ISPConfig 3 issueshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues2017-08-10T20:10:47Zhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3260Misspelling in Postfix Whitelist2017-08-10T20:10:47ZJoel RisbergMisspelling in Postfix WhitelistWhen selecting Postfix Whitelist, then Add New Whitelist Record, the tab at the top of the input form misspells Whitelist as "Witelist."
Thanks.When selecting Postfix Whitelist, then Add New Whitelist Record, the tab at the top of the input form misspells Whitelist as "Witelist."
Thanks.3.0.5.4p2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3259Change backup_dir_mount_cmd option in server config to mount script2018-12-15T18:14:51ZTill BrehmChange backup_dir_mount_cmd option in server config to mount scriptRemoved backup_dir_mount_cmd option from Sysstem > server config. The option has been replaced by a script /usr/local/ispconfig/server/scripts/backup_dir_mount.sh. If this script exists, is exacutable and is owned by the root user, then ...Removed backup_dir_mount_cmd option from Sysstem > server config. The option has been replaced by a script /usr/local/ispconfig/server/scripts/backup_dir_mount.sh. If this script exists, is exacutable and is owned by the root user, then it will be executed upfront of the backup jobs when the option "Backup directory is a mount?" is enabled in server config settings.3.0.5.4p2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3258ISPConfig 3 Local root vulnerability2017-06-20T22:34:25ZChris KesslerISPConfig 3 Local root vulnerabilityHello,
There exists a local root vulnerability leveraged by authenticated admin users of the panel.
This affects version 3.0.54p1
Please email admin@freeshells.org for further details.
Public exploit is planned for release 8/...Hello,
There exists a local root vulnerability leveraged by authenticated admin users of the panel.
This affects version 3.0.54p1
Please email admin@freeshells.org for further details.
Public exploit is planned for release 8/2/143.0.5.4p2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3257Website unaccessible under some circumstances when using seo redirection *.do...2017-08-10T20:10:47ZMarius BurkardWebsite unaccessible under some circumstances when using seo redirection *.domain to www.domainSetting seo redirect to *. -> www.domain.de creates a rewrite rule like this:
RewriteCond %{HTTP_HOST} !^www\.domain\.de$ [NC]
RewriteRule ^(.*)$ http://www.domain.de$1 [R=301,L]
If above domain is an aliasdomain to a website ...Setting seo redirect to *. -> www.domain.de creates a rewrite rule like this:
RewriteCond %{HTTP_HOST} !^www\.domain\.de$ [NC]
RewriteRule ^(.*)$ http://www.domain.de$1 [R=301,L]
If above domain is an aliasdomain to a website mydomain.com this will be unaccessible, because:
RewriteCond %{HTTP_HOST} !^www\.domain\.de$ [NC]
does also match www.mydomain.com or mydomain.com
Rewrite rule should be changed to use two conditions:
RewriteCond %{HTTP_HOST} \.domain\.de$ [NC]
RewriteCond %{HTTP_HOST} !^www\.domain\.de$ [NC]
Same for .* => domain (without www)
RewriteCond %{HTTP_HOST} \.domain\.de$ [NC]
RewriteCond %{HTTP_HOST} !^domain\.de$ [NC]3.0.5.4p2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3256Website cannot be modified when subdomain created as website2017-08-10T20:10:47ZMarius BurkardWebsite cannot be modified when subdomain created as websiteIf you create a website with domain mydomain.com and then create a second website with domain sub.mydomain.com you cannot modify the mydomain.com website anymore. An error occurs, saying the domain has to be unique.If you create a website with domain mydomain.com and then create a second website with domain sub.mydomain.com you cannot modify the mydomain.com website anymore. An error occurs, saying the domain has to be unique.3.0.5.4p2Marius BurkardMarius Burkardhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3252Login as button in cp user lits of system module not working2017-08-10T20:10:47ZTill BrehmLogin as button in cp user lits of system module not workingLogin as button in cp user lits of system module not workingLogin as button in cp user lits of system module not working3.0.5.4p2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3251php-fpm was broken in stable-3.0.5 git bramch due to vhost template changes o...2017-08-10T20:10:47ZTill Brehmphp-fpm was broken in stable-3.0.5 git bramch due to vhost template changes on june 6.php-fpm was broken in developer version from stable-3.0.5 git branch due to vhost template changes.php-fpm was broken in developer version from stable-3.0.5 git branch due to vhost template changes.3.0.5.4p2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3250Improve corrupt maildir removal function2018-12-15T18:14:51ZTill BrehmImprove corrupt maildir removal functionInstead od renoving couurupt maildirs, we will move them to a corrupted maildirs folder so the administrator can check the data.Instead od renoving couurupt maildirs, we will move them to a corrupted maildirs folder so the administrator can check the data.3.0.5.4p2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3249session.save_path directory listing possible for everyone2017-08-10T20:10:47ZJaneksession.save_path directory listing possible for everyoneThe default permissions for the session.save_path folder for every website (/var/www/<...>/tmp) allow listing of the stored files for everyone. While reading of the files inside is not possible, it still allows session hijacking for unpr...The default permissions for the session.save_path folder for every website (/var/www/<...>/tmp) allow listing of the stored files for everyone. While reading of the files inside is not possible, it still allows session hijacking for unprivileged users on the same web server.
I'm using ISPConfig 3.0.5.4p1 in a multiserver setup with both nginx and Apache servers. PHP is set to PHP-FPM.
The tmp directories should have 0700 permissions to prevent access to the session fields for completely different customers on the server and also access from different websites of the same customer.3.0.5.4p2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3245Configure server hostname trough ISPConfig2018-12-15T18:14:51ZTill BrehmConfigure server hostname trough ISPConfigConfigure server hostname trough ISPConfigConfigure server hostname trough ISPConfig3.0.5.4p2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3242Wrong Traffic Calculation - vlogger2017-08-10T20:10:47ZStefano V.Wrong Traffic Calculation - vloggerHi,
downloading a ~50mb file with curl and stopping it after few seconds
curl -D - --limit-rate 20k http://example.com/myfile.pdf -o /dev/null
/var/log/apache2/other_vhosts_access.log
example.com:80 1.2.3.4 - - [15/Jul/2014:16:...Hi,
downloading a ~50mb file with curl and stopping it after few seconds
curl -D - --limit-rate 20k http://example.com/myfile.pdf -o /dev/null
/var/log/apache2/other_vhosts_access.log
example.com:80 1.2.3.4 - - [15/Jul/2014:16:27:28 +0200] "GET /myfile.pdf HTTP/1.1" 200 301184 "-" "curl/7.26.0"
/var/log/ispconfig/httpd/example.com/access.log
1.2.3.4 - - [15/Jul/2014:16:27:28 +0200] "GET /myfile.pdf HTTP/1.1" 200 43669812 "-" "curl/7.26.0"
To Vlogger is passed the size of response in bytes (filesize) instead of the real traffic sent, respectly the directive %B instead of %O
vlogger per domain
LogFormat "%v %h %l %u %t \"%r\" %>s %B \"%{Referer}i\" \"%{User-Agent}i\"" combined_ispconfig
other_vhosts_access.log
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
This wrong calculation can have an high impact in presence of a Traffic Quota because with few hundred/thousand of forged requests to a mediumsize file the websites will go easily over traffic and so auto disabled.3.0.5.4p2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3234Unattended install mode for ISPConfig install and update scripts2018-12-15T18:14:54ZTill BrehmUnattended install mode for ISPConfig install and update scriptsUnattended install mode for ISPConfig install and update scriptsUnattended install mode for ISPConfig install and update scripts3.0.5.4p2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3233Der in Session-Timeout eingegebene Wert wird nicht durch Aktivität verlängert2017-08-10T20:10:47ZramsysDer in Session-Timeout eingegebene Wert wird nicht durch Aktivität verlängerthttp://www.howtoforge.de/forum/entwicklerforum-15/logout-nach-eingestellter-zeit-7847/http://www.howtoforge.de/forum/entwicklerforum-15/logout-nach-eingestellter-zeit-7847/3.0.5.4p2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3232dovecot-sql.conf: add server_id2017-08-10T20:10:47ZFalko Timmef.timme@timmehosting.dedovecot-sql.conf: add server_iddovecot-sql.conf: add server_id to password_query and user_querydovecot-sql.conf: add server_id to password_query and user_query3.0.5.4p2Marius BurkardMarius Burkardhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3227APS instaleld packages, group permission in DB wrong2017-08-10T20:10:47ZTill BrehmAPS instaleld packages, group permission in DB wrongThe field sys_perm_group of installed aps packages is currently 0, but should be riud. This will cause packages that are installed by the admin for a client to be invisible for the client.The field sys_perm_group of installed aps packages is currently 0, but should be riud. This will cause packages that are installed by the admin for a client to be invisible for the client.3.0.5.4p2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3226Clients cannot change email adress password when logged in with their email a...2017-08-10T20:10:48ZLars van SanteClients cannot change email adress password when logged in with their email adressClients cannot change email adress password when logged in to ispconfig with their email adress.
Please tell me I am not the only one ;)Clients cannot change email adress password when logged in to ispconfig with their email adress.
Please tell me I am not the only one ;)3.0.5.4p2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3223bug in srv records in bind_dlz plugin.2017-08-10T20:10:48ZTill Brehmbug in srv records in bind_dlz plugin.http://www.howtoforge.de/forum/entwicklerforum-15/kleiner-fehler-bind_dlz_plugin-inc-php-8237/http://www.howtoforge.de/forum/entwicklerforum-15/kleiner-fehler-bind_dlz_plugin-inc-php-8237/3.0.5.4p2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3211Check if mail quota check is working correctly2017-08-10T20:10:48ZTill BrehmCheck if mail quota check is working correctlyhttp://www.howtoforge.com/forums/showthread.php?t=66185http://www.howtoforge.com/forums/showthread.php?t=661853.0.5.4p2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3207Re-login as admin doesn't work in Chrome2017-08-10T20:10:48ZFalko Timmef.timme@timmehosting.deRe-login as admin doesn't work in ChromeRe-login as admin doesn't work in Chrome. It's working in Firefox though.Re-login as admin doesn't work in Chrome. It's working in Firefox though.3.0.5.4p2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3202bind dlz plugin2017-08-10T20:10:48Zno namebind dlz pluginI think this is an error, because entries in den database.table named.dns_records are created with different ispconfig_id. Ergo when you deactivate the DNS-Zone it does only delete the SOA record and not the entire Zone. When you reactiv...I think this is an error, because entries in den database.table named.dns_records are created with different ispconfig_id. Ergo when you deactivate the DNS-Zone it does only delete the SOA record and not the entire Zone. When you reactivate the Zone it will insert the complete Zone+RRs and so it double, triple....
function soa_delete($event_name,$data)
{
global $app, $conf;
$ispconfig_id = $data['old']['id'];
// NAMED: dns_records
$app->db->query("DELETE FROM named.dns_records WHERE ispconfig_id = ".$ispconfig_id);
// NAMED: data_count
$app->db->query("DELETE FROM named.data_count WHERE ispconfig_id = ".$ispconfig_id);
}
I think the query should be:
DELETE FROM named.dns_records WHERE zone=$data['old']['origin']3.0.5.4p2