb['active_txt'] = '激活';
+$wb['directive_snippets_name_empty'] = '请为指令片段指定一个名称。';
+$wb['directive_snippets_name_error_unique'] = '已经存在一个同名的指令片段。';
+$wb['variables_txt'] = '变量';
+$wb['customer_viewable_txt'] = '客户可见';
+$wb['required_php_snippets_txt'] = '所需 PHP 片段';
+$wb['update_sites_txt'] = '使用此指令片段更新网站';
+$wb['error_hide_snippet_active_sites'] = '无法从客户端隐藏此指令片段，因为它当前正在被现有网站使用。';
+$wb['error_disable_snippet_active_sites'] = '由于当前有网站正在使用此指令片段，因此无法禁用它。';
+$wb['error_delete_snippet_active_sites'] = '由于当前有网站正在使用此指令片段，因此无法删除它。';
--- a/interface/web/admin/lib/lang/cn_directive_snippets_list.lng
+++ b/interface/web/admin/lib/lang/cn_directive_snippets_list.lng
+<?php
+$wb['list_head_txt'] = '指令片段';
+$wb['active_txt'] = '激活';
+$wb['name_txt'] = '片段名称';
+$wb['type_txt'] = '类型';
+$wb['add_new_record_txt'] = '添加指令片段';
+$wb['customer_viewable_txt'] = '客户可见';
+?>
--- a/interface/web/admin/lib/lang/cn_firewall.lng
+++ b/interface/web/admin/lib/lang/cn_firewall.lng
+<?php
+$wb['server_id_txt'] = '服务器';
+$wb['tcp_port_txt'] = '开放 TCP 端口';
+$wb['udp_port_txt'] = '开放 UDP 端口';
+$wb['tcp_port_help_txt'] = '用逗号分隔';
+$wb['udp_port_help_txt'] = '用逗号分隔';
+$wb['active_txt'] = '激活';
+$wb['firewall_error_unique'] = '该服务器已存在防火墙记录。';
+$wb['tcp_ports_error_regex'] = 'TCP 端口定义中不允许出现该字符。允许的字符有数字、冒号（:）和逗号。';
+$wb['udp_ports_error_regex'] = 'UDP 端口定义中不允许出现该字符。允许的字符有数字、冒号（:）和逗号。';
+?>
--- a/interface/web/admin/lib/lang/cn_firewall_list.lng
+++ b/interface/web/admin/lib/lang/cn_firewall_list.lng
+<?php
+$wb['list_head_txt'] = '防火墙';
+$wb['active_txt'] = '启用';
+$wb['server_id_txt'] = '服务器';
+$wb['tcp_port_txt'] = '开放TCP端口';
+$wb['udp_port_txt'] = '开放UDP端口';
+$wb['add_new_record_txt'] = '添加防火墙记录';
+?>
--- a/interface/web/admin/lib/lang/cn_groups.lng
+++ b/interface/web/admin/lib/lang/cn_groups.lng
+<?php
+$wb['description_txt'] = '描述';
+$wb['name_txt'] = '组名';
+$wb['name_err'] = '组名必须是1到30个字符。';
+?>
--- a/interface/web/admin/lib/lang/cn_groups_list.lng
+++ b/interface/web/admin/lib/lang/cn_groups_list.lng
+<?php
+$wb['list_head_txt'] = '系统用户组';
+$wb['description_txt'] = '描述';
+$wb['name_txt'] = '用户组';
+$wb['add_new_record_txt'] = '添加新用户组';
+$wb['warning_txt'] = '<b>警告：</b>请勿在此处编辑或修改任何用户设置。请改用客户端模块中的客户端和经销商设置。在此处修改用户或组可能会导致数据丢失！';
+?>
--- a/interface/web/admin/lib/lang/cn_iptables.lng
+++ b/interface/web/admin/lib/lang/cn_iptables.lng
+<?php
+
+$wb['server_id_txt'] = '服务器';
+$wb['multiport_txt'] = '多端口';
+$wb['singleport_txt'] = '单端口';
+$wb['protocol_txt'] = '协议';
+$wb['table_txt'] = '表';
+$wb['target_txt'] = '目标';
+$wb['state_txt'] = '状态';
+$wb['destination_ip_txt'] = '目标地址';
+$wb['source_ip_txt'] = '源地址';
+$wb['active_txt'] = '激活';
+$wb['iptables_error_unique'] = '此服务器已存在防火墙记录。';
+
+?>
--- a/interface/web/admin/lib/lang/cn_iptables_list.lng
+++ b/interface/web/admin/lib/lang/cn_iptables_list.lng
+<?php
+
+$wb['list_head_txt'] = 'IPTables';
+$wb['add_new_rule_txt'] = '添加IPTables规则';
+$wb['server_id_txt'] = '服务器';
+$wb['multiport_txt'] = '多端口';
+$wb['singleport_txt'] = '单端口';
+$wb['protocol_txt'] = '协议';
+$wb['table_txt'] = '表格';
+$wb['target_txt'] = '目标';
+$wb['state_txt'] = '状态';
+$wb['destination_ip_txt'] = '目标地址';
+$wb['source_ip_txt'] = '源地址';
+$wb['active_txt'] = '激活';
+$wb['iptables_error_unique'] = '该服务器已存在防火墙规则。';
+
+?>
--- a/interface/web/admin/lib/lang/cn_language_add.lng
+++ b/interface/web/admin/lib/lang/cn_language_add.lng
+<?php
+$wb['list_head_txt'] = '添加新语言';
+$wb['language_select_txt'] = '选择语言基础';
+$wb['language_new_txt'] = '新语言';
+$wb['language_new_hint_txt'] = '2 个字符的 ISO 639-1 语言代码（参见 https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes）';
+$wb['btn_save_txt'] = '创建新语言文件集';
+$wb['btn_cancel_txt'] = '返回';
+?>