set version to 0.10.23 for upcoming maintenance release

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>

.github/CONTRIBUTING.md

@@ -48,7 +48,7 @@ strings in
 
 
 
-### New settings and database-layout changnes
+### New settings and database-layout changes
 If you add new settings or layout changes, please make sure you add these to
 
 * `install/froxlor.sql`

admin_domains.php

@@ -616,7 +616,6 @@ if ($page == 'domains' || $page == 'overview') {
 
 		if (isset($_POST['send']) && $_POST['send'] == 'send') {
 
-			$customerid = intval($_POST['customerid']);
 			$separator = \Froxlor\Validate\Validate::validate($_POST['separator'], 'separator');
 			$offset = (int) \Froxlor\Validate\Validate::validate($_POST['offset'], 'offset', "/[0-9]/i");
 
@@ -625,7 +624,7 @@ if ($page == 'domains' || $page == 'overview') {
 			$result = array();
 
 			try {
-				$bulk = new \Froxlor\Bulk\DomainBulkAction($file_name, $customerid);
+				$bulk = new \Froxlor\Bulk\DomainBulkAction($file_name, $userinfo);
 				$result = $bulk->doImport($separator, $offset);
 			} catch (Exception $e) {
 				\Froxlor\UI\Response::standard_error('domain_import_error', $e->getMessage());
@@ -647,19 +646,6 @@ if ($page == 'domains' || $page == 'overview') {
 				'page' => 'domains'
 			));
 		} else {
-			$customers = \Froxlor\UI\HTML::makeoption($lng['panel']['please_choose'], 0, 0, true);
-			$result_customers_stmt = Database::prepare("
-				SELECT `customerid`, `loginname`, `name`, `firstname`, `company`
-				FROM `" . TABLE_PANEL_CUSTOMERS . "` " . ($userinfo['customers_see_all'] ? '' : " WHERE `adminid` = '" . (int) $userinfo['adminid'] . "' ") . " ORDER BY `name` ASC");
-			$params = array();
-			if ($userinfo['customers_see_all'] == '0') {
-				$params['adminid'] = $userinfo['adminid'];
-			}
-			Database::pexecute($result_customers_stmt, $params);
-
-			while ($row_customer = $result_customers_stmt->fetch(PDO::FETCH_ASSOC)) {
-				$customers .= \Froxlor\UI\HTML::makeoption(\Froxlor\User::getCorrectFullUserDetails($row_customer) . ' (' . $row_customer['loginname'] . ')', $row_customer['customerid']);
-			}
 
 			$domain_import_data = include_once dirname(__FILE__) . '/lib/formfields/admin/domains/formfield.domains_import.php';
 			$domain_import_form = \Froxlor\UI\HtmlForm::genHTMLForm($domain_import_data);

api.php

@@ -1,4 +1,6 @@
 <?php
+use voku\helper\AntiXSS;
+
 require __DIR__ . '/vendor/autoload.php';
 
 require \Froxlor\Froxlor::getInstallDir() . '/lib/tables.inc.php';
@@ -30,6 +32,12 @@ if (is_null($decoded_request)) {
 	json_response(400, "Invalid JSON");
 }
 
+/**
+ * check for xss attempts and clean request
+ */
+$antiXss = new AntiXSS();
+$request = $antiXss->xss_clean($request);
+
 // validate content
 try {
 	$decoded_request = stripcslashes_deep($decoded_request);

composer.json

@@ -46,7 +46,8 @@
 		"phpmailer/phpmailer": "~6.0",
 		"monolog/monolog": "^1.24",
 		"robthree/twofactorauth": "^1.6",
-		"froxlor/idna-convert-legacy": "^2.1"
+		"froxlor/idna-convert-legacy": "^2.1",
+		"voku/anti-xss": "^4.1"
 	},
 	"require-dev": {
 		"phpunit/phpunit": "8.4.1",

customer_email.php

@@ -153,7 +153,8 @@ if ($page == 'overview') {
 			if (isset($_POST['send']) && $_POST['send'] == 'send') {
 				try {
 					Emails::getLocal($userinfo, array(
-						'id' => $id
+						'id' => $id,
+						'delete_userfiles' => ($_POST['delete_userfiles'] ?? 0)
 					))->delete();
 				} catch (Exception $e) {
 					\Froxlor\UI\Response::dynamic_error($e->getMessage());

customer_traffic.php

@@ -86,22 +86,18 @@ if (! is_null($month) && ! is_null($year)) {
 
 		if (extension_loaded('bcmath')) {
 			$traf['ftptext'] = bcdiv($row['ftp_up'], 1024, Settings::Get('panel.decimal_places')) . " MiB up/ " . bcdiv($row['ftp_down'], 1024, Settings::Get('panel.decimal_places')) . " MiB down (FTP)";
-			$traf['httptext'] = bcdiv($http, 1024, Settings::Get('panel.decimal_places')) . " MiB (HTTP)";
-			$traf['mailtext'] = bcdiv($mail, 1024, Settings::Get('panel.decimal_places')) . " MiB (Mail)";
 			$traf['ftp'] = bcdiv($ftp, 1024, Settings::Get('panel.decimal_places'));
-			$traf['http'] = bcdiv($http, 1024, Settings::Get('panel.decimal_places'));
-			$traf['mail'] = bcdiv($mail, 1024, Settings::Get('panel.decimal_places'));
-			$traf['byte'] = bcdiv($traf['byte'], 1024, Settings::Get('panel.decimal_places'));
 		} else {
 			$traf['ftptext'] = round($row['ftp_up'] / 1024, Settings::Get('panel.decimal_places')) . " MiB up/ " . round($row['ftp_down'] / 1024, Settings::Get('panel.decimal_places')) . " MiB down (FTP)";
-			$traf['httptext'] = round($http / 1024, Settings::Get('panel.decimal_places')) . " MiB (HTTP)";
+			$traf['ftp'] = round($ftp / 1024, Settings::Get('panel.decimal_places'));
-			$traf['mailtext'] = round($mail / 1024, Settings::Get('panel.decimal_places')) . " MiB (Mail)";
-			$traf['http'] = round($http, Settings::Get('panel.decimal_places'));
-			$traf['ftp'] = round($ftp, Settings::Get('panel.decimal_places'));
-			$traf['mail'] = round($mail, Settings::Get('panel.decimal_places'));
-			$traf['byte'] = round($traf['byte'] / 1024, Settings::Get('panel.decimal_places'));
 		}
 
+		getReadableTraffic($traf,'httptext', $http, 1024, "MiB (HTTP)");
+		getReadableTraffic($traf,'http', $http, 1024);
+		getReadableTraffic($traf,'mailtext', $mail, 1024, "MiB (Mail)");
+		getReadableTraffic($traf,'mail', $mail, 1024);
+		getReadableTraffic($traf,'byte', $traf['byte'], (1024 * 1024));
+
 		eval("\$traffic.=\"" . \Froxlor\UI\Template::getTemplate('traffic/traffic_month') . "\";");
 		$show = $lng['traffic']['months'][intval($row['month'])] . ' ' . $row['year'];
 	}
@@ -142,22 +138,18 @@ if (! is_null($month) && ! is_null($year)) {
 
 		if (extension_loaded('bcmath')) {
 			$traf['ftptext'] = bcdiv($ftp_up, 1024, Settings::Get('panel.decimal_places')) . " MiB up/ " . bcdiv($ftp_down, 1024, Settings::Get('panel.decimal_places')) . " MiB down (FTP)";
-			$traf['httptext'] = bcdiv($http, 1024, Settings::Get('panel.decimal_places')) . " MiB (HTTP)";
-			$traf['mailtext'] = bcdiv($mail, 1024, Settings::Get('panel.decimal_places')) . " MiB (Mail)";
 			$traf['ftp'] = bcdiv(($ftp_up + $ftp_down), 1024, Settings::Get('panel.decimal_places'));
-			$traf['http'] = bcdiv($http, 1024, Settings::Get('panel.decimal_places'));
-			$traf['mail'] = bcdiv($mail, 1024, Settings::Get('panel.decimal_places'));
-			$traf['byte'] = bcdiv($traf['byte'], 1024 * 1024, Settings::Get('panel.decimal_places'));
 		} else {
 			$traf['ftptext'] = round($ftp_up / 1024, Settings::Get('panel.decimal_places')) . " MiB up/ " . round($ftp_down / 1024, Settings::Get('panel.decimal_places')) . " MiB down (FTP)";
-			$traf['httptext'] = round($http / 1024, Settings::Get('panel.decimal_places')) . " MiB (HTTP)";
-			$traf['mailtext'] = round($mail / 1024, Settings::Get('panel.decimal_places')) . " MiB (Mail)";
 			$traf['ftp'] = round(($ftp_up + $ftp_down) / 1024, Settings::Get('panel.decimal_places'));
-			$traf['http'] = round($http / 1024, Settings::Get('panel.decimal_places'));
-			$traf['mail'] = round($mail / 1024, Settings::Get('panel.decimal_places'));
-			$traf['byte'] = round($traf['byte'] / (1024 * 1024), Settings::Get('panel.decimal_places'));
 		}
 
+		getReadableTraffic($traf,'httptext', $http, 1024, "MiB (HTTP)");
+		getReadableTraffic($traf,'http', $http, 1024);
+		getReadableTraffic($traf,'mailtext', $mail, 1024, "MiB (Mail)");
+		getReadableTraffic($traf,'mail', $mail, 1024);
+		getReadableTraffic($traf,'byte', $traf['byte'], (1024 * 1024));
+
 		eval("\$traffic.=\"" . \Froxlor\UI\Template::getTemplate('traffic/traffic_traffic') . "\";");
 	}
 
@@ -167,3 +159,12 @@ if (! is_null($month) && ! is_null($year)) {
 
 	eval("echo \"" . \Froxlor\UI\Template::getTemplate('traffic/traffic') . "\";");
 }
+
+function getReadableTraffic(&$traf, $index, $value, $divisor, $desc = "")
+{
+	if (extension_loaded('bcmath')) {
+		$traf[$index] = bcdiv($value, $divisor,Settings::Get('panel.decimal_places')).(!empty($desc) ? " ".$desc : "");
+	} else {
+		$traf[$index] = round($value / $divisor, Settings::Get('panel.decimal_places')).(!empty($desc) ? " ".$desc : "");
+	}
+}

dns_editor.php

@@ -19,7 +19,6 @@ if (! defined('AREA')) {
  *         
  */
 
-use Froxlor\Database\Database;
 use Froxlor\Api\Commands\DomainZones as DomainZones;
 
 // This file is being included in admin_domains and customer_domains
@@ -36,18 +35,6 @@ $ttl = isset($_POST['record']['ttl']) ? (int) $_POST['record']['ttl'] : 18000;
 // get domain-name
 $domain = \Froxlor\Dns\Dns::getAllowedDomainEntry($domain_id, AREA, $userinfo);
 
-// select all entries
-try {
-	// get list
-	$json_result = DomainZones::getLocal($userinfo, [
-		'id' => $domain_id
-	])->listing();
-} catch (Exception $e) {
-	\Froxlor\UI\Response::dynamic_error($e->getMessage());
-}
-$result = json_decode($json_result, true)['data'];
-$dom_entries = $result['list'];
-
 $errors = "";
 $success_message = "";
 
@@ -63,8 +50,9 @@ if ($action == 'add_record' && ! empty($_POST)) {
 			'ttl' => $ttl
 		))->add();
 		$success_message = $lng['success']['dns_record_added'];
+		$record = $prio = $content = "";
 	} catch (Exception $e) {
-		\Froxlor\UI\Response::dynamic_error($e->getMessage());
+		$errors = str_replace("\n", "<br>", $e->getMessage());
 	}
 } elseif ($action == 'delete') {
 	// remove entry
@@ -75,26 +63,26 @@ if ($action == 'add_record' && ! empty($_POST)) {
 				'entry_id' => $entry_id,
 				'id' => $domain_id
 			))->delete();
+			// success message (inline)
+			$success_message = $lng['success']['dns_record_deleted'];
 		} catch (Exception $e) {
 			$errors = str_replace("\n", "<br>", $e->getMessage());
 		}
-
-		if (empty($errors)) {
-			// remove deleted entry from internal data array (no reread of DB necessary)
-			$_t = $dom_entries;
-			foreach ($_t as $idx => $entry) {
-				if ($entry['id'] == $entry_id) {
-					unset($dom_entries[$idx]);
-					break;
-				}
-			}
-			unset($_t);
-			// success message (inline)
-			$success_message = $lng['success']['dns_record_deleted'];
-		}
 	}
 }
 
+// select all entries
+try {
+	// get list
+	$json_result = DomainZones::getLocal($userinfo, [
+		'id' => $domain_id
+	])->listing();
+} catch (Exception $e) {
+	\Froxlor\UI\Response::dynamic_error($e->getMessage());
+}
+$result = json_decode($json_result, true)['data'];
+$dom_entries = $result['list'];
+
 // show editor
 $record_list = "";
 $existing_entries = "";

install/froxlor.sql

@@ -15,10 +15,10 @@ CREATE TABLE `ftp_groups` (
 DROP TABLE IF EXISTS `ftp_users`;
 CREATE TABLE `ftp_users` (
   `id` int(20) NOT NULL auto_increment,
-  `username` varchar(255) NOT NULL default '',
+  `username` varchar(255) NOT NULL,
   `uid` int(5) NOT NULL default '0',
   `gid` int(5) NOT NULL default '0',
-  `password` varchar(128) NOT NULL default '',
+  `password` varchar(128) NOT NULL,
   `homedir` varchar(255) NOT NULL default '',
   `shell` varchar(255) NOT NULL default '/bin/false',
   `login_enabled` enum('N','Y') NOT NULL default 'N',
@@ -90,8 +90,8 @@ CREATE TABLE `panel_activation` (
 DROP TABLE IF EXISTS `panel_admins`;
 CREATE TABLE `panel_admins` (
   `adminid` int(11) unsigned NOT NULL auto_increment,
-  `loginname` varchar(50) NOT NULL default '',
+  `loginname` varchar(50) NOT NULL,
-  `password` varchar(255) NOT NULL default '',
+  `password` varchar(255) NOT NULL,
   `name` varchar(255) NOT NULL default '',
   `email` varchar(255) NOT NULL default '',
   `def_language` varchar(100) NOT NULL default '',
@@ -142,7 +142,7 @@ CREATE TABLE `panel_admins` (
 DROP TABLE IF EXISTS `panel_customers`;
 CREATE TABLE `panel_customers` (
   `customerid` int(11) unsigned NOT NULL auto_increment,
-  `loginname` varchar(50) NOT NULL default '',
+  `loginname` varchar(50) NOT NULL,
   `password` varchar(255) NOT NULL default '',
   `adminid` int(11) unsigned NOT NULL default '0',
   `name` varchar(255) NOT NULL default '',
@@ -223,7 +223,7 @@ CREATE TABLE `panel_databases` (
 DROP TABLE IF EXISTS `panel_domains`;
 CREATE TABLE `panel_domains` (
   `id` int(11) unsigned NOT NULL auto_increment,
-  `domain` varchar(255) NOT NULL default '',
+  `domain` varchar(255) NOT NULL,
   `domain_ace` varchar(255) NOT NULL default '',
   `adminid` int(11) unsigned NOT NULL default '0',
   `customerid` int(11) unsigned NOT NULL default '0',
@@ -286,7 +286,7 @@ CREATE TABLE `panel_domains` (
 DROP TABLE IF EXISTS `panel_ipsandports`;
 CREATE TABLE `panel_ipsandports` (
   `id` int(11) unsigned NOT NULL auto_increment,
-  `ip` varchar(39) NOT NULL default '',
+  `ip` varchar(39) NOT NULL,
   `port` int(5) NOT NULL default '80',
   `listen_statement` tinyint(1) NOT NULL default '0',
   `namevirtualhost_statement` tinyint(1) NOT NULL default '0',
@@ -554,6 +554,7 @@ opcache.interned_strings_buffer'),
 	('system', 'ssl_cert_file', '/etc/apache2/apache2.pem'),
 	('system', 'use_ssl', '0'),
 	('system', 'default_vhostconf', ''),
+	('system', 'default_sslvhostconf', ''),
 	('system', 'mail_quota_enabled', '0'),
 	('system', 'mail_quota', '100'),
 	('system', 'webalizer_enabled', '1'),
@@ -704,8 +705,8 @@ opcache.interned_strings_buffer'),
 	('panel', 'password_special_char', '!?<>§$%+#=@'),
 	('panel', 'customer_hide_options', ''),
 	('panel', 'is_configured', '0'),
-	('panel', 'version', '0.10.20'),
+	('panel', 'version', '0.10.23'),
-	('panel', 'db_version', '202007240');
+	('panel', 'db_version', '202009070');
 
 
 DROP TABLE IF EXISTS `panel_tasks`;
@@ -786,23 +787,6 @@ CREATE TABLE `panel_diskspace` (
 
 
 
-DROP TABLE IF EXISTS `panel_diskspace_admins`;
-CREATE TABLE `panel_diskspace_admins` (
-  `id` int(11) unsigned NOT NULL auto_increment,
-  `adminid` int(11) unsigned NOT NULL default '0',
-  `year` int(4) unsigned zerofill NOT NULL default '0000',
-  `month` int(2) unsigned zerofill NOT NULL default '00',
-  `day` int(2) unsigned zerofill NOT NULL default '00',
-  `stamp` int(11) unsigned NOT NULL default '0',
-  `webspace` bigint(30) unsigned NOT NULL default '0',
-  `mail` bigint(30) unsigned NOT NULL default '0',
-  `mysql` bigint(30) unsigned NOT NULL default '0',
-  PRIMARY KEY  (`id`),
-  KEY `adminid` (`adminid`)
-) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;
-
-
-
 DROP TABLE IF EXISTS `panel_languages`;
 CREATE TABLE `panel_languages` (
   `id` int(11) unsigned NOT NULL AUTO_INCREMENT,

install/lib/class.FroxlorInstall.php

@@ -507,7 +507,7 @@ class FroxlorInstall
 
 		$distros = glob(\Froxlor\FileDir::makeCorrectDir(\Froxlor\Froxlor::getInstallDir() . '/lib/configfiles/') . '*.xml');
 		foreach ($distros as $_distribution) {
-			if($this->_data['distribution'] == str_replace(".xml", "", strtolower(basename($_distribution)))) {
+			if ($this->_data['distribution'] == str_replace(".xml", "", strtolower(basename($_distribution)))) {
 				$dist = new \Froxlor\Config\ConfigParser($_distribution);
 				$defaults = $dist->getDefaults();
 				foreach ($defaults->property as $property) {
@@ -522,6 +522,13 @@ class FroxlorInstall
 		// insert the lastcronrun to be the installation date
 		$this->_updateSetting($upd_stmt, time(), 'system', 'lastcronrun');
 
+		// check currently used php version and set values of fpm/fcgid accordingly
+		if (defined('PHP_MAJOR_VERSION') && defined('PHP_MINOR_VERSION')) {
+			$reload = "service php" . PHP_MAJOR_VERSION . "." . PHP_MINOR_VERSION . "-fpm restart";
+			$config_dir = "/etc/php/" . PHP_MAJOR_VERSION . "." . PHP_MINOR_VERSION . "/fpm/pool.d/";
+			$db->query("UPDATE `" . TABLE_PANEL_FPMDAEMONS . "` SET `reload_cmd` = '" . $reload . "', `config_dir` = '" . $config_dir . "' WHERE `id` ='1';");
+		}
+
 		// set specific times for some crons (traffic only at night, etc.)
 		$ts = mktime(0, 0, 0, date('m', time()), date('d', time()), date('Y', time()));
 		$db->query("UPDATE `" . TABLE_PANEL_CRONRUNS . "` SET `lastrun` = '" . $ts . "' WHERE `cronfile` ='cron_traffic';");
@@ -863,7 +870,7 @@ class FroxlorInstall
 		$distros = glob(\Froxlor\FileDir::makeCorrectDir(\Froxlor\Froxlor::getInstallDir() . '/lib/configfiles/') . '*.xml');
 		foreach ($distros as $_distribution) {
 			$dist = new \Froxlor\Config\ConfigParser($_distribution);
-			$dist_display = $dist->distributionName." ".$dist->distributionCodename." (" . $dist->distributionVersion . ")";
+			$dist_display = $dist->distributionName . " " . $dist->distributionCodename . " (" . $dist->distributionVersion . ")";
 			$distributions_select_data[$dist_display] .= str_replace(".xml", "", strtolower(basename($_distribution)));
 		}
 
@@ -873,7 +880,7 @@ class FroxlorInstall
 		foreach ($distributions_select_data as $dist_display => $dist_index) {
 			// create select-box-option
 			$distributions_select .= \Froxlor\UI\HTML::makeoption($dist_display, $dist_index, $this->_data['distribution']);
-			//$this->_data['distribution']
+			// $this->_data['distribution']
 		}
 
 		$formdata .= $this->_getSectionItemSelectbox('distribution', $distributions_select, $diststyle);
@@ -956,7 +963,7 @@ class FroxlorInstall
 	}
 
 	/**
-	 * generate form radio field 
+	 * generate form radio field
 	 *
 	 * @param string $fieldname
 	 * @param boolean $checked
@@ -1331,7 +1338,6 @@ class FroxlorInstall
 		}
 	}
 
-
 	/**
 	 * get/guess linux distribution
 	 */
@@ -1341,15 +1347,19 @@ class FroxlorInstall
 		if (! empty($_POST['distribution'])) {
 			$this->_data['distribution'] = $_POST['distribution'];
 		} else {
-			//set default os.
+			// set default os.
-			$os_dist = array('ID' => 'buster');
+			$os_dist = array(
-			$os_version = array('0' => '10');
+				'ID' => 'buster'
+			);
+			$os_version = array(
+				'0' => '10'
+			);
 
-			//read os-release
+			// read os-release
-			if(file_exists('/etc/os-release')) {
+			if (file_exists('/etc/os-release')) {
 				$os_dist = parse_ini_file('/etc/os-release', false);
-				if(is_array($os_dist) && array_key_exists('ID', $os_dist) && array_key_exists('VERSION_ID', $os_dist)) {
+				if (is_array($os_dist) && array_key_exists('ID', $os_dist) && array_key_exists('VERSION_ID', $os_dist)) {
-					$os_version = explode('.',$os_dist['VERSION_ID'])[0];
+					$os_version = explode('.', $os_dist['VERSION_ID'])[0];
 				}
 			}
 

install/lib/updateFunctions.php

@@ -30,6 +30,7 @@
  */
 function showUpdateStep($task = null, $needs_status = true)
 {
+	set_time_limit(30);
 	if (! $needs_status)
 		echo "<b>";
 
@@ -41,7 +42,6 @@ function showUpdateStep($task = null, $needs_status = true)
 	}
 
 	\Froxlor\FroxlorLogger::getInstanceOf()->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_WARNING, $task);
-	\Froxlor\FroxlorLogger::getInstanceOf()->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_WARNING, $task);
 }
 
 /**
@@ -82,7 +82,6 @@ function lastStepStatus($status = -1, $message = '')
 
 	if ($status == - 1 || $status == 2) {
 		\Froxlor\FroxlorLogger::getInstanceOf()->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_WARNING, 'Attention - last update task failed!!!');
-		\Froxlor\FroxlorLogger::getInstanceOf()->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_WARNING, 'Attention - last update task failed!!!');
 	} elseif ($status == 0 || $status == 1) {
 		\Froxlor\FroxlorLogger::getInstanceOf()->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_WARNING, 'Success');
 	}

install/updates/froxlor/0.10/update_0.10.inc.php

@@ -668,3 +668,32 @@ if (\Froxlor\Froxlor::isFroxlorVersion('0.10.19')) {
 	showUpdateStep("Updating from 0.10.19 to 0.10.20", false);
 	\Froxlor\Froxlor::updateToVersion('0.10.20');
 }
+
+if (\Froxlor\Froxlor::isDatabaseVersion('202007240')) {
+
+	showUpdateStep("Removing old unused table", true);
+	Database::query("DROP TABLE IF EXISTS `panel_diskspace_admins`;");
+	lastStepStatus(0);
+
+	\Froxlor\Froxlor::updateToDbVersion('202009070');
+}
+
+if (\Froxlor\Froxlor::isFroxlorVersion('0.10.20')) {
+	showUpdateStep("Updating from 0.10.20 to 0.10.21", false);
+	\Froxlor\Froxlor::updateToVersion('0.10.21');
+}
+
+if (\Froxlor\Froxlor::isFroxlorVersion('0.10.21')) {
+
+	showUpdateStep("Adding settings for ssl-vhost default content if not updated from db-version 201910110", true);
+	Settings::AddNew("system.default_sslvhostconf", '');
+	lastStepStatus(0);
+
+	showUpdateStep("Updating from 0.10.21 to 0.10.22", false);
+	\Froxlor\Froxlor::updateToVersion('0.10.22');
+}
+
+if (\Froxlor\Froxlor::isFroxlorVersion('0.10.22')) {
+	showUpdateStep("Updating from 0.10.22 to 0.10.23", false);
+	\Froxlor\Froxlor::updateToVersion('0.10.23');
+}

lib/Froxlor/Api/Commands/Admins.php

@@ -231,7 +231,7 @@ class Admins extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 			$idna_convert = new \Froxlor\Idna\IdnaWrapper();
 			$email = $idna_convert->encode(\Froxlor\Validate\Validate::validate($email, 'email', '', '', array(), true));
 			$def_language = \Froxlor\Validate\Validate::validate($def_language, 'default language', '', '', array(), true);
-			$custom_notes = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $custom_notes), 'custom_notes', '/^[^\0]*$/', '', array(), true);
+			$custom_notes = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $custom_notes), 'custom_notes', \Froxlor\Validate\Validate::REGEX_CONF_TEXT, '', array(), true);
 
 			if (Settings::Get('system.mail_quota_enabled') != '1') {
 				$email_quota = - 1;
@@ -531,7 +531,7 @@ class Admins extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 				$idna_convert = new \Froxlor\Idna\IdnaWrapper();
 				$email = $idna_convert->encode(\Froxlor\Validate\Validate::validate($email, 'email', '', '', array(), true));
 				$def_language = \Froxlor\Validate\Validate::validate($def_language, 'default language', '', '', array(), true);
-				$custom_notes = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $custom_notes), 'custom_notes', '/^[^\0]*$/', '', array(), true);
+				$custom_notes = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $custom_notes), 'custom_notes', \Froxlor\Validate\Validate::REGEX_CONF_TEXT, '', array(), true);
 				$theme = \Froxlor\Validate\Validate::validate($theme, 'theme', '', '', array(), true);
 				$password = \Froxlor\Validate\Validate::validate($password, 'password', '', '', array(), true);
 
@@ -713,6 +713,10 @@ class Admins extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 			if ($id == $this->getUserDetail('adminid')) {
 				\Froxlor\UI\Response::standard_error('youcantdeleteyourself', '', true);
 			}
+			// can't delete the first superadmin
+			if ($id == 1) {
+				\Froxlor\UI\Response::standard_error('cannotdeletesuperadmin', '', true);
+			}
 
 			// delete admin
 			$del_stmt = Database::prepare("
@@ -730,14 +734,6 @@ class Admins extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 				'adminid' => $id
 			), true, true);
 
-			// delete the diskspace usage
-			$del_stmt = Database::prepare("
-				DELETE FROM `" . TABLE_PANEL_DISKSPACE_ADMINS . "` WHERE `adminid` = :adminid
-			");
-			Database::pexecute($del_stmt, array(
-				'adminid' => $id
-			), true, true);
-
 			// set admin-id of the old admin's customer to current admins
 			$upd_stmt = Database::prepare("
 				UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET

lib/Froxlor/Api/Commands/CustomerBackups.php

@@ -52,7 +52,9 @@ class CustomerBackups extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Re
 	 * @param bool $backup_web
 	 *        	optional whether to backup web-data, default is 0 (false)
 	 * @param int $customerid
-	 *        	required when called as admin, not needed when called as customer
+	 *        	optional, required when called as admin (if $loginname is not specified)
+	 * @param string $loginname
+	 *        	optional, required when called as admin (if $customerid is not specified)
 	 *        	
 	 * @access admin, customer
 	 * @throws \Exception

lib/Froxlor/Api/Commands/Customers.php

@@ -336,7 +336,7 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
 				$email = $idna_convert->encode(\Froxlor\Validate\Validate::validate($email, 'email', '', '', array(), true));
 				$customernumber = \Froxlor\Validate\Validate::validate($customernumber, 'customer number', '/^[A-Za-z0-9 \-]*$/Di', '', array(), true);
 				$def_language = \Froxlor\Validate\Validate::validate($def_language, 'default language', '', '', array(), true);
-				$custom_notes = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $custom_notes), 'custom_notes', '/^[^\0]*$/', '', array(), true);
+				$custom_notes = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $custom_notes), 'custom_notes', \Froxlor\Validate\Validate::REGEX_CONF_TEXT, '', array(), true);
 
 				if (Settings::Get('system.mail_quota_enabled') != '1') {
 					$email_quota = - 1;
@@ -928,7 +928,7 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
 			$fax = \Froxlor\Validate\Validate::validate($fax, 'fax', '/^[0-9\- \+\(\)\/]*$/', '', array(), true);
 			$email = $idna_convert->encode(\Froxlor\Validate\Validate::validate($email, 'email', '', '', array(), true));
 			$customernumber = \Froxlor\Validate\Validate::validate($customernumber, 'customer number', '/^[A-Za-z0-9 \-]*$/Di', '', array(), true);
-			$custom_notes = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $custom_notes), 'custom_notes', '/^[^\0]*$/', '', array(), true);
+			$custom_notes = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $custom_notes), 'custom_notes', \Froxlor\Validate\Validate::REGEX_CONF_TEXT, '', array(), true);
 			if (! empty($allowed_phpconfigs)) {
 				$allowed_phpconfigs = array_map('intval', $allowed_phpconfigs);
 			}
@@ -1025,7 +1025,7 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
 				\Froxlor\System\Cronjob::inserttask('1');
 			}
 
-			if ($phpenabled != $result['phpenabled'] || $perlenabled != $result['perlenabled']) {
+			if ($phpenabled != $result['phpenabled'] || $perlenabled != $result['perlenabled'] || $email != $result['email']) {
 				\Froxlor\System\Cronjob::inserttask('1');
 			}
 

lib/Froxlor/Api/Commands/DirOptions.php

@@ -26,9 +26,9 @@ class DirOptions extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 	 * add options for a given directory
 	 *
 	 * @param int $customerid
-	 *        	optional, admin-only, the customer-id
+	 *        	optional, required when called as admin (if $loginname is not specified)
 	 * @param string $loginname
-	 *        	optional, admin-only, the loginname
+	 *        	optional, required when called as admin (if $customerid is not specified)
 	 * @param string $path
 	 *        	path relative to the customer's home-Directory
 	 * @param bool $options_indexes
@@ -69,7 +69,7 @@ class DirOptions extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 		$error500path = $this->getParam('error500path', true, '');
 
 		// validation
-		$path = \Froxlor\FileDir::makeCorrectDir(\Froxlor\Validate\Validate::validate($path, 'path', '', '', array(), true));
+		$path = \Froxlor\FileDir::makeCorrectDir(\Froxlor\Validate\Validate::validate($path, 'path', \Froxlor\Validate\Validate::REGEX_DIR, '', array(), true));
 		$userpath = $path;
 		$path = \Froxlor\FileDir::makeCorrectDir($customer['documentroot'] . '/' . $path);
 
@@ -198,9 +198,9 @@ class DirOptions extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 	 * @param int $id
 	 *        	id of dir-protection entry
 	 * @param int $customerid
-	 *        	optional, admin-only, the customer-id
+	 *        	optional, required when called as admin (if $loginname is not specified)
 	 * @param string $loginname
-	 *        	optional, admin-only, the loginname
+	 *        	optional, required when called as admin (if $customerid is not specified)
 	 * @param bool $options_indexes
 	 *        	optional, activate directory-listing for this path, default 0 (false)
 	 * @param bool $options_cgi

lib/Froxlor/Api/Commands/DirProtections.php

@@ -26,9 +26,9 @@ class DirProtections extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Res
 	 * add htaccess protection to a given directory
 	 *
 	 * @param int $customerid
-	 *        	optional, admin-only, the customer-id
+	 *        	optional, required when called as admin (if $loginname is not specified)
 	 * @param string $loginname
-	 *        	optional, admin-only, the loginname
+	 *        	optional, required when called as admin (if $customerid is not specified)
 	 * @param string $path
 	 * @param string $username
 	 * @param string $directory_password
@@ -60,7 +60,7 @@ class DirProtections extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Res
 		$authname = $this->getParam('directory_authname', true, '');
 
 		// validation
-		$path = \Froxlor\FileDir::makeCorrectDir(\Froxlor\Validate\Validate::validate($path, 'path', '', '', array(), true));
+		$path = \Froxlor\FileDir::makeCorrectDir(\Froxlor\Validate\Validate::validate($path, 'path', \Froxlor\Validate\Validate::REGEX_DIR, '', array(), true));
 		$path = \Froxlor\FileDir::makeCorrectDir($customer['documentroot'] . '/' . $path);
 		$username = \Froxlor\Validate\Validate::validate($username, 'username', '/^[a-zA-Z0-9][a-zA-Z0-9\-_]+\$?$/', '', array(), true);
 		$authname = \Froxlor\Validate\Validate::validate($authname, 'directory_authname', '/^[a-zA-Z0-9][a-zA-Z0-9\-_ ]+\$?$/', '', array(), true);
@@ -187,9 +187,9 @@ class DirProtections extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Res
 	 * @param string $username
 	 *        	optional, the username
 	 * @param int $customerid
-	 *        	optional, admin-only, the customer-id
+	 *        	optional, required when called as admin (if $loginname is not specified)
 	 * @param string $loginname
-	 *        	optional, admin-only, the loginname
+	 *        	optional, required when called as admin (if $customerid is not specified)
 	 * @param string $directory_password
 	 *        	optional, leave empty for no change
 	 * @param string $directory_authname

lib/Froxlor/Api/Commands/DomainZones.php

@@ -170,6 +170,10 @@ class DomainZones extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
 						break;
 					}
 				}
+				// check www-alias setting
+				if ($result['wwwserveralias'] == '1' && $result['iswildcarddomain'] == '0' && $record == 'www') {
+					$errors[] = $this->lng['error']['no_wwwcnamae_ifwwwalias'];
+				}
 			}
 			// append trailing dot (again)
 			$content .= '.';
@@ -312,7 +316,7 @@ class DomainZones extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
 			return $this->response(200, "successful", $result);
 		}
 		// return $errors
-		throw new \Exception(implode("\n", $errors));
+		throw new \Exception(implode("\n", $errors), 406);
 	}
 
 	/**

lib/Froxlor/Api/Commands/Domains.php

@@ -199,6 +199,9 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 	 * @param string $domain
 	 *        	domain-name
 	 * @param int $customerid
+	 *        	optional, required when called as admin (if $loginname is not specified)
+	 * @param string $loginname
+	 *        	optional, required when called as admin (if $customerid is not specified)
 	 * @param int $adminid
 	 *        	optional, default is the calling admin's ID
 	 * @param array $ipandport
@@ -297,7 +300,6 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 
 				// parameters
 				$p_domain = $this->getParam('domain');
-				$customerid = intval($this->getParam('customerid'));
 
 				// optional parameters
 				$p_ipandports = $this->getParam('ipandport', true, explode(',', Settings::Get('system.defaultip')));
@@ -377,9 +379,8 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 					), '', true);
 				}
 
-				$customer = $this->apiCall('Customers.get', array(
+				$customer = $this->getCustomerData();
-					'id' => $customerid
+				$customerid = $customer['customerid'];
-				));
 
 				if ($this->getUserDetail('customers_see_all') == '1' && $adminid != $this->getUserDetail('adminid')) {
 					$admin_stmt = Database::prepare("
@@ -428,8 +429,8 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 						$zonefile = '';
 					}
 
-					$specialsettings = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $specialsettings), 'specialsettings', '/^[^\0]*$/', '', array(), true);
+					$specialsettings = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $specialsettings), 'specialsettings', \Froxlor\Validate\Validate::REGEX_CONF_TEXT, '', array(), true);
-					\Froxlor\Validate\Validate::validate($documentroot, 'documentroot', '', '', array(), true);
+					\Froxlor\Validate\Validate::validate($documentroot, 'documentroot', \Froxlor\Validate\Validate::REGEX_DIR, '', array(), true);
 
 					// If path is empty and 'Use domain name as default value for DocumentRoot path' is enabled in settings,
 					// set default path to subdomain or domain name
@@ -844,7 +845,9 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 	 * @param string $domainname
 	 *        	optional, the domainname
 	 * @param int $customerid
-	 *        	optional customer-id
+	 *        	required (if $loginname is not specified)
+	 * @param string $loginname
+	 *        	required (if $customerid is not specified)
 	 * @param int $adminid
 	 *        	optional, default is the calling admin's ID
 	 * @param array $ipandport
@@ -952,9 +955,18 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 
 			// optional parameters
 			$p_ipandports = $this->getParam('ipandport', true, array());
-			$customerid = intval($this->getParam('customerid', true, $result['customerid']));
 			$adminid = intval($this->getParam('adminid', true, $result['adminid']));
 
+			if ($this->getParam('customerid', true, 0) == 0 && $this->getParam('loginname', true, '') == '') {
+				$customerid = $result['customerid'];
+				$customer = $this->apiCall('Customers.get', array(
+					'id' => $customerid
+				));
+			} else {
+				$customer = $this->getCustomerData();
+				$customerid = $customer['customerid'];
+			}
+
 			$subcanemaildomain = $this->getParam('subcanemaildomain', true, $result['subcanemaildomain']);
 			$isemaildomain = $this->getBoolParam('isemaildomain', true, $result['isemaildomain']);
 			$email_only = $this->getBoolParam('email_only', true, $result['email_only']);
@@ -1085,13 +1097,6 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 				if (empty($customer) || $customer['customerid'] != $customerid) {
 					\Froxlor\UI\Response::standard_error('customerdoesntexist', '', true);
 				}
-			} else {
-				$customerid = $result['customerid'];
-
-				// get customer
-				$customer = $this->apiCall('Customers.get', array(
-					'id' => $customerid
-				));
 			}
 
 			// handle change of admin (move domain from admin to admin)
@@ -1157,8 +1162,8 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 					$dkim = $result['dkim'];
 				}
 
-				$specialsettings = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $specialsettings), 'specialsettings', '/^[^\0]*$/', '', array(), true);
+				$specialsettings = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $specialsettings), 'specialsettings', \Froxlor\Validate\Validate::REGEX_CONF_TEXT, '', array(), true);
-				$documentroot = \Froxlor\Validate\Validate::validate($documentroot, 'documentroot', '', '', array(), true);
+				$documentroot = \Froxlor\Validate\Validate::validate($documentroot, 'documentroot', \Froxlor\Validate\Validate::REGEX_DIR, '', array(), true);
 
 				// when moving customer and no path is specified, update would normally reuse the current document-root
 				// which would point to the wrong customer, therefore we will re-create that directory
@@ -1324,7 +1329,12 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 			}
 
 			if (! preg_match('/^https?\:\/\//', $documentroot)) {
-				$documentroot = \Froxlor\FileDir::makeCorrectDir($documentroot);
+				if ($documentroot != $result['documentroot']) {
+					if (substr($documentroot, 0, 1) != "/") {
+						$documentroot = $customer['documentroot'] . '/' . $documentroot;
+					}
+					$documentroot = \Froxlor\FileDir::makeCorrectDir($documentroot);
+				}
 			}
 
 			if ($email_only == '1') {

lib/Froxlor/Api/Commands/EmailAccounts.php

@@ -30,9 +30,9 @@ class EmailAccounts extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Reso
 	 * @param string $emailaddr
 	 *        	optional email-address to add the account for
 	 * @param int $customerid
-	 *        	optional, admin-only, the customer-id
+	 *        	optional, required when called as admin (if $loginname is not specified)
 	 * @param string $loginname
-	 *        	optional, admin-only, the loginname
+	 *        	optional, required when called as admin (if $customerid is not specified)
 	 * @param string $email_password
 	 *        	password for the account
 	 * @param string $alternative_email
@@ -295,9 +295,9 @@ class EmailAccounts extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Reso
 	 * @param string $emailaddr
 	 *        	optional, the email-address to update
 	 * @param int $customerid
-	 *        	optional, admin-only, the customer-id
+	 *        	optional, required when called as admin (if $loginname is not specified)
 	 * @param string $loginname
-	 *        	optional, admin-only, the loginname
+	 *        	optional, required when called as admin (if $customerid is not specified)
 	 * @param int $email_quota
 	 *        	optional, update quota
 	 * @param string $email_password
@@ -418,9 +418,9 @@ class EmailAccounts extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Reso
 	 * @param string $emailaddr
 	 *        	optional, the email-address to delete the account for
 	 * @param int $customerid
-	 *        	optional, admin-only, the customer-id
+	 *        	optional, required when called as admin (if $loginname is not specified)
 	 * @param string $loginname
-	 *        	optional, admin-only, the loginname
+	 *        	optional, required when called as admin (if $customerid is not specified)
 	 * @param bool $delete_userfiles
 	 *        	optional, default false
 	 *        	

lib/Froxlor/Api/Commands/EmailForwarders.php

@@ -30,9 +30,9 @@ class EmailForwarders extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Re
 	 * @param string $emailaddr
 	 *        	optional, the email-address to add the forwarder for
 	 * @param int $customerid
-	 *        	optional, admin-only, the customer-id
+	 *        	optional, required when called as admin (if $loginname is not specified)
 	 * @param string $loginname
-	 *        	optional, admin-only, the loginname
+	 *        	optional, required when called as admin (if $customerid is not specified)
 	 * @param string $destination
 	 *        	email-address to add as forwarder
 	 *        	
@@ -221,9 +221,9 @@ class EmailForwarders extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Re
 	 * @param string $emailaddr
 	 *        	optional, the email-address to delete the forwarder from
 	 * @param int $customerid
-	 *        	optional, admin-only, the customer-id
+	 *        	optional, required when called as admin (if $loginname is not specified)
 	 * @param string $loginname
-	 *        	optional, admin-only, the loginname
+	 *        	optional, required when called as admin (if $customerid is not specified)
 	 * @param int $forwarderid
 	 *        	id of the forwarder to delete
 	 *        	

lib/Froxlor/Api/Commands/Emails.php

@@ -32,9 +32,9 @@ class Emails extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 	 * @param boolean $iscatchall
 	 *        	optional, make this address a catchall address, default: no
 	 * @param int $customerid
-	 *        	optional, admin-only, the customer-id
+	 *        	optional, required when called as admin (if $loginname is not specified)
 	 * @param string $loginname
-	 *        	optional, admin-only, the loginname
+	 *        	optional, required when called as admin (if $customerid is not specified)
 	 *        	
 	 * @access admin, customer
 	 * @throws \Exception
@@ -190,9 +190,9 @@ class Emails extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 	 * @param string $emailaddr
 	 *        	optional, the email-address
 	 * @param int $customerid
-	 *        	optional, admin-only, the customer-id
+	 *        	optional, required when called as admin (if $loginname is not specified)
 	 * @param string $loginname
-	 *        	optional, admin-only, the loginname
+	 *        	optional, required when called as admin (if $customerid is not specified)
 	 * @param boolean $iscatchall
 	 *        	optional
 	 *        	
@@ -352,9 +352,9 @@ class Emails extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 	 * @param string $emailaddr
 	 *        	optional, the email-address
 	 * @param int $customerid
-	 *        	optional, admin-only, the customer-id
+	 *        	optional, required when called as admin (if $loginname is not specified)
 	 * @param string $loginname
-	 *        	optional, admin-only, the loginname
+	 *        	optional, required when called as admin (if $customerid is not specified)
 	 * @param boolean $delete_userfiles
 	 *        	optional, delete email data from filesystem, default: 0 (false)
 	 *        	
@@ -405,10 +405,6 @@ class Emails extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 		Customers::decreaseUsage($customer['customerid'], 'email_forwarders_used', '', $number_forwarders);
 		Admins::decreaseUsage($customer['customerid'], 'email_forwarders_used', '', $number_forwarders);
 
-		if ($delete_userfiles) {
-			\Froxlor\System\Cronjob::inserttask('7', $customer['loginname'], $result['email_full']);
-		}
-
 		// delete address
 		$stmt = Database::prepare("DELETE FROM `" . TABLE_MAIL_VIRTUAL . "` WHERE `customerid`= :customerid AND `id`= :id");
 		Database::pexecute($stmt, array(

lib/Froxlor/Api/Commands/Ftps.php

@@ -40,7 +40,9 @@ class Ftps extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEntit
 	 * @param string $ftp_domain
 	 *        	optional if customer.ftpatdomain is allowed, specify a domain (customer must be owner)
 	 * @param int $customerid
-	 *        	required when called as admin, not needed when called as customer
+	 *        	optional, required when called as admin (if $loginname is not specified)
+	 * @param string $loginname
+	 *        	optional, required when called as admin (if $customerid is not specified)
 	 * @param array $additional_members
 	 *        	optional whether to add additional usernames to the group
 	 * @param bool $is_defaultuser
@@ -180,6 +182,17 @@ class Ftps extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEntit
 					), true, true);
 				}
 
+				// create quotatallies entry if it not exists, refs #885
+				if ($result_stmt->rowCount() == 0) {
+					$stmt = Database::prepare("INSERT INTO `" . TABLE_FTP_QUOTATALLIES . "`
+						(`name`, `quota_type`, `bytes_in_used`, `bytes_out_used`, `bytes_xfer_used`, `files_in_used`, `files_out_used`, `files_xfer_used`)
+						VALUES (:name, 'user', '0', '0', '0', '0', '0', '0')
+					");
+					Database::pexecute($stmt, array(
+						"name" => $username
+					), true, true);
+				}
+
 				$group_upd_stmt = Database::prepare("
 					UPDATE `" . TABLE_FTP_GROUPS . "`
 					SET `members` = CONCAT_WS(',',`members`, :username)
@@ -343,7 +356,7 @@ class Ftps extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEntit
 	 * @param string $username
 	 *        	optional, the username
 	 * @param string $ftp_password
-	 *        	password for the created database and database-user
+	 *        	optional, update password if specified
 	 * @param string $path
 	 *        	destination path relative to the customers-homedir
 	 * @param string $ftp_description
@@ -351,7 +364,9 @@ class Ftps extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEntit
 	 * @param string $shell
 	 *        	optional, default /bin/false (not changeable when deactivated)
 	 * @param int $customerid
-	 *        	required when called as admin, not needed when called as customer
+	 *        	optional, required when called as admin (if $loginname is not specified)
+	 * @param string $loginname
+	 *        	optional, required when called as admin (if $customerid is not specified)
 	 *        	
 	 * @access admin, customer
 	 * @throws \Exception

lib/Froxlor/Api/Commands/IpsAndPorts.php

@@ -171,17 +171,17 @@ class IpsAndPorts extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
 		if ($this->isAdmin() && $this->getUserDetail('change_serversettings')) {
 
 			$ip = \Froxlor\Validate\Validate::validate_ip2($this->getParam('ip'), false, 'invalidip', false, true, false, false, true);
-			$port = \Froxlor\Validate\Validate::validate($this->getParam('port', true, 80), 'port', '/^(([1-9])|([1-9][0-9])|([1-9][0-9][0-9])|([1-9][0-9][0-9][0-9])|([1-5][0-9][0-9][0-9][0-9])|(6[0-4][0-9][0-9][0-9])|(65[0-4][0-9][0-9])|(655[0-2][0-9])|(6553[0-5]))$/Di', array(
+			$port = \Froxlor\Validate\Validate::validate($this->getParam('port', true, 80), 'port', \Froxlor\Validate\Validate::REGEX_PORT, array(
 				'stringisempty',
 				'myport'
 			), array(), true);
 			$listen_statement = ! empty($this->getBoolParam('listen_statement', true, 0)) ? 1 : 0;
 			$namevirtualhost_statement = ! empty($this->getBoolParam('namevirtualhost_statement', true, 0)) ? 1 : 0;
 			$vhostcontainer = ! empty($this->getBoolParam('vhostcontainer', true, 0)) ? 1 : 0;
-			$specialsettings = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('specialsettings', true, '')), 'specialsettings', '/^[^\0]*$/', '', array(), true);
+			$specialsettings = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('specialsettings', true, '')), 'specialsettings', \Froxlor\Validate\Validate::REGEX_CONF_TEXT, '', array(), true);
 			$vhostcontainer_servername_statement = ! empty($this->getBoolParam('vhostcontainer_servername_statement', true, 1)) ? 1 : 0;
-			$default_vhostconf_domain = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('default_vhostconf_domain', true, '')), 'default_vhostconf_domain', '/^[^\0]*$/', '', array(), true);
+			$default_vhostconf_domain = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('default_vhostconf_domain', true, '')), 'default_vhostconf_domain', \Froxlor\Validate\Validate::REGEX_CONF_TEXT, '', array(), true);
-			$docroot = \Froxlor\Validate\Validate::validate($this->getParam('docroot', true, ''), 'docroot', '', '', array(), true);
+			$docroot = \Froxlor\Validate\Validate::validate($this->getParam('docroot', true, ''), 'docroot', \Froxlor\Validate\Validate::REGEX_DIR, '', array(), true);
 
 			if ((int) Settings::Get('system.use_ssl') == 1) {
 				$ssl = ! empty($this->getBoolParam('ssl', true, 0)) ? intval($this->getBoolParam('ssl', true, 0)) : 0;
@@ -189,9 +189,9 @@ class IpsAndPorts extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
 				$ssl_key_file = \Froxlor\Validate\Validate::validate($this->getParam('ssl_key_file', $ssl, ''), 'ssl_key_file', '', '', array(), true);
 				$ssl_ca_file = \Froxlor\Validate\Validate::validate($this->getParam('ssl_ca_file', true, ''), 'ssl_ca_file', '', '', array(), true);
 				$ssl_cert_chainfile = \Froxlor\Validate\Validate::validate($this->getParam('ssl_cert_chainfile', true, ''), 'ssl_cert_chainfile', '', '', array(), true);
-				$ssl_specialsettings = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('ssl_specialsettings', true, '')), 'ssl_specialsettings', '/^[^\0]*$/', '', array(), true);
+				$ssl_specialsettings = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('ssl_specialsettings', true, '')), 'ssl_specialsettings', \Froxlor\Validate\Validate::REGEX_CONF_TEXT, '', array(), true);
 				$include_specialsettings = ! empty($this->getBoolParam('include_specialsettings', true, 0)) ? 1 : 0;
-				$ssl_default_vhostconf_domain = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('ssl_default_vhostconf_domain', true, '')), 'ssl_default_vhostconf_domain', '/^[^\0]*$/', '', array(), true);
+				$ssl_default_vhostconf_domain = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('ssl_default_vhostconf_domain', true, '')), 'ssl_default_vhostconf_domain', \Froxlor\Validate\Validate::REGEX_CONF_TEXT, '', array(), true);
 				$include_default_vhostconf_domain = ! empty($this->getBoolParam('include_default_vhostconf_domain', true, 0)) ? 1 : 0;
 			} else {
 				$ssl = 0;
@@ -368,17 +368,17 @@ class IpsAndPorts extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
 			));
 
 			$ip = \Froxlor\Validate\Validate::validate_ip2($this->getParam('ip', true, $result['ip']), false, 'invalidip', false, true, false, false, true);
-			$port = \Froxlor\Validate\Validate::validate($this->getParam('port', true, $result['port']), 'port', '/^(([1-9])|([1-9][0-9])|([1-9][0-9][0-9])|([1-9][0-9][0-9][0-9])|([1-5][0-9][0-9][0-9][0-9])|(6[0-4][0-9][0-9][0-9])|(65[0-4][0-9][0-9])|(655[0-2][0-9])|(6553[0-5]))$/Di', array(
+			$port = \Froxlor\Validate\Validate::validate($this->getParam('port', true, $result['port']), 'port', \Froxlor\Validate\Validate::REGEX_PORT, array(
 				'stringisempty',
 				'myport'
 			), array(), true);
 			$listen_statement = $this->getBoolParam('listen_statement', true, $result['listen_statement']);
 			$namevirtualhost_statement = $this->getBoolParam('namevirtualhost_statement', true, $result['namevirtualhost_statement']);
 			$vhostcontainer = $this->getBoolParam('vhostcontainer', true, $result['vhostcontainer']);
-			$specialsettings = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('specialsettings', true, $result['specialsettings'])), 'specialsettings', '/^[^\0]*$/', '', array(), true);
+			$specialsettings = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('specialsettings', true, $result['specialsettings'])), 'specialsettings', \Froxlor\Validate\Validate::REGEX_CONF_TEXT, '', array(), true);
 			$vhostcontainer_servername_statement = $this->getParam('vhostcontainer_servername_statement', true, $result['vhostcontainer_servername_statement']);
-			$default_vhostconf_domain = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('default_vhostconf_domain', true, $result['default_vhostconf_domain'])), 'default_vhostconf_domain', '/^[^\0]*$/', '', array(), true);
+			$default_vhostconf_domain = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('default_vhostconf_domain', true, $result['default_vhostconf_domain'])), 'default_vhostconf_domain', \Froxlor\Validate\Validate::REGEX_CONF_TEXT, '', array(), true);
-			$docroot = \Froxlor\Validate\Validate::validate($this->getParam('docroot', true, $result['docroot']), 'docroot', '', '', array(), true);
+			$docroot = \Froxlor\Validate\Validate::validate($this->getParam('docroot', true, $result['docroot']), 'docroot', \Froxlor\Validate\Validate::REGEX_DIR, '', array(), true);
 
 			if ((int) Settings::Get('system.use_ssl') == 1) {
 				$ssl = $this->getBoolParam('ssl', true, $result['ssl']);
@@ -386,9 +386,9 @@ class IpsAndPorts extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
 				$ssl_key_file = \Froxlor\Validate\Validate::validate($this->getParam('ssl_key_file', $ssl, $result['ssl_key_file']), 'ssl_key_file', '', '', array(), true);
 				$ssl_ca_file = \Froxlor\Validate\Validate::validate($this->getParam('ssl_ca_file', true, $result['ssl_ca_file']), 'ssl_ca_file', '', '', array(), true);
 				$ssl_cert_chainfile = \Froxlor\Validate\Validate::validate($this->getParam('ssl_cert_chainfile', true, $result['ssl_cert_chainfile']), 'ssl_cert_chainfile', '', '', array(), true);
-				$ssl_specialsettings = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('ssl_specialsettings', true, $result['ssl_specialsettings'])), 'ssl_specialsettings', '/^[^\0]*$/', '', array(), true);
+				$ssl_specialsettings = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('ssl_specialsettings', true, $result['ssl_specialsettings'])), 'ssl_specialsettings', \Froxlor\Validate\Validate::REGEX_CONF_TEXT, '', array(), true);
 				$include_specialsettings = $this->getBoolParam('include_specialsettings', true, $result['include_specialsettings']);
-				$ssl_default_vhostconf_domain = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('ssl_default_vhostconf_domain', true, $result['ssl_default_vhostconf_domain'])), 'ssl_default_vhostconf_domain', '/^[^\0]*$/', '', array(), true);
+				$ssl_default_vhostconf_domain = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('ssl_default_vhostconf_domain', true, $result['ssl_default_vhostconf_domain'])), 'ssl_default_vhostconf_domain', \Froxlor\Validate\Validate::REGEX_CONF_TEXT, '', array(), true);
 				$include_default_vhostconf_domain = $this->getBoolParam('include_default_vhostconf_domain', true, $result['include_default_vhostconf_domain']);
 			} else {
 				$ssl = 0;

lib/Froxlor/Api/Commands/Mysqls.php

@@ -34,9 +34,9 @@ class Mysqls extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 	 * @param bool $sendinfomail
 	 *        	optional, send created resource-information to customer, default: false
 	 * @param int $customerid
-	 *        	optional, admin-only, the customer-id
+	 *        	optional, required when called as admin (if $loginname is not specified)
 	 * @param string $loginname
-	 *        	optional, admin-only, the loginname
+	 *        	optional, required when called as admin (if $customerid is not specified)
 	 *        	
 	 * @access admin, customer
 	 * @throws \Exception
@@ -278,9 +278,9 @@ class Mysqls extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 	 * @param string $description
 	 *        	optional, description for database
 	 * @param int $customerid
-	 *        	optional, admin-only, the customer-id
+	 *        	optional, required when called as admin (if $loginname is not specified)
 	 * @param string $loginname
-	 *        	optional, admin-only, the loginname
+	 *        	optional, required when called as admin (if $customerid is not specified)
 	 *        	
 	 * @access admin, customer
 	 * @throws \Exception
@@ -307,7 +307,7 @@ class Mysqls extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 
 		// paramters
 		$password = $this->getParam('mysql_password', true, '');
-		$databasedescription = $this->getParam('description', true, '');
+		$databasedescription = $this->getParam('description', true, $result['description']);
 
 		// validation
 		$password = \Froxlor\Validate\Validate::validate($password, 'password', '', '', array(), true);
@@ -462,9 +462,9 @@ class Mysqls extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 	 * @param int $mysql_server
 	 *        	optional, specify database-server, default is none
 	 * @param int $customerid
-	 *        	optional, admin-only, the customer-id
+	 *        	optional, required when called as admin (if $loginname is not specified)
 	 * @param string $loginname
-	 *        	optional, admin-only, the loginname
+	 *        	optional, required when called as admin (if $customerid is not specified)
 	 *        	
 	 * @access admin, customer
 	 * @throws \Exception

lib/Froxlor/Api/Commands/SubDomains.php

@@ -56,7 +56,9 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 	 * @param bool $hsts_preload
 	 *        	optional whether or not to preload HSTS header value, default 0
 	 * @param int $customerid
-	 *        	required when called as admin, not needed when called as customer
+	 *        	optional, required when called as admin (if $loginname is not specified)
+	 * @param string $loginname
+	 *        	optional, required when called as admin (if $customerid is not specified)
 	 *        	
 	 * @access admin, customer
 	 * @throws \Exception
@@ -470,7 +472,9 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 	 * @param bool $hsts_preload
 	 *        	optional whether or not to preload HSTS header value
 	 * @param int $customerid
-	 *        	required when called as admin, not needed when called as customer
+	 *        	optional, required when called as admin (if $loginname is not specified)
+	 * @param string $loginname
+	 *        	optional, required when called as admin (if $customerid is not specified)
 	 *        	
 	 * @access admin, customer
 	 * @throws \Exception
@@ -876,7 +880,9 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 	 * @param string $domainname
 	 *        	optional, the domainname
 	 * @param int $customerid
-	 *        	required when called as admin, not needed when called as customer
+	 *        	optional, required when called as admin (if $loginname is not specified)
+	 * @param string $loginname
+	 *        	optional, required when called as admin (if $customerid is not specified)
 	 *
 	 * @access admin, customer
 	 * @throws \Exception

lib/Froxlor/Api/Commands/Traffic.php

@@ -60,6 +60,10 @@ class Traffic extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 	 *        	optional, default empty
 	 * @param int $day
 	 *        	optional, default empty
+	 * @param int $date_from
+	 *        	optional timestamp, default empty, if specified, $year, $month and $day will be ignored
+	 * @param int $date_until
+	 *        	optional timestamp, default empty, if specified, $year, $month and $day will be ignored
 	 * @param bool $customer_traffic
 	 *        	optional, admin-only, whether to output ones own traffic or all of ones customers, default is 0 (false)
 	 * @param int $customerid
@@ -76,10 +80,29 @@ class Traffic extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 		$year = $this->getParam('year', true, "");
 		$month = $this->getParam('month', true, "");
 		$day = $this->getParam('day', true, "");
+		$date_from = $this->getParam('date_from', true, - 1);
+		$date_until = $this->getParam('date_until', true, - 1);
 		$customer_traffic = $this->getBoolParam('customer_traffic', true, 0);
 		$customer_ids = $this->getAllowedCustomerIds();
 		$result = array();
 		$params = array();
+
+		// validate parameters
+		if ($date_from >= 0 || $date_until >= 0) {
+			$year = "";
+			$month = "";
+			$day = "";
+			if ($date_from == $date_until) {
+				$date_until = -1;
+			}
+			if ($date_from >= 0 && $date_until >= 0 && $date_until < $date_from) {
+				// switch
+				$temp_ts = $date_from;
+				$date_from = $date_until;
+				$date_until = $temp_ts;
+			}
+		}
+
 		// check for year/month/day
 		$where_str = "";
 		if (! empty($year) && is_numeric($year)) {
@@ -94,6 +117,17 @@ class Traffic extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 			$where_str .= " AND `day` = :day";
 			$params['day'] = $day;
 		}
+		if ($date_from >= 0 && $date_until >= 0) {
+			$where_str .= " AND `stamp` BETWEEN :df AND :du";
+			$params['df'] = $date_from;
+			$params['du'] = $date_until;
+		} elseif ($date_from >= 0 && $date_until < 0) {
+			$where_str .= " AND `stamp` > :df";
+			$params['df'] = $date_from;
+		} elseif ($date_from < 0 && $date_until >= 0) {
+			$where_str .= " AND `stamp` < :du";
+			$params['du'] = $date_until;
+		}
 
 		if (! $this->isAdmin() || ($this->isAdmin() && $customer_traffic)) {
 			$result_stmt = Database::prepare("

lib/Froxlor/Bulk/BulkAction.php

@@ -35,20 +35,6 @@ abstract class BulkAction
 	 */
 	private $impFile = null;
 
-	/**
-	 * customer id of the user the entity is being added to
-	 *
-	 * @var int
-	 */
-	private $custId = null;
-
-	/**
-	 * array of customer data read from the database
-	 *
-	 * @var array
-	 */
-	private $custData = null;
-
 	/**
 	 * api-function to call for addingg entity
 	 *
@@ -70,20 +56,27 @@ abstract class BulkAction
 	 */
 	private $errors = array();
 
+	/**
+	 * logged in user
+	 *
+	 * @var array
+	 */
+	protected $userinfo = array();
+
 	/**
 	 * class constructor, optionally sets file and customer-id
 	 *
 	 * @param string $import_file
-	 * @param int $customer_id
+	 * @param array $userinfo
 	 *
 	 * @return object BulkAction instance
 	 */
-	protected function __construct($import_file = null, $customer_id = 0)
+	protected function __construct($import_file = null, $userinfo = array())
 	{
 		if (! empty($import_file)) {
 			$this->impFile = \Froxlor\FileDir::makeCorrectFile($import_file);
 		}
-		$this->custId = $customer_id;
+		$this->userinfo = $userinfo;
 	}
 
 	/**
@@ -109,18 +102,6 @@ abstract class BulkAction
 		$this->impFile = \Froxlor\FileDir::makeCorrectFile($import_file);
 	}
 
-	/**
-	 * setter for customer-id
-	 *
-	 * @param int $customer_id
-	 *
-	 * @return void
-	 */
-	public function setCustomer($customer_id = 0)
-	{
-		$this->custId = $customer_id;
-	}
-
 	/**
 	 * return the list of errors
 	 *
@@ -145,7 +126,7 @@ abstract class BulkAction
 
 	protected function importEntity($data_array = null)
 	{
-		global $userinfo;
+		if (empty($data_array)) return null;
 
 		$module = '\\Froxlor\\Api\\Commands\\' . substr($this->api_call, 0, strpos($this->api_call, "."));
 		$function = substr($this->api_call, strpos($this->api_call, ".") + 1);
@@ -159,7 +140,7 @@ abstract class BulkAction
 
 		$result = null;
 		try {
-			$json_result = $module::getLocal($userinfo, $new_data)->$function();
+			$json_result = $module::getLocal($this->userinfo, $new_data)->$function();
 			$result = json_decode($json_result, true)['data'];
 		} catch (\Exception $e) {
 			$this->errors[] = $e->getMessage();
@@ -189,6 +170,10 @@ abstract class BulkAction
 			throw new \Exception("Unable to read file '" . $this->impFile . "'");
 		}
 
+		if (empty($separator) || strlen($separator) != 1) {
+			throw new \Exception("Invalid separator specified: '" . $separator . "'");
+		}
+
 		$file_data = array();
 		$is_params_line = true;
 		$fh = @fopen($this->impFile, "r");
@@ -218,37 +203,4 @@ abstract class BulkAction
 		return $file_data;
 	}
 
-	/**
-	 * to be called first in doImport() to read in customer and entity data
-	 */
-	protected function preImport()
-	{
-		$this->readCustomerData();
-
-		if ($this->custId <= 0) {
-			throw new \Exception("Invalid customer selected");
-		}
-
-		if (is_null($this->custData)) {
-			throw new \Exception("Failed to read customer data");
-		}
-	}
-
-	/**
-	 * reads customer data from panel_customer by $_custId
-	 *
-	 * @return bool
-	 */
-	protected function readCustomerData()
-	{
-		$cust_stmt = \Froxlor\Database\Database::prepare("SELECT * FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `customerid` = :cid");
-		$this->custData = \Froxlor\Database\Database::pexecute_first($cust_stmt, array(
-			'cid' => $this->custId
-		));
-		if (is_array($this->custData) && isset($this->custData['customerid']) && $this->custData['customerid'] == $this->custId) {
-			return true;
-		}
-		$this->custData = null;
-		return false;
-	}
 }

lib/Froxlor/Bulk/DomainBulkAction.php

@@ -32,9 +32,9 @@ class DomainBulkAction extends BulkAction
 	 *
 	 * @return object DomainBulkAction instance
 	 */
-	public function __construct($import_file = null, $customer_id = 0)
+	public function __construct($import_file = null, $userinfo)
 	{
-		parent::__construct($import_file, $customer_id);
+		parent::__construct($import_file, $userinfo);
 		$this->setApiCall('Domains.add');
 	}
 
@@ -49,23 +49,14 @@ class DomainBulkAction extends BulkAction
 	 */
 	public function doImport($separator = ";", $offset = 0)
 	{
-		$this->preImport();
+		if ($this->userinfo['domains'] == "-1") {
-
-		// get the admins userinfo to check for domains_used, etc.
-		global $userinfo;
-
-		if ($userinfo['domains'] == "-1") {
 			$dom_unlimited = true;
 		} else {
 			$dom_unlimited = false;
 		}
 
-		$domains_used = (int) $userinfo['domains_used'];
+		$domains_used = (int) $this->userinfo['domains_used'];
-		$domains_avail = (int) $userinfo['domains'];
+		$domains_avail = (int) $this->userinfo['domains'];
-
-		if (empty($separator) || strlen($separator) != 1) {
-			throw new \Exception("Invalid separator specified: '" . $separator . "'");
-		}
 
 		if (! is_int($offset) || $offset < 0) {
 			throw new \Exception("Invalid offset specified");

lib/Froxlor/Cron/Dns/DnsBase.php

@@ -41,6 +41,7 @@ abstract class DnsBase
 	{
 		$this->logger = $logger;
 
+		$known_ns_ips = [];
 		if (Settings::Get('system.nameservers') != '') {
 			$nameservers = explode(',', Settings::Get('system.nameservers'));
 			foreach ($nameservers as $nameserver) {
@@ -58,6 +59,8 @@ abstract class DnsBase
 					$nameserver_ips = array(
 						$nameserver
 					);
+				} else {
+					$known_ns_ips = array_merge($known_ns_ips, $nameserver_ips);
 				}
 				$this->ns[] = array(
 					'hostname' => $nameserver,
@@ -80,7 +83,9 @@ abstract class DnsBase
 		if (Settings::Get('system.axfrservers') != '') {
 			$axfrservers = explode(',', Settings::Get('system.axfrservers'));
 			foreach ($axfrservers as $axfrserver) {
-				$this->axfr[] = trim($axfrserver);
+				if (!in_array(trim($axfrserver), $known_ns_ips)) {
+					$this->axfr[] = trim($axfrserver);
+				}
 			}
 		}
 	}
@@ -195,18 +200,18 @@ abstract class DnsBase
 
 			while ($domain = $result_domains_stmt->fetch(\PDO::FETCH_ASSOC)) {
 
-				$privkey_filename = \Froxlor\FileDir::makeCorrectFile(Settings::Get('dkim.dkim_prefix') . '/dkim_' . $domain['dkim_id']);
+				$privkey_filename = \Froxlor\FileDir::makeCorrectFile(Settings::Get('dkim.dkim_prefix') . '/dkim' . $domain['dkim_id'] . '.priv');
-				$pubkey_filename = \Froxlor\FileDir::makeCorrectFile(Settings::Get('dkim.dkim_prefix') . '/dkim_' . $domain['dkim_id'] . '.public');
+				$pubkey_filename = \Froxlor\FileDir::makeCorrectFile(Settings::Get('dkim.dkim_prefix') . '/dkim' . $domain['dkim_id'] . '.public');
 
 				if ($domain['dkim_privkey'] == '' || $domain['dkim_pubkey'] == '') {
 					$max_dkim_id_stmt = Database::query("SELECT MAX(`dkim_id`) as `max_dkim_id` FROM `" . TABLE_PANEL_DOMAINS . "`");
 					$max_dkim_id = $max_dkim_id_stmt->fetch(\PDO::FETCH_ASSOC);
 					$domain['dkim_id'] = (int) $max_dkim_id['max_dkim_id'] + 1;
-					$privkey_filename = \Froxlor\FileDir::makeCorrectFile(Settings::Get('dkim.dkim_prefix') . '/dkim_' . $domain['dkim_id']);
+					$privkey_filename = \Froxlor\FileDir::makeCorrectFile(Settings::Get('dkim.dkim_prefix') . '/dkim' . $domain['dkim_id'] . '.priv');
 					\Froxlor\FileDir::safe_exec('openssl genrsa -out ' . escapeshellarg($privkey_filename) . ' ' . Settings::Get('dkim.dkim_keylength'));
 					$domain['dkim_privkey'] = file_get_contents($privkey_filename);
 					\Froxlor\FileDir::safe_exec("chmod 0640 " . escapeshellarg($privkey_filename));
-					$pubkey_filename = \Froxlor\FileDir::makeCorrectFile(Settings::Get('dkim.dkim_prefix') . '/dkim_' . $domain['dkim_id'] . '.public');
+					$pubkey_filename = \Froxlor\FileDir::makeCorrectFile(Settings::Get('dkim.dkim_prefix') . '/dkim' . $domain['dkim_id'] . '.public');
 					\Froxlor\FileDir::safe_exec('openssl rsa -in ' . escapeshellarg($privkey_filename) . ' -pubout -outform pem -out ' . escapeshellarg($pubkey_filename));
 					$domain['dkim_pubkey'] = file_get_contents($pubkey_filename);
 					\Froxlor\FileDir::safe_exec("chmod 0664 " . escapeshellarg($pubkey_filename));

lib/Froxlor/Cron/Http/Apache.php

@@ -413,7 +413,8 @@ class Apache extends HttpConfigBase
 						$this->virtualhosts_data[$vhosts_filename] .= $this->processSpecialConfigTemplate($row_ipsandports['ssl_specialsettings'], $domain, $row_ipsandports['ip'], $row_ipsandports['port'], $row_ipsandports['ssl'] == '1') . "\n";
 					}
 
-					if ($row_ipsandports['ssl_cert_file'] == '') {
+					// check for required fallback
+					if (($row_ipsandports['ssl_cert_file'] == '' || ! file_exists($row_ipsandports['ssl_cert_file'])) && (Settings::Get('system.le_froxlor_enabled') == '0' || $this->froxlorVhostHasLetsEncryptCert() == false)) {
 						$row_ipsandports['ssl_cert_file'] = Settings::Get('system.ssl_cert_file');
 						if (! file_exists($row_ipsandports['ssl_cert_file'])) {
 							// explicitly disable ssl for this vhost
@@ -424,6 +425,11 @@ class Apache extends HttpConfigBase
 
 					if ($row_ipsandports['ssl_key_file'] == '') {
 						$row_ipsandports['ssl_key_file'] = Settings::Get('system.ssl_key_file');
+						if (! file_exists($row_ipsandports['ssl_key_file'])) {
+							// explicitly disable ssl for this vhost
+							$row_ipsandports['ssl_cert_file'] = "";
+							\Froxlor\FroxlorLogger::getInstanceOf()->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'System certificate key-file "' . Settings::Get('system.ssl_key_file') . '" does not seem to exist. Disabling SSL-vhost for "' . Settings::Get('system.hostname') . '"');
+						}
 					}
 
 					if ($row_ipsandports['ssl_ca_file'] == '') {
@@ -950,7 +956,7 @@ class Apache extends HttpConfigBase
 		}
 
 		if ($ssl_vhost === true && $domain['ssl'] == '1' && Settings::Get('system.use_ssl') == '1') {
-			if ($domain['ssl_cert_file'] == '') {
+			if ($domain['ssl_cert_file'] == '' || ! file_exists($domain['ssl_cert_file'])) {
 				$domain['ssl_cert_file'] = Settings::Get('system.ssl_cert_file');
 				if (! file_exists($domain['ssl_cert_file'])) {
 					// explicitly disable ssl for this vhost
@@ -959,8 +965,13 @@ class Apache extends HttpConfigBase
 				}
 			}
 
-			if ($domain['ssl_key_file'] == '') {
+			if ($domain['ssl_key_file'] == '' || ! file_exists($domain['ssl_key_file'])) {
 				$domain['ssl_key_file'] = Settings::Get('system.ssl_key_file');
+				if (! file_exists($domain['ssl_key_file'])) {
+					// explicitly disable ssl for this vhost
+					$domain['ssl_cert_file'] = "";
+					\Froxlor\FroxlorLogger::getInstanceOf()->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'System certificate key-file "' . Settings::Get('system.ssl_key_file') . '" does not seem to exist. Disabling SSL-vhost for "' . $domain['domain'] . '"');
+				}
 			}
 
 			if ($domain['ssl_ca_file'] == '') {

lib/Froxlor/Cron/Http/DomainSSL.php

@@ -105,7 +105,11 @@ class DomainSSL
 					$_fh = fopen($filename, 'w');
 					fwrite($_fh, $dom_certs[$type]);
 					fclose($_fh);
-					chmod($filename, 0600);
+					if ($type == 'ssl_key_file') {
+						chmod($filename, 0600);
+					} else {
+						chmod($filename, 0644);
+					}
 				}
 			}
 			// override corresponding array values

lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php

@@ -271,7 +271,7 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
 	 * @param int $domain_id
 	 * @param FroxlorLogger $cronlog
 	 */
-	private static function validateDns(&$domains = array(), $domain_id, &$cronlog)
+	private static function validateDns(array &$domains, $domain_id, &$cronlog)
 	{
 		if (Settings::Get('system.le_domain_dnscheck') == '1' && ! empty($domains)) {
 			$loop_domains = $domains;
@@ -290,7 +290,7 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
 		}
 	}
 
-	private static function runAcmeSh($certrow = array(), $domains = array(), &$cronlog = null, $force = false)
+	private static function runAcmeSh(array $certrow, array $domains, &$cronlog = null, $force = false)
 	{
 		if (! empty($domains)) {
 
@@ -502,7 +502,7 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
 
 		if (is_dir($certificate_folder) && file_exists($ssl_file) && is_readable($ssl_file)) {
 			$cert_data = openssl_x509_parse(file_get_contents($ssl_file));
-			if ($cert_data['validTo_time_t'] > strtotime($cert_date)) {
+			if ($cert_data && $cert_data['validTo_time_t'] > strtotime($cert_date)) {
 				return true;
 			}
 		}

lib/Froxlor/Cron/Http/Lighttpd.php

@@ -188,7 +188,8 @@ class Lighttpd extends HttpConfigBase
 					$this->lighttpd_data[$vhost_filename] .= $this->processSpecialConfigTemplate($row_ipsandports['ssl_specialsettings'], $domain, $row_ipsandports['ip'], $row_ipsandports['port'], $row_ipsandports['ssl'] == '1') . "\n";
 				}
 
-				if ($row_ipsandports['ssl_cert_file'] == '') {
+				// check for required fallback
+				if (($row_ipsandports['ssl_cert_file'] == '' || ! file_exists($row_ipsandports['ssl_cert_file'])) && (Settings::Get('system.le_froxlor_enabled') == '0' || $this->froxlorVhostHasLetsEncryptCert() == false)) {
 					$row_ipsandports['ssl_cert_file'] = Settings::Get('system.ssl_cert_file');
 					if (! file_exists($row_ipsandports['ssl_cert_file'])) {
 						// explicitly disable ssl for this vhost
@@ -555,7 +556,7 @@ class Lighttpd extends HttpConfigBase
 		$ssl_settings = '';
 
 		if ($ssl_vhost === true && $domain['ssl'] == '1' && (int) Settings::Get('system.use_ssl') == 1) {
-			if ($domain['ssl_cert_file'] == '') {
+			if ($domain['ssl_cert_file'] == '' || ! file_exists($domain['ssl_cert_file'])) {
 				$domain['ssl_cert_file'] = Settings::Get('system.ssl_cert_file');
 				if (! file_exists($domain['ssl_cert_file'])) {
 					// explicitly disable ssl for this vhost

lib/Froxlor/Cron/Http/Nginx.php

@@ -155,7 +155,8 @@ class Nginx extends HttpConfigBase
 				// we know whether it's an ssl vhost or not
 				$ssl_vhost = false;
 				if ($row_ipsandports['ssl'] == '1') {
-					if ($row_ipsandports['ssl_cert_file'] == '') {
+					// check for required fallback
+					if (($row_ipsandports['ssl_cert_file'] == '' || ! file_exists($row_ipsandports['ssl_cert_file'])) && (Settings::Get('system.le_froxlor_enabled') == '0' || $this->froxlorVhostHasLetsEncryptCert() == false)) {
 						$row_ipsandports['ssl_cert_file'] = Settings::Get('system.ssl_cert_file');
 						if (! file_exists($row_ipsandports['ssl_cert_file'])) {
 							// explicitly disable ssl for this vhost
@@ -165,6 +166,11 @@ class Nginx extends HttpConfigBase
 					}
 					if ($row_ipsandports['ssl_key_file'] == '') {
 						$row_ipsandports['ssl_key_file'] = Settings::Get('system.ssl_key_file');
+						if (! file_exists($row_ipsandports['ssl_key_file'])) {
+							// explicitly disable ssl for this vhost
+							$row_ipsandports['ssl_cert_file'] = "";
+							\Froxlor\FroxlorLogger::getInstanceOf()->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'System certificate key-file "' . Settings::Get('system.ssl_key_file') . '" does not seem to exist. Disabling SSL-vhost for "' . Settings::Get('system.hostname') . '"');
+						}
 					}
 					if ($row_ipsandports['ssl_ca_file'] == '') {
 						$row_ipsandports['ssl_ca_file'] = Settings::Get('system.ssl_ca_file');
@@ -659,7 +665,7 @@ class Nginx extends HttpConfigBase
 	{
 		$sslsettings = '';
 
-		if ($domain_or_ip['ssl_cert_file'] == '') {
+		if ($domain_or_ip['ssl_cert_file'] == '' || ! file_exists($domain_or_ip['ssl_cert_file'])) {
 			$domain_or_ip['ssl_cert_file'] = Settings::Get('system.ssl_cert_file');
 			if (! file_exists($domain_or_ip['ssl_cert_file'])) {
 				// explicitly disable ssl for this vhost
@@ -668,8 +674,15 @@ class Nginx extends HttpConfigBase
 			}
 		}
 
-		if ($domain_or_ip['ssl_key_file'] == '') {
+		if ($domain_or_ip['ssl_key_file'] == '' || ! file_exists($domain_or_ip['ssl_key_file'])) {
+			// use fallback
 			$domain_or_ip['ssl_key_file'] = Settings::Get('system.ssl_key_file');
+			// check whether it exists
+			if (! file_exists($domain_or_ip['ssl_key_file'])) {
+				// explicitly disable ssl for this vhost
+				$domain_or_ip['ssl_cert_file'] = "";
+				\Froxlor\FroxlorLogger::getInstanceOf()->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'System certificate key-file "' . Settings::Get('system.ssl_key_file') . '" does not seem to exist. Disabling SSL-vhost for "' . $domain_or_ip['domain'] . '"');
+			}
 		}
 
 		if ($domain_or_ip['ssl_ca_file'] == '') {
@@ -901,7 +914,6 @@ class Nginx extends HttpConfigBase
 			FROM `" . TABLE_PANEL_HTPASSWDS . "` AS a
 			JOIN `" . TABLE_PANEL_DOMAINS . "` AS b USING (`customerid`)
 			WHERE b.customerid = :customerid AND b.domain = :domain
-			AND path LIKE CONCAT(b.documentroot, '%')
 		");
 		Database::pexecute($result_stmt, array(
 			'customerid' => $domain['customerid'],
@@ -1041,10 +1053,10 @@ class Nginx extends HttpConfigBase
 
 		if (Settings::Get('system.awstats_enabled') == '1') {
 			// awstats
-			$stats_text .= "\t" . 'location /awstats {' . "\n";
+			$stats_text .= "\t" . 'location ^~ /awstats {' . "\n";
 		} else {
 			// webalizer
-			$stats_text .= "\t" . 'location /webalizer {' . "\n";
+			$stats_text .= "\t" . 'location ^~ /webalizer {' . "\n";
 		}
 
 		$stats_text .= "\t\t" . 'alias ' . $alias_dir . ';' . "\n";

lib/Froxlor/Cron/Traffic/ReportsCron.php

@@ -15,7 +15,7 @@ namespace Froxlor\Cron\Traffic;
  * @author Froxlor team <team@froxlor.org> (2010-)
  * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
  * @package Cron
- *         
+ *
  */
 use Froxlor\Database\Database;
 use Froxlor\Settings;
@@ -111,11 +111,11 @@ class ReportsCron extends \Froxlor\Cron\FroxlorCron
 						'varname' => 'trafficmaxpercent_subject'
 					);
 					$result2 = Database::pexecute_first($result2_stmt, $result2_data);
-					$mail_subject = html_entity_decode(\Froxlor\PhpHelper::replaceVariables((($result2['value'] != '') ? $result2['value'] : $lng['mails']['trafficmaxpercent']['subject']), $replace_arr));
+					$mail_subject = html_entity_decode(\Froxlor\PhpHelper::replaceVariables((($result2 !== false && $result2['value'] != '') ? $result2['value'] : $lng['mails']['trafficmaxpercent']['subject']), $replace_arr));
 
 					$result2_data['varname'] = 'trafficmaxpercent_mailbody';
 					$result2 = Database::pexecute_first($result2_stmt, $result2_data);
-					$mail_body = html_entity_decode(\Froxlor\PhpHelper::replaceVariables((($result2['value'] != '') ? $result2['value'] : $lng['mails']['trafficmaxpercent']['mailbody']), $replace_arr));
+					$mail_body = html_entity_decode(\Froxlor\PhpHelper::replaceVariables((($result2 !== false && $result2['value'] != '') ? $result2['value'] : $lng['mails']['trafficmaxpercent']['mailbody']), $replace_arr));
 
 					$_mailerror = false;
 					$mailerr_msg = "";
@@ -217,11 +217,11 @@ class ReportsCron extends \Froxlor\Cron\FroxlorCron
 						'varname' => 'trafficmaxpercent_subject'
 					);
 					$result2 = Database::pexecute_first($result2_stmt, $result2_data);
-					$mail_subject = html_entity_decode(\Froxlor\PhpHelper::replaceVariables((($result2['value'] != '') ? $result2['value'] : $lng['mails']['trafficmaxpercent']['subject']), $replace_arr));
+					$mail_subject = html_entity_decode(\Froxlor\PhpHelper::replaceVariables((($result2 !== false && $result2['value'] != '') ? $result2['value'] : $lng['mails']['trafficmaxpercent']['subject']), $replace_arr));
 
 					$result2_data['varname'] = 'trafficmaxpercent_mailbody';
 					$result2 = Database::pexecute_first($result2_stmt, $result2_data);
-					$mail_body = html_entity_decode(\Froxlor\PhpHelper::replaceVariables((($result2['value'] != '') ? $result2['value'] : $lng['mails']['trafficmaxpercent']['mailbody']), $replace_arr));
+					$mail_body = html_entity_decode(\Froxlor\PhpHelper::replaceVariables((($result2 !== false && $result2['value'] != '') ? $result2['value'] : $lng['mails']['trafficmaxpercent']['mailbody']), $replace_arr));
 
 					$_mailerror = false;
 					$mailerr_msg = "";
@@ -424,11 +424,11 @@ class ReportsCron extends \Froxlor\Cron\FroxlorCron
 						'varname' => 'diskmaxpercent_subject'
 					);
 					$result2 = Database::pexecute_first($result2_stmt, $result2_data);
-					$mail_subject = html_entity_decode(\Froxlor\PhpHelper::replaceVariables((($result2['value'] != '') ? $result2['value'] : $lng['mails']['diskmaxpercent']['subject']), $replace_arr));
+					$mail_subject = html_entity_decode(\Froxlor\PhpHelper::replaceVariables((($result2 !== false && $result2['value'] != '') ? $result2['value'] : $lng['mails']['diskmaxpercent']['subject']), $replace_arr));
 
 					$result2_data['varname'] = 'diskmaxpercent_mailbody';
 					$result2 = Database::pexecute_first($result2_stmt, $result2_data);
-					$mail_body = html_entity_decode(\Froxlor\PhpHelper::replaceVariables((($result2['value'] != '') ? $result2['value'] : $lng['mails']['diskmaxpercent']['mailbody']), $replace_arr));
+					$mail_body = html_entity_decode(\Froxlor\PhpHelper::replaceVariables((($result2 !== false && $result2['value'] != '') ? $result2['value'] : $lng['mails']['diskmaxpercent']['mailbody']), $replace_arr));
 
 					$_mailerror = false;
 					$mailerr_msg = "";
@@ -521,11 +521,11 @@ class ReportsCron extends \Froxlor\Cron\FroxlorCron
 						'varname' => 'diskmaxpercent_subject'
 					);
 					$result2 = Database::pexecute_first($result2_stmt, $result2_data);
-					$mail_subject = html_entity_decode(\Froxlor\PhpHelper::replaceVariables((($result2['value'] != '') ? $result2['value'] : $lng['mails']['diskmaxpercent']['subject']), $replace_arr));
+					$mail_subject = html_entity_decode(\Froxlor\PhpHelper::replaceVariables((($result2 !== false && $result2['value'] != '') ? $result2['value'] : $lng['mails']['diskmaxpercent']['subject']), $replace_arr));
 
 					$result2_data['varname'] = 'diskmaxpercent_mailbody';
 					$result2 = Database::pexecute_first($result2_stmt, $result2_data);
-					$mail_body = html_entity_decode(\Froxlor\PhpHelper::replaceVariables((($result2['value'] != '') ? $result2['value'] : $lng['mails']['diskmaxpercent']['mailbody']), $replace_arr));
+					$mail_body = html_entity_decode(\Froxlor\PhpHelper::replaceVariables((($result2 !== false && $result2['value'] != '') ? $result2['value'] : $lng['mails']['diskmaxpercent']['mailbody']), $replace_arr));
 
 					$_mailerror = false;
 					$mailerr_msg = "";

lib/Froxlor/Cron/Traffic/TrafficCron.php

@@ -163,6 +163,13 @@ class TrafficCron extends \Froxlor\Cron\FroxlorCron
 
 		$result_stmt = Database::query("SELECT * FROM `" . TABLE_PANEL_CUSTOMERS . "` ORDER BY `customerid` ASC");
 
+		$currentDate = date("Y-m-d");
+
+		$current_stamp = time();
+		$current_year = date('Y', $current_stamp);
+		$current_month = date('m', $current_stamp);
+		$current_day = date('d', $current_stamp);
+
 		while ($row = $result_stmt->fetch(\PDO::FETCH_ASSOC)) {
 			/**
 			 * HTTP-Traffic
@@ -208,7 +215,7 @@ class TrafficCron extends \Froxlor\Cron\FroxlorCron
 				// will iterate through all customer-domains and the awstats-configs
 				// know the logfile-name, #246
 				if (Settings::Get('system.awstats_enabled') == '1') {
-					$httptraffic += floatval(self::callAwstatsGetTraffic($row['customerid'], $row['documentroot'] . '/awstats/', $domainlist[$row['customerid']]));
+					$httptraffic += floatval(self::callAwstatsGetTraffic($row['customerid'], $row['documentroot'] . '/awstats/', $domainlist[$row['customerid']]), $current_stamp);
 				} else {
 					$httptraffic += floatval(self::callWebalizerGetTraffic($row['loginname'], $row['documentroot'] . '/webalizer/', $caption, $domainlist[$row['customerid']]));
 				}
@@ -250,8 +257,6 @@ class TrafficCron extends \Froxlor\Cron\FroxlorCron
 			if (Settings::Get("system.mailtraffic_enabled")) {
 				\Froxlor\FroxlorLogger::getInstanceOf()->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_INFO, 'mail traffic usage for ' . $row['loginname'] . " started...");
 
-				$currentDate = date("Y-m-d");
-
 				$domains_stmt = Database::prepare("SELECT domain FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `customerid` = :cid");
 				Database::pexecute($domains_stmt, array(
 					"cid" => $row['customerid']
@@ -312,10 +317,10 @@ class TrafficCron extends \Froxlor\Cron\FroxlorCron
 
 			$ins_data = array(
 				'customerid' => $row['customerid'],
-				'year' => date('Y', time()),
+				'year' => $current_year,
-				'month' => date('m', time()),
+				'month' => $current_month,
-				'day' => date('d', time()),
+				'day' => $current_day,
-				'stamp' => time(),
+				'stamp' => $current_stamp,
 				'http' => $current_traffic['http'],
 				'ftp_up' => $current_traffic['ftp_up'],
 				'ftp_down' => $current_traffic['ftp_down'],
@@ -340,8 +345,8 @@ class TrafficCron extends \Froxlor\Cron\FroxlorCron
 				FROM `" . TABLE_PANEL_TRAFFIC . "` WHERE `year` = :year AND `month` = :month AND `customerid` = :customerid
 			");
 			$sum_month_traffic = Database::pexecute_first($sum_month_traffic_stmt, array(
-				'year' => date('Y', time()),
+				'year' => $current_year,
-				'month' => date('m', time()),
+				'month' => $current_month,
 				'customerid' => $row['customerid']
 			));
 			$sum_month_traffic['all'] = $sum_month_traffic['http'] + $sum_month_traffic['ftp_up'] + $sum_month_traffic['ftp_down'] + $sum_month_traffic['mail'];
@@ -425,10 +430,10 @@ class TrafficCron extends \Froxlor\Cron\FroxlorCron
 
 			$ins_data = array(
 				'customerid' => $row['customerid'],
-				'year' => date('Y', time()),
+				'year' => $current_year,
-				'month' => date('m', time()),
+				'month' => $current_month,
-				'day' => date('d', time()),
+				'day' => $current_day,
-				'stamp' => time(),
+				'stamp' => $current_stamp,
 				'webspace' => $current_diskspace['webspace'],
 				'mail' => $current_diskspace['mail'],
 				'mysql' => $current_diskspace['mysql']
@@ -534,10 +539,10 @@ class TrafficCron extends \Froxlor\Cron\FroxlorCron
 
 				$ins_data = array(
 					'adminid' => $row['adminid'],
-					'year' => date('Y', time()),
+					'year' => $current_year,
-					'month' => date('m', time()),
+					'month' => $current_month,
-					'day' => date('d', time()),
+					'day' => $current_day,
-					'stamp' => time(),
+					'stamp' => $current_stamp,
 					'http' => $admin_traffic[$row['adminid']]['http'],
 					'ftp_up' => $admin_traffic[$row['adminid']]['ftp_up'],
 					'ftp_down' => $admin_traffic[$row['adminid']]['ftp_down'],
@@ -570,29 +575,6 @@ class TrafficCron extends \Froxlor\Cron\FroxlorCron
 			}
 
 			if (isset($admin_diskspace[$row['adminid']])) {
-
-				$ins_data = array(
-					'adminid' => $row['adminid'],
-					'year' => date('Y', time()),
-					'month' => date('m', time()),
-					'day' => date('d', time()),
-					'stamp' => time(),
-					'webspace' => $admin_diskspace[$row['adminid']]['webspace'],
-					'mail' => $admin_diskspace[$row['adminid']]['mail'],
-					'mysql' => $admin_diskspace[$row['adminid']]['mysql']
-				);
-				$ins_stmt = Database::prepare("
-					INSERT INTO `" . TABLE_PANEL_DISKSPACE_ADMINS . "` SET
-					`adminid` = :adminid,
-					`year` = :year,
-					`month` = :month,
-					`day` = :day,
-					`stamp` = :stamp,
-					`webspace` = :webspace,
-					`mail` = :mail,
-					`mysql` = :mysql
-				");
-
 				$upd_data = array(
 					'diskspace' => $admin_diskspace[$row['adminid']]['all'],
 					'adminid' => $row['adminid']
@@ -757,7 +739,7 @@ class TrafficCron extends \Froxlor\Cron\FroxlorCron
 		return;
 	}
 
-	private static function callAwstatsGetTraffic($customerid, $outputdir, $usersdomainlist)
+	private static function callAwstatsGetTraffic($customerid, $outputdir, $usersdomainlist, $current_stamp)
 	{
 		$returnval = 0;
 
@@ -789,8 +771,8 @@ class TrafficCron extends \Froxlor\Cron\FroxlorCron
 			");
 			$result_data = array(
 				'customerid' => $customerid,
-				'year' => date('Y', time()),
+				'year' => date('Y', $current_stamp),
-				'month' => date('m', time())
+				'month' => date('m', $current_stamp)
 			);
 			$result = Database::pexecute_first($result_stmt, $result_data);
 

lib/Froxlor/Froxlor.php

@@ -7,10 +7,10 @@ final class Froxlor
 {
 
 	// Main version variable
-	const VERSION = '0.10.20';
+	const VERSION = '0.10.23';
 
 	// Database version (YYYYMMDDC where C is a daily counter)
-	const DBVERSION = '202007240';
+	const DBVERSION = '202009070';
 
 	// Distribution branding-tag (used for Debian etc.)
 	const BRANDING = '';

lib/Froxlor/PhpHelper.php

@@ -112,7 +112,7 @@ class PhpHelper
 	 *
 	 * @return void|boolean
 	 */
-	public static function phpErrHandler($errno, $errstr, $errfile, $errline, $errcontext)
+	public static function phpErrHandler($errno, $errstr, $errfile, $errline, $errcontext = array())
 	{
 		if (! (error_reporting() & $errno)) {
 			// This error code is not included in error_reporting
@@ -223,9 +223,17 @@ class PhpHelper
 	 */
 	public static function gethostbynamel6($host, $try_a = true)
 	{
-		$dns6 = dns_get_record($host, DNS_AAAA);
+		$dns6 = @dns_get_record($host, DNS_AAAA);
+		if (!is_array($dns6)) {
+			// no record or failed to check
+			$dns6 = [];
+		}
 		if ($try_a == true) {
-			$dns4 = dns_get_record($host, DNS_A);
+			$dns4 = @dns_get_record($host, DNS_A);
+			if (!is_array($dns4)) {
+				// no record or failed to check
+				$dns4 = [];
+			}
 			$dns = array_merge($dns4, $dns6);
 		} else {
 			$dns = $dns6;
@@ -382,4 +390,21 @@ class PhpHelper
 		}
 		return $returnval;
 	}
+
+	/**
+	 * function to check a super-global passed by reference
+	 * so it gets automatically updated
+	 *
+	 * @param array $global
+	 * @param \voku\helper\AntiXSS $antiXss
+	 */
+	public static function cleanGlobal(&$global, &$antiXss)
+	{
+		if (isset($global) && ! empty($global)) {
+			$tmp = $global;
+			foreach ($tmp as $index => $value) {
+				$global[$index] = $antiXss->xss_clean($value);
+			}
+		}
+	}
 }

lib/Froxlor/System/Mailer.php

@@ -32,6 +32,14 @@ class Mailer extends \PHPMailer\PHPMailer\PHPMailer
 			$this->Port = Settings::Get('system.mail_smtp_port');
 		}
 
+		/**
+		 * use froxlor's email-validation
+		 */
+		self::$validator = [
+			'\Froxlor\\Validate\\Validate',
+			'validateEmail'
+		];
+
 		if (self::ValidateAddress(Settings::Get('panel.adminmail')) !== false) {
 			// set return-to address and custom sender-name, see #76
 			$this->SetFrom(Settings::Get('panel.adminmail'), Settings::Get('panel.adminmail_defname'));

lib/Froxlor/UI/HTML.php

@@ -299,7 +299,6 @@ class HTML
 			$checkbox = self::makecheckbox('delete_userfiles', $chk_text, '1', false, '0', true, true);
 		} else {
 			$checkbox = '<input type="hidden" name="delete_userfiles" value="0" />' . "\n";
-			;
 		}
 
 		$text = strtr($text, array(

lib/Froxlor/Validate/Form/Data.php

@@ -31,7 +31,7 @@ class Data
 			$newfieldvalue = str_replace("\t", " ", $newfieldvalue);
 
 			if (isset($fielddata['string_type']) && $fielddata['string_type'] == 'mail') {
-				$returnvalue = (filter_var($newfieldvalue, FILTER_VALIDATE_EMAIL) == $newfieldvalue);
+				$returnvalue = \Froxlor\Validate\Validate::validateEmail($newfieldvalue);
 			} elseif (isset($fielddata['string_type']) && $fielddata['string_type'] == 'url') {
 				$returnvalue = \Froxlor\Validate\Validate::validateUrl($newfieldvalue);
 			} elseif (isset($fielddata['string_type']) && $fielddata['string_type'] == 'dir') {
@@ -194,7 +194,7 @@ class Data
 			$newfieldvalue = str_replace("\t", " ", $newfieldvalue);
 
 			if (isset($fielddata['string_type']) && $fielddata['string_type'] == 'mail') {
-				$returnvalue = (filter_var($newfieldvalue, FILTER_VALIDATE_EMAIL) == $newfieldvalue);
+				$returnvalue = \Froxlor\Validate\Validate::validateEmail($newfieldvalue);
 			} elseif (isset($fielddata['string_type']) && $fielddata['string_type'] == 'url') {
 				$returnvalue = \Froxlor\Validate\Validate::validateUrl($newfieldvalue);
 			} elseif (isset($fielddata['string_type']) && $fielddata['string_type'] == 'dir') {

lib/Froxlor/Validate/Validate.php

@@ -4,6 +4,12 @@ namespace Froxlor\Validate;
 class Validate
 {
 
+	const REGEX_DIR = '/^|(\/[\w-]+)+$/';
+
+	const REGEX_PORT = '/^(([1-9])|([1-9][0-9])|([1-9][0-9][0-9])|([1-9][0-9][0-9][0-9])|([1-5][0-9][0-9][0-9][0-9])|(6[0-4][0-9][0-9][0-9])|(65[0-4][0-9][0-9])|(655[0-2][0-9])|(6553[0-5]))$/Di';
+
+	const REGEX_CONF_TEXT = '/^[^\0]*$/';
+
 	/**
 	 * Validates the given string by matching against the pattern, prints an error on failure and exits
 	 *
@@ -211,9 +217,9 @@ class Validate
 	public static function validateDomain($domainname, $allow_underscore = false)
 	{
 		if (is_string($domainname)) {
-			$char_validation = '([a-z\d](-*[a-z\d])*)(\.?([a-z\d](-*[a-z\d])*))*\.([a-z\d])+';
+			$char_validation = '([a-z\d](-*[a-z\d])*)(\.?([a-z\d](-*[a-z\d])*))*\.(xn\-\-)?([a-z\d])+';
 			if ($allow_underscore) {
-				$char_validation = '([a-z\d\_](-*[a-z\d\_])*)(\.([a-z\d\_](-*[a-z\d])*))*(\.?([a-z\d](-*[a-z\d])*))+\.([a-z\d])+';
+				$char_validation = '([a-z\d\_](-*[a-z\d\_])*)(\.([a-z\d\_](-*[a-z\d])*))*(\.?([a-z\d](-*[a-z\d])*))+\.(xn\-\-)?([a-z\d])+';
 			}
 
 			// valid chars check && overall length check && length of each label
@@ -250,6 +256,10 @@ class Validate
 	public static function validateEmail($email)
 	{
 		$email = strtolower($email);
+		// as of php-7.1
+		if (defined('FILTER_FLAG_EMAIL_UNICODE')) {
+			return filter_var($email, FILTER_VALIDATE_EMAIL, FILTER_FLAG_EMAIL_UNICODE);
+		}
 		return filter_var($email, FILTER_VALIDATE_EMAIL);
 	}
 

lib/formfields/admin/domains/formfield.domains_import.php

@@ -23,12 +23,6 @@ return array(
 				'title' => $lng['domains']['domain_import'],
 				'image' => 'icons/domain_add.png',
 				'fields' => array(
-					'customerid' => array(
-						'label' => $lng['admin']['customer'],
-						'type' => 'select',
-						'select_var' => $customers,
-						'mandatory' => true
-					),
 					'separator' => array(
 						'label' => $lng['domains']['import_separator'],
 						'type' => 'text',

lib/init.php

@@ -44,6 +44,8 @@ require dirname(__DIR__) . '/vendor/autoload.php';
 
 use Froxlor\Database\Database;
 use Froxlor\Settings;
+use voku\helper\AntiXSS;
+use Froxlor\PhpHelper;
 
 header("Content-Type: text/html; charset=UTF-8");
 
@@ -86,6 +88,17 @@ foreach ($_REQUEST as $key => $value) {
 	}
 }
 
+/**
+ * check for xss attempts and clean important globals
+ */
+$antiXss = new AntiXSS();
+// check $_GET
+PhpHelper::cleanGlobal($_GET, $antiXss);
+// check $_POST
+PhpHelper::cleanGlobal($_POST, $antiXss);
+// check $_COOKIE
+PhpHelper::cleanGlobal($_COOKIE, $antiXss);
+
 unset($_);
 unset($value);
 unset($key);
@@ -473,9 +486,9 @@ unset($js);
 unset($css);
 
 if (isset($_POST['action'])) {
-	$action = $_POST['action'];
+	$action = trim(strip_tags($_POST['action']));
 } elseif (isset($_GET['action'])) {
-	$action = $_GET['action'];
+	$action = trim(strip_tags($_GET['action']));
 } else {
 	$action = '';
 	// clear request data
@@ -485,9 +498,9 @@ if (isset($_POST['action'])) {
 }
 
 if (isset($_POST['page'])) {
-	$page = $_POST['page'];
+	$page = trim(strip_tags($_POST['page']));
 } elseif (isset($_GET['page'])) {
-	$page = $_GET['page'];
+	$page = trim(strip_tags($_GET['page']));
 } else {
 	$page = '';
 }

lib/tables.inc.php

@@ -37,7 +37,6 @@ define('TABLE_PANEL_TEMPLATES', 'panel_templates');
 define('TABLE_PANEL_TRAFFIC', 'panel_traffic');
 define('TABLE_PANEL_TRAFFIC_ADMINS', 'panel_traffic_admins');
 define('TABLE_PANEL_DISKSPACE', 'panel_diskspace');
-define('TABLE_PANEL_DISKSPACE_ADMINS', 'panel_diskspace_admins');
 define('TABLE_PANEL_LANGUAGE', 'panel_languages');
 define('TABLE_PANEL_IPSANDPORTS', 'panel_ipsandports');
 define('TABLE_PANEL_LOG', 'panel_syslog');

lng/english.lng.php

@@ -2038,7 +2038,7 @@ $lng['apikeys']['valid_until_help'] = 'Date until valid, format YYYY-MM-DD';
 $lng['serversettings']['enable_api']['title'] = 'Enable external API usage';
 $lng['serversettings']['enable_api']['description'] = 'In order to use the froxlor API you need to activate this option. For more detailed information see <a href="https://api.froxlor.org/" target="_new">https://api.froxlor.org/</a>';
 $lng['serversettings']['dhparams_file']['title'] = 'DHParams file (Diffie–Hellman key exchange)';
-$lng['serversettings']['dhparams_file']['description'] = 'If a dhparams.pem file is specified here it will be included in the webserver configuration. Leave empty to disable.<br>Example: /etc/apache2/ssl/dhparams.pem<br><br>If the file does not exist, it will be created automatically with the following command: <em>openssl dhparam -out /etc/apache2/ssl/dhparams.pem 4096<em>. It is recommended to create the file prior to specifying it here as the creation takes quite a while and blocks the cronjob.';
+$lng['serversettings']['dhparams_file']['description'] = 'If a dhparams.pem file is specified here it will be included in the webserver configuration. Leave empty to disable.<br>Example: /etc/ssl/webserver/dhparams.pem<br><br>If the file does not exist, it will be created automatically with the following command: <em>openssl dhparam -out /etc/ssl/webserver/dhparams.pem 4096<em>. It is recommended to create the file prior to specifying it here as the creation takes quite a while and blocks the cronjob.';
 $lng['2fa']['2fa'] = '2FA options';
 $lng['2fa']['2fa_enabled'] = 'Activate Two-factor authentication (2FA)';
 $lng['login']['2fa'] = 'Two-factor authentication (2FA)';
@@ -2098,3 +2098,5 @@ $lng['serversettings']['phpfpm_settings']['custom_config']['description'] = 'Add
 
 $lng['serversettings']['awstats']['logformat']['title'] = 'LogFormat setting';
 $lng['serversettings']['awstats']['logformat']['description'] = 'If you use customized logformat for your webserver, you need change the awstats LogFormat too.<br/>Default is 1. For more information check documentation <a target="_blank" href="https://awstats.sourceforge.io/docs/awstats_config.html#LogFormat">here</a>.';
+$lng['error']['cannotdeletesuperadmin'] = 'The first admin cannot be deleted.';
+$lng['error']['no_wwwcnamae_ifwwwalias'] = 'Cannot set CNAME record for "www" as domain is set to generate a www-alias. Please change settings to either "No alias" or "Wildcard alias"';

lng/german.lng.php

@@ -1685,7 +1685,7 @@ $lng['apikeys']['valid_until_help'] = 'Datum Gültigkeitsende, Format JJJJ-MM-TT
 $lng['serversettings']['enable_api']['title'] = 'Aktiviere externe API Nutzung';
 $lng['serversettings']['enable_api']['description'] = 'Um die froxlor API nutzen zu können, muss diese Option aktiviert sein. Für detaillierte Informationen siehe <a href="https://api.froxlor.org/" target="_new">https://api.froxlor.org/</a>';
 $lng['serversettings']['dhparams_file']['title'] = 'DHParams Datei (Diffie–Hellman key exchange)';
-$lng['serversettings']['dhparams_file']['description'] = 'Wird eine dhparams.pem Datei hier angegeben, wir sie in die Webserver Konfiguration mit eingefügt.<br>Beispiel: /etc/apache2/ssl/dhparams.pem<br><br>Existiert die Datei nicht, wird sie wie folgt erstellt: <em>openssl dhparam -out /etc/apache2/ssl/dhparams.pem 4096<em>. Es wird empfohlen die Datei zu erstellen, bevor sie hier angegeben wird, da die Erstellung längere Zeit in Anspruch nimmt und den Cronjob blockiert.';
+$lng['serversettings']['dhparams_file']['description'] = 'Wird eine dhparams.pem Datei hier angegeben, wir sie in die Webserver Konfiguration mit eingefügt.<br>Beispiel: /etc/ssl/webserver/dhparams.pem<br><br>Existiert die Datei nicht, wird sie wie folgt erstellt: <em>openssl dhparam -out /etc/ssl/webserver/dhparams.pem 4096<em>. Es wird empfohlen die Datei zu erstellen, bevor sie hier angegeben wird, da die Erstellung längere Zeit in Anspruch nimmt und den Cronjob blockiert.';
 $lng['2fa']['2fa'] = '2FA Optionen';
 $lng['2fa']['2fa_enabled'] = 'Aktiviere Zwei-Faktor Authentifizierung (2FA)';
 $lng['login']['2fa'] = 'Zwei-Faktor Authentifizierung (2FA)';
@@ -1745,3 +1745,5 @@ $lng['serversettings']['phpfpm_settings']['custom_config']['description'] = 'Fü
 
 $lng['serversettings']['awstats']['logformat']['title'] = 'LogFormat Einstellung';
 $lng['serversettings']['awstats']['logformat']['description'] = 'Wenn ein benutzerdefiniertes LogFormat beim Webserver verwendet wird, muss LogFormat von awstats ebenso angepasst werden.<br/>Standard ist 1. Für weitere Informationen siehe Dokumentation unter <a target="_blank" href="https://awstats.sourceforge.io/docs/awstats_config.html#LogFormat">hier</a>.';
+$lng['error']['cannotdeletesuperadmin'] = 'Der erste Administrator kann nicht gelöscht werden.';
+$lng['error']['no_wwwcnamae_ifwwwalias'] = 'Es kann kein CNAME Eintrag für "www" angelegt werden, da die Domain einen www-Alias aktiviert hat. Ändere diese Einstellung auf "Kein Alias" oder "Wildcard Alias"';

templates/Sparkle/assets/js/traffic.js

@@ -19,8 +19,8 @@ $(document).ready(function() {
 		} else {
 			ticks.push([i, $(row).children().first().html()]);
 		}
-		ftp.push([i, parseFloat(ftpd / 1024)]);
+		ftp.push([i, parseFloat(ftpd)]);
-		http.push([i, parseFloat(httpd / 1024)]);
+		http.push([i, parseFloat(httpd)]);
 		mail.push([i, parseFloat(maild)]);
 		i++;
 	});
@@ -107,24 +107,16 @@ $(document).ready(function() {
 		"font-size": "11px"
 	}).appendTo("body");
 
-	$("#ftpchart, #httpchart").bind("plothover", function(event, pos, item) {
+	$("#ftpchart, #httpchart, #mailchart").bind("plothover", function(event, pos, item) {
 		if (item) {
-			var y = item.datapoint[1].toFixed(2);
+			var y = item.datapoint[1];
+			var unit = 'MiB';
+			if (y > 1024) {
+				y /= 1024;
+				unit = 'GiB';
+			}
 
-			$("#tooltip").html(item.series.label + ": " + y + " GiB").css({
+			$("#tooltip").html(item.series.label + ": " + y.toFixed(2) + " " + unit).css({
-				top: item.pageY + 5,
-				left: item.pageX - $("#tooltip").width() / 2
-			}).fadeIn(200);
-		} else {
-			$("#tooltip").hide();
-		}
-	});
-
-	$("#mailchart").bind("plothover", function(event, pos, item) {
-		if (item) {
-			var y = item.datapoint[1].toFixed(2);
-
-			$("#tooltip").html(item.series.label + ": " + y + " MiB").css({
 				top: item.pageY + 5,
 				left: item.pageX - $("#tooltip").width() / 2
 			}).fadeIn(200);

tests/Admins/AdminsTest.php

@@ -355,4 +355,16 @@ class AdminsTest extends TestCase
 			'loginname' => 'admin'
 		))->update();
 	}
+
+	public function testAdminsAdminsCannotDeleteFirstAdmin()
+	{
+		global $admin_userdata;
+		$testadmin_userdata = $admin_userdata;
+		$testadmin_userdata['adminid'] = 10;
+
+		$this->expectExceptionMessage("The first admin cannot be deleted.");
+		Admins::getLocal($testadmin_userdata, array(
+			'loginname' => 'admin'
+		))->delete();
+	}
 }

tests/Bulk/DomainBulkTest.php

@@ -0,0 +1,79 @@
+<?php
+use PHPUnit\Framework\TestCase;
+
+use Froxlor\Api\Commands\Domains;
+use Froxlor\Bulk\DomainBulkAction;
+
+/**
+ *
+ * @covers \Froxlor\Bulk\BulkAction
+ * @covers \Froxlor\Bulk\DomainBulkAction
+ */
+class DomainBulkTest extends TestCase
+{
+	public function testNoImportFile()
+	{
+		global $admin_userdata;
+		$this->expectExceptionMessage("No file was given for import");
+		$bulk = new DomainBulkAction(null, $admin_userdata);
+		$bulk->doImport(";", 0);
+	}
+
+	public function testImportFileDoesNotExist()
+	{
+		global $admin_userdata;
+		$this->expectExceptionMessage("The file '/tmp/nonexisting.csv' could not be found");
+		$bulk = new DomainBulkAction("/tmp/nonexisting.csv", $admin_userdata);
+		$bulk->doImport(";", 0);
+	}
+
+	public function testImportDomains()
+	{
+		global $admin_userdata;
+
+		$content = <<<EOC
+domain;loginname;
+imported-a.com;test1;
+imported-b.com;test1;
+imported-c.com;test2;
+EOC;
+		file_put_contents('/tmp/import-test.csv', $content);
+		$bulk = new DomainBulkAction("/tmp/import-test.csv", $admin_userdata);
+		$result = $bulk->doImport(";", 0);
+
+		$this->assertEquals(3, $result['all']);
+		$this->assertEquals(2, $result['imported']);
+		$this->assertEquals("Customer with loginname 'test2' could not be found", $bulk->getErrors()[0]);
+
+		// now check whether the domain really exists for test1 user
+		$data = [
+			'domain' => 'imported-a.com'
+		];
+		$json_result = Domains::getLocal($admin_userdata, $data)->get();
+		$result = json_decode($json_result, true)['data'];
+		$this->assertEquals('imported-a.com', $result['domain']);
+		$this->assertEquals(1, $result['customerid']);
+	}
+
+	public function testImportDomainsMaxAlloc()
+	{
+		global $admin_userdata;
+
+		// fake allocation restriction
+		$admin_userdata['domains'] = 1;
+
+		$content = <<<EOC
+domain;loginname;
+imported-a.com;test1;
+imported-b.com;test1;
+imported-c.com;test2;
+EOC;
+		file_put_contents('/tmp/import-test.csv', $content);
+		$bulk = new DomainBulkAction("/tmp/import-test.csv", $admin_userdata);
+		$result = $bulk->doImport(";", 0);
+
+		$this->assertEquals(3, $result['all']);
+		$this->assertEquals(0, $result['imported']);
+		$this->assertEquals("You have reached your maximum allocation of domains (" . $admin_userdata['domains'] . ")", $result['notes']);
+	}
+}

tests/Certificates/CertificatesTest.php

@@ -64,7 +64,7 @@ class CertificatesTest extends TestCase
 			'ssl_key_file' => $certdata['key']
 		))->add();
 		$result = json_decode($json_result, true)['data'];
-		$this->assertEquals(6, $result['domainid']);
+		$this->assertEquals(7, $result['domainid']);
 	}
 
 	public function testAdminCertificatesList()
@@ -148,7 +148,7 @@ class CertificatesTest extends TestCase
 			'ssl_key_file' => $certdata['key']
 		))->update();
 		$result = json_decode($json_result, true)['data'];
-		$this->assertEquals(6, $result['domainid']);
+		$this->assertEquals(7, $result['domainid']);
 		$this->assertEquals(str_replace("\n", "", $certdata['cert']), str_replace("\n", "", $result['ssl_cert_file']));
 	}
 

tests/DomainZones/DomainZonesTest.php

@@ -4,6 +4,7 @@ use PHPUnit\Framework\TestCase;
 use Froxlor\Settings;
 use Froxlor\Api\Commands\Customers;
 use Froxlor\Api\Commands\DomainZones;
+use Froxlor\Api\Commands\Domains;
 
 /**
  *
@@ -719,6 +720,31 @@ class DomainZonesTest extends TestCase
 		DomainZones::getLocal($admin_userdata, $data)->add();
 	}
 
+	/**
+	 *
+	 * @depends testAdminDomainZonesAddCname
+	 */
+	public function testAdminDomainZonesAddCnameInvalidWwwAlias()
+	{
+		global $admin_userdata;
+
+		// set domain to www-alias
+		$data = [
+			'domainname' => 'test2.local',
+			'selectserveralias' => '1'
+		];
+		Domains::getLocal($admin_userdata, $data)->update();
+
+		$data = [
+			'domainname' => 'test2.local',
+			'record' => 'www',
+			'type' => 'CNAME',
+			'content' => 'testing.local'
+		];
+		$this->expectExceptionMessage('Cannot set CNAME record for "www" as domain is set to generate a www-alias. Please change settings to either "No alias" or "Wildcard alias"');
+		DomainZones::getLocal($admin_userdata, $data)->add();
+	}
+
 	/**
 	 *
 	 * @depends testAdminDomainZonesAddCname

tests/Domains/DomainsTest.php

@@ -198,16 +198,39 @@ class DomainsTest extends TestCase
 	public function testAdminDomainsUpdate()
 	{
 		global $admin_userdata;
+		// get customer
+		$json_result = Customers::getLocal($admin_userdata, array(
+			'loginname' => 'test1'
+		))->get();
+		$customer_userdata = json_decode($json_result, true)['data'];
 		$data = [
 			'domainname' => 'test.local',
 			'email_only' => 1,
-			'override_tls' => 0
+			'override_tls' => 0,
+			'documentroot' => 'web'
 		];
 		$json_result = Domains::getLocal($admin_userdata, $data)->update();
 		$result = json_decode($json_result, true)['data'];
 		$this->assertEquals(1, $result['email_only']);
 		$this->assertFalse(in_array('TLSv1.3', explode(",", $result['ssl_protocols'])));
 		$this->assertEquals('test.local', $result['domain']);
+		$this->assertEquals($customer_userdata['documentroot'] . 'web/', $result['documentroot']);
+	}
+
+	/**
+	 *
+	 * @depends testAdminDomainsAdd
+	 */
+	public function testAdminDomainsUpdateAbsolutePath()
+	{
+		global $admin_userdata;
+		$data = [
+			'domainname' => 'test.local',
+			'documentroot' => '/web'
+		];
+		$json_result = Domains::getLocal($admin_userdata, $data)->update();
+		$result = json_decode($json_result, true)['data'];
+		$this->assertEquals('/web/', $result['documentroot']);
 	}
 
 	/**
@@ -282,7 +305,7 @@ class DomainsTest extends TestCase
 			'customerid' => $customer_userdata['customerid'] + 1
 		];
 		Settings::Set('panel.allow_domain_change_customer', 1);
-		$this->expectExceptionMessage("The customer you have chosen doesn't exist.");
+		$this->expectExceptionMessage("Customer with id #2 could not be found");
 		Domains::getLocal($admin_userdata, $data)->update();
 	}
 
@@ -372,4 +395,30 @@ class DomainsTest extends TestCase
 			'domainname' => 'täst.local'
 		])->delete();
 	}
+
+	/**
+	 * @refs https://github.com/Froxlor/Froxlor/issues/899
+	 */
+	public function testAdminIdn2DomainsAdd()
+	{
+		global $admin_userdata;
+		// get customer
+		$json_result = Customers::getLocal($admin_userdata, array(
+			'loginname' => 'test1'
+		))->get();
+		$customer_userdata = json_decode($json_result, true)['data'];
+		$data = [
+			'domain' => 'उदाहरण.भारत',
+			'customerid' => $customer_userdata['customerid']
+		];
+		$json_result = Domains::getLocal($admin_userdata, $data)->add();
+		$result = json_decode($json_result, true)['data'];
+		$this->assertEquals($customer_userdata['documentroot'] . 'xn--p1b6ci4b4b3a.xn--h2brj9c/', $result['documentroot']);
+		$this->assertEquals('xn--p1b6ci4b4b3a.xn--h2brj9c', $result['domain']);
+		$this->assertEquals('उदाहरण.भारत', $result['domain_ace']);
+
+		Domains::getLocal($admin_userdata, [
+			'domainname' => 'उदाहरण.भारत'
+		])->delete();
+	}
 }

tests/Mysqls/MysqlsTest.php

@@ -136,6 +136,26 @@ class MysqlsTest extends TestCase
 		}
 	}
 
+	
+	/**
+	 *
+	 * @depends testCustomerMysqlsAdd
+	 */
+	public function testAdminMysqlsUpdatePwdOnly()
+	{
+		global $admin_userdata;
+		
+		$newPwd = \Froxlor\System\Crypt::generatePassword();
+		$data = [
+			'dbname' => 'test1sql1',
+			'mysql_password' => $newPwd,
+			'loginname' => 'test1'
+		];
+		$json_result = Mysqls::getLocal($admin_userdata, $data)->update();
+		$result = json_decode($json_result, true)['data'];
+		$this->assertEquals('testdb-upd', $result['description']);
+	}
+
 	/**
 	 *
 	 * @depends testCustomerMysqlsAdd

tests/Traffic/TrafficTest.php

@@ -111,6 +111,19 @@ class TrafficTest extends TestCase
 		$this->assertEquals(3, $result['list'][1]['customerid']);
 	}
 
+	public function testAdminTrafficListCustomersFilterCustomer()
+	{
+		global $admin_userdata;
+
+		$json_result = Traffic::getLocal($admin_userdata, array(
+			'customer_traffic' => 1,
+			'loginname' => 'test1'
+		))->listing();
+		$result = json_decode($json_result, true)['data'];
+		$this->assertEquals(1, $result['count']);
+		$this->assertEquals(1, $result['list'][0]['customerid']);
+	}
+
 	public function testCustomerTrafficList()
 	{
 		global $admin_userdata;

tests/bootstrap.php

@@ -63,7 +63,6 @@ Database::query("TRUNCATE TABLE `" . TABLE_FTP_QUOTATALLIES . "`;");
 Database::query("TRUNCATE TABLE `" . TABLE_MAIL_VIRTUAL . "`;");
 Database::query("TRUNCATE TABLE `" . TABLE_MAIL_USERS . "`;");
 Database::query("TRUNCATE TABLE `" . TABLE_PANEL_DISKSPACE . "`;");
-Database::query("TRUNCATE TABLE `" . TABLE_PANEL_DISKSPACE_ADMINS . "`;");
 Database::query("TRUNCATE TABLE `" . TABLE_PANEL_TRAFFIC . "`;");
 Database::query("TRUNCATE TABLE `" . TABLE_PANEL_TRAFFIC_ADMINS . "`;");
 Database::query("TRUNCATE TABLE `" . TABLE_PANEL_TASKS . "`;");