ISPConfig 3 issueshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues2020-07-09T13:41:56Zhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5443optical issue at autoresponder2020-07-09T13:41:56ZWHOoptical issue at autoresponderif we create an autorepsonder and click at the date line an popup occours.
The images to scroll the calendar forward and backward are not shown.if we create an autorepsonder and click at the date line an popup occours.
The images to scroll the calendar forward and backward are not shown.3.2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5440MariaDB: Field 'nginx_directives' doesn't have a default value2020-07-24T10:32:09ZMartin SebaldMariaDB: Field 'nginx_directives' doesn't have a default value## short description
After upgrading MariaDB from 10.1 to 10.4 I experienced the SQL error "Field 'nginx_directives' doesn't have a default value" when trying to add/modify a web domain, alias domain... The problem is that that MariaDB c...## short description
After upgrading MariaDB from 10.1 to 10.4 I experienced the SQL error "Field 'nginx_directives' doesn't have a default value" when trying to add/modify a web domain, alias domain... The problem is that that MariaDB changed SQL_MODE starting 10.2.4.
## correct behaviour
No error.
## environment
Server OS: Debian
Server OS version: 9.0 Stretch with MariaDB 10.4.8 from the original MariaDB repositories (downloads.mariadb.com)
ISPConfig version: 3.1.15p2
## proposed fix
I first entered a default value for 'nginx_directives' in the table web_domain by allowing NULL as a default value. No idea if that is a correct default value. So I changed it back and fixed the problem by changing the default value of the SQL_MODE of MariaDB by leaving out STRICT_TRANS_TABLES.
In my eyes it would be good to have a default value for the field as STRICT_TRANS_TABLES is in the default value for SQL_MODE of MariaDB starting in 10.2.4 - so everybody will experience the problem after upgrading.
## references
https://mariadb.com/kb/en/library/sql-mode/3.2Marius BurkardMarius Burkardhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5434BUG - Cleanup website tmp directories2020-01-22T09:49:00ZDaniel KovářBUG - Cleanup website tmp directories## short description
Cleanup website tmp directories doesnt work
## correct behaviour
Cleanup website tmp directories
## environment
Server OS: ubuntu
Server OS version: 18.04
ISPConfig version: 3.1.15p1
If it might be related to ...## short description
Cleanup website tmp directories doesnt work
## correct behaviour
Cleanup website tmp directories
## environment
Server OS: ubuntu
Server OS version: 18.04
ISPConfig version: 3.1.15p1
If it might be related to the problem
/ispconfig/server/lib/classes/cron.d/200-logfiles.inc.php
## proposed fix
row 220:
{-exec("cd ?; find . -mtime +1 -name 'sess_*' | grep -v -w .no_delete | xargs rm > /dev/null 2> /dev/null", $tmp_path);-}
new:
{+$app->system->exec_safe("cd ?; find . -mtime +1 -name 'sess_*' | grep -v -w .no_delete | xargs rm > /dev/null 2> /dev/null", $tmp_path);+}
## references
## screenshots
## log entries3.2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5429Wrong class variable in server/lib/classes/db_mysql.inc.php LINE 2752019-10-16T15:10:51ZMathiasWrong class variable in server/lib/classes/db_mysql.inc.php LINE 275## short description
Multi-Server environment should connect to master server but spelling mistake in
[server/lib/classes/db_mysql.inc.php LINE 275](https://git.ispconfig.org/ispconfig/ispconfig3/blob/master/server/lib/classes/db_mysql.i...## short description
Multi-Server environment should connect to master server but spelling mistake in
[server/lib/classes/db_mysql.inc.php LINE 275](https://git.ispconfig.org/ispconfig/ispconfig3/blob/master/server/lib/classes/db_mysql.inc.php#L275) forbid this and cron.log fills with warnings.
## correct behaviour
*$this->i**s**ConnId* should be **$this->iConnId**
## environment
Server OS: Debian 10
Server OS version: buster
ISPConfig version: 3.1.15p13.1.15p2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5425Valid delete requests blocked by CSRF check2019-10-11T14:57:24ZTill BrehmValid delete requests blocked by CSRF checkSome valid delete requests were blocked by csrf check function.Some valid delete requests were blocked by csrf check function.3.1.15p2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5424Unable to change passwd or user of admin2019-10-11T14:53:41ZJordi OlléUnable to change passwd or user of adminUnable to change passwd or user of admin.
I have installed today a new server and when I try to change the admin passwd or the name of user admin we receive:
1. Invalid chars in App theme.
It is impossible to change pa...Unable to change passwd or user of admin.
I have installed today a new server and when I try to change the admin passwd or the name of user admin we receive:
1. Invalid chars in App theme.
It is impossible to change passwd or the name of user admin under system CP Users…
It seems a bug into this version…3.1.15p2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5420Improve input filters for Tools > Interface settings2019-10-08T16:26:49ZTill BrehmImprove input filters for Tools > Interface settingsImprove the input checks for Tools > Interface settings. This change was recommended by RACK911 LABS.Improve the input checks for Tools > Interface settings. This change was recommended by RACK911 LABS.3.1.15p1https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5419white/blacklist using rspamd matches against "smtp from" only2021-08-06T22:55:53ZZakwhite/blacklist using rspamd matches against "smtp from" onlyI'am not sure how this is handled when using amavis, but in rspamd the generated config matches against the "smtp from" - instead of the "header from".\
Althought this might be more precise, a lot of end users don't even have knowledge o...I'am not sure how this is handled when using amavis, but in rspamd the generated config matches against the "smtp from" - instead of the "header from".\
Althought this might be more precise, a lot of end users don't even have knowledge of the smtp from/return-path header and in times of SRS it's pretty much impossible to get a match when not using regex matching anyway.\
Furthermore there is no guarantee that "smtp from" and the "header from" are equal or even using the same domain. Hence the black/whitelisting might not have the desired effect from the end user perspective.
## proposed fix
Since no "or" matching is available in rspamd (at least not between different attributes), a second stanza matching the from header could be introduced:
`header = { "From" = "sender@domain.tld"; }`Jesse NorellJesse Norellhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5418Database user creation not working on MySQL 82020-09-19T11:33:24ZViktorDatabase user creation not working on MySQL 8Dear all,
I would like to ask for your support if you have a solution but haven't postid it yes (I could not find any solution on Google) to how to fix database user creation function where db server is MySQL 8.
There is an SQL syntax ...Dear all,
I would like to ask for your support if you have a solution but haven't postid it yes (I could not find any solution on Google) to how to fix database user creation function where db server is MySQL 8.
There is an SQL syntax error on creation due to PASSWORD() function has been removed (ALSO DECRAPTED ON MYSQL 5.7 !!!) and the logic of user creation is also changed: we have to use CREATE USER function first then on a second command GRANT permissions for our newly created user.
I have checked mysql_clientdb_plugin.inc.php but I have to admit I could not get what's the idea behind.
I'm running my MySQL 8 server with mysql_native_password support due for better compatibility.
I tried to get rid of PASSWORD() function by double SHA1 the password with a PHP function:
```
function sqlPassword($input) {
$pass = strtoupper(
sha1(
sha1($input, true)
)
);
$pass = '*' . $pass;
return $pass;
}
```
Plus also extend the SQL command of a new user but without success:
```
if(!$link->query("CREATE USER ".$link->escape_string($database_user)."'@'$db_host'"." IDENTIFIED WITH mysql_native_password BY '".$link->escape_string($database_password_native)."';");
if(!$link->query("GRANT " . $grants . " ON `".$link->escape_string($database_name)."`.* TO '".$link->escape_string($database_user)."'@'$db_host';")) $success = false;
```
Any help would be appreciated!
Thank you!3.2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5417Lower privileges for processes creating / reading web files and directories2019-10-09T14:14:38ZTill BrehmLower privileges for processes creating / reading web files and directoriesAdd or extend the file write and read functions to add support to drop privileges when a file is written or read.
This feature was suggested by RACK911 LABS.Add or extend the file write and read functions to add support to drop privileges when a file is written or read.
This feature was suggested by RACK911 LABS.3.1.15p1Marius BurkardMarius Burkardhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5416Hashed password visible in processlist when using useradd on shell users2019-10-09T14:15:09ZMarius BurkardHashed password visible in processlist when using useradd on shell usersThe useradd command on creation of shell users is given the sha-256-hashed password via command line. This makes the sha hash visible to process listing tools like `ps`.
This issue has been reported to us by RACK911 LABS.The useradd command on creation of shell users is given the sha-256-hashed password via command line. This makes the sha hash visible to process listing tools like `ps`.
This issue has been reported to us by RACK911 LABS.3.1.15p1Marius BurkardMarius Burkardhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5415Insufficient CSRF check for delete actions2019-10-09T14:15:50ZTill BrehmInsufficient CSRF check for delete actionsWhile Edit actions are protected correctly, delete actions in ISPConfig were not protected against CSRF attacks.
This issue has been reported to us by RACK911 LABS.While Edit actions are protected correctly, delete actions in ISPConfig were not protected against CSRF attacks.
This issue has been reported to us by RACK911 LABS.3.1.15p1Till BrehmTill Brehmhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5401Rspamd plugin does not handle delete of users and addresses correctly2019-09-18T11:32:17ZMarius BurkardRspamd plugin does not handle delete of users and addresses correctlyWhen deleting spamfilter users / email addresses / domains the corresponding conf might not be deleted due to a wrong event name check.When deleting spamfilter users / email addresses / domains the corresponding conf might not be deleted due to a wrong event name check.3.1.15p1https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5393when using pigz, tar arguments for backup are in wrong order2019-09-18T11:32:34ZTill Brehmwhen using pigz, tar arguments for backup are in wrong orderhttps://www.howtoforge.com/community/threads/backup-error.82730/https://www.howtoforge.com/community/threads/backup-error.82730/3.1.15p1https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5380deleting a mailbox should also delete any backups2019-09-02T20:10:01Zfireba11deleting a mailbox should also delete any backups## short description
Deleting a mailbox does not delete it's backups in the filesystem.
(Talking about the backup tab on each mailbox.)
## correct behaviour
Backups should be deleted as well
## environment
Server OS: debian
Server OS v...## short description
Deleting a mailbox does not delete it's backups in the filesystem.
(Talking about the backup tab on each mailbox.)
## correct behaviour
Backups should be deleted as well
## environment
Server OS: debian
Server OS version: buster
ISPConfig version: 3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5379Rspamd has inconsistent greylisting setting2021-04-16T15:24:58ZMarius BurkardRspamd has inconsistent greylisting settingWhen using rspamd the greylisting is set via spamfilter policies. Instead it should use the same setting that are used by amavis (mail user, mail fwd/alias, mail catchall).When using rspamd the greylisting is set via spamfilter policies. Instead it should use the same setting that are used by amavis (mail user, mail fwd/alias, mail catchall).3.1.15Marius BurkardMarius Burkardhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5378Greylisting setting not respected under some circumstances2019-08-30T13:27:13ZMarius BurkardGreylisting setting not respected under some circumstancesIf a catchall is defined for a mail domain and the target has configured greylisting "yes", then it is not possible to disable greylisting for a specific mail account of that domain.
This does not affect rspamd.
The query for that is
`...If a catchall is defined for a mail domain and the target has configured greylisting "yes", then it is not possible to disable greylisting for a specific mail account of that domain.
This does not affect rspamd.
The query for that is
```sql
SELECT 'greylisting' FROM (SELECT greylisting, source AS email FROM mail_forwarding WHERE server_id = {server_id} UNION SELECT greylisting, email FROM mail_user WHERE server_id = {server_id}) addresses WHERE addresses.email='%s' AND addresses.greylisting='y' UNION SELECT 'greylisting' FROM `mail_forwarding` f CROSS JOIN `mail_user` u ON u.email = f.destination WHERE f.type = 'catchall' AND u.greylisting = 'y' AND u.server_id = {server_id} AND f.source = '@%s'
```
The "UNION SELECT" part is responsible for this behaviour.3.1.15https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5373No file when dns zone delete.2019-08-29T12:15:09ZMarek AdamskiNo file when dns zone delete.## short description
in ispconfig i select domain to delete
## correct behaviour
root@server /usr/local/ispconfig/server/server.sh
sh: /usr/local/ispconfig/server/scripts/dnssec-delete.sh: file not found
## environment
Server OS: debi...## short description
in ispconfig i select domain to delete
## correct behaviour
root@server /usr/local/ispconfig/server/server.sh
sh: /usr/local/ispconfig/server/scripts/dnssec-delete.sh: file not found
## environment
Server OS: debian
Server OS version: stretch
ISPConfig version: 3.1.14p2
3.1.15https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5372Re-use dashboard dashlets as tab on client2023-07-30T13:43:47ZHelmoRe-use dashboard dashlets as tab on clientAs admin you see data for all clients on your dashboard.
And as client you see your own usage.
But how can I as an admin see the overview of what a specific client is using?
Just an idea ... Can't we add an extra tab when viewing a cli...As admin you see data for all clients on your dashboard.
And as client you see your own usage.
But how can I as an admin see the overview of what a specific client is using?
Just an idea ... Can't we add an extra tab when viewing a client. Besides 'Address' and 'Limits' I'd like to have an overview or 'dashboard'.
Additionally it might then be nice to make the make the statistics rows clickable to directly navigate to a certain mail account.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5370Web server config cannot be deselected as client2023-08-29T17:05:16ZWHOWeb server config cannot be deselected as client## short description
As a client, if you have activated a Web server config (Apache) for a website, the directive snippet cannot be deselected.
The change to "-" is not saved.
As Admin however it is possible to deselect the directive s...## short description
As a client, if you have activated a Web server config (Apache) for a website, the directive snippet cannot be deselected.
The change to "-" is not saved.
As Admin however it is possible to deselect the directive snippet at *Sites* => *Websites*.
## correct behaviour
Web server config should be deselected and entry in apache2.conf should be removed.
## environment
Server OS: Debian
Server OS version: Stretch
ISPConfig version: 3.1.13p1