ISPConfig 3 issueshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues2020-07-31T06:58:29Zhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5683webalizer exec -> safe_exec2020-07-31T06:58:29ZJesse Norellwebalizer exec -> safe_execSee https://www.howtoforge.com/community/threads/warning-150-webalizer-inc-php-exec-expects-at-most-3-parameters-4-given.84849/See https://www.howtoforge.com/community/threads/warning-150-webalizer-inc-php-exec-expects-at-most-3-parameters-4-given.84849/3.2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5682Wrong page after user settings save2020-07-30T14:12:02ZTorsten WidmannWrong page after user settings saveLatest Git-Stable:
can't switch Language in User Menu
Latest Git-Stable:
can't switch Language in User Menu
3.2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5681mysql-verify_recipients.cf owner/permissions2020-07-30T12:53:48ZJesse Norellmysql-verify_recipients.cf owner/permissionsI updated a machine to git-stable this morning and found `/etc/postfix/mysql-verify_recipients.cf` was created with owner root:root and perm 600 - that needs to be root:postfix and 640.
Maybe this is just me? I compared with `mysql-vir...I updated a machine to git-stable this morning and found `/etc/postfix/mysql-verify_recipients.cf` was created with owner root:root and perm 600 - that needs to be root:postfix and 640.
Maybe this is just me? I compared with `mysql-virtual_alias_domains.cf` which was correct, and don't see any differences in how the file is handled. Someone else should check though and confirm.3.2Till BrehmTill Brehmhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/56803.1dev: Can't save mailbox when send outgoing copy to is empty2020-07-30T08:20:50ZThom3.1dev: Can't save mailbox when send outgoing copy to is empty![image](/uploads/d04299b383be5aa676180843025d5315/image.png)![image](/uploads/d04299b383be5aa676180843025d5315/image.png)3.2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5678Latest Git Stable - Unable to choose PHP Version2020-07-30T07:42:16ZTorsten WidmannLatest Git Stable - Unable to choose PHP VersionWith latest Git-Stable it's not possible to choose a PHP Version. It stucks on last one.With latest Git-Stable it's not possible to choose a PHP Version. It stucks on last one.3.2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5662installer (gentoo) $dovecot_version empty2020-07-27T14:40:58ZChristianinstaller (gentoo) $dovecot_version emptyinstall/dist/lib/gentoo.lib.php
SEARCH
```
version_compare
```
ADD BEFORE
```
//* Get the dovecot version
exec('dovecot --version', $tmp);
$dovecot_version = $tmp[0];
unset($tmp);
```
copied from install/dist/lib/debian60.lib.phpinstall/dist/lib/gentoo.lib.php
SEARCH
```
version_compare
```
ADD BEFORE
```
//* Get the dovecot version
exec('dovecot --version', $tmp);
$dovecot_version = $tmp[0];
unset($tmp);
```
copied from install/dist/lib/debian60.lib.php3.2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5657cron_debug.php script broken, calls some non existing cronjob functions.2020-07-03T13:47:10ZJesse Norellcron_debug.php script broken, calls some non existing cronjob functions.All cronjobs (or the base 'cronjob' class') need an isRunning() function added or they can't be run manually:
```# php /usr/local/ispconfig/server/cron_debug.php --cronjob=100-monitor_email_quota.inc.php
PH...All cronjobs (or the base 'cronjob' class') need an isRunning() function added or they can't be run manually:
```# php /usr/local/ispconfig/server/cron_debug.php --cronjob=100-monitor_email_quota.inc.php
PHP Fatal error: Uncaught Error: Call to undefined method cronjob_monitor_email_quota::isRunning() in /usr/local/ispconfig/server/cron_debug.php:76
Stack trace:
#0 {main}
thrown in /usr/local/ispconfig/server/cron_debug.php on line 76
```
Cf. https://git.ispconfig.org/ispconfig/ispconfig3/-/commit/b34b1ad5bbc8d75db927116b517e6a23761e42bb#8d6419c0e5202932371f39681470bffbf20e7346_65_763.2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5656Improve FCGI starter scripts2020-07-23T16:59:30ZTill BrehmImprove FCGI starter scriptsImprove the setup of fcgi starter scripts by setting the immutable bit either on the starter script or on its directory.Improve the setup of fcgi starter scripts by setting the immutable bit either on the starter script or on its directory.3.2Marius BurkardMarius Burkardhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5652Crontab deletion after website removal2020-07-24T12:47:50ZBrianCrontab deletion after website removalHey, when deleting website which has created any crontab I got error "Parent domain not found" which is triggered by cron_plugin.inc.php, function delete, wherein the beginning is
```
//* get data from web
$parent_domain = $app->db->que...Hey, when deleting website which has created any crontab I got error "Parent domain not found" which is triggered by cron_plugin.inc.php, function delete, wherein the beginning is
```
//* get data from web
$parent_domain = $app->db->queryOneRecord("SELECT `domain_id`, `system_user`, `system_group`, `document_root`, `hd_quota` FROM `web_domain` WHERE `domain_id` = ?", $data["old"]["parent_domain_id"]);
if(!$parent_domain["domain_id"]) {
$app->log("Parent domain not found", LOGLEVEL_WARN);
return 0;
}
```
The query is empty of course because the record was deleted already when the website was deleted from GUI.
The problem is, when crontab is not deleted and it contains username assigned for a deleted website, this user is no longer available in the system and other crons after this crontab file (in alphabet order) stop working.
The expected behaviour is the deletion of crontab file when deleting a website from WebGUI.3.2Marius BurkardMarius Burkardhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5648Directories of sub- or aliasdomains (vhost) owned by root2020-07-24T09:32:11ZWHODirectories of sub- or aliasdomains (vhost) owned by root## short description
When creating a sub- or aliasdomains (vhost) with **multiple** directories like this
![Bildschirmfoto_2020-06-17_um_10.19.28](/uploads/7065ab8e569a058d859fd91b3a70f13e/Bildschirmfoto_2020-06-17_um_10.19.28.png)
the...## short description
When creating a sub- or aliasdomains (vhost) with **multiple** directories like this
![Bildschirmfoto_2020-06-17_um_10.19.28](/uploads/7065ab8e569a058d859fd91b3a70f13e/Bildschirmfoto_2020-06-17_um_10.19.28.png)
the first directory "b" belongs to root:
![Bildschirmfoto_2020-06-17_um_10.20.54](/uploads/fe65682082fba5a2790673cfc4363e44/Bildschirmfoto_2020-06-17_um_10.20.54.png)
When deleting the sub- or aliasdomains (vhost) in ISP, the directories still exist and can't be deleted by account user
## correct behaviour
Directories should belong to account user otherwise they can't be deleted
or should be deleted when deleting a sub- or aliasdomain(?)
## environment
Server OS: Debian
Server OS version: Buster
ISPConfig version: 3.1.15p33.2Marius BurkardMarius Burkardhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5624Failed to make backup of web files, because of unknown backup format gzip (IS...2020-05-29T09:48:38ZPatrick SchlesingerFailed to make backup of web files, because of unknown backup format gzip (ISPConfig dev version)## short description
After updating the ISPConfig installation on a mutiserver setup the manual and automatic backups do not work anymore.
## environment
```
Operating System: Debian 10.0 (Buster)
```
```
Version: ispconfig3-stable-3...## short description
After updating the ISPConfig installation on a mutiserver setup the manual and automatic backups do not work anymore.
## environment
```
Operating System: Debian 10.0 (Buster)
```
```
Version: ispconfig3-stable-3.1-e69a5b3f683d75e782613577f89e5be3e97d4f27
```
```
nginx version: nginx/1.14.2
```
```
gzip 1.9
```
```
# which gzip
/usr/bin/gzip
```
```
PHP 7.3.18-1+0~20200514.58+debian10~1.gbp12fa4f
```
## log entries
```
28.05.2020-22:27 - DEBUG - Triggered backup routine for domain id 8, action name backup_web_files
28.05.2020-22:27 - DEBUG - safe_exec cmd: mount 2>/dev/null | grep ' on /backup type ' - return code: 0
28.05.2020-22:27 - ERROR - Failed to make backup of web files, because of unknown backup format gzip for website domain.de
28.05.2020-22:27 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
```3.2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5620"Use SMTP to send system mails" should work with default smtp settings2020-06-09T05:47:06ZJesse Norell"Use SMTP to send system mails" should work with default smtp settingsIf you check the "Use SMTP to send system mails" checkbox and leave the other smtp settings the same, password reset emails stop working and there is no error/indication when this happens. Using 'localhost' as a server name in particula...If you check the "Use SMTP to send system mails" checkbox and leave the other smtp settings the same, password reset emails stop working and there is no error/indication when this happens. Using 'localhost' as a server name in particular should be allowed, as that is the default.
https://www.howtoforge.com/community/threads/password-reset-email-not-sent.84349/3.2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5614Fix home initialization for Jailkit (incl. Fix)2020-08-26T16:19:06ZTill BrehmFix home initialization for Jailkit (incl. Fix)The previous dir (without `./home/$user`) causes usermod to crash when some FPM processes are already launched for the UID (in `server/scripts/create_jailkit_user.sh`), so jk_jailuser is not able to detect the home inside the jail, inser...The previous dir (without `./home/$user`) causes usermod to crash when some FPM processes are already launched for the UID (in `server/scripts/create_jailkit_user.sh`), so jk_jailuser is not able to detect the home inside the jail, inserting an empty one in the passwd file, and causing an error when the user want to connect via SSH for example.
https://git.ispconfig.org/ispconfig/ispconfig3/-/merge_requests/7953.2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5607Clicking from search result alias/child domain fails to open2020-07-08T19:06:50ZHelmoClicking from search result alias/child domain fails to openWhen you use the search function to look for an alias or child domain it shows the result but clicking the link fails to open.
With the Firefox developer tools I noticed that the https response was 'redirect contains unallowed chars.'
...When you use the search function to look for an alias or child domain it shows the result but clicking the link fails to open.
With the Firefox developer tools I noticed that the https response was 'redirect contains unallowed chars.'
It tries to load `capp.php?mod=sites&redirect=sites/web_childdomain_edit.php%3Fid%3D291%26type%3Daliasdomain`
The `%26` in there is the & char, from the extra 'type=aliasdomain' parameter. Regular domains only get the `id` parameter.
The patch below is a quick fix to allow the extra `type` parameter. Would that be sufficient?
```patch
diff --git a/interface/web/capp.php b/interface/web/capp.php
index 39392691f..5d49fe80d 100755
--- a/interface/web/capp.php
+++ b/interface/web/capp.php
@@ -43,7 +43,7 @@ if($_SESSION["s"]["user"]['active'] != 1) {
}
if(!preg_match("/^[a-z]{2,20}$/i", $mod)) die('module name contains unallowed chars.');
-if($redirect != '' && !preg_match("/^[a-z0-9]+\/[a-z0-9_\.\-]+\?id=[0-9]{1,9}$/i", $redirect)) die('redirect contains unallowed chars.');
+if($redirect != '' && !preg_match("/^[a-z0-9]+\/[a-z0-9_\.\-]+\?id=[0-9]{1,9}(\&type=[a-z0-9_\.\-]+)?$/i", $redirect)) die('redirect contains unallowed chars.');
//* Check if user may use the module.
$user_modules = explode(",", $_SESSION["s"]["user"]["modules"]);
```3.2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5602mailman images not showing [nginx fix]2020-07-24T09:25:55ZBarretmailman images not showing [nginx fix]The images on the bottom of the web interface are not showing,
The problem is located in `000-apps.vhost` at the mailman image directive.
Nginx fix:
```
#location /images/mailman {
# alias /usr/share/images/mail...The images on the bottom of the web interface are not showing,
The problem is located in `000-apps.vhost` at the mailman image directive.
Nginx fix:
```
#location /images/mailman {
# alias /usr/share/images/mailman;
#}
location ^~ /images/mailman {
alias /usr/share/images/mailman;
}
```
Running ISPConfig 3.1.15p3 on Debian 10 using Nginx3.2Marius BurkardMarius Burkardhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5593Data too long for column 'id_rsa' at row 12020-07-27T15:03:35ZTrimilurData too long for column 'id_rsa' at row 1While you create a new customer you can switch to "Limits". If you filled all requiered fields and switch to Limits you get "Data too long for column 'id_rsa' at row 1" error.
PHP7.4-FPM
NGINX
ISPConfig 3.1.15p3
Ubuntu 20.4While you create a new customer you can switch to "Limits". If you filled all requiered fields and switch to Limits you get "Data too long for column 'id_rsa' at row 1" error.
PHP7.4-FPM
NGINX
ISPConfig 3.1.15p3
Ubuntu 20.43.2Till BrehmTill Brehmhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5588CAA for Sectigo2023-04-29T19:13:26ZPacoCAA for SectigoHello,
Comodo rebranded their company, change his name and now called Sectigo.
In DNS zone menu, when you try to add CAA for Sectigo - issuer was missing.
https://sectigo.com/comodo
When I check - issuers contained in dbispconfig da...Hello,
Comodo rebranded their company, change his name and now called Sectigo.
In DNS zone menu, when you try to add CAA for Sectigo - issuer was missing.
https://sectigo.com/comodo
When I check - issuers contained in dbispconfig database -> dns_ssl_ca table.
I do not want to manually insert a row in this table, as I am not sure if this would break the dbispconfig database in a possible future update for ISPConfig.
It is possible Sectigo to be added in next releases of ISPConfig?
3.2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5585DNS Zone import misclassifies record type's as host names2020-06-09T17:17:21ZMichał MosiewiczDNS Zone import misclassifies record type's as host names## short description
In case of the following snippet:
```
IN NS ns1.xxx.
IN NS ns2.xxx.
IN MX 10 mail.xxx.
IN MX 15 backup.xxx.
IN CAA 0 issue "letsencrypt.org"
IN CAA 0 issue "rapidssl.com"
IN CAA 0 iodef "mailto:admin...## short description
In case of the following snippet:
```
IN NS ns1.xxx.
IN NS ns2.xxx.
IN MX 10 mail.xxx.
IN MX 15 backup.xxx.
IN CAA 0 issue "letsencrypt.org"
IN CAA 0 issue "rapidssl.com"
IN CAA 0 iodef "mailto:admin@xxx"
IN CAA 0 issue "sectigo.com"
```
ISPConfig will import IN record type descriptors as names. So it will create records like:
```
in IN NS ns1.xxx.
in IN NS ns2.xxx.
in IN MX 10 mail.xxx.
in IN MX 15 backup.xxx.
in IN CAA 0 issue "letsencrypt.org"
in IN CAA 0 issue "rapidssl.com"
in IN CAA 0 iodef "mailto:admin@xxx"
in IN CAA 0 issue "sectigo.com"
```
## correct behaviour
The line should be imported as original
## environment
Server OS: doesn't matter
Server OS version: doesn't matter
ISPConfig version: 3.1.15p2
## proposed fix
This part of interface/web/dns/dns_import.php needs to be fixed:
```
if(is_numeric($parts[1])){
if($parts[2] == 'in'){
$resource_type = $parts[3];
$pkey = 3;
} else {
$resource_type = $parts[2];
$pkey = 2;
}
} else {
if($parts[1] == 'in'){
$resource_type = $parts[2];
$pkey = 2;
} else {
$resource_type = $parts[1];
$pkey = 1;
}
}
```
The above code looks only for lowercase record type descriptors. However RFC1035 uses uppercase:
> 3.2.4. CLASS values
>
> CLASS fields appear in resource records. The following CLASS mnemonics
> and values are defined:
>
> IN 1 the Internet
>
> CS 2 the CSNET class (Obsolete - used only for examples in
> some obsolete RFCs)
>
> CH 3 the CHAOS class
>
> HS 4 Hesiod [Dyer 87]
## references
Domain name zone file format is described in RFC1035 https://tools.ietf.org/html/rfc10353.2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5578security issue when creating ssh users2021-02-02T20:57:39ZKiss Károlysecurity issue when creating ssh users## short description
When creating ssh users with jailkit, it takes a while to create the jail. The user is first created, the shell is disabled
and the password locked. However these actions are done sequentially using separate commands...## short description
When creating ssh users with jailkit, it takes a while to create the jail. The user is first created, the shell is disabled
and the password locked. However these actions are done sequentially using separate commands. This leaves a very short time
for attackers to access the server's OS with a valid user and password. It is very hard to exploit but during a security audit our system has been accessed this way, so it is possible.
## correct behaviour
The newly created ssh user should be created with disabled login until the jail is created and login should be enabled after the shell is set to jk_chrootsh.
## environment
Server OS: debian
Server OS version: buster
ISPConfig version: 3.1dev
## proposed fix
add --disable-login to the adduser command and enable
## log entries
```
Apr 1 17:27:02 ispcwebtest02 useradd[14214]: new user: name=c6crash, UID=10033, GID=10033, home=/var/www/clients/client15/web33, shell=/bin/bash
Apr 1 17:27:02 ispcwebtest02 usermod[14229]: change user 'c6crash' shell from '/bin/bash' to '/bin/false'
Apr 1 17:27:02 ispcwebtest02 usermod[14229]: lock user 'c6crash' password
Apr 1 17:27:56 ispcwebtest02 usermod[21527]: change user 'c6crash' home from '/var/www/clients/client15/web33' to '/var/www/clients/client15/web33/./home/c6crash'
Apr 1 17:27:56 ispcwebtest02 usermod[21534]: change user 'c6crash' shell from '/bin/false' to '/usr/sbin/jk_chrootsh'
Apr 1 17:27:56 ispcwebtest02 usermod[21539]: change user 'web33' home from '/var/www/clients/client15/web33' to '/var/www/clients/client15/web33/./home/web33'
Apr 1 17:27:56 ispcwebtest02 usermod[21557]: unlock user 'c6crash' password
```3.2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5559Add CAA records via API2020-06-09T17:17:44ZcwispyAdd CAA records via APICan you please add the functions to remote.d/dns.php file and also the Remote User page under system settings? I have added the below to my test server and updated the table directly in the database to confirm its working, but it would b...Can you please add the functions to remote.d/dns.php file and also the Remote User page under system settings? I have added the below to my test server and updated the table directly in the database to confirm its working, but it would be good to have it added to the core.
//* Get record details
public function dns_caa_get($session_id, $primary_id) {
return $this->dns_rr_get($session_id, $primary_id, 'CAA');
}
//* Add a record
public function dns_caa_add($session_id, $client_id, $params, $update_serial=false) {
return $this->dns_rr_add($session_id, $client_id, $params, $update_serial, 'CAA');
}
//* Update a record
public function dns_caa_update($session_id, $client_id, $primary_id, $params, $update_serial=false) {
return $this->dns_rr_update($session_id, $client_id, $primary_id, $params, $update_serial, 'CAA');
}
//* Delete a record
public function dns_caa_delete($session_id, $primary_id, $update_serial=false) {
return $this->dns_rr_delete($session_id, $primary_id, $update_serial, 'CAA');
}3.2