diff --git a/install/dist/lib/fedora.lib.php b/install/dist/lib/fedora.lib.php
index 70bed24d10ae482f7e2c853f081e10cb24eec824..c4beb0dffa6757e0179cb5fa4ed3ede79bf2aaab 100644
--- a/install/dist/lib/fedora.lib.php
+++ b/install/dist/lib/fedora.lib.php
@@ -1076,6 +1076,8 @@ class installer_dist extends installer_base {
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
$command = 'chown root:ispconfig '.$install_dir.'/security/apache_directives.blacklist';
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+ $command = 'chown root:ispconfig '.$install_dir.'/security/nginx_directives.blacklist';
+ caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
//* Make the global language file directory group writable
exec("chmod -R 770 $install_dir/interface/lib/lang");
@@ -1149,6 +1151,11 @@ class installer_dist extends installer_base {
$command = "chmod +x $install_dir/server/scripts/*.sh";
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+ if ($this->install_ispconfig_interface == true && isset($conf['interface_password']) && $conf['interface_password']!='admin') {
+ $sql = "UPDATE sys_user SET passwort = md5(?) WHERE username = 'admin';";
+ $this->db->query($sql, $conf['interface_password']);
+ }
+
if($conf['apache']['installed'] == true && $this->install_ispconfig_interface == true){
//* Copy the ISPConfig vhost for the controlpanel
// TODO: These are missing! should they be "vhost_dist_*_dir" ?
diff --git a/install/dist/lib/gentoo.lib.php b/install/dist/lib/gentoo.lib.php
index 46bd662535dbdec8a00c940c747001531c4e1f3d..d3a718244ca726a4aa22dd1611ce7fac6ba30993 100644
--- a/install/dist/lib/gentoo.lib.php
+++ b/install/dist/lib/gentoo.lib.php
@@ -996,7 +996,9 @@ class installer extends installer_base
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
$command = 'chown root:ispconfig '.$install_dir.'/security/apache_directives.blacklist';
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
-
+ $command = 'chown root:ispconfig '.$install_dir.'/security/nginx_directives.blacklist';
+ caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+
//* Make the global language file directory group writable
exec("chmod -R 770 $install_dir/interface/lib/lang");
@@ -1076,6 +1078,11 @@ class installer extends installer_base
$command = "chmod +x $install_dir/server/scripts/*.sh";
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+ if ($this->install_ispconfig_interface == true && isset($conf['interface_password']) && $conf['interface_password']!='admin') {
+ $sql = "UPDATE sys_user SET passwort = md5(?) WHERE username = 'admin';";
+ $this->db->query($sql, $conf['interface_password']);
+ }
+
if($conf['apache']['installed'] == true && $this->install_ispconfig_interface == true){
//* Copy the ISPConfig vhost for the controlpanel
$content = $this->get_template_file("apache_ispconfig.vhost", true);
diff --git a/install/dist/lib/opensuse.lib.php b/install/dist/lib/opensuse.lib.php
index 598f98ec431ab1defc4f9dff524e3ff99cd3a9c5..7df8d1abaeb49156ffa1c211a84ce9ae83898939 100644
--- a/install/dist/lib/opensuse.lib.php
+++ b/install/dist/lib/opensuse.lib.php
@@ -1094,7 +1094,9 @@ class installer_dist extends installer_base {
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
$command = 'chown root:ispconfig '.$install_dir.'/security/apache_directives.blacklist';
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
-
+ $command = 'chown root:ispconfig '.$install_dir.'/security/nginx_directives.blacklist';
+ caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+
//* Make the global language file directory group writable
exec("chmod -R 770 $install_dir/interface/lib/lang");
@@ -1170,6 +1172,11 @@ class installer_dist extends installer_base {
$command = "chmod +x $install_dir/server/scripts/*.sh";
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+ if ($this->install_ispconfig_interface == true && isset($conf['interface_password']) && $conf['interface_password']!='admin') {
+ $sql = "UPDATE sys_user SET passwort = md5(?) WHERE username = 'admin';";
+ $this->db->query($sql, $conf['interface_password']);
+ }
+
if($conf['apache']['installed'] == true && $this->install_ispconfig_interface == true){
//* Copy the ISPConfig vhost for the controlpanel
// TODO: These are missing! should they be "vhost_dist_*_dir" ?
diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
index a504b3b255b85998ed90180269e09716241b0f0b..fbef274d0bb68b54f56905a57b85fe9f9d56739b 100644
--- a/install/lib/installer_base.lib.php
+++ b/install/lib/installer_base.lib.php
@@ -2499,7 +2499,9 @@ class installer_base {
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
$command = 'chown root:ispconfig '.$install_dir.'/security/apache_directives.blacklist';
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
-
+ $command = 'chown root:ispconfig '.$install_dir.'/security/nginx_directives.blacklist';
+ caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+
//* Make the global language file directory group writable
exec("chmod -R 770 $install_dir/interface/lib/lang");
diff --git a/interface/lib/app.inc.php b/interface/lib/app.inc.php
index 48349aec0f81a0639f82e394857dedf169118fbf..b107ca3624e3f6548bb0b70f37e7da7397e0f282 100755
--- a/interface/lib/app.inc.php
+++ b/interface/lib/app.inc.php
@@ -299,14 +299,14 @@ class app {
$this->tpl->setVar('phpsessid', session_id());
- $this->tpl->setVar('theme', $_SESSION['s']['theme']);
+ $this->tpl->setVar('theme', $_SESSION['s']['theme'], true);
$this->tpl->setVar('html_content_encoding', $this->_conf['html_content_encoding']);
$this->tpl->setVar('delete_confirmation', $this->lng('delete_confirmation'));
//print_r($_SESSION);
if(isset($_SESSION['s']['module']['name'])) {
- $this->tpl->setVar('app_module', $_SESSION['s']['module']['name']);
- $this->tpl->setVar('session_module', $_SESSION['s']['module']['name']);
+ $this->tpl->setVar('app_module', $_SESSION['s']['module']['name'], true);
+ $this->tpl->setVar('session_module', $_SESSION['s']['module']['name'], true);
}
if(isset($_SESSION['s']['user']) && $_SESSION['s']['user']['typ'] == 'admin') {
$this->tpl->setVar('is_admin', 1);
@@ -316,7 +316,7 @@ class app {
}
/* Show username */
if(isset($_SESSION['s']['user'])) {
- $this->tpl->setVar('cpuser', $_SESSION['s']['user']['username']);
+ $this->tpl->setVar('cpuser', $_SESSION['s']['user']['username'], true);
$this->tpl->setVar('logout_txt', $this->lng('logout_txt'));
/* Show search field only for normal users, not mail users */
if(stristr($_SESSION['s']['user']['username'], '@')){
@@ -343,7 +343,7 @@ $app = new app();
// load and enable PHP Intrusion Detection System (PHPIDS)
$ids_security_config = $app->getconf->get_security_config('ids');
-if(is_dir(ISPC_CLASS_PATH.'/IDS') && $ids_security_config['ids_enabled'] == 'yes') {
+if(is_dir(ISPC_CLASS_PATH.'/IDS') && !defined('REMOTE_API_CALL') && ($ids_security_config['ids_anon_enabled'] == 'yes' || $ids_security_config['ids_user_enabled'] == 'yes' || $ids_security_config['ids_admin_enabled'] == 'yes')) {
$app->uses('ids');
$app->ids->start();
}
diff --git a/interface/lib/classes/db_mysql.inc.php b/interface/lib/classes/db_mysql.inc.php
index 7433104607d19a8085c67cf900ba837ba1298f25..e3bf695dfcd8cc5b339131ed00f7ea6e5f7341fd 100644
--- a/interface/lib/classes/db_mysql.inc.php
+++ b/interface/lib/classes/db_mysql.inc.php
@@ -470,7 +470,7 @@ class db {
public function escape($sString) {
global $app;
if(!is_string($sString) && !is_numeric($sString)) {
- $app->log('NON-String given in escape function! (' . gettype($sString) . ')', LOGLEVEL_INFO);
+ $app->log('NON-String given in escape function! (' . gettype($sString) . ')', LOGLEVEL_DEBUG);
//$sAddMsg = getDebugBacktrace();
$app->log($sAddMsg, LOGLEVEL_DEBUG);
$sString = '';
@@ -479,7 +479,7 @@ class db {
$cur_encoding = mb_detect_encoding($sString);
if($cur_encoding != "UTF-8") {
if($cur_encoding != 'ASCII') {
- if(is_object($app) && method_exists($app, 'log')) $app->log('String ' . substr($sString, 0, 25) . '... is ' . $cur_encoding . '.', LOGLEVEL_INFO);
+ if(is_object($app) && method_exists($app, 'log')) $app->log('String ' . substr($sString, 0, 25) . '... is ' . $cur_encoding . '.', LOGLEVEL_DEBUG);
if($cur_encoding) $sString = mb_convert_encoding($sString, 'UTF-8', $cur_encoding);
else $sString = mb_convert_encoding($sString, 'UTF-8');
}
diff --git a/interface/lib/classes/ids.inc.php b/interface/lib/classes/ids.inc.php
index ac5cb1912897f0eb0355715c24985092bc4d386a..abdf32b30251543045b0302158378748eba17d8b 100644
--- a/interface/lib/classes/ids.inc.php
+++ b/interface/lib/classes/ids.inc.php
@@ -118,7 +118,25 @@ class ids {
$impact = $ids_result->getImpact();
- if($impact >= $security_config['ids_log_level']) {
+ // Choose level from security config
+ if($app->auth->is_admin()) {
+ // User is admin
+ $ids_log_level = $security_config['ids_admin_log_level'];
+ $ids_warn_level = $security_config['ids_admin_warn_level'];
+ $ids_block_level = $security_config['ids_admin_block_level'];
+ } elseif(is_array($_SESSION['s']['user']) && $_SESSION['s']['user']['userid'] > 0) {
+ // User is Client or Reseller
+ $ids_log_level = $security_config['ids_user_log_level'];
+ $ids_warn_level = $security_config['ids_user_warn_level'];
+ $ids_block_level = $security_config['ids_user_block_level'];
+ } else {
+ // Not logged in
+ $ids_log_level = $security_config['ids_anon_log_level'];
+ $ids_warn_level = $security_config['ids_anon_warn_level'];
+ $ids_block_level = $security_config['ids_anon_block_level'];
+ }
+
+ if($impact >= $ids_log_level) {
$ids_log = ISPC_ROOT_PATH.'/temp/ids.log';
if(!is_file($ids_log)) touch($ids_log);
@@ -132,11 +150,11 @@ class ids {
}
- if($impact >= $security_config['ids_warn_level']) {
+ if($impact >= $ids_warn_level) {
$app->log("PHP IDS Alert.".$ids_result, 2);
}
- if($impact >= $security_config['ids_block_level']) {
+ if($impact >= $ids_block_level) {
$app->error("Possible attack detected. This action has been logged.",'', true, 2);
}
diff --git a/interface/lib/classes/plugin_listview.inc.php b/interface/lib/classes/plugin_listview.inc.php
index bc764caefe0dbb144b53d6c87826bad5edb0a637..c9d8340e02e290de97bedba9a4edb530aca6a7b4 100644
--- a/interface/lib/classes/plugin_listview.inc.php
+++ b/interface/lib/classes/plugin_listview.inc.php
@@ -56,7 +56,7 @@ class plugin_listview extends plugin_base {
// $app->listform->listDef["page_params"] = "&id=".$app->tform_actions->id."&next_tab=".$_SESSION["s"]["form"]["tab"];
$app->listform->listDef["page_params"] = "&id=".$this->form->id."&next_tab=".$_SESSION["s"]["form"]["tab"];
$listTpl->setVar('parent_id', $this->form->id);
- $listTpl->setVar('theme', $_SESSION['s']['theme']);
+ $listTpl->setVar('theme', $_SESSION['s']['theme'], true);
// Generate the SQL for searching
$sql_where = "";
@@ -193,13 +193,13 @@ class plugin_listview extends plugin_base {
$listTpl->setVar('phpsessid', session_id());
- $listTpl->setVar('theme', $_SESSION['s']['theme']);
+ $listTpl->setVar('theme', $_SESSION['s']['theme'], true);
$listTpl->setVar('html_content_encoding', $app->_conf['html_content_encoding']);
$listTpl->setVar('delete_confirmation', $app->lng('delete_confirmation'));
//print_r($_SESSION);
if(isset($_SESSION['s']['module']['name'])) {
- $listTpl->setVar('app_module', $_SESSION['s']['module']['name']);
+ $listTpl->setVar('app_module', $_SESSION['s']['module']['name'], true);
}
if(isset($_SESSION['s']['user']) && $_SESSION['s']['user']['typ'] == 'admin') {
$listTpl->setVar('is_admin', 1);
@@ -209,7 +209,7 @@ class plugin_listview extends plugin_base {
}
/* Show username */
if(isset($_SESSION['s']['user'])) {
- $listTpl->setVar('cpuser', $_SESSION['s']['user']['username']);
+ $listTpl->setVar('cpuser', $_SESSION['s']['user']['username'], true);
$listTpl->setVar('logout_txt', $app->lng('logout_txt'));
/* Show search field only for normal users, not mail users */
if(stristr($_SESSION['s']['user']['username'], '@')){
diff --git a/interface/lib/classes/tform.inc.php b/interface/lib/classes/tform.inc.php
index 503bd24eb83db64554010944519b9c79898b6bb1..b28e50322454c93df811dc94a70549d0a23931a2 100644
--- a/interface/lib/classes/tform.inc.php
+++ b/interface/lib/classes/tform.inc.php
@@ -115,11 +115,18 @@ class tform extends tform_base {
// Show the same tab again in case of an error
$active_tab = $_SESSION["s"]["form"]["tab"];
}
+
+ if(!preg_match('/^[a-zA-Z0-9_]{0,50}$/',$active_tab)) {
+ die('Invalid next tab name.');
+ }
return $active_tab;
}
function getCurrentTab() {
+ if(!preg_match('/^[a-zA-Z0-9_]{0,50}$/',$_SESSION["s"]["form"]["tab"])) {
+ die('Invalid current tab name.');
+ }
return $_SESSION["s"]["form"]["tab"];
}
diff --git a/interface/lib/classes/tform_actions.inc.php b/interface/lib/classes/tform_actions.inc.php
index e0ff25145575407e09e062b40f57e462e99c5c2d..f277c51274f3e8e4f9c5f03814f07367c7a8fcf2 100644
--- a/interface/lib/classes/tform_actions.inc.php
+++ b/interface/lib/classes/tform_actions.inc.php
@@ -287,7 +287,7 @@ class tform_actions {
global $app, $conf;
$app->tpl->setVar("error", "
".$app->tform->errorMessage."");
- $app->tpl->setVar($this->dataRecord);
+ $app->tpl->setVar($this->dataRecord, null, true);
$this->onShow();
}
diff --git a/interface/lib/classes/tform_base.inc.php b/interface/lib/classes/tform_base.inc.php
index a0e196571cb29883654eff680d0e454699dd84ae..12583e210dbf951a0b659f99ac68293e9d29b623 100644
--- a/interface/lib/classes/tform_base.inc.php
+++ b/interface/lib/classes/tform_base.inc.php
@@ -245,7 +245,7 @@ class tform_base {
*/
function decode($record, $tab) {
global $conf, $app;
- if(!is_array($this->formDef['tabs'][$tab])) $app->error("Tab does not exist or the tab is empty (TAB: $tab).");
+ if(!is_array($this->formDef['tabs'][$tab])) $app->error("Tab does not exist or the tab is empty (TAB: ".$app->functions->htmlentities($tab).").");
return $this->_decode($record, $tab, false);
}
@@ -416,7 +416,7 @@ class tform_base {
$this->action = $action;
if(!is_array($this->formDef)) $app->error("No form definition found.");
- if(!is_array($this->formDef['tabs'][$tab])) $app->error("The tab is empty or does not exist (TAB: $tab).");
+ if(!is_array($this->formDef['tabs'][$tab])) $app->error("The tab is empty or does not exist (TAB: ".$app->functions->htmlentities($tab).").");
/* CSRF PROTECTION */
// generate csrf protection id and key
@@ -868,7 +868,7 @@ class tform_base {
function encode($record, $tab, $dbencode = true) {
global $app;
- if(!is_array($this->formDef['tabs'][$tab])) $app->error("Tab is empty or does not exist (TAB: $tab).");
+ if(!is_array($this->formDef['tabs'][$tab])) $app->error("Tab is empty or does not exist (TAB: ".$app->functions->htmlentities($tab).").");
return $this->_encode($record, $tab, $dbencode, false);
}
@@ -1446,7 +1446,7 @@ class tform_base {
}
if(!is_array($this->formDef)) $app->error("Form definition not found.");
- if(!is_array($this->formDef['tabs'][$tab])) $app->error("The tab is empty or does not exist (TAB: $tab).");
+ if(!is_array($this->formDef['tabs'][$tab])) $app->error("The tab is empty or does not exist (TAB: ".$app->functions->htmlentities($tab).").");
return $this->_getSQL($record, $tab, $action, $primary_id, $sql_ext_where, false);
}
diff --git a/interface/lib/classes/tpl.inc.php b/interface/lib/classes/tpl.inc.php
index 2104cf61a5f50ea4dbd3e2bd52eb19c496158496..efaf4c072a8ceac226b9fb5d243fdadb4fa0d9f7 100644
--- a/interface/lib/classes/tpl.inc.php
+++ b/interface/lib/classes/tpl.inc.php
@@ -226,21 +226,26 @@ if (!defined('vlibTemplateClassLoaded')) {
* using the keys as variable names and the values as variable values.
* @param mixed $k key to define variable name
* @param mixed $v variable to assign to $k
+ * @param bool $encode if set to true use htmlentities on values
* @return boolean true/false
* @access public
*/
- public function setVar($k, $v = null)
+ public function setVar($k, $v = null, $encode = false)
{
+ global $app;
+
if (is_array($k)) {
foreach($k as $key => $value){
$key = ($this->OPTIONS['CASELESS']) ? strtolower(trim($key)) : trim($key);
if (preg_match('/^[A-Za-z_]+[A-Za-z0-9_]*$/', $key) && $value !== null ) {
+ if($encode == true) $value = $app->functions->htmlentities($value);
$this->_vars[$key] = $value;
}
}
} else {
if (preg_match('/^[A-Za-z_]+[A-Za-z0-9_]*$/', $k) && $v !== null) {
if ($this->OPTIONS['CASELESS']) $k = strtolower($k);
+ if($encode == true) $v = $app->functions->htmlentities($v);
$this->_vars[trim($k)] = $v;
} else {
return false;
diff --git a/interface/lib/classes/validate_cron.inc.php b/interface/lib/classes/validate_cron.inc.php
index e59cd4e30b6ac671c6694e33e63c766067c29f0c..9a2af803663f84f1b93734890b1da9edf2ee1cb2 100644
--- a/interface/lib/classes/validate_cron.inc.php
+++ b/interface/lib/classes/validate_cron.inc.php
@@ -52,7 +52,7 @@ class validate_cron {
if($parsed["scheme"] != "http" && $parsed["scheme"] != "https") return $this->get_error($validator['errmsg']);
- if(preg_match("'^([a-z0-9][a-z0-9\-]{0,62}\.)+([A-Za-z0-9\-]{2,30})$'i", $parsed["host"]) == false) return $this->get_error($validator['errmsg']);
+ if(preg_match("'^([a-z0-9][a-z0-9_\-]{0,62}\.)+([A-Za-z0-9\-]{2,30})$'i", $parsed["host"]) == false) return $this->get_error($validator['errmsg']);
}
if(strpos($field_value, "\n") !== false || strpos($field_value, "\r") !== false || strpos($field_value, chr(0)) !== false) {
return $this->get_error($validator['errmsg']);
diff --git a/interface/lib/classes/validate_domain.inc.php b/interface/lib/classes/validate_domain.inc.php
index b572467fe08fbdeeb434a3b9ae81241f932f0991..01293abd6dee259d722f64417c4bc311129bf935 100644
--- a/interface/lib/classes/validate_domain.inc.php
+++ b/interface/lib/classes/validate_domain.inc.php
@@ -51,6 +51,9 @@ class validate_domain {
$result = $this->_check_unique($field_value);
if(!$result) return $this->get_error('domain_error_unique');
+
+ $pattern = '/\.acme\.invalid$/';
+ if(preg_match($pattern, $field_value)) return $this->get_error('domain_error_acme_invalid');
}
/* Validator function for sub domain */
@@ -65,6 +68,9 @@ class validate_domain {
$result = $this->_check_unique($field_value);
if(!$result) return $this->get_error('domain_error_unique');
+
+ $pattern = '/\.acme\.invalid$/';
+ if(preg_match($pattern, $field_value)) return $this->get_error('domain_error_acme_invalid');
}
/* Validator function for alias domain */
@@ -77,6 +83,9 @@ class validate_domain {
$result = $this->_check_unique($field_value);
if(!$result) return $this->get_error('domain_error_unique');
+
+ $pattern = '/\.acme\.invalid$/';
+ if(preg_match($pattern, $field_value)) return $this->get_error('domain_error_acme_invalid');
}
/* Validator function for checking the auto subdomain of a web/aliasdomain */
@@ -141,6 +150,44 @@ class validate_domain {
}
}
+ /* Check nginx directives */
+ function web_nginx_directives($field_name, $field_value, $validator) {
+ global $app;
+
+ if(trim($field_value) != '') {
+ $security_config = $app->getconf->get_security_config('ids');
+
+ if($security_config['nginx_directives_scan_enabled'] == 'yes') {
+
+ // Get blacklist
+ $blacklist_path = '/usr/local/ispconfig/security/nginx_directives.blacklist';
+ if(is_file('/usr/local/ispconfig/security/nginx_directives.blacklist.custom')) $blacklist_path = '/usr/local/ispconfig/security/nginx_directives.blacklist.custom';
+ if(!is_file($blacklist_path)) $blacklist_path = realpath(ISPC_ROOT_PATH.'/../security/nginx_directives.blacklist');
+
+ $directives = explode("\n",$field_value);
+ $regex = explode("\n",file_get_contents($blacklist_path));
+ $blocked = false;
+ $blocked_line = '';
+
+ if(is_array($directives) && is_array($regex)) {
+ foreach($directives as $directive) {
+ $directive = trim($directive);
+ foreach($regex as $r) {
+ if(preg_match(trim($r),$directive)) {
+ $blocked = true;
+ $blocked_line .= $directive.'
';
+ };
+ }
+ }
+ }
+ }
+ }
+
+ if($blocked === true) {
+ return $this->get_error('nginx_directive_blocked_error').' '.$blocked_line;
+ }
+ }
+
/* internal validator function to match regexp */
function _regex_validate($domain_name, $allow_wildcard = false) {
diff --git a/interface/web/admin/directive_snippets_edit.php b/interface/web/admin/directive_snippets_edit.php
index de803581e07d373a23bfce05e490772d041788b4..b12da0a79bf28f000b0c11103db13482557608ad 100644
--- a/interface/web/admin/directive_snippets_edit.php
+++ b/interface/web/admin/directive_snippets_edit.php
@@ -70,9 +70,9 @@ class page_action extends tform_actions {
if($this->id > 0){
if($this->dataRecord['master_directive_snippets_id'] > 0){
$is_master = true;
- $app->tpl->setVar("name", $this->dataRecord['name']);
- $app->tpl->setVar("type", $this->dataRecord['type']);
- $app->tpl->setVar("snippet", $this->dataRecord['snippet']);
+ $app->tpl->setVar("name", $this->dataRecord['name'], true);
+ $app->tpl->setVar("type", $this->dataRecord['type'], true);
+ $app->tpl->setVar("snippet", $this->dataRecord['snippet'], true);
}
}
$app->tpl->setVar("is_master", $is_master);
diff --git a/interface/web/admin/firewall_edit.php b/interface/web/admin/firewall_edit.php
index 4ee72aa954c6baf3302154e359c03b7a70aef261..01cad2b815b1c09775bf0a95ac31b57e01dcefec 100644
--- a/interface/web/admin/firewall_edit.php
+++ b/interface/web/admin/firewall_edit.php
@@ -57,7 +57,7 @@ class page_action extends tform_actions {
if($this->id ==0) { //* new record
$server_list = $app->db->queryAllRecords("SELECT server_id, server_name FROM server WHERE server_id NOT IN (SELECT server_id FROM firewall) ORDER BY server_name");
if(is_array($server_list)) {
- foreach( $server_list as $server) $server_select .= "\r\n";
+ foreach( $server_list as $server) $server_select .= "\r\n";
}
$app->tpl->setVar('server_id', $server_select);
}
diff --git a/interface/web/admin/server_edit.php b/interface/web/admin/server_edit.php
index 5b446c0494adea6818d9292e830718c9efd435f6..b146d8f295d991ed6161f59349373a3800561aa0 100644
--- a/interface/web/admin/server_edit.php
+++ b/interface/web/admin/server_edit.php
@@ -61,7 +61,7 @@ class page_action extends tform_actions {
if(is_array($mirror_servers)) {
foreach( $mirror_servers as $mirror_server) {
$selected = ($mirror_server["server_id"] == $this->dataRecord['mirror_server_id'])?'SELECTED':'';
- $mirror_server_select .= "\r\n";
+ $mirror_server_select .= "\r\n";
}
}
$app->tpl->setVar("mirror_server_id", $mirror_server_select);
diff --git a/interface/web/admin/server_ip_map_edit.php b/interface/web/admin/server_ip_map_edit.php
index 4442287132f6f8c1c9b775b178c9b69dc1297d85..b5188673093184891d15b04dea9e82fed61f6d09 100644
--- a/interface/web/admin/server_ip_map_edit.php
+++ b/interface/web/admin/server_ip_map_edit.php
@@ -52,7 +52,7 @@ class page_action extends tform_actions {
if(is_array($servers)) {
foreach($servers as $server) {
$selected = ($server['server_id'] == $this->dataRecord['server_id'])?'SELECTED':'';
- $server_select .= "\r\n";
+ $server_select .= "\r\n";
}
}
unset($servers);
@@ -65,7 +65,7 @@ class page_action extends tform_actions {
if(is_array($ips)) {
foreach( $ips as $ip) {
$selected = ($ip['ip_address'] == $this->dataRecord['source_ip'])?'SELECTED':'';
- $ip_select .= "\r\n";
+ $ip_select .= "\r\n";
}
}
unset($ips);
diff --git a/interface/web/client/client_del.php b/interface/web/client/client_del.php
index 1540bfbfd7528d3f8bb8a5e91a9bc96aa140aa03..8bef6e9d634868439d7d57ff49f8ab78e4341e26 100644
--- a/interface/web/client/client_del.php
+++ b/interface/web/client/client_del.php
@@ -128,13 +128,12 @@ class page_action extends tform_actions {
$app->db->query("DELETE FROM sys_user WHERE client_id = ?", $client_id);
// Delete all records (sub-clients, mail, web, etc....) of this client.
- $tables = 'client,dns_rr,dns_soa,dns_slave,ftp_user,mail_access,mail_content_filter,mail_domain,mail_forwarding,mail_get,mail_user,mail_user_filter,shell_user,spamfilter_users,support_message,web_database,web_database_user,web_domain,web_folder,web_folder_user,domain,mail_mailinglist';
+ $tables = 'client,dns_rr,dns_soa,dns_slave,ftp_user,mail_access,mail_content_filter,mail_domain,mail_forwarding,mail_get,mail_user,mail_user_filter,shell_user,spamfilter_users,support_message,web_database,web_database_user,web_domain,web_folder,web_folder_user,domain,mail_mailinglist,spamfilter_wblist';
$tables_array = explode(',', $tables);
$client_group_id = $app->functions->intval($client_group['groupid']);
if($client_group_id > 1) {
foreach($tables_array as $table) {
if($table != '') {
- $records = $app->db->queryAllRecords("SELECT * FROM ?? WHERE sys_groupid = ?", $table, $client_group_id);
//* find the primary ID of the table
$table_info = $app->db->tableInfo($table);
$index_field = '';
@@ -143,6 +142,7 @@ class page_action extends tform_actions {
}
//* Delete the records
if($index_field != '') {
+ $records = $app->db->queryAllRecords("SELECT * FROM ?? WHERE sys_groupid = ? ORDER BY ?? DESC", $table, $client_group_id, $index_field);
if(is_array($records)) {
foreach($records as $rec) {
$app->db->datalogDelete($table, $index_field, $rec[$index_field]);
diff --git a/interface/web/client/client_message.php b/interface/web/client/client_message.php
index eb8bcdbae244e1e5a93958cd2a3f8cabf042ffb6..b4638bd2151ce076df7d96970166e163552d21ea 100644
--- a/interface/web/client/client_message.php
+++ b/interface/web/client/client_message.php
@@ -114,9 +114,9 @@ if(isset($_POST) && count($_POST) > 1) {
}
} else {
- $app->tpl->setVar('sender', $_POST['sender']);
- $app->tpl->setVar('subject', $_POST['subject']);
- $app->tpl->setVar('message', $_POST['message']);
+ $app->tpl->setVar('sender', $_POST['sender'], true);
+ $app->tpl->setVar('subject', $_POST['subject'], true);
+ $app->tpl->setVar('message', $_POST['message'], true);
}
} else {
// pre-fill Sender field with reseller's email address
diff --git a/interface/web/client/message_template_edit.php b/interface/web/client/message_template_edit.php
index 7d285ac7ef86e6bd1f6ee7a379ef21cb24f62e7d..1c11ff89577afc49c921d82646e5749fb342ec1b 100644
--- a/interface/web/client/message_template_edit.php
+++ b/interface/web/client/message_template_edit.php
@@ -80,7 +80,7 @@ class page_action extends tform_actions {
if($field_name['Field'] == 'gender'){
$message_variables .= '{salutation} ';
} else {
- $message_variables .= '{'.$field_name['Field'].'} ';
+ $message_variables .= '{'.$app->functions->htmlentities($field_name['Field']).'} ';
}
}
}
diff --git a/interface/web/dns/dns_dkim_edit.php b/interface/web/dns/dns_dkim_edit.php
index 7f7e6856dbe45c494a3121277bcbb669774519c5..35bac0d0c6254b642fc8a198b28209cb64109f49 100644
--- a/interface/web/dns/dns_dkim_edit.php
+++ b/interface/web/dns/dns_dkim_edit.php
@@ -76,8 +76,8 @@ class page_action extends tform_actions {
if(isset($sql['domain']) && $sql['domain'] != '') {
if($sql['dkim'] == 'y') {
$public_key=str_replace(array('-----BEGIN PUBLIC KEY-----','-----END PUBLIC KEY-----',"\r","\n"),'',$sql['dkim_public']);
- $app->tpl->setVar('public_key', $public_key);
- $app->tpl->setVar('selector', $sql['dkim_selector']);
+ $app->tpl->setVar('public_key', $public_key, true);
+ $app->tpl->setVar('selector', $sql['dkim_selector'], true);
} else {
//TODO: show warning - use mail_domain for dkim and enabled dkim
}
@@ -85,7 +85,7 @@ class page_action extends tform_actions {
} else {
$app->tpl->setVar('edit_disabled', 0);
}
- $app->tpl->setVar('name', $soa['origin']);
+ $app->tpl->setVar('name', $soa['origin'], true);
}
diff --git a/interface/web/dns/dns_dmarc_edit.php b/interface/web/dns/dns_dmarc_edit.php
index c806c7c20e4a44c35f4866c3a5b93dc2531b2288..7f915074d75deccbf9f3f62cbb2e75a7b8ab6da2 100644
--- a/interface/web/dns/dns_dmarc_edit.php
+++ b/interface/web/dns/dns_dmarc_edit.php
@@ -93,7 +93,7 @@ class page_action extends tform_actions {
if ( isset($rec) && !empty($rec) ) {
$this->id = 1;
$old_data = strtolower($rec['data']);
- $app->tpl->setVar("data", $old_data);
+ $app->tpl->setVar("data", $old_data, true);
if ($rec['active'] == 'Y') $app->tpl->setVar("active", "CHECKED"); else $app->tpl->setVar("active", "UNCHECKED");
$dmarc_rua = '';
$dmarc_ruf = '';
@@ -123,7 +123,7 @@ class page_action extends tform_actions {
}
//set html-values
- $app->tpl->setVar('domain', $domain_name);
+ $app->tpl->setVar('domain', $domain_name, true);
//create dmarc-policy-list
$dmarc_policy_value = array(
@@ -138,9 +138,9 @@ class page_action extends tform_actions {
}
$app->tpl->setVar('dmarc_policy', $dmarc_policy_list);
- if (!empty($dmarc_rua)) $app->tpl->setVar("dmarc_rua", $dmarc_rua);
+ if (!empty($dmarc_rua)) $app->tpl->setVar("dmarc_rua", $dmarc_rua, true);
- if (!empty($dmarc_ruf)) $app->tpl->setVar("dmarc_ruf", $dmarc_ruf);
+ if (!empty($dmarc_ruf)) $app->tpl->setVar("dmarc_ruf", $dmarc_ruf, true);
//set dmarc-fo-options
if (isset($dmarc_fo)) {
@@ -178,9 +178,9 @@ class page_action extends tform_actions {
if ( strpos($dmarc_rf, 'afrf') !== false ) $app->tpl->setVar("dmarc_rf_afrf", 'CHECKED');
if ( strpos($dmarc_rf, 'iodef') !== false ) $app->tpl->setVar("dmarc_rf_iodef", 'CHECKED');
- $app->tpl->setVar("dmarc_pct", $dmarc_pct);
+ $app->tpl->setVar("dmarc_pct", $dmarc_pct, true);
- $app->tpl->setVar("dmarc_ri", $dmarc_ri);
+ $app->tpl->setVar("dmarc_ri", $dmarc_ri, true);
//create dmarc-sp-list
$dmarc_sp_value = array(
diff --git a/interface/web/dns/dns_import.php b/interface/web/dns/dns_import.php
index fb66b7b176ae6392add54894cab364f0b3d6fbe1..405e437838a4895687790f11fbe5dcd971477560 100644
--- a/interface/web/dns/dns_import.php
+++ b/interface/web/dns/dns_import.php
@@ -587,6 +587,15 @@ if(isset($_FILES['file']['name']) && is_uploaded_file($_FILES['file']['tmp_name'
if($dns_rr[$r]['type'] == 'NS' && $dns_rr[$r]['name'] == $soa['name']){
unset($dns_rr[$r]);
}
+
+ $valid = true;
+ $dns_rr[$r]['ttl'] = $app->functions->intval($dns_rr[$r]['ttl']);
+ $dns_rr[$r]['aux'] = $app->functions->intval($dns_rr[$r]['aux']);
+ $dns_rr[$r]['data'] = strip_tags($dns_rr[$r]['data']);
+ if(!preg_match('/^[a-zA-Z0-9\.\-\*]{0,64}$/',$dns_rr[$r]['name'])) $valid == false;
+ if(!in_array(strtoupper($dns_rr[$r]['type']),array('A','AAAA','ALIAS','CNAME','DS','HINFO','LOC','MX','NAPTR','NS','PTR','RP','SRV','TXT','TLSA','DNSKEY'))) $valid == false;
+ if($valid == false) unset($dns_rr[$r]);
+
$r++;
}
$i++;
diff --git a/interface/web/dns/dns_slave_edit.php b/interface/web/dns/dns_slave_edit.php
index 4d588ef8e032ab1e0bfd3ae270aacb6bc8292d85..117b101b875de812e10160b1bfe37031164cecb8 100644
--- a/interface/web/dns/dns_slave_edit.php
+++ b/interface/web/dns/dns_slave_edit.php
@@ -132,7 +132,7 @@ class page_action extends tform_actions {
if ($domain['domain'].'.' == $this->dataRecord["origin"]) {
$domain_select .= " selected";
}
- $domain_select .= ">" . $app->functions->idn_decode($domain['domain']) . ".\r\n";
+ $domain_select .= ">" . $app->functions->htmlentities($app->functions->idn_decode($domain['domain'])) . ".\r\n";
}
}
else {
@@ -149,7 +149,7 @@ class page_action extends tform_actions {
if($this->id > 0) {
//* we are editing a existing record
$app->tpl->setVar("edit_disabled", 1);
- $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"]);
+ $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"], true);
} else {
$app->tpl->setVar("edit_disabled", 0);
}
diff --git a/interface/web/dns/dns_soa_edit.php b/interface/web/dns/dns_soa_edit.php
index 6faefac3903ec588d400fa2b8bb48e69a612ac35..9b36daee1500fb07ecf1c8b5f43668be3a063c96 100644
--- a/interface/web/dns/dns_soa_edit.php
+++ b/interface/web/dns/dns_soa_edit.php
@@ -179,7 +179,7 @@ class page_action extends tform_actions {
$options_dns_servers = "";
foreach ($dns_servers as $dns_server) {
- $options_dns_servers .= '';
+ $options_dns_servers .= '';
}
$app->tpl->setVar("client_server_id", $options_dns_servers);
@@ -200,7 +200,7 @@ class page_action extends tform_actions {
if ($domain['domain'].'.' == $this->dataRecord["origin"]) {
$domain_select .= " selected";
}
- $domain_select .= ">" . $app->functions->idn_decode($domain['domain']) . ".\r\n";
+ $domain_select .= ">" . $app->functions->htmlentities($app->functions->idn_decode($domain['domain'])) . ".\r\n";
}
}
else {
@@ -217,12 +217,12 @@ class page_action extends tform_actions {
if($this->id > 0) {
//* we are editing a existing record
$app->tpl->setVar("edit_disabled", 1);
- $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"]);
+ $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"], true);
$datalog = $app->db->queryOneRecord("SELECT sys_datalog.error, sys_log.tstamp FROM sys_datalog, sys_log WHERE sys_datalog.dbtable = 'dns_soa' AND sys_datalog.dbidx = ? AND sys_datalog.datalog_id = sys_log.datalog_id AND sys_log.message = CONCAT('Processed datalog_id ',sys_log.datalog_id) ORDER BY sys_datalog.tstamp DESC", 'id:' . $this->id);
if(is_array($datalog) && !empty($datalog)){
if(trim($datalog['error']) != ''){
- $app->tpl->setVar("config_error_msg", nl2br(htmlentities($datalog['error'])));
+ $app->tpl->setVar("config_error_msg", nl2br($app->functions->htmlentities($datalog['error'])));
$app->tpl->setVar("config_error_tstamp", date($app->lng('conf_format_datetime'), $datalog['tstamp']));
}
}
diff --git a/interface/web/dns/dns_spf_edit.php b/interface/web/dns/dns_spf_edit.php
index ca109272d8aa17111c7094c7a5eb05386a0feb7a..94096662a1e8e0af7e0e228d322d0c955076b8f2 100644
--- a/interface/web/dns/dns_spf_edit.php
+++ b/interface/web/dns/dns_spf_edit.php
@@ -83,7 +83,7 @@ class page_action extends tform_actions {
$this->id = 1;
$old_data = strtolower($rec['data']);
- $app->tpl->setVar("data", $old_data);
+ $app->tpl->setVar("data", $old_data, true);
if ($rec['active'] == 'Y') $app->tpl->setVar("active", "CHECKED"); else $app->tpl->setVar("active", "UNCHECKED");
$spf_hostname = '';
@@ -108,9 +108,9 @@ class page_action extends tform_actions {
}
//set html-values
- $app->tpl->setVar("spf_ip", $spf_ip);
- $app->tpl->setVar("spf_hostname", $spf_hostname);
- $app->tpl->setVar("spf_domain", $spf_domain);
+ $app->tpl->setVar("spf_ip", $spf_ip, true);
+ $app->tpl->setVar("spf_hostname", $spf_hostname, true);
+ $app->tpl->setVar("spf_domain", $spf_domain, true);
//create spf-mechanism-list
$spf_mechanism_value = array(
'+' => 'spf_mechanism_pass_txt',
diff --git a/interface/web/dns/dns_srv_edit.php b/interface/web/dns/dns_srv_edit.php
index e2b290ab9f1f52a1a3ab3a6786aa5ef5f5b0fdf8..16c1086db3a74452c56a37510a9ef9862739169d 100644
--- a/interface/web/dns/dns_srv_edit.php
+++ b/interface/web/dns/dns_srv_edit.php
@@ -51,9 +51,9 @@ class page_action extends dns_page_action {
// Split the 3 parts of the SRV Record apart
$split = explode(' ', $this->dataRecord['data']);
- $app->tpl->setVar('weight', $split[0]);
- $app->tpl->setVar('port', $split[1]);
- $app->tpl->setVar('target', $split[2]);
+ $app->tpl->setVar('weight', $split[0], true);
+ $app->tpl->setVar('port', $split[1], true);
+ $app->tpl->setVar('target', $split[2], true);
parent::onShowEnd();
}
diff --git a/interface/web/dns/dns_wizard.php b/interface/web/dns/dns_wizard.php
index 0e955bee09044a9a339b90ea74b631b0ff619db3..32112560a48ba9747f18eee43570acb6c4a96493 100644
--- a/interface/web/dns/dns_wizard.php
+++ b/interface/web/dns/dns_wizard.php
@@ -183,7 +183,7 @@ if(is_array($fields)) {
} else {
$app->tpl->setVar($field."_VISIBLE", 1);
$field = strtolower($field);
- $app->tpl->setVar($field, $_POST[$field]);
+ $app->tpl->setVar($field, $_POST[$field], true);
}
}
}
diff --git a/interface/web/help/faq_delete.php b/interface/web/help/faq_delete.php
index e8f36272786fec032bb0d9d23df22a8258b4199a..c1faed60d99afdad537d4447cd009d2f7e49ff50 100644
--- a/interface/web/help/faq_delete.php
+++ b/interface/web/help/faq_delete.php
@@ -9,10 +9,7 @@ require_once '../../lib/config.inc.php';
require_once '../../lib/app.inc.php';
// Check module permissions
-if(!stristr($_SESSION['s']['user']['modules'], 'help')) {
- header('Location: ../index.php');
- die;
-}
+$app->auth->check_module_permissions('admin');
// Load the form
$app->uses('tform_actions');
diff --git a/interface/web/help/faq_edit.php b/interface/web/help/faq_edit.php
index 629bde88c798f7105ad1b3621ab3cfcfa85fc06f..397f5cccf4233b4a5cefb4485a1f27617d68a1cf 100644
--- a/interface/web/help/faq_edit.php
+++ b/interface/web/help/faq_edit.php
@@ -8,10 +8,7 @@ require_once '../../lib/config.inc.php';
require_once '../../lib/app.inc.php';
// Check the module permissions and redirect if not allowed.
-if(!stristr($_SESSION['s']['user']['modules'], 'help')) {
- header('Location: ../index.php');
- die;
-}
+$app->auth->check_module_permissions('admin');
// Load the templating and form classes
$app->uses('tpl,tform,tform_actions');
diff --git a/interface/web/help/faq_list.php b/interface/web/help/faq_list.php
index 4ea86722cfe07a78b4b8016d9775edc3ac38e952..c647fbf6eb01b8edf65b98ec6dc49ca261845038 100644
--- a/interface/web/help/faq_list.php
+++ b/interface/web/help/faq_list.php
@@ -11,10 +11,7 @@ require_once '../../lib/classes/parsedown/parsedown_extra.php';
$list_def_file = 'list/faq_list.php';
// Check the module permissions
-if(!stristr($_SESSION['s']['user']['modules'], 'help')) {
- header('Location: ../index.php');
- die();
-}
+$app->auth->check_module_permissions('help');
// Loading the class
$app->uses('listform_actions');
@@ -47,7 +44,7 @@ $override->SQLExtWhere = "help_faq.hf_section = $hf_section";
if($hf_section) $res = $app->db->queryOneRecord("SELECT hfs_name FROM help_faq_sections WHERE hfs_id=?", $hf_section);
// Start the form rendering and action ahndling
-echo "FAQ: ".$res['hfs_name']."
";
-if($hf_section) $override->onLoad();
+echo "FAQ: ".$app->functions->htmlentities($res['hfs_name'])."
";
+if($hf_section) $app->listform_actions->onLoad();
?>
diff --git a/interface/web/help/faq_manage_questions_list.php b/interface/web/help/faq_manage_questions_list.php
index e72824458683f78bd7a2c8323049a5c636931bd3..ae29e752fca36db0737c78171658ab5077dda556 100644
--- a/interface/web/help/faq_manage_questions_list.php
+++ b/interface/web/help/faq_manage_questions_list.php
@@ -6,7 +6,7 @@ require_once '../../lib/app.inc.php';
$list_def_file = "list/faq_manage_questions_list.php";
//* Check permissions for module
-$app->auth->check_module_permissions('help');
+$app->auth->check_module_permissions('admin');
//* Loading the class
$app->uses('listform_actions');
diff --git a/interface/web/help/faq_sections_delete.php b/interface/web/help/faq_sections_delete.php
index adcacf4376233fe21b53068b89986d736282ae68..865071ff252cc507ef6748322f38cfa341e648d9 100644
--- a/interface/web/help/faq_sections_delete.php
+++ b/interface/web/help/faq_sections_delete.php
@@ -9,10 +9,7 @@ require_once '../../lib/config.inc.php';
require_once '../../lib/app.inc.php';
// Check module permissions
-if(!stristr($_SESSION['s']['user']['modules'], 'help')) {
- header('Location: ../index.php');
- die;
-}
+$app->auth->check_module_permissions('admin');
// Load the form
$app->uses('tform_actions');
diff --git a/interface/web/help/faq_sections_edit.php b/interface/web/help/faq_sections_edit.php
index 32f0123466c98c6c80235cf4888a459521569afe..f146db8605dd34e9c9980871f4a88923c431c9b5 100644
--- a/interface/web/help/faq_sections_edit.php
+++ b/interface/web/help/faq_sections_edit.php
@@ -8,10 +8,7 @@ require_once '../../lib/config.inc.php';
require_once '../../lib/app.inc.php';
// Check the module permissions and redirect if not allowed.
-if(!stristr($_SESSION['s']['user']['modules'], 'help')) {
- header('Location: ../index.php');
- die;
-}
+$app->auth->check_module_permissions('admin');
// Load the templating and form classes
$app->uses('tpl,tform,tform_actions');
diff --git a/interface/web/help/faq_sections_list.php b/interface/web/help/faq_sections_list.php
index 4acb4ae20e107942d62815d38d93baa176d39373..7ce9fb0235cba91f44c3930e98b423c0340c1ba2 100644
--- a/interface/web/help/faq_sections_list.php
+++ b/interface/web/help/faq_sections_list.php
@@ -7,10 +7,7 @@ require_once '../../lib/app.inc.php';
$list_def_file = 'list/faq_sections_list.php';
// Check the module permissions
-if(!stristr($_SESSION['s']['user']['modules'], 'help')) {
- header('Location: ../index.php');
- die();
-}
+$app->auth->check_module_permissions('admin');
// Loading the class
$app->uses('listform_actions');
diff --git a/interface/web/help/form/faq.tform.php b/interface/web/help/form/faq.tform.php
index e795f3566f034c9f56a2f79f1f221e31b45a2fc2..e440de7e6b87103b3f42e04784192268cf4bb61c 100644
--- a/interface/web/help/form/faq.tform.php
+++ b/interface/web/help/form/faq.tform.php
@@ -79,6 +79,12 @@ $form['tabs']['message'] = array(
'errmsg'=> 'subject_is_empty'
),
),
+ 'filters' => array(
+ 0 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPTAGS'),
+ 1 => array( 'event' => 'SAVE',
+ 'type' => 'STRIPNL')
+ ),
'default' => '',
'value' => '',
'width' => '30',
diff --git a/interface/web/help/templates/help_faq_list.htm b/interface/web/help/templates/help_faq_list.htm
index e81dae2e0ba7279ce2c4f5a03203c4e0e04cf15f..28850fe8300e881a6a8407e5e27c516ec48e0ef1 100644
--- a/interface/web/help/templates/help_faq_list.htm
+++ b/interface/web/help/templates/help_faq_list.htm
@@ -12,5 +12,3 @@
-
-
diff --git a/interface/web/index.php b/interface/web/index.php
index 4a2103208101e69633d6a18923fc1d81f9137b7e..1bccb1ebe17093938c57fcfadaba577057875ea4 100644
--- a/interface/web/index.php
+++ b/interface/web/index.php
@@ -41,7 +41,7 @@ if(!isset($_SESSION['s']['module']['name'])) $_SESSION['s']['module']['name'] =
$app->uses('tpl');
$app->tpl->newTemplate('main.tpl.htm');
-$app->tpl->setVar('startpage', isset($_SESSION['s']['module']['startpage']) ? $_SESSION['s']['module']['startpage'] : '');
+$app->tpl->setVar('startpage', isset($_SESSION['s']['module']['startpage']) ? $_SESSION['s']['module']['startpage'] : '', true);
$app->tpl->setVar('logged_in', ($_SESSION['s']['user']['active'] != 1 ? 'n' : 'y'));
// tab change warning?
@@ -93,7 +93,7 @@ if(@is_dir($js_d)) {
if (!empty($js_d_files)) $app->tpl->setLoop('js_d_includes', $js_d_files);
unset($js_d_files);
-$app->tpl->setVar('current_theme', isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default');
+$app->tpl->setVar('current_theme', isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default', true);
// Logo
$logo = $app->db->queryOneRecord("SELECT * FROM sys_ini WHERE sysini_id = 1");
diff --git a/interface/web/login/index.php b/interface/web/login/index.php
index 303e2e88c5a96fc25975d417ecdd2c99d51cd5fc..6fdeab35ee124aa08dbe3ceee2c429c17782a87b 100644
--- a/interface/web/login/index.php
+++ b/interface/web/login/index.php
@@ -347,7 +347,7 @@ $app->tpl->setVar('login_button_txt', $app->lng('login_button_txt'));
$app->tpl->setVar('session_timeout', $server_config_array['session_timeout']);
$app->tpl->setVar('session_allow_endless', $server_config_array['session_allow_endless']);
//$app->tpl->setInclude('content_tpl', 'login/templates/index.htm');
-$app->tpl->setVar('current_theme', isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default');
+$app->tpl->setVar('current_theme', isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default', true);
//die(isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default');
// Logo
diff --git a/interface/web/login/password_reset.php b/interface/web/login/password_reset.php
index c0d454cd326fce1f1e6ae5d72b55bcf5675cfbb2..e6976bff734798d0c5ee59440c161f072465540c 100644
--- a/interface/web/login/password_reset.php
+++ b/interface/web/login/password_reset.php
@@ -156,7 +156,7 @@ if(isset($_POST['username']) && $_POST['username'] != '' && $_POST['email'] != '
if(isset($_POST) && count($_POST) > 0) $app->tpl->setVar("msg", $wb['pw_error_noinput']);
}
-$app->tpl->setVar('current_theme', isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default');
+$app->tpl->setVar('current_theme', isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default', true);
// Logo
$logo = $app->db->queryOneRecord("SELECT * FROM sys_ini WHERE sysini_id = 1");
diff --git a/interface/web/mail/form/mail_forward.tform.php b/interface/web/mail/form/mail_forward.tform.php
index 260d953982778b81ccc453b926e398f84b52f3e0..3c902b4221f717c456133c748238c8e1d77304cd 100644
--- a/interface/web/mail/form/mail_forward.tform.php
+++ b/interface/web/mail/form/mail_forward.tform.php
@@ -100,9 +100,7 @@ $form["tabs"]['forward'] = array (
2 => array( 'event' => 'SAVE',
'type' => 'TOLOWER'),
3 => array( 'event' => 'SAVE',
- 'type' => 'STRIPTAGS'),
- 4 => array( 'event' => 'SAVE',
- 'type' => 'STRIPNL')
+ 'type' => 'STRIPTAGS')
),
'default' => '',
'value' => '',
diff --git a/interface/web/mail/mail_alias_edit.php b/interface/web/mail/mail_alias_edit.php
index 4292f8f4c2e405c45256a8cdf35000c9eefe8f3c..eb7ff4b4d639f34b887ea6f96bfdd5c1b414d2aa 100644
--- a/interface/web/mail/mail_alias_edit.php
+++ b/interface/web/mail/mail_alias_edit.php
@@ -83,7 +83,7 @@ class page_action extends tform_actions {
foreach( $domains as $domain) {
$domain['domain'] = $app->functions->idn_decode($domain['domain']);
$selected = ($domain["domain"] == @$email_parts[1])?'SELECTED':'';
- $domain_select .= "\r\n";
+ $domain_select .= "\r\n";
}
}
$app->tpl->setVar("email_domain", $domain_select);
diff --git a/interface/web/mail/mail_aliasdomain_edit.php b/interface/web/mail/mail_aliasdomain_edit.php
index 918a5f3a05b47a9e3a16a328c030e4d8eaafa35d..ef3b16275c5bf4bf69e5df1de50aa10150cd1d41 100644
--- a/interface/web/mail/mail_aliasdomain_edit.php
+++ b/interface/web/mail/mail_aliasdomain_edit.php
@@ -82,9 +82,9 @@ class page_action extends tform_actions {
foreach( $domains as $domain) {
$domain['domain'] = $app->functions->idn_decode($domain['domain']);
$selected = ($domain["domain"] == @$source_domain)?'SELECTED':'';
- $source_select .= "\r\n";
+ $source_select .= "\r\n";
$selected = ($domain["domain"] == @$destination_domain)?'SELECTED':'';
- $destination_select .= "\r\n";
+ $destination_select .= "\r\n";
}
}
$app->tpl->setVar("source_domain", $source_select);
diff --git a/interface/web/mail/mail_domain_catchall_edit.php b/interface/web/mail/mail_domain_catchall_edit.php
index 60da619e14363aaaa6903febdb4ec81df3e7ed76..4ef18d45e7c8fee393a5b0666c8e5bf6cf6a1bba 100644
--- a/interface/web/mail/mail_domain_catchall_edit.php
+++ b/interface/web/mail/mail_domain_catchall_edit.php
@@ -82,7 +82,7 @@ class page_action extends tform_actions {
foreach( $domains as $domain) {
$domain['domain'] = $app->functions->idn_decode($domain['domain']);
$selected = (isset($email_parts[1]) && $domain["domain"] == $email_parts[1])?'SELECTED':'';
- $domain_select .= "\r\n";
+ $domain_select .= "\r\n";
}
}
$app->tpl->setVar("email_domain", $domain_select);
diff --git a/interface/web/mail/mail_domain_edit.php b/interface/web/mail/mail_domain_edit.php
index 7565752bd31c575d38731fe09af55c191ba81c70..d7d6ea4c6862bda5ff179078ae38f8efb3474c28 100644
--- a/interface/web/mail/mail_domain_edit.php
+++ b/interface/web/mail/mail_domain_edit.php
@@ -101,7 +101,7 @@ class page_action extends tform_actions {
// Set the mailserver to the default server of the client
$tmp = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ?", $client['default_mailserver']);
- $app->tpl->setVar("server_id", "");
+ $app->tpl->setVar("server_id", "");
unset($tmp);
if ($settings['use_domain_module'] != 'y') {
@@ -142,7 +142,7 @@ class page_action extends tform_actions {
$options_mail_servers = "";
foreach ($mail_servers as $mail_server) {
- $options_mail_servers .= '';
+ $options_mail_servers .= '';
}
$app->tpl->setVar("client_server_id", $options_mail_servers);
@@ -167,7 +167,7 @@ class page_action extends tform_actions {
if ($domain['domain'] == $this->dataRecord["domain"]) {
$domain_select .= " selected";
}
- $domain_select .= ">" . $app->functions->idn_decode($domain['domain']) . "\r\n";
+ $domain_select .= ">" . $app->functions->htmlentities($app->functions->idn_decode($domain['domain'])) . "\r\n";
}
}
else {
@@ -193,7 +193,7 @@ class page_action extends tform_actions {
if(is_array($policys)) {
foreach( $policys as $p) {
$selected = ($p["id"] == $tmp_user["policy_id"])?'SELECTED':'';
- $policy_select .= "\r\n";
+ $policy_select .= "\r\n";
}
}
$app->tpl->setVar("policy", $policy_select);
@@ -204,7 +204,7 @@ class page_action extends tform_actions {
if($this->id > 0) {
//* we are editing a existing record
$app->tpl->setVar("edit_disabled", 1);
- $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"]);
+ $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"], true);
} else {
$app->tpl->setVar("edit_disabled", 0);
}
@@ -214,10 +214,10 @@ class page_action extends tform_actions {
$rec = $app->db->queryOneRecord($sql, $app->functions->intval($_GET['id']));
$dns_key = str_replace(array('-----BEGIN PUBLIC KEY-----','-----END PUBLIC KEY-----',"\r","\n"),'',$rec['dkim_public']);
$dns_record = $rec['dkim_selector'] . '._domainkey.' . $rec['domain'] . '. 3600 TXT v=DKIM1; t=s; p=' . $dns_key;
- $app->tpl->setVar('dkim_selector', $rec['dkim_selector']);
- $app->tpl->setVar('dkim_private', $rec['dkim_private']);
- $app->tpl->setVar('dkim_public', $rec['dkim_public']);
- if (!empty($rec['dkim_public'])) $app->tpl->setVar('dns_record', $dns_record);
+ $app->tpl->setVar('dkim_selector', $rec['dkim_selector'], true);
+ $app->tpl->setVar('dkim_private', $rec['dkim_private'], true);
+ $app->tpl->setVar('dkim_public', $rec['dkim_public'], true);
+ if (!empty($rec['dkim_public'])) $app->tpl->setVar('dns_record', $dns_record, true);
parent::onShowEnd();
}
diff --git a/interface/web/mail/mail_forward_edit.php b/interface/web/mail/mail_forward_edit.php
index 17ce213cb2a31a511bf09173a55493497b0b305f..ee8c5f29971b38bbe2cf27e674496eca68a1bb9a 100644
--- a/interface/web/mail/mail_forward_edit.php
+++ b/interface/web/mail/mail_forward_edit.php
@@ -82,7 +82,7 @@ class page_action extends tform_actions {
foreach( $domains as $domain) {
$domain['domain'] = $app->functions->idn_decode($domain['domain']);
$selected = (isset($email_parts[1]) && $domain["domain"] == $email_parts[1])?'SELECTED':'';
- $domain_select .= "\r\n";
+ $domain_select .= "\r\n";
}
$app->tpl->setVar("email_domain", $domain_select);
diff --git a/interface/web/mail/mail_mailinglist_edit.php b/interface/web/mail/mail_mailinglist_edit.php
index e0b1a23be50ab0cb01bfef3812da2d92c34b832d..73680c8a189078b8677dbff570e2367c78ebe8c9 100644
--- a/interface/web/mail/mail_mailinglist_edit.php
+++ b/interface/web/mail/mail_mailinglist_edit.php
@@ -116,7 +116,7 @@ class page_action extends tform_actions {
if(is_array($domains)) {
foreach( $domains as $domain) {
$selected = ($domain["domain"] == $this->dataRecord["domain"])?'SELECTED':'';
- $domain_select .= "\r\n";
+ $domain_select .= "\r\n";
}
}
$app->tpl->setVar("domain_option", $domain_select);
@@ -124,9 +124,9 @@ class page_action extends tform_actions {
if($this->id > 0) {
//* we are editing a existing record
$app->tpl->setVar("edit_disabled", 1);
- $app->tpl->setVar("listname_value", $this->dataRecord["listname"]);
- $app->tpl->setVar("domain_value", $this->dataRecord["domain"]);
- $app->tpl->setVar("email_value", $this->dataRecord["email"]);
+ $app->tpl->setVar("listname_value", $this->dataRecord["listname"], true);
+ $app->tpl->setVar("domain_value", $this->dataRecord["domain"], true);
+ $app->tpl->setVar("email_value", $this->dataRecord["email"], true);
} else {
$app->tpl->setVar("edit_disabled", 0);
}
diff --git a/interface/web/mail/mail_spamfilter_edit.php b/interface/web/mail/mail_spamfilter_edit.php
index 6282a38b0ff85596a30322381133af5f9a8772ca..c47ec8b41a72072a94a670cd8702e1b051f735d3 100644
--- a/interface/web/mail/mail_spamfilter_edit.php
+++ b/interface/web/mail/mail_spamfilter_edit.php
@@ -67,7 +67,7 @@ class page_action extends tform_actions {
$domain_select = '';
foreach( $domains as $domain) {
$selected = ($domain["domain"] == $email_parts[1])?'SELECTED':'';
- $domain_select .= "\r\n";
+ $domain_select .= "\r\n";
}
$app->tpl->setVar("email_domain", $domain_select);
diff --git a/interface/web/mail/mail_transport_edit.php b/interface/web/mail/mail_transport_edit.php
index 9707d2fce018433c4e8c0c84a61ba9649548d06a..65667726ad39ff8d6c0d5d5d8b18adc51b6ef705 100644
--- a/interface/web/mail/mail_transport_edit.php
+++ b/interface/web/mail/mail_transport_edit.php
@@ -70,6 +70,7 @@ class page_action extends tform_actions {
function onShowEnd() {
global $app, $conf;
+ $rec = array();
$types = array('smtp' => 'smtp', 'uucp' => 'uucp', 'slow' => 'slow', 'error' => 'error', 'custom' => 'custom', '' => 'null');
$tmp_parts = explode(":", $this->dataRecord["transport"]);
if(!empty($this->id) && !stristr($this->dataRecord["transport"], ':')) {
@@ -106,7 +107,7 @@ class page_action extends tform_actions {
}
}
$rec["type"] = $type_select;
- $app->tpl->setVar($rec);
+ $app->tpl->setVar($rec, null, true);
unset($type);
unset($types);
diff --git a/interface/web/mail/mail_user_edit.php b/interface/web/mail/mail_user_edit.php
index 87d3be66bbf2f4a21b0dbf12d7de76f5ab3cf34d..6cf9b34e3649b6b352d7b05fa65fcb5ceda0a58e 100644
--- a/interface/web/mail/mail_user_edit.php
+++ b/interface/web/mail/mail_user_edit.php
@@ -84,7 +84,7 @@ class page_action extends tform_actions {
foreach( $domains as $domain) {
$domain['domain'] = $app->functions->idn_decode($domain['domain']);
$selected = ($domain["domain"] == @$email_parts[1])?'SELECTED':'';
- $domain_select .= "\r\n";
+ $domain_select .= "\r\n";
}
}
$app->tpl->setVar("email_domain", $domain_select);
@@ -100,7 +100,7 @@ class page_action extends tform_actions {
if(is_array($policys)) {
foreach( $policys as $p) {
$selected = ($p["id"] == $tmp_user["policy_id"])?'SELECTED':'';
- $policy_select .= "\r\n";
+ $policy_select .= "\r\n";
}
}
$app->tpl->setVar("policy", $policy_select);
@@ -121,7 +121,7 @@ class page_action extends tform_actions {
if($this->dataRecord['autoresponder_subject'] == '') {
$app->tpl->setVar('autoresponder_subject', $app->tform->lng('autoresponder_subject'));
} else {
- $app->tpl->setVar('autoresponder_subject', $this->dataRecord['autoresponder_subject']);
+ $app->tpl->setVar('autoresponder_subject', $this->dataRecord['autoresponder_subject'], true);
}
$app->uses('getconf');
diff --git a/interface/web/mail/xmpp_domain_edit.php b/interface/web/mail/xmpp_domain_edit.php
index b7370a2e5e9d0ac3b644faed7e23931aa813ef79..3366a40de61359cb809f549d718b884aa82bb876 100644
--- a/interface/web/mail/xmpp_domain_edit.php
+++ b/interface/web/mail/xmpp_domain_edit.php
@@ -165,7 +165,7 @@ class page_action extends tform_actions {
$options_xmpp_servers = "";
foreach ($xmpp_servers as $xmpp_server) {
- $options_xmpp_servers .= "";
+ $options_xmpp_servers .= "";
}
$app->tpl->setVar("client_server_id", $options_xmpp_servers);
@@ -190,7 +190,7 @@ class page_action extends tform_actions {
if ($domain['domain'] == $this->dataRecord["domain"]) {
$domain_select .= " selected";
}
- $domain_select .= ">" . $app->functions->idn_decode($domain['domain']) . "\r\n";
+ $domain_select .= ">" . $app->functions->htmlentities($app->functions->idn_decode($domain['domain'])) . "\r\n";
}
}
else {
@@ -211,7 +211,7 @@ class page_action extends tform_actions {
if($this->id > 0) {
//* we are editing a existing record
$app->tpl->setVar("edit_disabled", 1);
- $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"]);
+ $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"], true);
} else {
$app->tpl->setVar("edit_disabled", 0);
}
diff --git a/interface/web/mail/xmpp_user_edit.php b/interface/web/mail/xmpp_user_edit.php
index 16d440a9f1a5419a968765eb602d077b43b3504e..188de01ae240d7f3331509e581c82df5df0b1494 100644
--- a/interface/web/mail/xmpp_user_edit.php
+++ b/interface/web/mail/xmpp_user_edit.php
@@ -83,7 +83,7 @@ class page_action extends tform_actions {
foreach( $domains as $domain) {
$domain['domain'] = $app->functions->idn_decode($domain['domain']);
$selected = ($domain["domain"] == @$jid_parts[1])?'SELECTED':'';
- $domain_select .= "\r\n";
+ $domain_select .= "\r\n";
}
}
$app->tpl->setVar("jid_domain", $domain_select);
diff --git a/interface/web/mailuser/mail_user_autoresponder_edit.php b/interface/web/mailuser/mail_user_autoresponder_edit.php
index 8007c0fd814ee934db7d7b08f43d18321fcffc41..d93151bf24094f72829e2da89dcfb5321b6ee413 100644
--- a/interface/web/mailuser/mail_user_autoresponder_edit.php
+++ b/interface/web/mailuser/mail_user_autoresponder_edit.php
@@ -84,7 +84,7 @@ class page_action extends tform_actions {
if($this->dataRecord['autoresponder_subject'] == '') {
$app->tpl->setVar('autoresponder_subject', $app->tform->lng('autoresponder_subject'));
} else {
- $app->tpl->setVar('autoresponder_subject', $this->dataRecord['autoresponder_subject']);
+ $app->tpl->setVar('autoresponder_subject', $this->dataRecord['autoresponder_subject'], true);
}
parent::onShowEnd();
diff --git a/interface/web/mailuser/mail_user_cc_edit.php b/interface/web/mailuser/mail_user_cc_edit.php
index 39e5bdf6f95b01fdf1d865aca92b70138ac5186e..778be781ece87a4d7ee5f35bc715c96aafb2cc01 100644
--- a/interface/web/mailuser/mail_user_cc_edit.php
+++ b/interface/web/mailuser/mail_user_cc_edit.php
@@ -75,7 +75,7 @@ class page_action extends tform_actions {
global $app, $conf;
$rec = $app->tform->getDataRecord($this->id);
- $app->tpl->setVar("email", $rec['email']);
+ $app->tpl->setVar("email", $rec['email'], true);
parent::onShowEnd();
}
diff --git a/interface/web/mailuser/mail_user_password_edit.php b/interface/web/mailuser/mail_user_password_edit.php
index 07a19259ea0d045e4d3d65ac939d32453dfb6b2f..5c5706177a6b2d0fa41b7a9edd386546764ed688 100644
--- a/interface/web/mailuser/mail_user_password_edit.php
+++ b/interface/web/mailuser/mail_user_password_edit.php
@@ -63,7 +63,7 @@ class page_action extends tform_actions {
global $app, $conf;
$rec = $app->tform->getDataRecord($_SESSION['s']['user']['mailuser_id']);
- $app->tpl->setVar("email", $rec['email']);
+ $app->tpl->setVar("email", $rec['email'], true);
parent::onShowEnd();
}
diff --git a/interface/web/mailuser/mail_user_spamfilter_edit.php b/interface/web/mailuser/mail_user_spamfilter_edit.php
index 9d3735672184d0d3c3596c0e7eb19fc59a6a27f8..abbea219376204ce922762129849da67122a4738 100644
--- a/interface/web/mailuser/mail_user_spamfilter_edit.php
+++ b/interface/web/mailuser/mail_user_spamfilter_edit.php
@@ -112,7 +112,7 @@ class page_action extends tform_actions {
global $app, $conf;
$rec = $app->tform->getDataRecord($this->id);
- $app->tpl->setVar("email", $rec['email']);
+ $app->tpl->setVar("email", $rec['email'], true);
// Get the spamfilter policys for the user
$tmp_user = $app->db->queryOneRecord("SELECT policy_id FROM spamfilter_users WHERE email = ?", $rec['email']);
@@ -122,7 +122,7 @@ class page_action extends tform_actions {
if(is_array($policys)) {
foreach( $policys as $p) {
$selected = ($p["id"] == $tmp_user["policy_id"])?'SELECTED':'';
- $policy_select .= "\r\n";
+ $policy_select .= "\r\n";
}
}
$app->tpl->setVar("policy", $policy_select);
diff --git a/interface/web/remote/index.php b/interface/web/remote/index.php
index 3e111394a365541e0f4ef5cbe764d7e110f8d49d..670a9db13b41b62daf99ab425174ac2d9cd03a7f 100644
--- a/interface/web/remote/index.php
+++ b/interface/web/remote/index.php
@@ -1,5 +1,7 @@
id > 0) {
//* we are editing a existing record
$app->tpl->setVar("edit_disabled", 1);
- $app->tpl->setVar("parent_domain_id_value", $this->dataRecord["parent_domain_id"]);
+ $app->tpl->setVar("parent_domain_id_value", $this->dataRecord["parent_domain_id"], true);
} else {
$app->tpl->setVar("edit_disabled", 0);
}
diff --git a/interface/web/sites/database_edit.php b/interface/web/sites/database_edit.php
index 213063ae89bdb70c495e630a345caa52e73987cc..71e5acaf27c120d8d332485e494de8af8fd1689a 100644
--- a/interface/web/sites/database_edit.php
+++ b/interface/web/sites/database_edit.php
@@ -89,7 +89,7 @@ class page_action extends tform_actions {
}
foreach ($tmp as $db_server) {
- $options_db_servers .= '';
+ $options_db_servers .= '';
}
$app->tpl->setVar("server_id", $options_db_servers);
@@ -112,7 +112,7 @@ class page_action extends tform_actions {
}
foreach ($tmp as $db_server) {
- $options_db_servers .= '';
+ $options_db_servers .= '';
}
$app->tpl->setVar("server_id", $options_db_servers);
@@ -143,22 +143,22 @@ class page_action extends tform_actions {
if ($this->dataRecord['database_name'] != ""){
/* REMOVE the restriction */
- $app->tpl->setVar("database_name", $app->tools_sites->removePrefix($this->dataRecord['database_name'], $this->dataRecord['database_name_prefix'], $dbname_prefix));
+ $app->tpl->setVar("database_name", $app->tools_sites->removePrefix($this->dataRecord['database_name'], $this->dataRecord['database_name_prefix'], $dbname_prefix), true);
}
if($this->dataRecord['database_name'] == "") {
- $app->tpl->setVar("database_name_prefix", $dbname_prefix);
+ $app->tpl->setVar("database_name_prefix", $dbname_prefix, true);
} else {
- $app->tpl->setVar("database_name_prefix", $app->tools_sites->getPrefix($this->dataRecord['database_name_prefix'], $dbname_prefix, $global_config['dbname_prefix']));
+ $app->tpl->setVar("database_name_prefix", $app->tools_sites->getPrefix($this->dataRecord['database_name_prefix'], $dbname_prefix, $global_config['dbname_prefix']), true);
}
if($this->id > 0) {
//* we are editing a existing record
$edit_disabled = @($_SESSION["s"]["user"]["typ"] == 'admin')? 0 : 1; //* admin can change the database-name
$app->tpl->setVar("edit_disabled", $edit_disabled);
- $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"]);
- $app->tpl->setVar("database_charset_value", $this->dataRecord["database_charset"]);
- $app->tpl->setVar("limit_database_quota", $this->dataRecord["database_quota"]);
+ $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"], true);
+ $app->tpl->setVar("database_charset_value", $this->dataRecord["database_charset"], true);
+ $app->tpl->setVar("limit_database_quota", $this->dataRecord["database_quota"], true);
} else {
$app->tpl->setVar("edit_disabled", 0);
}
diff --git a/interface/web/sites/database_user_edit.php b/interface/web/sites/database_user_edit.php
index e7bfa611a937be481efde7ae8ba7a8308cbaf01c..07fa1315f062960e5f214aefdaa3eebb19f8837b 100644
--- a/interface/web/sites/database_user_edit.php
+++ b/interface/web/sites/database_user_edit.php
@@ -118,13 +118,13 @@ class page_action extends tform_actions {
if ($this->dataRecord['database_user'] != ""){
/* REMOVE the restriction */
- $app->tpl->setVar("database_user", $app->tools_sites->removePrefix($this->dataRecord['database_user'], $this->dataRecord['database_user_prefix'], $dbuser_prefix));
+ $app->tpl->setVar("database_user", $app->tools_sites->removePrefix($this->dataRecord['database_user'], $this->dataRecord['database_user_prefix'], $dbuser_prefix), true);
}
if($this->dataRecord['database_user'] == "") {
- $app->tpl->setVar("database_user_prefix", $dbuser_prefix);
+ $app->tpl->setVar("database_user_prefix", $dbuser_prefix, true);
} else {
- $app->tpl->setVar("database_user_prefix", $app->tools_sites->getPrefix($this->dataRecord['database_user_prefix'], $dbuser_prefix, $global_config['dbuser_prefix']));
+ $app->tpl->setVar("database_user_prefix", $app->tools_sites->getPrefix($this->dataRecord['database_user_prefix'], $dbuser_prefix, $global_config['dbuser_prefix']), true);
}
parent::onShowEnd();
diff --git a/interface/web/sites/form/web_childdomain.tform.php b/interface/web/sites/form/web_childdomain.tform.php
index 02480db42879a97058306114b8771f7cdd0ff9b2..6cfaa38c2a5188f1441d8f3db59d44bea4a1f3be 100644
--- a/interface/web/sites/form/web_childdomain.tform.php
+++ b/interface/web/sites/form/web_childdomain.tform.php
@@ -125,7 +125,7 @@ $form["tabs"]['domain'] = array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'validators' => array ( 0 => array ( 'type' => 'REGEX',
- 'regex' => '@^(([\.]{0})|((ftp|https?)://([-\w\.]+)+(:\d+)?(/([\w/_\.\-\,\+\?\~!:%]*(\?\S+)?)?)?)|(\[scheme\]://([-\w\.]+)+(:\d+)?(/([\w/_\.\-\,\+\?\~!:%]*(\?\S+)?)?)?)|(/(?!.*\.\.)[\w/_\.\-]{1,255}/))$@',
+ 'regex' => '@^(([\.]{0})|((ftp|https?|\[scheme\])://([-\w\.]+)+(:\d+)?(/([\w/_\.\,\-\+\?\~!:%]*(\?\S+)?)?)?)(?:#\S*)?|(/(?!.*\.\.)[\w/_\.\-]{1,255}/))$@',
'errmsg'=> 'redirect_error_regex'),
),
'default' => '',
diff --git a/interface/web/sites/form/web_vhost_domain.tform.php b/interface/web/sites/form/web_vhost_domain.tform.php
index 071efbb9a9b18d224d243ee8be78222393a07cf8..11132f5469d5c5ebabb2e1e81b95e1de2bb780b0 100644
--- a/interface/web/sites/form/web_vhost_domain.tform.php
+++ b/interface/web/sites/form/web_vhost_domain.tform.php
@@ -396,7 +396,7 @@ $form["tabs"]['redirect'] = array (
'redirect_path' => array (
'datatype' => 'VARCHAR',
'validators' => array ( 0 => array ( 'type' => 'REGEX',
- 'regex' => '@^(([\.]{0})|((ftp|https?)://([-\w\.]+)+(:\d+)?(/([\w/_\.\,\-\+\?\~!:%]*(\?\S+)?)?)?)|(\[scheme\]://([-\w\.]+)+(:\d+)?(/([\w/_\.\-\,\+\?\~!:%]*(\?\S+)?)?)?)|(/(?!.*\.\.)[\w/_\.\-]{1,255}/))$@',
+ 'regex' => '@^(([\.]{0})|((ftp|https?|\[scheme\])://([-\w\.]+)+(:\d+)?(/([\w/_\.\,\-\+\?\~!:%]*(\?\S+)?)?)?)(?:#\S*)?|(/(?!.*\.\.)[\w/_\.\-]{1,255}/))$@',
'errmsg'=> 'redirect_error_regex'),
),
'formtype' => 'TEXT',
@@ -881,6 +881,13 @@ if($_SESSION["s"]["user"]["typ"] == 'admin'
'nginx_directives' => array (
'datatype' => 'TEXT',
'formtype' => 'TEXT',
+ 'validators' => array ( 0 => array(
+ 'type' => 'CUSTOM',
+ 'class' => 'validate_domain',
+ 'function' => 'web_nginx_directives',
+ 'errmsg' => 'nginx_directive_blocked_error'
+ ),
+ ),
'default' => '',
'value' => '',
'width' => '30',
diff --git a/interface/web/sites/ftp_user_edit.php b/interface/web/sites/ftp_user_edit.php
index 9de400ce0392fcff585fe6450621d8c15b6d3d14..7fab1e2273e850d9e59fcb7c48bbd0d4186e1f7a 100644
--- a/interface/web/sites/ftp_user_edit.php
+++ b/interface/web/sites/ftp_user_edit.php
@@ -79,13 +79,13 @@ class page_action extends tform_actions {
if ($this->dataRecord['username'] != ""){
/* REMOVE the restriction */
- $app->tpl->setVar("username", $app->tools_sites->removePrefix($this->dataRecord['username'], $this->dataRecord['username_prefix'], $ftpuser_prefix));
+ $app->tpl->setVar("username", $app->tools_sites->removePrefix($this->dataRecord['username'], $this->dataRecord['username_prefix'], $ftpuser_prefix), true);
}
if($this->dataRecord['username'] == "") {
- $app->tpl->setVar("username_prefix", $ftpuser_prefix);
+ $app->tpl->setVar("username_prefix", $ftpuser_prefix, true);
} else {
- $app->tpl->setVar("username_prefix", $app->tools_sites->getPrefix($this->dataRecord['username_prefix'], $ftpuser_prefix, $global_config['ftpuser_prefix']));
+ $app->tpl->setVar("username_prefix", $app->tools_sites->getPrefix($this->dataRecord['username_prefix'], $ftpuser_prefix, $global_config['ftpuser_prefix']), true);
}
parent::onShowEnd();
diff --git a/interface/web/sites/lib/lang/ar_web_aliasdomain.lng b/interface/web/sites/lib/lang/ar_web_aliasdomain.lng
index 4149c711493e6b6f06d0e99656a1c65744d4ec46..87eb5b26dc583f9423bf14e6ca31c798e4d9696c 100644
--- a/interface/web/sites/lib/lang/ar_web_aliasdomain.lng
+++ b/interface/web/sites/lib/lang/ar_web_aliasdomain.lng
@@ -43,6 +43,7 @@ $wb['apache_directives_txt'] = 'Apache Directives';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['domain_error_autosub'] = 'There is already a subdomain with these settings.';
$wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.';
$wb['traffic_quota_error_empty'] = 'Traffic quota is empty.';
diff --git a/interface/web/sites/lib/lang/ar_web_aliasdomain_list.lng b/interface/web/sites/lib/lang/ar_web_aliasdomain_list.lng
index 8ea34c440978e1ec0920627b26e72315d713eda1..0cbee5b1219730bdf3a356c0ab59758b3d9598cf 100644
--- a/interface/web/sites/lib/lang/ar_web_aliasdomain_list.lng
+++ b/interface/web/sites/lib/lang/ar_web_aliasdomain_list.lng
@@ -8,6 +8,7 @@ $wb['add_new_record_txt'] = 'Add new aliasdomain';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'Domain must be unique.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['no_redirect_txt'] = 'No redirect';
$wb['no_flag_txt'] = 'No flag';
$wb['none_txt'] = 'None';
diff --git a/interface/web/sites/lib/lang/ar_web_childdomain.lng b/interface/web/sites/lib/lang/ar_web_childdomain.lng
index fe6eae507486f1cab06a117dfab93049607ea030..e948694b3b5941d7380065c2947d4f9af34a92b4 100644
--- a/interface/web/sites/lib/lang/ar_web_childdomain.lng
+++ b/interface/web/sites/lib/lang/ar_web_childdomain.lng
@@ -35,6 +35,7 @@ $wb['apache_directives_txt'] = 'Apache directives';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['host_txt'] = 'Host';
$wb['redirect_error_regex'] = 'Invalid redirect path. Valid redirects are for example: /test/ or http://www.domain.tld/test/';
$wb['no_redirect_txt'] = 'No redirect';
diff --git a/interface/web/sites/lib/lang/ar_web_childdomain_list.lng b/interface/web/sites/lib/lang/ar_web_childdomain_list.lng
index 1ce49ba1be6e86b451e04493c0e7f737a09e4939..4dfc97f907e90c569e325ed1c2ee4b4707953c3b 100644
--- a/interface/web/sites/lib/lang/ar_web_childdomain_list.lng
+++ b/interface/web/sites/lib/lang/ar_web_childdomain_list.lng
@@ -7,6 +7,7 @@ $wb['domain_txt'] = 'Subdomain';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'Domain must be unique.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['no_redirect_txt'] = 'No redirect';
$wb['no_flag_txt'] = 'No flag';
$wb['none_txt'] = 'None';
diff --git a/interface/web/sites/lib/lang/ar_web_domain.lng b/interface/web/sites/lib/lang/ar_web_domain.lng
index 0b8161e0978acbeab26a2885512e99aa272ca9ec..00edc9ce51db5f2ae772a8ca39ce54ceb4c34092 100644
--- a/interface/web/sites/lib/lang/ar_web_domain.lng
+++ b/interface/web/sites/lib/lang/ar_web_domain.lng
@@ -38,6 +38,7 @@ $wb['apache_directives_txt'] = 'Apache directives';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.';
$wb['traffic_quota_error_empty'] = 'Traffic quota is empty.';
$wb['error_ssl_state_empty'] = 'SSL State is empty.';
@@ -133,4 +134,5 @@ $wb['http_port_txt'] = 'HTTP Port';
$wb['https_port_txt'] = 'HTTPS Port';
$wb['http_port_error_regex'] = 'HTTP Port invalid.';
$wb['https_port_error_regex'] = 'HTTPS Port invalid.';
+$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:';
?>
diff --git a/interface/web/sites/lib/lang/ar_web_subdomain.lng b/interface/web/sites/lib/lang/ar_web_subdomain.lng
index c5fa1711bbbecf45e91322c7c5192b51a25d24b2..b4a8c15f1563df72b828881a9ba79883d9f3e89f 100644
--- a/interface/web/sites/lib/lang/ar_web_subdomain.lng
+++ b/interface/web/sites/lib/lang/ar_web_subdomain.lng
@@ -35,6 +35,7 @@ $wb['apache_directives_txt'] = 'Apache directives';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['host_txt'] = 'Host';
$wb['redirect_error_regex'] = 'Invalid redirect path. Valid redirects are for example: /test/ or http://www.domain.tld/test/';
$wb['no_redirect_txt'] = 'No redirect';
diff --git a/interface/web/sites/lib/lang/ar_web_vhost_domain.lng b/interface/web/sites/lib/lang/ar_web_vhost_domain.lng
index 1f01c23704c3791362d3dd99e75fd85eb18b2b00..628f0d6293409d11988ccae2119d91d80f8a56fb 100644
--- a/interface/web/sites/lib/lang/ar_web_vhost_domain.lng
+++ b/interface/web/sites/lib/lang/ar_web_vhost_domain.lng
@@ -39,6 +39,7 @@ $wb['apache_directives_txt'] = 'Apache directives';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.';
$wb['traffic_quota_error_empty'] = 'Traffic quota is empty.';
$wb['error_ssl_state_empty'] = 'SSL State is empty.';
diff --git a/interface/web/sites/lib/lang/ar_web_vhost_subdomain.lng b/interface/web/sites/lib/lang/ar_web_vhost_subdomain.lng
index 35c9298e710d663f63a4269e06dd1db22c1e644b..7897c16bf742cde9d904cf9a584f660c66252d54 100644
--- a/interface/web/sites/lib/lang/ar_web_vhost_subdomain.lng
+++ b/interface/web/sites/lib/lang/ar_web_vhost_subdomain.lng
@@ -47,6 +47,7 @@ $wb['apache_directives_txt'] = 'Apache Directives';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['domain_error_wildcard'] = 'Wildcard subdomains are not allowed.';
$wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.';
$wb['traffic_quota_error_empty'] = 'Traffic quota is empty.';
diff --git a/interface/web/sites/lib/lang/bg_web_aliasdomain.lng b/interface/web/sites/lib/lang/bg_web_aliasdomain.lng
index 4149c711493e6b6f06d0e99656a1c65744d4ec46..87eb5b26dc583f9423bf14e6ca31c798e4d9696c 100644
--- a/interface/web/sites/lib/lang/bg_web_aliasdomain.lng
+++ b/interface/web/sites/lib/lang/bg_web_aliasdomain.lng
@@ -43,6 +43,7 @@ $wb['apache_directives_txt'] = 'Apache Directives';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['domain_error_autosub'] = 'There is already a subdomain with these settings.';
$wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.';
$wb['traffic_quota_error_empty'] = 'Traffic quota is empty.';
diff --git a/interface/web/sites/lib/lang/bg_web_domain.lng b/interface/web/sites/lib/lang/bg_web_domain.lng
index cce48221437625978cc7f2884060f57b7f626df8..901c34a6ec85fd026c53c08f3e79b88d2c11d37b 100644
--- a/interface/web/sites/lib/lang/bg_web_domain.lng
+++ b/interface/web/sites/lib/lang/bg_web_domain.lng
@@ -133,4 +133,5 @@ $wb['http_port_txt'] = 'HTTP Port';
$wb['https_port_txt'] = 'HTTPS Port';
$wb['http_port_error_regex'] = 'HTTP Port invalid.';
$wb['https_port_error_regex'] = 'HTTPS Port invalid.';
+$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:';
?>
diff --git a/interface/web/sites/lib/lang/bg_web_vhost_subdomain.lng b/interface/web/sites/lib/lang/bg_web_vhost_subdomain.lng
index 35c9298e710d663f63a4269e06dd1db22c1e644b..7897c16bf742cde9d904cf9a584f660c66252d54 100644
--- a/interface/web/sites/lib/lang/bg_web_vhost_subdomain.lng
+++ b/interface/web/sites/lib/lang/bg_web_vhost_subdomain.lng
@@ -47,6 +47,7 @@ $wb['apache_directives_txt'] = 'Apache Directives';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['domain_error_wildcard'] = 'Wildcard subdomains are not allowed.';
$wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.';
$wb['traffic_quota_error_empty'] = 'Traffic quota is empty.';
diff --git a/interface/web/sites/lib/lang/br_web_domain.lng b/interface/web/sites/lib/lang/br_web_domain.lng
index 33ea9f35658286ec6c19ef59f791baacb269f8e2..a199f3273c55e469ada72518455318cda6a7033a 100644
--- a/interface/web/sites/lib/lang/br_web_domain.lng
+++ b/interface/web/sites/lib/lang/br_web_domain.lng
@@ -133,4 +133,5 @@ $wb['http_port_txt'] = 'Porta HTTP';
$wb['https_port_txt'] = 'Porta HTTPS';
$wb['http_port_error_regex'] = 'Porta HTTP inválida.';
$wb['https_port_error_regex'] = 'Porta HTTPS inválida.';
+$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:';
?>
diff --git a/interface/web/sites/lib/lang/ca_web_childdomain.lng b/interface/web/sites/lib/lang/ca_web_childdomain.lng
index 6ff34de1a44f864a9498870151a1860cbf33d5bc..9e3968e2fd89656e068999521d087c04c9fa47b8 100644
--- a/interface/web/sites/lib/lang/ca_web_childdomain.lng
+++ b/interface/web/sites/lib/lang/ca_web_childdomain.lng
@@ -35,6 +35,7 @@ $wb['apache_directives_txt'] = 'Apache directives';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['domain_error_wildcard'] = 'Wildcard subdomains are not allowed.';
$wb['host_txt'] = 'Host';
$wb['redirect_error_regex'] = 'Invalid redirect path. Valid redirects are for example: /test/ or http://www.domain.tld/test/';
diff --git a/interface/web/sites/lib/lang/ca_web_childdomain_list.lng b/interface/web/sites/lib/lang/ca_web_childdomain_list.lng
index f06935bf0ee7098dce0816fb3d7da1886363a15b..246fb2b1d191a9f95f844053af0953460f76ff6f 100644
--- a/interface/web/sites/lib/lang/ca_web_childdomain_list.lng
+++ b/interface/web/sites/lib/lang/ca_web_childdomain_list.lng
@@ -9,6 +9,7 @@ $wb['add_new_aliasdomain_txt'] = 'Add new Aliasdomain';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'Domain must be unique.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['no_redirect_txt'] = 'No redirect';
$wb['no_flag_txt'] = 'No flag';
$wb['none_txt'] = 'None';
diff --git a/interface/web/sites/lib/lang/ca_web_domain.lng b/interface/web/sites/lib/lang/ca_web_domain.lng
index fc680dfd1a56e8b525e864595dac746a8ab3ab4a..a3475c43c2d58dd7b3e2232032926af144882c71 100644
--- a/interface/web/sites/lib/lang/ca_web_domain.lng
+++ b/interface/web/sites/lib/lang/ca_web_domain.lng
@@ -133,4 +133,5 @@ $wb['http_port_txt'] = 'HTTP Port';
$wb['https_port_txt'] = 'HTTPS Port';
$wb['http_port_error_regex'] = 'HTTP Port invalid.';
$wb['https_port_error_regex'] = 'HTTPS Port invalid.';
+$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:';
?>
diff --git a/interface/web/sites/lib/lang/ca_web_vhost_domain.lng b/interface/web/sites/lib/lang/ca_web_vhost_domain.lng
index 83538dc778d95776ae89083b3fbf36bf46e0709a..b915021b03bf4ae348546f1066b7f2ab958b2e60 100644
--- a/interface/web/sites/lib/lang/ca_web_vhost_domain.lng
+++ b/interface/web/sites/lib/lang/ca_web_vhost_domain.lng
@@ -43,6 +43,7 @@ $wb['apache_directives_txt'] = 'Apache Directives';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['domain_error_autosub'] = 'There is already a subdomain with these settings.';
$wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.';
$wb['traffic_quota_error_empty'] = 'Traffic quota is empty.';
diff --git a/interface/web/sites/lib/lang/ca_web_vhost_subdomain.lng b/interface/web/sites/lib/lang/ca_web_vhost_subdomain.lng
index c9a46866089adc1e4bc6c1d21d3560087f9d215e..673182950742fd96077d87c7a9e3f3f1f57de39f 100644
--- a/interface/web/sites/lib/lang/ca_web_vhost_subdomain.lng
+++ b/interface/web/sites/lib/lang/ca_web_vhost_subdomain.lng
@@ -47,6 +47,7 @@ $wb['apache_directives_txt'] = 'Apache Directives';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['domain_error_wildcard'] = 'Wildcard subdomains are not allowed.';
$wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.';
$wb['traffic_quota_error_empty'] = 'Traffic quota is empty.';
diff --git a/interface/web/sites/lib/lang/cz_web_domain.lng b/interface/web/sites/lib/lang/cz_web_domain.lng
index 585c2c94ffc3d29764960e6f1468a1bd0e53ae6a..0998cb1264a385b11957d85915ae7ea184bbc154 100644
--- a/interface/web/sites/lib/lang/cz_web_domain.lng
+++ b/interface/web/sites/lib/lang/cz_web_domain.lng
@@ -133,4 +133,5 @@ $wb['http_port_txt'] = 'HTTP Port';
$wb['https_port_txt'] = 'HTTPS Port';
$wb['http_port_error_regex'] = 'HTTP Port invalid.';
$wb['https_port_error_regex'] = 'HTTPS Port invalid.';
+$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:';
?>
diff --git a/interface/web/sites/lib/lang/de_web_domain.lng b/interface/web/sites/lib/lang/de_web_domain.lng
index 75a4f146695d49aa69b729de85343c6aa0b346c5..7232d8fa5f79141cb420ec53768617c132a60f55 100644
--- a/interface/web/sites/lib/lang/de_web_domain.lng
+++ b/interface/web/sites/lib/lang/de_web_domain.lng
@@ -133,4 +133,5 @@ $wb['http_port_txt'] = 'HTTP Port';
$wb['https_port_txt'] = 'HTTPS Port';
$wb['http_port_error_regex'] = 'HTTP Port invalid.';
$wb['https_port_error_regex'] = 'HTTPS Port invalid.';
+$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:';
?>
diff --git a/interface/web/sites/lib/lang/de_web_subdomain.lng b/interface/web/sites/lib/lang/de_web_subdomain.lng
index 4f34874a11f1d7490f6c8536c502faabea09492a..41546c81c5f5bbd92770d0aa9eaac7716fb47e9a 100644
--- a/interface/web/sites/lib/lang/de_web_subdomain.lng
+++ b/interface/web/sites/lib/lang/de_web_subdomain.lng
@@ -35,6 +35,7 @@ $wb['apache_directives_txt'] = 'Apache-Direktiven';
$wb['domain_error_empty'] = 'Domain ist leer.';
$wb['domain_error_unique'] = 'Domain muss eindeutig sein.';
$wb['domain_error_regex'] = 'Domain-Name ist ungültig.';
+$wb['domain_error_acme_invalid'] = 'Domainname acme.invalid ist nicht erlaubt.';
$wb['domain_error_wildcard'] = 'Wildcard Subdomains sind nicht erlaubt.';
$wb['host_txt'] = 'Host';
$wb['redirect_error_regex'] = 'Ungültiger Redirect-Pfad. Gültige Pfade sind beispielsweise: /test/ oder http://www.domain.tld/test/';
diff --git a/interface/web/sites/lib/lang/de_web_vhost_domain.lng b/interface/web/sites/lib/lang/de_web_vhost_domain.lng
index 7719b296894a22f1c701aed85b713a00fd2287bc..84d5b2fd7a8f23802de80f23caf5a63ce36be52b 100644
--- a/interface/web/sites/lib/lang/de_web_vhost_domain.lng
+++ b/interface/web/sites/lib/lang/de_web_vhost_domain.lng
@@ -38,6 +38,7 @@ $wb['apache_directives_txt'] = 'Apache Direktiven';
$wb['domain_error_empty'] = 'Domain ist leer.';
$wb['domain_error_unique'] = 'Domain muss eindeutig sein';
$wb['domain_error_regex'] = 'Domain Name ungültig.';
+$wb['domain_error_acme_invalid'] = 'Domainname acme.invalid ist nicht erlaubt.';
$wb['domain_error_autosub'] = 'Es existiert bereits eine Subdomain mit diesen Einstellungen.';
$wb['hd_quota_error_empty'] = 'Speicherplatzbeschränkung ist leer.';
$wb['traffic_quota_error_empty'] = 'Transfervolumenbeschränkung ist leer.';
diff --git a/interface/web/sites/lib/lang/de_web_vhost_subdomain.lng b/interface/web/sites/lib/lang/de_web_vhost_subdomain.lng
index 89e50f2df4c027deb6ab46e200f9e47ea22f3d20..2e3404b99448018e414173e0030ff3a4fb5d255c 100644
--- a/interface/web/sites/lib/lang/de_web_vhost_subdomain.lng
+++ b/interface/web/sites/lib/lang/de_web_vhost_subdomain.lng
@@ -41,6 +41,7 @@ $wb['apache_directives_txt'] = 'Apache-Direktiven';
$wb['domain_error_empty'] = 'Domain ist leer.';
$wb['domain_error_unique'] = 'Domain muss eindeutig sein';
$wb['domain_error_regex'] = 'Domain-Name ungültig.';
+$wb['domain_error_acme_invalid'] = 'Domainname acme.invalid ist nicht erlaubt.';
$wb['domain_error_wildcard'] = 'Wildcard-Subdomains sind nicht erlaubt.';
$wb['hd_quota_error_empty'] = 'Harddisk-Quota ist leer.';
$wb['traffic_quota_error_empty'] = 'Traffic-Quota ist leer.';
diff --git a/interface/web/sites/lib/lang/dk_web_childdomain.lng b/interface/web/sites/lib/lang/dk_web_childdomain.lng
index 6ff34de1a44f864a9498870151a1860cbf33d5bc..9e3968e2fd89656e068999521d087c04c9fa47b8 100644
--- a/interface/web/sites/lib/lang/dk_web_childdomain.lng
+++ b/interface/web/sites/lib/lang/dk_web_childdomain.lng
@@ -35,6 +35,7 @@ $wb['apache_directives_txt'] = 'Apache directives';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['domain_error_wildcard'] = 'Wildcard subdomains are not allowed.';
$wb['host_txt'] = 'Host';
$wb['redirect_error_regex'] = 'Invalid redirect path. Valid redirects are for example: /test/ or http://www.domain.tld/test/';
diff --git a/interface/web/sites/lib/lang/dk_web_childdomain_list.lng b/interface/web/sites/lib/lang/dk_web_childdomain_list.lng
index f06935bf0ee7098dce0816fb3d7da1886363a15b..246fb2b1d191a9f95f844053af0953460f76ff6f 100644
--- a/interface/web/sites/lib/lang/dk_web_childdomain_list.lng
+++ b/interface/web/sites/lib/lang/dk_web_childdomain_list.lng
@@ -9,6 +9,7 @@ $wb['add_new_aliasdomain_txt'] = 'Add new Aliasdomain';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'Domain must be unique.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['no_redirect_txt'] = 'No redirect';
$wb['no_flag_txt'] = 'No flag';
$wb['none_txt'] = 'None';
diff --git a/interface/web/sites/lib/lang/dk_web_domain.lng b/interface/web/sites/lib/lang/dk_web_domain.lng
index 6124ee0676f2bc12f401a4cac7c9ec557b9efcc3..7b6183554314151740697ca33197f37a6bcfca78 100644
--- a/interface/web/sites/lib/lang/dk_web_domain.lng
+++ b/interface/web/sites/lib/lang/dk_web_domain.lng
@@ -133,4 +133,5 @@ $wb['http_port_txt'] = 'HTTP Port';
$wb['https_port_txt'] = 'HTTPS Port';
$wb['http_port_error_regex'] = 'HTTP Port invalid.';
$wb['https_port_error_regex'] = 'HTTPS Port invalid.';
+$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:';
?>
diff --git a/interface/web/sites/lib/lang/dk_web_vhost_domain.lng b/interface/web/sites/lib/lang/dk_web_vhost_domain.lng
index 83538dc778d95776ae89083b3fbf36bf46e0709a..b915021b03bf4ae348546f1066b7f2ab958b2e60 100644
--- a/interface/web/sites/lib/lang/dk_web_vhost_domain.lng
+++ b/interface/web/sites/lib/lang/dk_web_vhost_domain.lng
@@ -43,6 +43,7 @@ $wb['apache_directives_txt'] = 'Apache Directives';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['domain_error_autosub'] = 'There is already a subdomain with these settings.';
$wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.';
$wb['traffic_quota_error_empty'] = 'Traffic quota is empty.';
diff --git a/interface/web/sites/lib/lang/el_web_aliasdomain.lng b/interface/web/sites/lib/lang/el_web_aliasdomain.lng
index 4149c711493e6b6f06d0e99656a1c65744d4ec46..87eb5b26dc583f9423bf14e6ca31c798e4d9696c 100644
--- a/interface/web/sites/lib/lang/el_web_aliasdomain.lng
+++ b/interface/web/sites/lib/lang/el_web_aliasdomain.lng
@@ -43,6 +43,7 @@ $wb['apache_directives_txt'] = 'Apache Directives';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['domain_error_autosub'] = 'There is already a subdomain with these settings.';
$wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.';
$wb['traffic_quota_error_empty'] = 'Traffic quota is empty.';
diff --git a/interface/web/sites/lib/lang/el_web_domain.lng b/interface/web/sites/lib/lang/el_web_domain.lng
index 1ae8ca208b59fb3eb6a79ad3bfe6057b3daed812..e1ce03d1c5fa226bcc32cf6b9eb81f82b34192ca 100644
--- a/interface/web/sites/lib/lang/el_web_domain.lng
+++ b/interface/web/sites/lib/lang/el_web_domain.lng
@@ -40,6 +40,7 @@ $wb['apache_directives_txt'] = 'Apache directives';
$wb['domain_error_empty'] = 'Το Domain δεν έχει οριστεί.';
$wb['domain_error_unique'] = 'Υπάρχει ήδη ένα website ή ένα sub / aliasdomain με αυτό το όνομα domain.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['hd_quota_error_empty'] = 'Το όριο αποθηκευτικού χώρου είναι 0 ή δεν έχει οριστεί.';
$wb['traffic_quota_error_empty'] = 'Το όριο κίνησης δεν έχει οριστεί.';
$wb['error_ssl_state_empty'] = 'Κενή περιφέρεια SSL.';
@@ -133,4 +134,5 @@ $wb['http_port_txt'] = 'HTTP Port';
$wb['https_port_txt'] = 'HTTPS Port';
$wb['http_port_error_regex'] = 'HTTP Port invalid.';
$wb['https_port_error_regex'] = 'HTTPS Port invalid.';
+$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:';
?>
diff --git a/interface/web/sites/lib/lang/el_web_vhost_domain.lng b/interface/web/sites/lib/lang/el_web_vhost_domain.lng
index 983a298b36c97aee6bbe240fe276e0a227212bd4..cfaedc4b18f59f6b837e5cb0f100040877d92c27 100644
--- a/interface/web/sites/lib/lang/el_web_vhost_domain.lng
+++ b/interface/web/sites/lib/lang/el_web_vhost_domain.lng
@@ -41,6 +41,7 @@ $wb['apache_directives_txt'] = 'Apache directives';
$wb['domain_error_empty'] = 'Το Domain δεν έχει οριστεί.';
$wb['domain_error_unique'] = 'Υπάρχει ήδη ένα website ή ένα sub / aliasdomain με αυτό το όνομα domain.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['hd_quota_error_empty'] = 'Το όριο αποθηκευτικού χώρου είναι 0 ή δεν έχει οριστεί.';
$wb['traffic_quota_error_empty'] = 'Το όριο κίνησης δεν έχει οριστεί.';
$wb['error_ssl_state_empty'] = 'Κενή περιφέρεια SSL.';
diff --git a/interface/web/sites/lib/lang/el_web_vhost_subdomain.lng b/interface/web/sites/lib/lang/el_web_vhost_subdomain.lng
index 35c9298e710d663f63a4269e06dd1db22c1e644b..7897c16bf742cde9d904cf9a584f660c66252d54 100644
--- a/interface/web/sites/lib/lang/el_web_vhost_subdomain.lng
+++ b/interface/web/sites/lib/lang/el_web_vhost_subdomain.lng
@@ -47,6 +47,7 @@ $wb['apache_directives_txt'] = 'Apache Directives';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['domain_error_wildcard'] = 'Wildcard subdomains are not allowed.';
$wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.';
$wb['traffic_quota_error_empty'] = 'Traffic quota is empty.';
diff --git a/interface/web/sites/lib/lang/en_web_childdomain.lng b/interface/web/sites/lib/lang/en_web_childdomain.lng
index cd9afca55126dc33515df167d4ef4629c964dd4f..54def692147f0da11aa51d3d490741d422f04040 100644
--- a/interface/web/sites/lib/lang/en_web_childdomain.lng
+++ b/interface/web/sites/lib/lang/en_web_childdomain.lng
@@ -35,6 +35,7 @@ $wb['apache_directives_txt'] = 'Apache directives';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['domain_error_wildcard'] = 'Wildcard subdomains are not allowed.';
$wb['host_txt'] = 'Host';
$wb['redirect_error_regex'] = 'Invalid redirect path. Valid redirects are for example: /test/ or http://www.domain.tld/test/';
diff --git a/interface/web/sites/lib/lang/en_web_childdomain_list.lng b/interface/web/sites/lib/lang/en_web_childdomain_list.lng
index bd8be1a7e67e99f8855bab9f2d6f5554c1a84fcf..11b3f4cf12b1d8d66c9a5a6e67288fb0e0255f74 100644
--- a/interface/web/sites/lib/lang/en_web_childdomain_list.lng
+++ b/interface/web/sites/lib/lang/en_web_childdomain_list.lng
@@ -9,6 +9,7 @@ $wb['add_new_aliasdomain_txt'] = 'Add new Aliasdomain';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'Domain must be unique.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['no_redirect_txt'] = 'No redirect';
$wb['no_flag_txt'] = 'No flag';
$wb['none_txt'] = 'None';
diff --git a/interface/web/sites/lib/lang/en_web_domain.lng b/interface/web/sites/lib/lang/en_web_domain.lng
index 940053bc703d37fec36dfd06a3fd70fc14f54e54..28c7c3e4e1b52483e56b8c63149179a1040b192c 100644
--- a/interface/web/sites/lib/lang/en_web_domain.lng
+++ b/interface/web/sites/lib/lang/en_web_domain.lng
@@ -133,4 +133,5 @@ $wb['http_port_txt'] = 'HTTP Port';
$wb['https_port_txt'] = 'HTTPS Port';
$wb['http_port_error_regex'] = 'HTTP Port invalid.';
$wb['https_port_error_regex'] = 'HTTPS Port invalid.';
+$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:';
?>
\ No newline at end of file
diff --git a/interface/web/sites/lib/lang/en_web_vhost_domain.lng b/interface/web/sites/lib/lang/en_web_vhost_domain.lng
index 9948839b5f75693c376edea2cf64670540598f09..2b463b67d9ecc83e43089039a9031621bf7a5233 100644
--- a/interface/web/sites/lib/lang/en_web_vhost_domain.lng
+++ b/interface/web/sites/lib/lang/en_web_vhost_domain.lng
@@ -43,6 +43,7 @@ $wb['apache_directives_txt'] = 'Apache Directives';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['domain_error_autosub'] = 'There is already a subdomain with these settings.';
$wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.';
$wb['traffic_quota_error_empty'] = 'Traffic quota is empty.';
diff --git a/interface/web/sites/lib/lang/es_web_aliasdomain.lng b/interface/web/sites/lib/lang/es_web_aliasdomain.lng
index 4149c711493e6b6f06d0e99656a1c65744d4ec46..87eb5b26dc583f9423bf14e6ca31c798e4d9696c 100644
--- a/interface/web/sites/lib/lang/es_web_aliasdomain.lng
+++ b/interface/web/sites/lib/lang/es_web_aliasdomain.lng
@@ -43,6 +43,7 @@ $wb['apache_directives_txt'] = 'Apache Directives';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['domain_error_autosub'] = 'There is already a subdomain with these settings.';
$wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.';
$wb['traffic_quota_error_empty'] = 'Traffic quota is empty.';
diff --git a/interface/web/sites/lib/lang/es_web_domain.lng b/interface/web/sites/lib/lang/es_web_domain.lng
index 8ba5d93c177a9a2b8dc70c54c87deca547a28167..889d29bd9536cbffa55b01f413bf48b6577692cd 100644
--- a/interface/web/sites/lib/lang/es_web_domain.lng
+++ b/interface/web/sites/lib/lang/es_web_domain.lng
@@ -133,4 +133,5 @@ $wb['http_port_txt'] = 'HTTP Port';
$wb['https_port_txt'] = 'HTTPS Port';
$wb['http_port_error_regex'] = 'HTTP Port invalid.';
$wb['https_port_error_regex'] = 'HTTPS Port invalid.';
+$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:';
?>
diff --git a/interface/web/sites/lib/lang/es_web_vhost_subdomain.lng b/interface/web/sites/lib/lang/es_web_vhost_subdomain.lng
index 35c9298e710d663f63a4269e06dd1db22c1e644b..7897c16bf742cde9d904cf9a584f660c66252d54 100644
--- a/interface/web/sites/lib/lang/es_web_vhost_subdomain.lng
+++ b/interface/web/sites/lib/lang/es_web_vhost_subdomain.lng
@@ -47,6 +47,7 @@ $wb['apache_directives_txt'] = 'Apache Directives';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['domain_error_wildcard'] = 'Wildcard subdomains are not allowed.';
$wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.';
$wb['traffic_quota_error_empty'] = 'Traffic quota is empty.';
diff --git a/interface/web/sites/lib/lang/fi_web_aliasdomain.lng b/interface/web/sites/lib/lang/fi_web_aliasdomain.lng
index 4149c711493e6b6f06d0e99656a1c65744d4ec46..87eb5b26dc583f9423bf14e6ca31c798e4d9696c 100644
--- a/interface/web/sites/lib/lang/fi_web_aliasdomain.lng
+++ b/interface/web/sites/lib/lang/fi_web_aliasdomain.lng
@@ -43,6 +43,7 @@ $wb['apache_directives_txt'] = 'Apache Directives';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['domain_error_autosub'] = 'There is already a subdomain with these settings.';
$wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.';
$wb['traffic_quota_error_empty'] = 'Traffic quota is empty.';
diff --git a/interface/web/sites/lib/lang/fi_web_domain.lng b/interface/web/sites/lib/lang/fi_web_domain.lng
index 5d78fa7961e6facd13e2aeb05a00aadeb012504f..1cc2a2024d93b2d268622cf6a7f9bb25e30ce75c 100644
--- a/interface/web/sites/lib/lang/fi_web_domain.lng
+++ b/interface/web/sites/lib/lang/fi_web_domain.lng
@@ -133,4 +133,5 @@ $wb['http_port_txt'] = 'HTTP Port';
$wb['https_port_txt'] = 'HTTPS Port';
$wb['http_port_error_regex'] = 'HTTP Port invalid.';
$wb['https_port_error_regex'] = 'HTTPS Port invalid.';
+$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:';
?>
diff --git a/interface/web/sites/lib/lang/fi_web_vhost_subdomain.lng b/interface/web/sites/lib/lang/fi_web_vhost_subdomain.lng
index 35c9298e710d663f63a4269e06dd1db22c1e644b..7897c16bf742cde9d904cf9a584f660c66252d54 100644
--- a/interface/web/sites/lib/lang/fi_web_vhost_subdomain.lng
+++ b/interface/web/sites/lib/lang/fi_web_vhost_subdomain.lng
@@ -47,6 +47,7 @@ $wb['apache_directives_txt'] = 'Apache Directives';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['domain_error_wildcard'] = 'Wildcard subdomains are not allowed.';
$wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.';
$wb['traffic_quota_error_empty'] = 'Traffic quota is empty.';
diff --git a/interface/web/sites/lib/lang/fr_web_domain.lng b/interface/web/sites/lib/lang/fr_web_domain.lng
index 5cbce08e607d581a0afbe3a84c15c845ece40e31..421693a0e64cb0cbdcb92578911115fd12704e5b 100644
--- a/interface/web/sites/lib/lang/fr_web_domain.lng
+++ b/interface/web/sites/lib/lang/fr_web_domain.lng
@@ -133,4 +133,5 @@ $wb['http_port_txt'] = 'HTTP Port';
$wb['https_port_txt'] = 'HTTPS Port';
$wb['http_port_error_regex'] = 'HTTP Port invalid.';
$wb['https_port_error_regex'] = 'HTTPS Port invalid.';
+$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:';
?>
diff --git a/interface/web/sites/lib/lang/fr_web_vhost_subdomain.lng b/interface/web/sites/lib/lang/fr_web_vhost_subdomain.lng
index a97883fe46afcaadde1b6b4658db562a0f28c5c2..12fedd1e98ef0b6e806bb57ef7e4a5d14820d575 100644
--- a/interface/web/sites/lib/lang/fr_web_vhost_subdomain.lng
+++ b/interface/web/sites/lib/lang/fr_web_vhost_subdomain.lng
@@ -47,6 +47,7 @@ $wb['apache_directives_txt'] = 'Apache Directives';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['domain_error_wildcard'] = 'Wildcard subdomains are not allowed.';
$wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.';
$wb['traffic_quota_error_empty'] = 'Traffic quota is empty.';
diff --git a/interface/web/sites/lib/lang/hr_web_domain.lng b/interface/web/sites/lib/lang/hr_web_domain.lng
index b6f589ead0b59505a97024aed46b6de92a8334ab..8a089e6ba5f365147feb61e20d0de0de4e9ed9cf 100644
--- a/interface/web/sites/lib/lang/hr_web_domain.lng
+++ b/interface/web/sites/lib/lang/hr_web_domain.lng
@@ -133,4 +133,5 @@ $wb['http_port_txt'] = 'HTTP Port';
$wb['https_port_txt'] = 'HTTPS Port';
$wb['http_port_error_regex'] = 'HTTP Port invalid.';
$wb['https_port_error_regex'] = 'HTTPS Port invalid.';
+$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:';
?>
diff --git a/interface/web/sites/lib/lang/hu_web_aliasdomain.lng b/interface/web/sites/lib/lang/hu_web_aliasdomain.lng
index 4149c711493e6b6f06d0e99656a1c65744d4ec46..87eb5b26dc583f9423bf14e6ca31c798e4d9696c 100644
--- a/interface/web/sites/lib/lang/hu_web_aliasdomain.lng
+++ b/interface/web/sites/lib/lang/hu_web_aliasdomain.lng
@@ -43,6 +43,7 @@ $wb['apache_directives_txt'] = 'Apache Directives';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['domain_error_autosub'] = 'There is already a subdomain with these settings.';
$wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.';
$wb['traffic_quota_error_empty'] = 'Traffic quota is empty.';
diff --git a/interface/web/sites/lib/lang/hu_web_domain.lng b/interface/web/sites/lib/lang/hu_web_domain.lng
index b2404565386f25e73c31c37bffe775e72611b387..5ddf06593ded5ab4740f467055c1c63e46d53176 100644
--- a/interface/web/sites/lib/lang/hu_web_domain.lng
+++ b/interface/web/sites/lib/lang/hu_web_domain.lng
@@ -133,4 +133,5 @@ $wb['http_port_txt'] = 'HTTP Port';
$wb['https_port_txt'] = 'HTTPS Port';
$wb['http_port_error_regex'] = 'HTTP Port invalid.';
$wb['https_port_error_regex'] = 'HTTPS Port invalid.';
+$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:';
?>
diff --git a/interface/web/sites/lib/lang/hu_web_vhost_subdomain.lng b/interface/web/sites/lib/lang/hu_web_vhost_subdomain.lng
index 35c9298e710d663f63a4269e06dd1db22c1e644b..7897c16bf742cde9d904cf9a584f660c66252d54 100644
--- a/interface/web/sites/lib/lang/hu_web_vhost_subdomain.lng
+++ b/interface/web/sites/lib/lang/hu_web_vhost_subdomain.lng
@@ -47,6 +47,7 @@ $wb['apache_directives_txt'] = 'Apache Directives';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['domain_error_wildcard'] = 'Wildcard subdomains are not allowed.';
$wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.';
$wb['traffic_quota_error_empty'] = 'Traffic quota is empty.';
diff --git a/interface/web/sites/lib/lang/id_web_aliasdomain.lng b/interface/web/sites/lib/lang/id_web_aliasdomain.lng
index 4149c711493e6b6f06d0e99656a1c65744d4ec46..87eb5b26dc583f9423bf14e6ca31c798e4d9696c 100644
--- a/interface/web/sites/lib/lang/id_web_aliasdomain.lng
+++ b/interface/web/sites/lib/lang/id_web_aliasdomain.lng
@@ -43,6 +43,7 @@ $wb['apache_directives_txt'] = 'Apache Directives';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['domain_error_autosub'] = 'There is already a subdomain with these settings.';
$wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.';
$wb['traffic_quota_error_empty'] = 'Traffic quota is empty.';
diff --git a/interface/web/sites/lib/lang/id_web_domain.lng b/interface/web/sites/lib/lang/id_web_domain.lng
index a96b4cc2ce2044f6540855e7d46351e04d3ee6a7..785d7fc0daa9655cc0d4cbebf704ca89a95223b8 100644
--- a/interface/web/sites/lib/lang/id_web_domain.lng
+++ b/interface/web/sites/lib/lang/id_web_domain.lng
@@ -133,4 +133,5 @@ $wb['http_port_txt'] = 'HTTP Port';
$wb['https_port_txt'] = 'HTTPS Port';
$wb['http_port_error_regex'] = 'HTTP Port invalid.';
$wb['https_port_error_regex'] = 'HTTPS Port invalid.';
+$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:';
?>
diff --git a/interface/web/sites/lib/lang/id_web_vhost_subdomain.lng b/interface/web/sites/lib/lang/id_web_vhost_subdomain.lng
index 35c9298e710d663f63a4269e06dd1db22c1e644b..7897c16bf742cde9d904cf9a584f660c66252d54 100644
--- a/interface/web/sites/lib/lang/id_web_vhost_subdomain.lng
+++ b/interface/web/sites/lib/lang/id_web_vhost_subdomain.lng
@@ -47,6 +47,7 @@ $wb['apache_directives_txt'] = 'Apache Directives';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['domain_error_wildcard'] = 'Wildcard subdomains are not allowed.';
$wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.';
$wb['traffic_quota_error_empty'] = 'Traffic quota is empty.';
diff --git a/interface/web/sites/lib/lang/it_web_childdomain.lng b/interface/web/sites/lib/lang/it_web_childdomain.lng
index e98ba52bbea4e105cabe29364857b62e1891e599..9d186b3c8997fb421a3aecaef415d2479eca4a03 100644
--- a/interface/web/sites/lib/lang/it_web_childdomain.lng
+++ b/interface/web/sites/lib/lang/it_web_childdomain.lng
@@ -35,6 +35,7 @@ $wb['apache_directives_txt'] = 'Direttive Apache';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'Domain must be unique.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['host_txt'] = 'Host';
$wb['redirect_error_regex'] = 'Invalid redirect path. Valid redirects are for example: /test/ or http://www.domain.tld/test/';
$wb['no_redirect_txt'] = 'No redirect';
diff --git a/interface/web/sites/lib/lang/it_web_childdomain_list.lng b/interface/web/sites/lib/lang/it_web_childdomain_list.lng
index 520c81d6550120531dace31030228bac9de256e3..45d82ecc58fe351faf9307d8bac9c20ac40a2f74 100644
--- a/interface/web/sites/lib/lang/it_web_childdomain_list.lng
+++ b/interface/web/sites/lib/lang/it_web_childdomain_list.lng
@@ -7,6 +7,7 @@ $wb['domain_txt'] = 'Sottodominio';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'Domain must be unique.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['no_redirect_txt'] = 'No redirect';
$wb['no_flag_txt'] = 'No flag';
$wb['none_txt'] = 'None';
diff --git a/interface/web/sites/lib/lang/it_web_domain.lng b/interface/web/sites/lib/lang/it_web_domain.lng
index 0f46e2a3ef82698182a7d48ebc77e5ac16182e59..68eae554fc16b20070359dd0f29e051d334ae9bf 100644
--- a/interface/web/sites/lib/lang/it_web_domain.lng
+++ b/interface/web/sites/lib/lang/it_web_domain.lng
@@ -133,4 +133,5 @@ $wb['http_port_txt'] = 'HTTP Port';
$wb['https_port_txt'] = 'HTTPS Port';
$wb['http_port_error_regex'] = 'HTTP Port invalid.';
$wb['https_port_error_regex'] = 'HTTPS Port invalid.';
+$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:';
?>
diff --git a/interface/web/sites/lib/lang/it_web_vhost_domain.lng b/interface/web/sites/lib/lang/it_web_vhost_domain.lng
index 59a30ed4134bbefc55e70b28f650fbf4c339da92..a2cdef8d41a33ed9d4c2bfe44dd30b598db9a6c5 100644
--- a/interface/web/sites/lib/lang/it_web_vhost_domain.lng
+++ b/interface/web/sites/lib/lang/it_web_vhost_domain.lng
@@ -37,6 +37,7 @@ $wb['apache_directives_txt'] = 'Apache directives';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'Domain must be unique.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['hd_quota_error_empty'] = 'Harddisk quota is empty.';
$wb['traffic_quota_error_empty'] = 'Traffic quota is empty.';
$wb['error_ssl_state_empty'] = 'SSL State is empty.';
diff --git a/interface/web/sites/lib/lang/ja_web_aliasdomain.lng b/interface/web/sites/lib/lang/ja_web_aliasdomain.lng
index 4149c711493e6b6f06d0e99656a1c65744d4ec46..87eb5b26dc583f9423bf14e6ca31c798e4d9696c 100644
--- a/interface/web/sites/lib/lang/ja_web_aliasdomain.lng
+++ b/interface/web/sites/lib/lang/ja_web_aliasdomain.lng
@@ -43,6 +43,7 @@ $wb['apache_directives_txt'] = 'Apache Directives';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['domain_error_autosub'] = 'There is already a subdomain with these settings.';
$wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.';
$wb['traffic_quota_error_empty'] = 'Traffic quota is empty.';
diff --git a/interface/web/sites/lib/lang/ja_web_domain.lng b/interface/web/sites/lib/lang/ja_web_domain.lng
index 95e1f7de527634541ef7ec13e714e07a7e5b7f05..2dbf65d2e5a162fb94e1bcc6726bc916f778f197 100644
--- a/interface/web/sites/lib/lang/ja_web_domain.lng
+++ b/interface/web/sites/lib/lang/ja_web_domain.lng
@@ -133,4 +133,5 @@ $wb['http_port_txt'] = 'HTTP Port';
$wb['https_port_txt'] = 'HTTPS Port';
$wb['http_port_error_regex'] = 'HTTP Port invalid.';
$wb['https_port_error_regex'] = 'HTTPS Port invalid.';
+$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:';
?>
diff --git a/interface/web/sites/lib/lang/ja_web_vhost_subdomain.lng b/interface/web/sites/lib/lang/ja_web_vhost_subdomain.lng
index 35c9298e710d663f63a4269e06dd1db22c1e644b..7897c16bf742cde9d904cf9a584f660c66252d54 100644
--- a/interface/web/sites/lib/lang/ja_web_vhost_subdomain.lng
+++ b/interface/web/sites/lib/lang/ja_web_vhost_subdomain.lng
@@ -47,6 +47,7 @@ $wb['apache_directives_txt'] = 'Apache Directives';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['domain_error_wildcard'] = 'Wildcard subdomains are not allowed.';
$wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.';
$wb['traffic_quota_error_empty'] = 'Traffic quota is empty.';
diff --git a/interface/web/sites/lib/lang/nl_web_aliasdomain.lng b/interface/web/sites/lib/lang/nl_web_aliasdomain.lng
index 4149c711493e6b6f06d0e99656a1c65744d4ec46..87eb5b26dc583f9423bf14e6ca31c798e4d9696c 100644
--- a/interface/web/sites/lib/lang/nl_web_aliasdomain.lng
+++ b/interface/web/sites/lib/lang/nl_web_aliasdomain.lng
@@ -43,6 +43,7 @@ $wb['apache_directives_txt'] = 'Apache Directives';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['domain_error_autosub'] = 'There is already a subdomain with these settings.';
$wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.';
$wb['traffic_quota_error_empty'] = 'Traffic quota is empty.';
diff --git a/interface/web/sites/lib/lang/nl_web_domain.lng b/interface/web/sites/lib/lang/nl_web_domain.lng
index 60a06c266a4cbbf04b98e8b54c4278ae8e5cb378..8b4f6ff8552ece4e37d36dde2b596babf9ff0e5a 100644
--- a/interface/web/sites/lib/lang/nl_web_domain.lng
+++ b/interface/web/sites/lib/lang/nl_web_domain.lng
@@ -133,4 +133,5 @@ $wb['http_port_txt'] = 'HTTP Port';
$wb['https_port_txt'] = 'HTTPS Port';
$wb['http_port_error_regex'] = 'HTTP Port invalid.';
$wb['https_port_error_regex'] = 'HTTPS Port invalid.';
+$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:';
?>
diff --git a/interface/web/sites/lib/lang/nl_web_vhost_subdomain.lng b/interface/web/sites/lib/lang/nl_web_vhost_subdomain.lng
index 35c9298e710d663f63a4269e06dd1db22c1e644b..7897c16bf742cde9d904cf9a584f660c66252d54 100644
--- a/interface/web/sites/lib/lang/nl_web_vhost_subdomain.lng
+++ b/interface/web/sites/lib/lang/nl_web_vhost_subdomain.lng
@@ -47,6 +47,7 @@ $wb['apache_directives_txt'] = 'Apache Directives';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['domain_error_wildcard'] = 'Wildcard subdomains are not allowed.';
$wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.';
$wb['traffic_quota_error_empty'] = 'Traffic quota is empty.';
diff --git a/interface/web/sites/lib/lang/pl_web_domain.lng b/interface/web/sites/lib/lang/pl_web_domain.lng
index 8afd4b50c74bc0f39be5407cf6de8007f1edc495..2521f174069e5ee125e76df6eb7a2e44c5302e37 100644
--- a/interface/web/sites/lib/lang/pl_web_domain.lng
+++ b/interface/web/sites/lib/lang/pl_web_domain.lng
@@ -133,4 +133,5 @@ $wb['http_port_txt'] = 'HTTP Port';
$wb['https_port_txt'] = 'HTTPS Port';
$wb['http_port_error_regex'] = 'HTTP Port invalid.';
$wb['https_port_error_regex'] = 'HTTPS Port invalid.';
+$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:';
?>
diff --git a/interface/web/sites/lib/lang/pt_web_aliasdomain.lng b/interface/web/sites/lib/lang/pt_web_aliasdomain.lng
index 4149c711493e6b6f06d0e99656a1c65744d4ec46..87eb5b26dc583f9423bf14e6ca31c798e4d9696c 100644
--- a/interface/web/sites/lib/lang/pt_web_aliasdomain.lng
+++ b/interface/web/sites/lib/lang/pt_web_aliasdomain.lng
@@ -43,6 +43,7 @@ $wb['apache_directives_txt'] = 'Apache Directives';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['domain_error_autosub'] = 'There is already a subdomain with these settings.';
$wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.';
$wb['traffic_quota_error_empty'] = 'Traffic quota is empty.';
diff --git a/interface/web/sites/lib/lang/pt_web_domain.lng b/interface/web/sites/lib/lang/pt_web_domain.lng
index 475544e16ddb264c00fa344a3db213614350e5ea..fc7add5d896a6299f65ef0c96fa60a3cec2310a1 100644
--- a/interface/web/sites/lib/lang/pt_web_domain.lng
+++ b/interface/web/sites/lib/lang/pt_web_domain.lng
@@ -133,4 +133,5 @@ $wb['http_port_txt'] = 'HTTP Port';
$wb['https_port_txt'] = 'HTTPS Port';
$wb['http_port_error_regex'] = 'HTTP Port invalid.';
$wb['https_port_error_regex'] = 'HTTPS Port invalid.';
+$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:';
?>
diff --git a/interface/web/sites/lib/lang/pt_web_vhost_subdomain.lng b/interface/web/sites/lib/lang/pt_web_vhost_subdomain.lng
index 35c9298e710d663f63a4269e06dd1db22c1e644b..7897c16bf742cde9d904cf9a584f660c66252d54 100644
--- a/interface/web/sites/lib/lang/pt_web_vhost_subdomain.lng
+++ b/interface/web/sites/lib/lang/pt_web_vhost_subdomain.lng
@@ -47,6 +47,7 @@ $wb['apache_directives_txt'] = 'Apache Directives';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['domain_error_wildcard'] = 'Wildcard subdomains are not allowed.';
$wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.';
$wb['traffic_quota_error_empty'] = 'Traffic quota is empty.';
diff --git a/interface/web/sites/lib/lang/ro_web_aliasdomain.lng b/interface/web/sites/lib/lang/ro_web_aliasdomain.lng
index 4149c711493e6b6f06d0e99656a1c65744d4ec46..87eb5b26dc583f9423bf14e6ca31c798e4d9696c 100644
--- a/interface/web/sites/lib/lang/ro_web_aliasdomain.lng
+++ b/interface/web/sites/lib/lang/ro_web_aliasdomain.lng
@@ -43,6 +43,7 @@ $wb['apache_directives_txt'] = 'Apache Directives';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['domain_error_autosub'] = 'There is already a subdomain with these settings.';
$wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.';
$wb['traffic_quota_error_empty'] = 'Traffic quota is empty.';
diff --git a/interface/web/sites/lib/lang/ro_web_childdomain.lng b/interface/web/sites/lib/lang/ro_web_childdomain.lng
index a3bcfdd37dc8cd7c80763b65f4aec3b61936a672..f6a69829f5163d204dcb2d57a04feaaf0e347510 100644
--- a/interface/web/sites/lib/lang/ro_web_childdomain.lng
+++ b/interface/web/sites/lib/lang/ro_web_childdomain.lng
@@ -35,6 +35,7 @@ $wb['apache_directives_txt'] = 'Apache directives';
$wb['domain_error_empty'] = 'Domain necompletat';
$wb['domain_error_unique'] = 'exista deja un domeniu sau subdomeniu asemanator';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['host_txt'] = 'Host';
$wb['redirect_error_regex'] = 'Invalid redirect path. Valid redirects are for example: /test/ or http://www.domain.tld/test/';
$wb['no_redirect_txt'] = 'No redirect';
diff --git a/interface/web/sites/lib/lang/ro_web_domain.lng b/interface/web/sites/lib/lang/ro_web_domain.lng
index 185155ad816c2b41545256330291db646b70d045..9b8d927272a6750c2d505917a92cc2158eab1af2 100644
--- a/interface/web/sites/lib/lang/ro_web_domain.lng
+++ b/interface/web/sites/lib/lang/ro_web_domain.lng
@@ -37,6 +37,7 @@ $wb['apache_directives_txt'] = 'Apache directive';
$wb['domain_error_empty'] = 'Domain este necompletat';
$wb['domain_error_unique'] = 'deja exista un domeniu /subdomeniu asemanator';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['hd_quota_error_empty'] = 'Harddisk quota necompletata';
$wb['traffic_quota_error_empty'] = 'Traffic quota necompletata';
$wb['error_ssl_state_empty'] = 'SSL Judet necompletata';
@@ -133,4 +134,5 @@ $wb['http_port_txt'] = 'HTTP Port';
$wb['https_port_txt'] = 'HTTPS Port';
$wb['http_port_error_regex'] = 'HTTP Port invalid.';
$wb['https_port_error_regex'] = 'HTTPS Port invalid.';
+$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:';
?>
diff --git a/interface/web/sites/lib/lang/ro_web_subdomain.lng b/interface/web/sites/lib/lang/ro_web_subdomain.lng
index f36685be8ab531f08ec462f59bbbdfba3abba07c..be5ce6ee043e478409d53c62996bc1846b9af8a6 100644
--- a/interface/web/sites/lib/lang/ro_web_subdomain.lng
+++ b/interface/web/sites/lib/lang/ro_web_subdomain.lng
@@ -35,6 +35,7 @@ $wb['apache_directives_txt'] = 'Apache directives';
$wb['domain_error_empty'] = 'Domain necompletat';
$wb['domain_error_unique'] = 'exista deja un domeniu sau subdomeniu asemanator';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['host_txt'] = 'Host';
$wb['redirect_error_regex'] = 'Invalid redirect path. Valid redirects are for example: /test/ or http://www.domain.tld/test/';
$wb['no_redirect_txt'] = 'No redirect';
diff --git a/interface/web/sites/lib/lang/ro_web_vhost_domain.lng b/interface/web/sites/lib/lang/ro_web_vhost_domain.lng
index a874c27bed800f9810c6e17d685a385faaacddd4..133fe88cdbfd95530d26043d14b941ff356e1c32 100644
--- a/interface/web/sites/lib/lang/ro_web_vhost_domain.lng
+++ b/interface/web/sites/lib/lang/ro_web_vhost_domain.lng
@@ -38,6 +38,7 @@ $wb['apache_directives_txt'] = 'Apache directive';
$wb['domain_error_empty'] = 'Domain este necompletat';
$wb['domain_error_unique'] = 'deja exista un domeniu /subdomeniu asemanator';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['hd_quota_error_empty'] = 'Harddisk quota necompletata';
$wb['traffic_quota_error_empty'] = 'Traffic quota necompletata';
$wb['error_ssl_state_empty'] = 'SSL Judet necompletata';
diff --git a/interface/web/sites/lib/lang/ro_web_vhost_subdomain.lng b/interface/web/sites/lib/lang/ro_web_vhost_subdomain.lng
index 35c9298e710d663f63a4269e06dd1db22c1e644b..7897c16bf742cde9d904cf9a584f660c66252d54 100644
--- a/interface/web/sites/lib/lang/ro_web_vhost_subdomain.lng
+++ b/interface/web/sites/lib/lang/ro_web_vhost_subdomain.lng
@@ -47,6 +47,7 @@ $wb['apache_directives_txt'] = 'Apache Directives';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['domain_error_wildcard'] = 'Wildcard subdomains are not allowed.';
$wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.';
$wb['traffic_quota_error_empty'] = 'Traffic quota is empty.';
diff --git a/interface/web/sites/lib/lang/ru_web_domain.lng b/interface/web/sites/lib/lang/ru_web_domain.lng
index a4be337fb41bd44f4528abc1a87cbf18792972b1..6cba45f1b7e065079da9d7bf900c41c09c9900c9 100644
--- a/interface/web/sites/lib/lang/ru_web_domain.lng
+++ b/interface/web/sites/lib/lang/ru_web_domain.lng
@@ -133,4 +133,5 @@ $wb['http_port_txt'] = 'Порт HTTP';
$wb['https_port_txt'] = 'Порт HTTPS';
$wb['http_port_error_regex'] = 'Некорректный порт HTTP.';
$wb['https_port_error_regex'] = 'Некорректный порт HTTPS.';
+$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:';
?>
diff --git a/interface/web/sites/lib/lang/se_web_aliasdomain.lng b/interface/web/sites/lib/lang/se_web_aliasdomain.lng
index 4149c711493e6b6f06d0e99656a1c65744d4ec46..87eb5b26dc583f9423bf14e6ca31c798e4d9696c 100644
--- a/interface/web/sites/lib/lang/se_web_aliasdomain.lng
+++ b/interface/web/sites/lib/lang/se_web_aliasdomain.lng
@@ -43,6 +43,7 @@ $wb['apache_directives_txt'] = 'Apache Directives';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['domain_error_autosub'] = 'There is already a subdomain with these settings.';
$wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.';
$wb['traffic_quota_error_empty'] = 'Traffic quota is empty.';
diff --git a/interface/web/sites/lib/lang/se_web_aliasdomain_list.lng b/interface/web/sites/lib/lang/se_web_aliasdomain_list.lng
index 8ea34c440978e1ec0920627b26e72315d713eda1..0cbee5b1219730bdf3a356c0ab59758b3d9598cf 100644
--- a/interface/web/sites/lib/lang/se_web_aliasdomain_list.lng
+++ b/interface/web/sites/lib/lang/se_web_aliasdomain_list.lng
@@ -8,6 +8,7 @@ $wb['add_new_record_txt'] = 'Add new aliasdomain';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'Domain must be unique.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['no_redirect_txt'] = 'No redirect';
$wb['no_flag_txt'] = 'No flag';
$wb['none_txt'] = 'None';
diff --git a/interface/web/sites/lib/lang/se_web_childdomain.lng b/interface/web/sites/lib/lang/se_web_childdomain.lng
index 8bcd638cd7796d3bb2572567b1c7c690d48543eb..063c47db10e6d83eab71c691f12e609e40aec139 100644
--- a/interface/web/sites/lib/lang/se_web_childdomain.lng
+++ b/interface/web/sites/lib/lang/se_web_childdomain.lng
@@ -35,6 +35,7 @@ $wb['apache_directives_txt'] = 'Apache directives';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'Domain must be unique.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['host_txt'] = 'Host';
$wb['redirect_error_regex'] = 'Invalid redirect path. Valid redirects are for example: /test/ or http://www.domain.tld/test/';
$wb['no_redirect_txt'] = 'No redirect';
diff --git a/interface/web/sites/lib/lang/se_web_childdomain_list.lng b/interface/web/sites/lib/lang/se_web_childdomain_list.lng
index 1ce49ba1be6e86b451e04493c0e7f737a09e4939..4dfc97f907e90c569e325ed1c2ee4b4707953c3b 100644
--- a/interface/web/sites/lib/lang/se_web_childdomain_list.lng
+++ b/interface/web/sites/lib/lang/se_web_childdomain_list.lng
@@ -7,6 +7,7 @@ $wb['domain_txt'] = 'Subdomain';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'Domain must be unique.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['no_redirect_txt'] = 'No redirect';
$wb['no_flag_txt'] = 'No flag';
$wb['none_txt'] = 'None';
diff --git a/interface/web/sites/lib/lang/se_web_domain.lng b/interface/web/sites/lib/lang/se_web_domain.lng
index b4f58b827e65b9d81e49837f05b79e262f51b6d7..8cf7c63473c1276062645c0888b0627a7114b2f6 100644
--- a/interface/web/sites/lib/lang/se_web_domain.lng
+++ b/interface/web/sites/lib/lang/se_web_domain.lng
@@ -36,6 +36,7 @@ $wb['apache_directives_txt'] = 'Apache directives';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'Domain must be unique.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['hd_quota_error_empty'] = 'Harddisk quota is empty.';
$wb['traffic_quota_error_empty'] = 'Traffic quota is empty.';
$wb['error_ssl_state_empty'] = 'SSL State is empty.';
@@ -133,4 +134,5 @@ $wb['http_port_txt'] = 'HTTP Port';
$wb['https_port_txt'] = 'HTTPS Port';
$wb['http_port_error_regex'] = 'HTTP Port invalid.';
$wb['https_port_error_regex'] = 'HTTPS Port invalid.';
+$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:';
?>
diff --git a/interface/web/sites/lib/lang/se_web_vhost_domain.lng b/interface/web/sites/lib/lang/se_web_vhost_domain.lng
index e0dd1e129431f20e1e34384ef46748f3df52da9c..c8461fee7d9aa475d5a79f4e2ce5528ceaa5f449 100644
--- a/interface/web/sites/lib/lang/se_web_vhost_domain.lng
+++ b/interface/web/sites/lib/lang/se_web_vhost_domain.lng
@@ -37,6 +37,7 @@ $wb['apache_directives_txt'] = 'Apache directives';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'Domain must be unique.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['hd_quota_error_empty'] = 'Harddisk quota is empty.';
$wb['traffic_quota_error_empty'] = 'Traffic quota is empty.';
$wb['error_ssl_state_empty'] = 'SSL State is empty.';
diff --git a/interface/web/sites/lib/lang/se_web_vhost_subdomain.lng b/interface/web/sites/lib/lang/se_web_vhost_subdomain.lng
index 35c9298e710d663f63a4269e06dd1db22c1e644b..7897c16bf742cde9d904cf9a584f660c66252d54 100644
--- a/interface/web/sites/lib/lang/se_web_vhost_subdomain.lng
+++ b/interface/web/sites/lib/lang/se_web_vhost_subdomain.lng
@@ -47,6 +47,7 @@ $wb['apache_directives_txt'] = 'Apache Directives';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['domain_error_wildcard'] = 'Wildcard subdomains are not allowed.';
$wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.';
$wb['traffic_quota_error_empty'] = 'Traffic quota is empty.';
diff --git a/interface/web/sites/lib/lang/sk_web_aliasdomain.lng b/interface/web/sites/lib/lang/sk_web_aliasdomain.lng
index 4149c711493e6b6f06d0e99656a1c65744d4ec46..87eb5b26dc583f9423bf14e6ca31c798e4d9696c 100644
--- a/interface/web/sites/lib/lang/sk_web_aliasdomain.lng
+++ b/interface/web/sites/lib/lang/sk_web_aliasdomain.lng
@@ -43,6 +43,7 @@ $wb['apache_directives_txt'] = 'Apache Directives';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['domain_error_autosub'] = 'There is already a subdomain with these settings.';
$wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.';
$wb['traffic_quota_error_empty'] = 'Traffic quota is empty.';
diff --git a/interface/web/sites/lib/lang/sk_web_domain.lng b/interface/web/sites/lib/lang/sk_web_domain.lng
index 8e39ca8afa24b98212beaf0e5478c20de4b29055..f8f2f79b965f20526db9faf7d8e551d0892b6cf2 100644
--- a/interface/web/sites/lib/lang/sk_web_domain.lng
+++ b/interface/web/sites/lib/lang/sk_web_domain.lng
@@ -133,4 +133,5 @@ $wb['http_port_txt'] = 'HTTP Port';
$wb['https_port_txt'] = 'HTTPS Port';
$wb['http_port_error_regex'] = 'HTTP Port invalid.';
$wb['https_port_error_regex'] = 'HTTPS Port invalid.';
+$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:';
?>
diff --git a/interface/web/sites/lib/lang/sk_web_vhost_subdomain.lng b/interface/web/sites/lib/lang/sk_web_vhost_subdomain.lng
index 35c9298e710d663f63a4269e06dd1db22c1e644b..7897c16bf742cde9d904cf9a584f660c66252d54 100644
--- a/interface/web/sites/lib/lang/sk_web_vhost_subdomain.lng
+++ b/interface/web/sites/lib/lang/sk_web_vhost_subdomain.lng
@@ -47,6 +47,7 @@ $wb['apache_directives_txt'] = 'Apache Directives';
$wb['domain_error_empty'] = 'Domain is empty.';
$wb['domain_error_unique'] = 'There is already a website or sub / aliasdomain with this domain name.';
$wb['domain_error_regex'] = 'Domain name invalid.';
+$wb['domain_error_acme_invalid'] = 'Domain name acme.invalid not permitted.';
$wb['domain_error_wildcard'] = 'Wildcard subdomains are not allowed.';
$wb['hd_quota_error_empty'] = 'Harddisk quota is 0 or empty.';
$wb['traffic_quota_error_empty'] = 'Traffic quota is empty.';
diff --git a/interface/web/sites/lib/lang/tr_web_domain.lng b/interface/web/sites/lib/lang/tr_web_domain.lng
index da3625df37340c411ad9c75a5b8680960f8b7192..c97ce73778810e403fdbdc1e1e1d0f8d570eb1a9 100644
--- a/interface/web/sites/lib/lang/tr_web_domain.lng
+++ b/interface/web/sites/lib/lang/tr_web_domain.lng
@@ -133,4 +133,5 @@ $wb['http_port_txt'] = 'HTTP Port';
$wb['https_port_txt'] = 'HTTPS Port';
$wb['http_port_error_regex'] = 'HTTP Port invalid.';
$wb['https_port_error_regex'] = 'HTTPS Port invalid.';
+$wb['nginx_directive_blocked_error'] = 'Nginx directive blocked by security settings:';
?>
diff --git a/interface/web/sites/shell_user_edit.php b/interface/web/sites/shell_user_edit.php
index 77c4509b44e7e2c56c5ca72d80e16d3d30b2198e..7f74d893fc54cef87bdbdd423ea7ba6be267a89f 100644
--- a/interface/web/sites/shell_user_edit.php
+++ b/interface/web/sites/shell_user_edit.php
@@ -79,19 +79,19 @@ class page_action extends tform_actions {
if ($this->dataRecord['username'] != ""){
/* REMOVE the restriction */
- $app->tpl->setVar("username", $app->tools_sites->removePrefix($this->dataRecord['username'], $this->dataRecord['username_prefix'], $shelluser_prefix));
+ $app->tpl->setVar("username", $app->tools_sites->removePrefix($this->dataRecord['username'], $this->dataRecord['username_prefix'], $shelluser_prefix), true);
}
if($this->dataRecord['username'] == "") {
- $app->tpl->setVar("username_prefix", $shelluser_prefix);
+ $app->tpl->setVar("username_prefix", $shelluser_prefix, true);
} else {
- $app->tpl->setVar("username_prefix", $app->tools_sites->getPrefix($this->dataRecord['username_prefix'], $shelluser_prefix, $global_config['shelluser_prefix']));
+ $app->tpl->setVar("username_prefix", $app->tools_sites->getPrefix($this->dataRecord['username_prefix'], $shelluser_prefix, $global_config['shelluser_prefix']), true);
}
if($this->id > 0) {
//* we are editing a existing record
$app->tpl->setVar("edit_disabled", 1);
- $app->tpl->setVar("parent_domain_id_value", $this->dataRecord["parent_domain_id"]);
+ $app->tpl->setVar("parent_domain_id_value", $this->dataRecord["parent_domain_id"], true);
} else {
$app->tpl->setVar("edit_disabled", 0);
}
diff --git a/interface/web/sites/web_childdomain_edit.php b/interface/web/sites/web_childdomain_edit.php
index 6ef98f901fb864083d41b9feb64bd102edab4f67..2da58a4661c4342dfe92402dc6c23aace687ae91 100644
--- a/interface/web/sites/web_childdomain_edit.php
+++ b/interface/web/sites/web_childdomain_edit.php
@@ -87,7 +87,7 @@ class page_action extends tform_actions {
}
}
- $app->tpl->setVar('childdomain_type', $this->_childdomain_type);
+ $app->tpl->setVar('childdomain_type', $this->_childdomain_type, true);
parent::onShowNew();
}
@@ -118,7 +118,7 @@ class page_action extends tform_actions {
} elseif($this->_childdomain_type == 'aliasdomain' && $domain['domain'] == $this->dataRecord["domain"]) {
$domain_select .= " selected";
}
- $domain_select .= ">" . $app->functions->idn_decode($domain['domain']) . "\r\n";
+ $domain_select .= ">" . $app->functions->htmlentities($app->functions->idn_decode($domain['domain'])) . "\r\n";
}
}
else {
@@ -144,7 +144,7 @@ class page_action extends tform_actions {
$this->dataRecord["domain"] = str_replace('.'.$parent_domain["domain"], '', $this->dataRecord["domain"]);
}
}
- if($this->_childdomain_type == 'subdomain') $app->tpl->setVar("domain", $this->dataRecord["domain"]);
+ if($this->_childdomain_type == 'subdomain') $app->tpl->setVar("domain", $this->dataRecord["domain"], true);
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) {
@@ -159,7 +159,7 @@ class page_action extends tform_actions {
$proxy_directive_snippets_txt = '';
if(is_array($proxy_directive_snippets) && !empty($proxy_directive_snippets)){
foreach($proxy_directive_snippets as $proxy_directive_snippet){
- $proxy_directive_snippets_txt .= '['.$proxy_directive_snippet['name'].']'.$proxy_directive_snippet['snippet'].'
';
+ $proxy_directive_snippets_txt .= '['.$app->functions->htmlentities($proxy_directive_snippet['name']).']'.$app->functions->htmlentities($proxy_directive_snippet['snippet']).'
';
}
}
if($proxy_directive_snippets_txt == '') $proxy_directive_snippets_txt = '------';
@@ -167,7 +167,7 @@ class page_action extends tform_actions {
$app->tpl->setVar('limit_ssl_letsencrypt', 'y');
}
- $app->tpl->setVar('childdomain_type', $this->_childdomain_type);
+ $app->tpl->setVar('childdomain_type', $this->_childdomain_type, true);
parent::onShowEnd();
diff --git a/interface/web/sites/web_childdomain_list.php b/interface/web/sites/web_childdomain_list.php
index a4e953c07e99115de6a14da7952e14d8e42fed66..f445c4b50bf826e2c72a327488e423ad0fc69f48 100644
--- a/interface/web/sites/web_childdomain_list.php
+++ b/interface/web/sites/web_childdomain_list.php
@@ -56,7 +56,7 @@ $_SESSION['s']['var']['childdomain_type'] = $show_type;
class list_action extends listform_actions {
function onShow() {
global $app;
- $app->tpl->setVar('childdomain_type', $_SESSION['s']['var']['childdomain_type']);
+ $app->tpl->setVar('childdomain_type', $_SESSION['s']['var']['childdomain_type'], true);
parent::onShow();
}
diff --git a/interface/web/sites/web_vhost_domain_edit.php b/interface/web/sites/web_vhost_domain_edit.php
index 72c07724ea2e153780f6b6adb59e482a8756479d..df9185d262796002060c5ff3744229ca436663b4 100644
--- a/interface/web/sites/web_vhost_domain_edit.php
+++ b/interface/web/sites/web_vhost_domain_edit.php
@@ -115,7 +115,7 @@ class page_action extends tform_actions {
$client = $app->db->queryOneRecord("SELECT client.web_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
$web_servers = explode(',', $client['web_servers']);
$server_id = $web_servers[0];
- $app->tpl->setVar("server_id_value", $server_id);
+ $app->tpl->setVar("server_id_value", $server_id, true);
unset($web_servers);
} else {
$settings = $app->getconf->get_global_config('sites');
@@ -130,7 +130,7 @@ class page_action extends tform_actions {
$app->tform->formDef['tabs']['domain']['fields']['php']['default'] = $web_config['php_handler'];
$app->tform->formDef['tabs']['domain']['readonly'] = false;
- $app->tpl->setVar('vhostdomain_type', $this->_vhostdomain_type);
+ $app->tpl->setVar('vhostdomain_type', $this->_vhostdomain_type, true);
parent::onShowNew();
}
@@ -179,7 +179,7 @@ class page_action extends tform_actions {
$options_web_servers = "";
foreach ($web_servers as $web_server) {
- $options_web_servers .= '';
+ $options_web_servers .= '';
}
$app->tpl->setVar("server_id", $options_web_servers);
@@ -214,7 +214,7 @@ class page_action extends tform_actions {
if(is_array($ips)) {
foreach( $ips as $ip) {
$selected = ($ip["ip_address"] == $this->dataRecord["ip_address"])?'SELECTED':'';
- $ip_select .= "\r\n";
+ $ip_select .= "\r\n";
}
}
$app->tpl->setVar("ip_address", $ip_select);
@@ -230,7 +230,7 @@ class page_action extends tform_actions {
if(is_array($ips)) {
foreach( $ips as $ip) {
$selected = ($ip["ip_address"] == $this->dataRecord["ipv6_address"])?'SELECTED':'';
- $ip_select .= "\r\n";
+ $ip_select .= "\r\n";
}
}
$app->tpl->setVar("ipv6_address", $ip_select);
@@ -266,7 +266,7 @@ class page_action extends tform_actions {
$php_version = $php_record['name'].':'.$php_record['php_fastcgi_binary'].':'.$php_record['php_fastcgi_ini_dir'];
}
$selected = ($php_version == $this->dataRecord["fastcgi_php_version"])?'SELECTED':'';
- $php_select .= "\r\n";
+ $php_select .= "\r\n";
}
}
$app->tpl->setVar("fastcgi_php_version", $php_select);
@@ -306,7 +306,7 @@ class page_action extends tform_actions {
$options_web_servers = "";
foreach ($web_servers as $web_server) {
- $options_web_servers .= '';
+ $options_web_servers .= '';
}
$app->tpl->setVar("server_id", $options_web_servers);
@@ -361,7 +361,7 @@ class page_action extends tform_actions {
if(is_array($ips)) {
foreach( $ips as $ip) {
$selected = ($ip["ip_address"] == $this->dataRecord["ip_address"])?'SELECTED':'';
- $ip_select .= "\r\n";
+ $ip_select .= "\r\n";
}
}
$app->tpl->setVar("ip_address", $ip_select);
@@ -376,7 +376,7 @@ class page_action extends tform_actions {
if(is_array($ips)) {
foreach( $ips as $ip) {
$selected = ($ip["ip_address"] == $this->dataRecord["ipv6_address"])?'SELECTED':'';
- $ip_select .= "\r\n";
+ $ip_select .= "\r\n";
}
}
$app->tpl->setVar("ipv6_address", $ip_select);
@@ -413,7 +413,7 @@ class page_action extends tform_actions {
$php_version = $php_record['name'].':'.$php_record['php_fastcgi_binary'].':'.$php_record['php_fastcgi_ini_dir'];
}
$selected = ($php_version == $this->dataRecord["fastcgi_php_version"])?'SELECTED':'';
- $php_select .= "\r\n";
+ $php_select .= "\r\n";
}
}
$app->tpl->setVar("fastcgi_php_version", $php_select);
@@ -441,7 +441,7 @@ class page_action extends tform_actions {
$php_directive_snippets_txt .= $app->tform->wordbook["select_directive_snippet_txt"].'
';
foreach($php_directive_snippets as $php_directive_snippet){
$php_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $php_directive_snippet['snippet'] . PHP_EOL;
- $php_directive_snippets_txt .= '['.$php_directive_snippet['name'].']'.htmlentities($php_directive_snippet['snippet']).'
';
+ $php_directive_snippets_txt .= '['.$app->functions->htmlentities($php_directive_snippet['name']).']'.$app->functions->htmlentities($php_directive_snippet['snippet']).'
';
}
}
if($php_directive_snippets_txt == '') $php_directive_snippets_txt = '------';
@@ -464,7 +464,7 @@ class page_action extends tform_actions {
$apache_directive_snippets_txt .= $app->tform->wordbook["select_directive_snippet_txt"].'
';
foreach($apache_directive_snippets as $apache_directive_snippet){
$apache_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $apache_directive_snippet['snippet'] . PHP_EOL;
- $apache_directive_snippets_txt .= '['.$apache_directive_snippet['name'].']'.htmlentities($apache_directive_snippet['snippet']).'
';
+ $apache_directive_snippets_txt .= '['.$app->functions->htmlentities($apache_directive_snippet['name']).']'.$app->functions->htmlentities($apache_directive_snippet['snippet']).'
';
}
}
if($apache_directive_snippets_txt == '') $apache_directive_snippets_txt = '------';
@@ -478,7 +478,7 @@ class page_action extends tform_actions {
$nginx_directive_snippets_txt .= $app->tform->wordbook["select_master_directive_snippet_txt"].'
';
foreach($nginx_directive_snippets as $nginx_directive_snippet){
$nginx_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $nginx_directive_snippet['snippet'] . PHP_EOL;
- $nginx_directive_snippets_txt .= '['.$nginx_directive_snippet['name'].']'.htmlentities($nginx_directive_snippet['snippet']).'
';
+ $nginx_directive_snippets_txt .= '['.$app->functions->htmlentities($nginx_directive_snippet['name']).']'.$app->functions->htmlentities($nginx_directive_snippet['snippet']).'
';
}
$nginx_directive_snippets_txt .= '
';
}
@@ -488,7 +488,7 @@ class page_action extends tform_actions {
$nginx_directive_snippets_txt .= $app->tform->wordbook["select_directive_snippet_txt"].'
';
foreach($nginx_directive_snippets as $nginx_directive_snippet){
$nginx_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $nginx_directive_snippet['snippet'] . PHP_EOL;
- $nginx_directive_snippets_txt .= '['.$nginx_directive_snippet['name'].']'.htmlentities($nginx_directive_snippet['snippet']).'
';
+ $nginx_directive_snippets_txt .= '['.$app->functions->htmlentities($nginx_directive_snippet['name']).']'.$app->functions->htmlentities($nginx_directive_snippet['snippet']).'
';
}
}
if($nginx_directive_snippets_txt == '') $nginx_directive_snippets_txt = '------';
@@ -501,7 +501,7 @@ class page_action extends tform_actions {
$proxy_directive_snippets_txt .= $app->tform->wordbook["select_master_directive_snippet_txt"].'
';
foreach($proxy_directive_snippets as $proxy_directive_snippet){
$proxy_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $proxy_directive_snippet['snippet'] . PHP_EOL;
- $proxy_directive_snippets_txt .= '['.$proxy_directive_snippet['name'].']'.htmlentities($proxy_directive_snippet['snippet']).'
';
+ $proxy_directive_snippets_txt .= '['.$app->functions->htmlentities($proxy_directive_snippet['name']).']'.$app->functions->htmlentities($proxy_directive_snippet['snippet']).'
';
}
$proxy_directive_snippets_txt .= '
';
}
@@ -511,7 +511,7 @@ class page_action extends tform_actions {
$proxy_directive_snippets_txt .= $app->tform->wordbook["select_directive_snippet_txt"].'
';
foreach($proxy_directive_snippets as $proxy_directive_snippet){
$proxy_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $proxy_directive_snippet['snippet'] . PHP_EOL;
- $proxy_directive_snippets_txt .= '['.$proxy_directive_snippet['name'].']'.htmlentities($proxy_directive_snippet['snippet']).'
';
+ $proxy_directive_snippets_txt .= '['.$app->functions->htmlentities($proxy_directive_snippet['name']).']'.$app->functions->htmlentities($proxy_directive_snippet['snippet']).'
';
}
}
if($proxy_directive_snippets_txt == '') $proxy_directive_snippets_txt = '------';
@@ -557,7 +557,7 @@ class page_action extends tform_actions {
if(is_array($ips)) {
foreach( $ips as $ip) {
$selected = ($ip["ip_address"] == $this->dataRecord["ip_address"])?'SELECTED':'';
- $ip_select .= "\r\n";
+ $ip_select .= "\r\n";
}
}
$app->tpl->setVar("ip_address", $ip_select);
@@ -572,7 +572,7 @@ class page_action extends tform_actions {
if(is_array($ips)) {
foreach( $ips as $ip) {
$selected = ($ip["ip_address"] == $this->dataRecord["ipv6_address"])?'SELECTED':'';
- $ip_select .= "\r\n";
+ $ip_select .= "\r\n";
}
}
$app->tpl->setVar("ipv6_address", $ip_select);
@@ -633,7 +633,7 @@ class page_action extends tform_actions {
$php_version = $php_record['name'].':'.$php_record['php_fastcgi_binary'].':'.$php_record['php_fastcgi_ini_dir'];
}
$selected = ($php_version == $this->dataRecord["fastcgi_php_version"])?'SELECTED':'';
- $php_select .= "\r\n";
+ $php_select .= "\r\n";
}
}
$app->tpl->setVar("fastcgi_php_version", $php_select);
@@ -648,7 +648,7 @@ class page_action extends tform_actions {
$php_directive_snippets_txt .= $app->tform->wordbook["select_master_directive_snippet_txt"].'
';
foreach($php_directive_snippets as $php_directive_snippet){
$php_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $php_directive_snippet['snippet'] . PHP_EOL;
- $php_directive_snippets_txt .= '['.$php_directive_snippet['name'].']'.htmlentities($php_directive_snippet['snippet']).'
';
+ $php_directive_snippets_txt .= '['.$app->functions->htmlentities($php_directive_snippet['name']).']'.$app->functions->htmlentities($php_directive_snippet['snippet']).'
';
}
$php_directive_snippets_txt .= '
';
}
@@ -658,7 +658,7 @@ class page_action extends tform_actions {
$php_directive_snippets_txt .= $app->tform->wordbook["select_directive_snippet_txt"].'
';
foreach($php_directive_snippets as $php_directive_snippet){
$php_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $php_directive_snippet['snippet'] . PHP_EOL;
- $php_directive_snippets_txt .= '['.$php_directive_snippet['name'].']'.htmlentities($php_directive_snippet['snippet']).'
';
+ $php_directive_snippets_txt .= '['.$app->functions->htmlentities($php_directive_snippet['name']).']'.$app->functions->htmlentities($php_directive_snippet['snippet']).'
';
}
}
if($php_directive_snippets_txt == '') $php_directive_snippets_txt = '------';
@@ -671,7 +671,7 @@ class page_action extends tform_actions {
$apache_directive_snippets_txt .= $app->tform->wordbook["select_master_directive_snippet_txt"].'
';
foreach($apache_directive_snippets as $apache_directive_snippet){
$apache_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $apache_directive_snippet['snippet'] . PHP_EOL;
- $apache_directive_snippets_txt .= '['.$apache_directive_snippet['name'].']'.htmlentities($apache_directive_snippet['snippet']).'
';
+ $apache_directive_snippets_txt .= '['.$app->functions->htmlentities($apache_directive_snippet['name']).']'.$app->functions->htmlentities($apache_directive_snippet['snippet']).'
';
}
$apache_directive_snippets_txt .= '
';
}
@@ -681,7 +681,7 @@ class page_action extends tform_actions {
$apache_directive_snippets_txt .= $app->tform->wordbook["select_directive_snippet_txt"].'
';
foreach($apache_directive_snippets as $apache_directive_snippet){
$apache_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $apache_directive_snippet['snippet'] . PHP_EOL;
- $apache_directive_snippets_txt .= '['.$apache_directive_snippet['name'].']'.htmlentities($apache_directive_snippet['snippet']).'
';
+ $apache_directive_snippets_txt .= '['.$app->functions->htmlentities($apache_directive_snippet['name']).']'.$app->functions->htmlentities($apache_directive_snippet['snippet']).'
';
}
}
if($apache_directive_snippets_txt == '') $apache_directive_snippets_txt = '------';
@@ -695,7 +695,7 @@ class page_action extends tform_actions {
$nginx_directive_snippets_txt .= $app->tform->wordbook["select_master_directive_snippet_txt"].'
';
foreach($nginx_directive_snippets as $nginx_directive_snippet){
$nginx_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $nginx_directive_snippet['snippet'] . PHP_EOL;
- $nginx_directive_snippets_txt .= '['.$nginx_directive_snippet['name'].']'.htmlentities($nginx_directive_snippet['snippet']).'
';
+ $nginx_directive_snippets_txt .= '['.$app->functions->htmlentities($nginx_directive_snippet['name']).']'.$app->functions->htmlentities($nginx_directive_snippet['snippet']).'
';
}
$nginx_directive_snippets_txt .= '
';
}
@@ -705,7 +705,7 @@ class page_action extends tform_actions {
$nginx_directive_snippets_txt .= $app->tform->wordbook["select_directive_snippet_txt"].'
';
foreach($nginx_directive_snippets as $nginx_directive_snippet){
$nginx_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $nginx_directive_snippet['snippet'] . PHP_EOL;
- $nginx_directive_snippets_txt .= '['.$nginx_directive_snippet['name'].']'.htmlentities($nginx_directive_snippet['snippet']).'
';
+ $nginx_directive_snippets_txt .= '['.$app->functions->htmlentities($nginx_directive_snippet['name']).']'.$app->functions->htmlentities($nginx_directive_snippet['snippet']).'
';
}
}
if($nginx_directive_snippets_txt == '') $nginx_directive_snippets_txt = '------';
@@ -718,7 +718,7 @@ class page_action extends tform_actions {
$proxy_directive_snippets_txt .= $app->tform->wordbook["select_master_directive_snippet_txt"].'
';
foreach($proxy_directive_snippets as $proxy_directive_snippet){
$proxy_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $proxy_directive_snippet['snippet'] . PHP_EOL;
- $proxy_directive_snippets_txt .= '['.$proxy_directive_snippet['name'].']'.htmlentities($proxy_directive_snippet['snippet']).'
';
+ $proxy_directive_snippets_txt .= '['.$app->functions->htmlentities($proxy_directive_snippet['name']).']'.$app->functions->htmlentities($proxy_directive_snippet['snippet']).'
';
}
$proxy_directive_snippets_txt .= '
';
}
@@ -728,7 +728,7 @@ class page_action extends tform_actions {
$proxy_directive_snippets_txt .= $app->tform->wordbook["select_directive_snippet_txt"].'
';
foreach($proxy_directive_snippets as $proxy_directive_snippet){
$proxy_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $proxy_directive_snippet['snippet'] . PHP_EOL;
- $proxy_directive_snippets_txt .= '['.$proxy_directive_snippet['name'].']'.htmlentities($proxy_directive_snippet['snippet']).'
';
+ $proxy_directive_snippets_txt .= '['.$app->functions->htmlentities($proxy_directive_snippet['name']).']'.$app->functions->htmlentities($proxy_directive_snippet['snippet']).'
';
}
}
if($proxy_directive_snippets_txt == '') $proxy_directive_snippets_txt = '------';
@@ -748,7 +748,7 @@ class page_action extends tform_actions {
if(is_array($ssl_domains)) {
foreach( $ssl_domains as $ssl_domain) {
$selected = ($ssl_domain == $this->dataRecord['ssl_domain'])?'SELECTED':'';
- $ssl_domain_select .= "\r\n";
+ $ssl_domain_select .= "\r\n";
}
}
$app->tpl->setVar("ssl_domain", $ssl_domain_select);
@@ -761,8 +761,8 @@ class page_action extends tform_actions {
$app->tpl->setVar("edit_disabled", 1);
$app->tpl->setVar('fixed_folder', 'y');
if($this->_vhostdomain_type == 'domain') {
- $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"]);
- $app->tpl->setVar("document_root", $this->dataRecord["document_root"]);
+ $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"], true);
+ $app->tpl->setVar("document_root", $this->dataRecord["document_root"], true);
}
else $app->tpl->setVar('server_id_value', $parent_domain['server_id']);
} else {
@@ -798,7 +798,7 @@ class page_action extends tform_actions {
} elseif($this->_vhostdomain_type == 'domain' && $domain['domain'] == $this->dataRecord["domain"]) {
$domain_select .= " selected";
}
- $domain_select .= ">" . $app->functions->idn_decode($domain['domain']) . "\r\n";
+ $domain_select .= ">" . $app->functions->htmlentities($app->functions->idn_decode($domain['domain'])) . "\r\n";
}
}
else {
@@ -820,20 +820,20 @@ class page_action extends tform_actions {
if($this->dataRecord["type"] == 'vhostsubdomain') $this->dataRecord["domain"] = str_replace('.'.$parent_domain["domain"], '', $this->dataRecord["domain"]);
}
- if($this->_vhostdomain_type != 'domain') $app->tpl->setVar("domain", $this->dataRecord["domain"]);
+ if($this->_vhostdomain_type != 'domain') $app->tpl->setVar("domain", $this->dataRecord["domain"], true);
// check for configuration errors in sys_datalog
if($this->id > 0) {
$datalog = $app->db->queryOneRecord("SELECT sys_datalog.error, sys_log.tstamp FROM sys_datalog, sys_log WHERE sys_datalog.dbtable = 'web_domain' AND sys_datalog.dbidx = ? AND sys_datalog.datalog_id = sys_log.datalog_id AND sys_log.message = CONCAT('Processed datalog_id ',sys_log.datalog_id) ORDER BY sys_datalog.tstamp DESC", 'domain_id:' . $this->id);
if(is_array($datalog) && !empty($datalog)){
if(trim($datalog['error']) != ''){
- $app->tpl->setVar("config_error_msg", nl2br(htmlentities($datalog['error'])));
+ $app->tpl->setVar("config_error_msg", nl2br($app->functions->htmlentities($datalog['error'])));
$app->tpl->setVar("config_error_tstamp", date($app->lng('conf_format_datetime'), $datalog['tstamp']));
}
}
}
- $app->tpl->setVar('vhostdomain_type', $this->_vhostdomain_type);
+ $app->tpl->setVar('vhostdomain_type', $this->_vhostdomain_type, true);
$app->tpl->setVar('is_spdy_enabled', ($web_config['enable_spdy'] === 'y'));
$app->tpl->setVar("is_admin", $is_admin);
@@ -859,7 +859,7 @@ class page_action extends tform_actions {
if(is_array($m_directive_snippets) && !empty($m_directive_snippets)){
$directive_snippets_id_select .= '';
}
@@ -868,7 +868,7 @@ class page_action extends tform_actions {
if(is_array($directive_snippets) && !empty($directive_snippets)){
$directive_snippets_id_select .= '';
}
diff --git a/interface/web/sites/web_vhost_domain_list.php b/interface/web/sites/web_vhost_domain_list.php
index 378eeaaf6a2bfa3acaf44e4325ba428162082a86..b74fd644f70bd42fadb6fcec7b38389e9c83d777 100644
--- a/interface/web/sites/web_vhost_domain_list.php
+++ b/interface/web/sites/web_vhost_domain_list.php
@@ -68,7 +68,7 @@ $_SESSION['s']['var']['vhostdomain_type'] = $show_type;
class list_action extends listform_actions {
function onShow() {
global $app;
- $app->tpl->setVar('vhostdomain_type', $_SESSION['s']['var']['vhostdomain_type']);
+ $app->tpl->setVar('vhostdomain_type', $_SESSION['s']['var']['vhostdomain_type'], true);
parent::onShow();
}
diff --git a/interface/web/sites/webdav_user_edit.php b/interface/web/sites/webdav_user_edit.php
index 73e47eb7a98d5ef6e847614384eb9df1d11aea38..e02e0bdaff10e56bb3ac4a41d615a4b53b6ce79b 100644
--- a/interface/web/sites/webdav_user_edit.php
+++ b/interface/web/sites/webdav_user_edit.php
@@ -78,19 +78,19 @@ class page_action extends tform_actions {
if ($this->dataRecord['username'] != "") {
/* REMOVE the restriction */
- $app->tpl->setVar("username", $app->tools_sites->removePrefix($this->dataRecord['username'], $this->dataRecord['username_prefix'], $webdavuser_prefix));
+ $app->tpl->setVar("username", $app->tools_sites->removePrefix($this->dataRecord['username'], $this->dataRecord['username_prefix'], $webdavuser_prefix), true);
}
if($this->dataRecord['username'] == "") {
- $app->tpl->setVar("username_prefix", $webdavuser_prefix);
+ $app->tpl->setVar("username_prefix", $webdavuser_prefix, true);
} else {
- $app->tpl->setVar("username_prefix", $app->tools_sites->getPrefix($this->dataRecord['username_prefix'], $webdavuser_prefix, $global_config['webdavuser_prefix']));
+ $app->tpl->setVar("username_prefix", $app->tools_sites->getPrefix($this->dataRecord['username_prefix'], $webdavuser_prefix, $global_config['webdavuser_prefix']), true);
}
if($this->id > 0) {
//* we are editing a existing record
$app->tpl->setVar("edit_disabled", 1);
- $app->tpl->setVar("parent_domain_id_value", $this->dataRecord["parent_domain_id"]);
+ $app->tpl->setVar("parent_domain_id_value", $this->dataRecord["parent_domain_id"], true);
} else {
$app->tpl->setVar("edit_disabled", 0);
}
diff --git a/interface/web/tools/dns_import_tupa.php b/interface/web/tools/dns_import_tupa.php
index 849a097680f74a6f7bd68584340f3fc4c76fa1f0..12bd03529673c39a8b5d9979e2f4cf4bc6a84111 100644
--- a/interface/web/tools/dns_import_tupa.php
+++ b/interface/web/tools/dns_import_tupa.php
@@ -50,10 +50,10 @@ if(isset($_POST['start']) && $_POST['start'] == 1) {
$app->auth->csrf_token_check();
//* Set variable sin template
- $app->tpl->setVar('dbhost', $_POST['dbhost']);
- $app->tpl->setVar('dbname', $_POST['dbname']);
- $app->tpl->setVar('dbuser', $_POST['dbuser']);
- $app->tpl->setVar('dbpassword', $_POST['dbpassword']);
+ $app->tpl->setVar('dbhost', $_POST['dbhost'], true);
+ $app->tpl->setVar('dbname', $_POST['dbname'], true);
+ $app->tpl->setVar('dbuser', $_POST['dbuser'], true);
+ $app->tpl->setVar('dbpassword', $_POST['dbpassword'], true);
//* Establish connection to external database
$msg .= 'Connecting to external database...
';
diff --git a/interface/web/tools/import_ispconfig.php b/interface/web/tools/import_ispconfig.php
index 728c279c01933b152905734cd122e7b197e88a46..a1ab9e14a41b17e262c72060c75045f60fa03306 100644
--- a/interface/web/tools/import_ispconfig.php
+++ b/interface/web/tools/import_ispconfig.php
@@ -153,9 +153,9 @@ if(isset($_POST['connected'])) {
}
-$app->tpl->setVar('remote_server', $_POST['remote_server']);
-$app->tpl->setVar('remote_user', $_POST['remote_user']);
-$app->tpl->setVar('remote_password', $_POST['remote_password']);
+$app->tpl->setVar('remote_server', $_POST['remote_server'], true);
+$app->tpl->setVar('remote_user', $_POST['remote_user'], true);
+$app->tpl->setVar('remote_password', $_POST['remote_password'], true);
$app->tpl->setVar('connected', $connected);
$app->tpl->setVar('remote_session_id', $remote_session_id);
$app->tpl->setVar('msg', $msg);
diff --git a/interface/web/tools/import_vpopmail.php b/interface/web/tools/import_vpopmail.php
index 9e560cdf30455be6c9e3459aec98334cfa3a7a54..3ef87710e593cb37c6980e5cfa4e16c54052dc3d 100644
--- a/interface/web/tools/import_vpopmail.php
+++ b/interface/web/tools/import_vpopmail.php
@@ -84,11 +84,11 @@ if(isset($_POST['db_hostname']) && $_POST['db_hostname'] != '') {
$_POST['local_server_id'] = 1;
}
-$app->tpl->setVar('db_hostname', $_POST['db_hostname']);
-$app->tpl->setVar('db_user', $_POST['db_user']);
-$app->tpl->setVar('db_password', $_POST['db_password']);
-$app->tpl->setVar('db_name', $_POST['db_name']);
-$app->tpl->setVar('local_server_id', $_POST['local_server_id']);
+$app->tpl->setVar('db_hostname', $_POST['db_hostname'], true);
+$app->tpl->setVar('db_user', $_POST['db_user'], true);
+$app->tpl->setVar('db_password', $_POST['db_password'], true);
+$app->tpl->setVar('db_name', $_POST['db_name'], true);
+$app->tpl->setVar('local_server_id', $_POST['local_server_id'], true);
$app->tpl->setVar('msg', $msg);
$app->tpl->setVar('error', $error);
diff --git a/interface/web/vm/openvz_vm_edit.php b/interface/web/vm/openvz_vm_edit.php
index 2a5b12f3d712886143a05b65acdfbed536afcad1..4dd1a551deff4e8cb40c7f2cb23200acbc93627e 100644
--- a/interface/web/vm/openvz_vm_edit.php
+++ b/interface/web/vm/openvz_vm_edit.php
@@ -86,7 +86,7 @@ class page_action extends tform_actions {
if(is_array($records)) {
foreach( $records as $rec) {
$selected = @($rec["template_id"] == $this->dataRecord["template_id"])?'SELECTED':'';
- $template_id_select .= "\r\n";
+ $template_id_select .= "\r\n";
}
}
$app->tpl->setVar("template_id_select", $template_id_select);
@@ -109,7 +109,7 @@ class page_action extends tform_actions {
if(is_array($records)) {
foreach( $records as $rec) {
$selected = @(is_array($this->dataRecord) && ($client["groupid"] == $this->dataRecord['client_group_id'] || $client["groupid"] == $this->dataRecord['sys_groupid']))?'SELECTED':'';
- $client_select .= "\r\n";
+ $client_select .= "\r\n";
}
}
$app->tpl->setVar("client_group_id", $client_select);
@@ -124,7 +124,7 @@ class page_action extends tform_actions {
if(is_array($records)) {
foreach( $records as $rec) {
$selected = @($rec["template_id"] == $this->dataRecord["template_id"])?'SELECTED':'';
- $template_id_select .= "\r\n";
+ $template_id_select .= "\r\n";
}
}
$app->tpl->setVar("template_id_select", $template_id_select);
@@ -141,7 +141,7 @@ class page_action extends tform_actions {
if(is_array($clients)) {
foreach( $clients as $client) {
$selected = @(is_array($this->dataRecord) && ($client["groupid"] == $this->dataRecord['client_group_id'] || $client["groupid"] == $this->dataRecord['sys_groupid']))?'SELECTED':'';
- $client_select .= "\r\n";
+ $client_select .= "\r\n";
}
}
$app->tpl->setVar("client_group_id", $client_select);
@@ -153,7 +153,7 @@ class page_action extends tform_actions {
$template_id_select='';
foreach( $records as $rec) {
$selected = @($rec["template_id"] == $this->dataRecord["template_id"])?'SELECTED':'';
- $template_id_select .= "\r\n";
+ $template_id_select .= "\r\n";
}
}
$app->tpl->setVar("template_id_select", $template_id_select);
@@ -175,7 +175,7 @@ class page_action extends tform_actions {
if(is_array($ips)) {
foreach( $ips as $ip) {
$selected = ($ip["ip_address"] == $this->dataRecord["ip_address"])?'SELECTED':'';
- $ip_select .= "\r\n";
+ $ip_select .= "\r\n";
}
}
$app->tpl->setVar("ip_address", $ip_select);
@@ -188,7 +188,7 @@ class page_action extends tform_actions {
foreach ($additional_ips as $idx => $rec) {
$temp .= "";
$used = @($rec['additional']=='y')?'CHECKED':'';
- $temp .= " ".$rec['ip_address']."
";
+ $temp .= " ".$app->functions->htmlentities($rec['ip_address'])."
";
}
$app->tpl->setVar("additional_ip", $temp);
unset($used);
@@ -198,8 +198,8 @@ class page_action extends tform_actions {
if($this->id > 0) {
//* we are editing a existing record
$app->tpl->setVar("edit_disabled", 1);
- $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"]);
- $app->tpl->setVar("ostemplate_id_value", $this->dataRecord["ostemplate_id"]);
+ $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"], true);
+ $app->tpl->setVar("ostemplate_id_value", $this->dataRecord["ostemplate_id"], true);
} else {
$app->tpl->setVar("edit_disabled", 0);
}
diff --git a/security/apache_directives.blacklist b/security/apache_directives.blacklist
index edb4b503d387c0ced2be822740ef110e3a5977b5..6dd376d643cac4d52f2885b9da68d043b08821f2 100644
--- a/security/apache_directives.blacklist
+++ b/security/apache_directives.blacklist
@@ -1,3 +1,3 @@
-/^\s*(LoadModule|LoadFile|Include)(\s+|[\\\\])/mi
+/^\s*(LoadModule|LoadFile|Include|IncludeOptional)(\s+|[\\\\])/mi
/^\s*(SuexecUserGroup|suPHP_UserGroup|suPHP_PHPPath|suPHP_ConfigPath)(\s+|[\\\\])/mi
/^\s*(FCGIWrapper|FastCgiExternalServer)(\s+|[\\\\])/mi
\ No newline at end of file
diff --git a/security/nginx_directives.blacklist b/security/nginx_directives.blacklist
new file mode 100644
index 0000000000000000000000000000000000000000..2f7122a14856d8bbdac6fad782b84557f851a5c4
--- /dev/null
+++ b/security/nginx_directives.blacklist
@@ -0,0 +1 @@
+/^\s*(load_module)(\s+|[\\\\])/mi
\ No newline at end of file
diff --git a/security/security_settings.ini b/security/security_settings.ini
index 5cc381e3cde02bd8da1c69e14af5d9cad9a7c8b2..d7b65ba48ec23aac32b1d6296f66962ea3ae662e 100644
--- a/security/security_settings.ini
+++ b/security/security_settings.ini
@@ -19,13 +19,22 @@ password_reset_allowed=yes
session_regenerate_id=yes
[ids]
-ids_enabled=no
-ids_log_level=1
-ids_warn_level=5
-ids_block_level=100
+ids_anon_enabled=yes
+ids_anon_log_level=1
+ids_anon_warn_level=5
+ids_anon_block_level=20
+ids_user_enabled=yes
+ids_user_log_level=1
+ids_user_warn_level=10
+ids_user_block_level=25
+ids_admin_enabled=no
+ids_admin_log_level=1
+ids_admin_warn_level=5
+ids_admin_block_level=100
sql_scan_enabled=yes
sql_scan_action=warn
apache_directives_scan_enabled=yes
+nginx_directives_scan_enabled=yes
[systemcheck]
security_admin_email=root@localhost
diff --git a/server/conf/vhost.conf.master b/server/conf/vhost.conf.master
index 812e8e0fcc9aec596e90c73a52903c442ad8591c..145f3b7cfc22a26b959d9a1ba8da0f3f98337612 100644
--- a/server/conf/vhost.conf.master
+++ b/server/conf/vhost.conf.master
@@ -188,6 +188,13 @@
+
+
+ SetHandler mod_python
+
+ PythonHandler mod_python.publisher
+ PythonDebug On
+
SetHandler mod_python
diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index e7718b0c1c855e060f9cbe7dc2818b61f6632b4f..c40574e2b91f3faec6045e993b8609ebdee4cb0a 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -394,6 +394,26 @@ class apache2_plugin {
$app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
}
}
+
+ //* and check that SSL cert does not contain subdomain of domain acme.invalid
+ if($data["new"]["ssl_action"] == 'save') {
+ $tmp = array();
+ $crt_data = '';
+ exec('openssl x509 -noout -text -in '.escapeshellarg($crt_file),$tmp);
+ $crt_data = implode("\n",$tmp);
+ if(stristr($crt_data,'.acme.invalid')) {
+ $data["new"]["ssl_action"] = '';
+
+ $app->log('SSL Certificate not saved. The SSL cert contains domain acme.invalid.', LOGLEVEL_WARN);
+ $app->dbmaster->datalogError('SSL Certificate not saved. The SSL cert contains domain acme.invalid.');
+
+ /* Update the DB of the (local) Server */
+ $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
+
+ /* Update also the master-DB of the Server-Farm */
+ $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
+ }
+ }
//* Save a SSL certificate to disk
if($data["new"]["ssl_action"] == 'save') {
@@ -457,11 +477,11 @@ class apache2_plugin {
$app->system->unlink($crt_file);
$app->system->unlink($bundle_file);
/* Update the DB of the (local) Server */
- $app->db->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '' WHERE domain = ?", $data['new']['domain']);
- $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
+ $app->db->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '' WHERE domain = ? AND server_id = ?", $data['new']['domain'], $data['new']['server_id']);
+ $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ? AND server_id = ?", $data['new']['domain'], $data['new']['server_id']);
/* Update also the master-DB of the Server-Farm */
- $app->dbmaster->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '' WHERE domain = ?", $data['new']['domain']);
- $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
+ $app->dbmaster->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '' WHERE domain = ? AND server_id = ?", $data['new']['domain'], $data['new']['server_id']);
+ $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ? AND server_id = ?", $data['new']['domain'], $data['new']['server_id']);
$app->log('Deleting SSL Cert for: '.$domain, LOGLEVEL_DEBUG);
}
@@ -681,10 +701,10 @@ class apache2_plugin {
$fstab_line_old = '/var/log/ispconfig/httpd/'.$data['old']['domain'].' '.$data['old']['document_root'].'/'.$old_log_folder.' none bind';
if($web_config['network_filesystem'] == 'y') {
- $fstab_line = '/var/log/ispconfig/httpd/'.$data['new']['domain'].' '.$data['new']['document_root'].'/'.$log_folder.' none bind,nobootwait,_netdev 0 0';
+ $fstab_line = '/var/log/ispconfig/httpd/'.$data['new']['domain'].' '.$data['new']['document_root'].'/'.$log_folder.' none bind,nofail,_netdev 0 0';
$app->system->replaceLine('/etc/fstab', $fstab_line_old, $fstab_line, 0, 1);
} else {
- $fstab_line = '/var/log/ispconfig/httpd/'.$data['new']['domain'].' '.$data['new']['document_root'].'/'.$log_folder.' none bind,nobootwait 0 0';
+ $fstab_line = '/var/log/ispconfig/httpd/'.$data['new']['domain'].' '.$data['new']['document_root'].'/'.$log_folder.' none bind,nofail 0 0';
$app->system->replaceLine('/etc/fstab', $fstab_line_old, $fstab_line, 0, 1);
}
diff --git a/server/plugins-available/nginx_plugin.inc.php b/server/plugins-available/nginx_plugin.inc.php
index 477eeaace0d54f261b2ef5f3a31464fccb944556..0cbb6c13764985999b73f9414f818173409c8dd2 100644
--- a/server/plugins-available/nginx_plugin.inc.php
+++ b/server/plugins-available/nginx_plugin.inc.php
@@ -235,6 +235,26 @@ class nginx_plugin {
$app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
}
}
+
+ //* and check that SSL cert does not contain subdomain of domain acme.invalid
+ if($data["new"]["ssl_action"] == 'save') {
+ $tmp = array();
+ $crt_data = '';
+ exec('openssl x509 -noout -text -in '.escapeshellarg($crt_file),$tmp);
+ $crt_data = implode("\n",$tmp);
+ if(stristr($crt_data,'.acme.invalid')) {
+ $data["new"]["ssl_action"] = '';
+
+ $app->log('SSL Certificate not saved. The SSL cert contains domain acme.invalid.', LOGLEVEL_WARN);
+ $app->dbmaster->datalogError('SSL Certificate not saved. The SSL cert contains domain acme.invalid.');
+
+ /* Update the DB of the (local) Server */
+ $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
+
+ /* Update also the master-DB of the Server-Farm */
+ $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
+ }
+ }
//* Save a SSL certificate to disk
if($data["new"]["ssl_action"] == 'save') {
@@ -289,11 +309,11 @@ class nginx_plugin {
$app->system->unlink($csr_file);
$app->system->unlink($crt_file);
/* Update the DB of the (local) Server */
- $app->db->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '' WHERE domain = ?", $data['new']['domain']);
- $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
+ $app->db->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '' WHERE domain = ? AND server_id = ?", $data['new']['domain'], $data['new']['server_id']);
+ $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ? AND server_id = ?", $data['new']['domain'], $data['new']['server_id']);
/* Update also the master-DB of the Server-Farm */
- $app->dbmaster->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '' WHERE domain = ?", $data['new']['domain']);
- $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
+ $app->dbmaster->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '' WHERE domain = ? AND server_id = ?", $data['new']['domain'], $data['new']['server_id']);
+ $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ? AND server_id = ?", $data['new']['domain'], $data['new']['server_id']);
$app->log('Deleting SSL Cert for: '.$domain, LOGLEVEL_DEBUG);
}
@@ -528,10 +548,10 @@ class nginx_plugin {
$fstab_line_old = '/var/log/ispconfig/httpd/'.$data['old']['domain'].' '.$data['old']['document_root'].'/'.$old_log_folder.' none bind';
if($web_config['network_filesystem'] == 'y') {
- $fstab_line = '/var/log/ispconfig/httpd/'.$data['new']['domain'].' '.$data['new']['document_root'].'/'.$log_folder.' none bind,nobootwait,_netdev 0 0';
+ $fstab_line = '/var/log/ispconfig/httpd/'.$data['new']['domain'].' '.$data['new']['document_root'].'/'.$log_folder.' none bind,nofail,_netdev 0 0';
$app->system->replaceLine('/etc/fstab', $fstab_line_old, $fstab_line, 0, 1);
} else {
- $fstab_line = '/var/log/ispconfig/httpd/'.$data['new']['domain'].' '.$data['new']['document_root'].'/'.$log_folder.' none bind,nobootwait 0 0';
+ $fstab_line = '/var/log/ispconfig/httpd/'.$data['new']['domain'].' '.$data['new']['document_root'].'/'.$log_folder.' none bind,nofail 0 0';
$app->system->replaceLine('/etc/fstab', $fstab_line_old, $fstab_line, 0, 1);
}
@@ -2862,7 +2882,17 @@ class nginx_plugin {
return $location;
}
- private function nginx_merge_locations($vhost_conf){
+ private function nginx_merge_locations($vhost_conf) {
+ global $app, $conf;
+
+ if(preg_match('/##subroot (.+?)\s*##/', $vhost_conf, $subroot)) {
+ if(!preg_match('/^(?:[a-z0-9\/_-]|\.(?!\.))+$/iD', $subroot[1])) {
+ $app->log('Token ##subroot is unsecure (server ID: '.$conf['server_id'].').', LOGLEVEL_WARN);
+ } else {
+ $insert_pos = strpos($vhost_conf, ';', strpos($vhost_conf, 'root '));
+ $vhost_conf = substr_replace($vhost_conf, ltrim($subroot[1], '/'), $insert_pos, 0);
+ }
+ }
$lines = explode("\n", $vhost_conf);
diff --git a/server/plugins-available/shelluser_base_plugin.inc.php b/server/plugins-available/shelluser_base_plugin.inc.php
index 74c6fa364f77611c77096ef7b53570690e1c00c1..9c4568901deef3e73b8051929ca94247070e6fd2 100755
--- a/server/plugins-available/shelluser_base_plugin.inc.php
+++ b/server/plugins-available/shelluser_base_plugin.inc.php
@@ -226,6 +226,9 @@ class shelluser_base_plugin {
$homedir_old = $data['old']['dir'].'/home/'.$data['old']['username'];
}
+ $app->log("Homedir New: ".$homedir, LOGLEVEL_DEBUG);
+ $app->log("Homedir Old: ".$homedir_old, LOGLEVEL_DEBUG);
+
// Check if the user that we want to update exists, if not, we insert it
if($app->system->is_user($data['old']['username'])) {
//* Remove webfolder protection
@@ -246,16 +249,27 @@ class shelluser_base_plugin {
$app->log("Executed command: $command ",LOGLEVEL_DEBUG);
*/
//$groupinfo = $app->system->posix_getgrnam($data['new']['pgroup']);
- if($homedir != $homedir_old && !is_dir($homedir)){
+ if($homedir != $homedir_old){
$app->system->web_folder_protection($web['document_root'], false);
- if(!is_dir($data['new']['dir'].'/home')){
+ // Rename dir, in case the new directory exists already.
+ if(is_dir($homedir)) {
+ $app->log("New Homedir exists, renaming it to ".$homedir.'_bak', LOGLEVEL_DEBUG);
+ $app->system->rename(escapeshellcmd($homedir),escapeshellcmd($homedir.'_bak'));
+ }
+ /*if(!is_dir($data['new']['dir'].'/home')){
$app->file->mkdirs(escapeshellcmd($data['new']['dir'].'/home'), '0750');
$app->system->chown(escapeshellcmd($data['new']['dir'].'/home'),escapeshellcmd($data['new']['puser']));
$app->system->chgrp(escapeshellcmd($data['new']['dir'].'/home'),escapeshellcmd($data['new']['pgroup']));
}
$app->file->mkdirs(escapeshellcmd($homedir), '0755');
$app->system->chown(escapeshellcmd($homedir),'root');
- $app->system->chgrp(escapeshellcmd($homedir),'root');
+ $app->system->chgrp(escapeshellcmd($homedir),'root');*/
+
+ // Move old directory to new path
+ $app->system->rename(escapeshellcmd($homedir_old),escapeshellcmd($homedir));
+ $app->file->mkdirs(escapeshellcmd($homedir), '0750');
+ $app->system->chown(escapeshellcmd($homedir),escapeshellcmd($data['new']['puser']));
+ $app->system->chgrp(escapeshellcmd($homedir),escapeshellcmd($data['new']['pgroup']));
$app->system->web_folder_protection($web['document_root'], true);
} else {
if(!is_dir($homedir)){
diff --git a/server/plugins-available/shelluser_jailkit_plugin.inc.php b/server/plugins-available/shelluser_jailkit_plugin.inc.php
index 69a041c037e4c2f96907ae2bd58b3ff8c09ee287..295112d4230e1f77ad55b862b78f5bba577d6506 100755
--- a/server/plugins-available/shelluser_jailkit_plugin.inc.php
+++ b/server/plugins-available/shelluser_jailkit_plugin.inc.php
@@ -350,6 +350,11 @@ class shelluser_jailkit_plugin {
//add the user to the chroot
$jailkit_chroot_userhome = $this->_get_home_dir($this->data['new']['username']);
+ if(isset($this->data['old']['username'])) {
+ $jailkit_chroot_userhome_old = $this->_get_home_dir($this->data['old']['username']);
+ } else {
+ $jailkit_chroot_userhome_old = '';
+ }
$jailkit_chroot_puserhome = $this->_get_home_dir($this->data['new']['puser']);
if(!is_dir($this->data['new']['dir'].'/etc')) mkdir($this->data['new']['dir'].'/etc', 0755);
@@ -398,13 +403,19 @@ class shelluser_jailkit_plugin {
$this->app->log("Added jailkit user to chroot with command: ".$command, LOGLEVEL_DEBUG);
- if(!is_dir($this->data['new']['dir'].$jailkit_chroot_userhome)) mkdir(escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_userhome), 0755, true);
+ if(!is_dir($this->data['new']['dir'].$jailkit_chroot_userhome)) {
+ if(is_dir($this->data['old']['dir'].$jailkit_chroot_userhome_old)) {
+ $app->system->rename(escapeshellcmd($this->data['old']['dir'].$jailkit_chroot_userhome_old),escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_userhome));
+ } else {
+ mkdir(escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_userhome), 0750, true);
+ }
+ }
$app->system->chown(escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_userhome), $this->data['new']['username']);
$app->system->chgrp(escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_userhome), $this->data['new']['pgroup']);
$this->app->log("Added created jailkit user home in : ".$this->data['new']['dir'].$jailkit_chroot_userhome, LOGLEVEL_DEBUG);
- if(!is_dir($this->data['new']['dir'].$jailkit_chroot_puserhome)) mkdir(escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_puserhome), 0755, true);
+ if(!is_dir($this->data['new']['dir'].$jailkit_chroot_puserhome)) mkdir(escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_puserhome), 0750, true);
$app->system->chown(escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_puserhome), $this->data['new']['puser']);
$app->system->chgrp(escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_puserhome), $this->data['new']['pgroup']);