set version to 0.10.29.1 for bugfix release

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>

admin_admins.php

@@ -129,7 +129,7 @@ if ($page == 'admins' && $userinfo['change_serversettings'] == '1') {
 				'userid' => $userinfo['userid']
 			));
 
-			$s = md5(uniqid(microtime(), 1));
+			$s = \Froxlor\Froxlor::genSessionId();
 			$ins_stmt = Database::prepare("
 				INSERT INTO `" . TABLE_PANEL_SESSIONS . "` SET
 				`hash` = :hash, `userid` = :userid, `ipaddress` = :ip,

admin_customers.php

@@ -178,7 +178,7 @@ if ($page == 'customers' && $userinfo['customers'] != '0') {
 				'hash' => $s
 			));
 
-			$s = md5(uniqid(microtime(), 1));
+			$s = \Froxlor\Froxlor::genSessionId();
 			$insert = Database::prepare("
 				INSERT INTO `" . TABLE_PANEL_SESSIONS . "` SET
 					`hash` = :hash,

index.php

@@ -28,6 +28,12 @@ if ($action == '') {
 }
 
 if (session_status() == PHP_SESSION_NONE) {
+	ini_set("session.name", "s");
+	ini_set("url_rewriter.tags", "");
+	ini_set("session.use_cookies", false);
+	ini_set("session.cookie_httponly", true);
+	ini_set("session.cookie_secure", $is_ssl);
+	session_id('login');
 	session_start();
 }
 
@@ -669,7 +675,7 @@ function finishLogin($userinfo)
 	global $version, $dbversion, $remote_addr, $http_user_agent, $languages;
 
 	if (isset($userinfo['userid']) && $userinfo['userid'] != '') {
-		$s = md5(uniqid(microtime(), 1));
+		$s = \Froxlor\Froxlor::genSessionId();
 
 		if (isset($_POST['language'])) {
 			$language = \Froxlor\Validate\Validate::validate($_POST['language'], 'language');

install/froxlor.sql

@@ -722,8 +722,8 @@ opcache.interned_strings_buffer'),
 	('panel', 'logo_image_login', ''),
 	('panel', 'logo_overridetheme', '0'),
 	('panel', 'logo_overridecustom', '0'),
-	('panel', 'version', '0.10.28'),
+	('panel', 'version', '0.10.29.1'),
-	('panel', 'db_version', '202108180');
+	('panel', 'db_version', '202109040');
 
 
 DROP TABLE IF EXISTS `panel_tasks`;
@@ -822,7 +822,8 @@ INSERT INTO `panel_languages` (`id`, `language`, `iso`, `file`) VALUES
     (4, 'Português', 'pt', 'lng/portugues.lng.php'),
     (5, 'Italiano', 'it', 'lng/italian.lng.php'),
     (6, 'Nederlands', 'nl', 'lng/dutch.lng.php'),
-    (7, 'Svenska', 'sv', 'lng/swedish.lng.php');
+    (7, 'Svenska', 'sv', 'lng/swedish.lng.php'),
+    (8, 'Česká republika', 'cs', 'lng/czech.lng.php');
 
 
 DROP TABLE IF EXISTS `panel_syslog`;

install/lib/class.FroxlorInstall.php

@@ -163,10 +163,13 @@ class FroxlorInstall
 
 		$this->_getPostField('mysql_host', '127.0.0.1');
 		$this->_getPostField('mysql_database', 'froxlor');
+		$this->_getPostField('mysql_forcecreate', '0');
 		$this->_getPostField('mysql_unpriv_user', 'froxlor');
 		$this->_getPostField('mysql_unpriv_pass');
 		$this->_getPostField('mysql_root_user', 'root');
 		$this->_getPostField('mysql_root_pass');
+		$this->_getPostField('mysql_ssl_ca_file');
+		$this->_getPostField('mysql_ssl_verify_server_certificate', 0);
 		$this->_getPostField('admin_user', 'admin');
 		$this->_getPostField('admin_pass1');
 		$this->_getPostField('admin_pass2');
@@ -212,6 +215,12 @@ class FroxlorInstall
 		$options = array(
 			'PDO::MYSQL_ATTR_INIT_COMMAND' => 'SET names utf8'
 		);
+
+		if (!empty($this->_data['mysql_ssl_ca_file'])) {
+			$options[\PDO::MYSQL_ATTR_SSL_CA] = $this->_data['mysql_ssl_ca_file'];
+			$options[\PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = (bool) $this->_data['mysql_ssl_verify_server_certificate'];
+		}
+
 		$dsn = "mysql:host=" . $this->_data['mysql_host'] . ";";
 		$fatal_fail = false;
 		try {
@@ -246,15 +255,23 @@ class FroxlorInstall
 			$content .= $this->_status_message('green', "OK");
 			// check for existing db and create backup if so
 			$content .= $this->_backupExistingDatabase($db_root);
-			// create unprivileged user and the database itself
+			if (!$this->_abort) {
-			$content .= $this->_createDatabaseAndUser($db_root);
+				// create unprivileged user and the database itself
-			// importing data to new database
+				$content .= $this->_createDatabaseAndUser($db_root);
-			$content .= $this->_importDatabaseData();
+				// importing data to new database
+				$content .= $this->_importDatabaseData();
+			}
 			if (! $this->_abort) {
 				// create DB object for new database
 				$options = array(
 					'PDO::MYSQL_ATTR_INIT_COMMAND' => 'SET names utf8'
 				);
+
+				if (!empty($this->_data['mysql_ssl_ca_file'])) {
+					$options[\PDO::MYSQL_ATTR_SSL_CA] = $this->_data['mysql_ssl_ca_file'];
+					$options[\PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = (bool) $this->_data['mysql_ssl_verify_server_certificate'];
+				}
+
 				$dsn = "mysql:host=" . $this->_data['mysql_host'] . ";dbname=" . $this->_data['mysql_database'] . ";";
 				$another_fail = false;
 				try {
@@ -324,10 +341,14 @@ class FroxlorInstall
 		$userdata .= "\$sql['user']='" . addcslashes($this->_data['mysql_unpriv_user'], "'\\") . "';\n";
 		$userdata .= "\$sql['password']='" . addcslashes($this->_data['mysql_unpriv_pass'], "'\\") . "';\n";
 		$userdata .= "\$sql['db']='" . addcslashes($this->_data['mysql_database'], "'\\") . "';\n";
+		$userdata .= "\$sql['ssl']['caFile']='" . addcslashes($this->_data['mysql_ssl_ca_file'], "'\\") . "';\n";
+		$userdata .= "\$sql['ssl']['verifyServerCertificate']='" . addcslashes($this->_data['mysql_ssl_verify_server_certificate'], "'\\") . "';\n";
 		$userdata .= "\$sql_root[0]['caption']='Default';\n";
 		$userdata .= "\$sql_root[0]['host']='" . addcslashes($this->_data['mysql_host'], "'\\") . "';\n";
 		$userdata .= "\$sql_root[0]['user']='" . addcslashes($this->_data['mysql_root_user'], "'\\") . "';\n";
 		$userdata .= "\$sql_root[0]['password']='" . addcslashes($this->_data['mysql_root_pass'], "'\\") . "';\n";
+		$userdata .= "\$sql_root[0]['ssl']['caFile']='" . addcslashes($this->_data['mysql_ssl_ca_file'], "'\\") . "';\n";
+		$userdata .= "\$sql_root[0]['ssl']['verifyServerCertificate']='" . addcslashes($this->_data['mysql_ssl_verify_server_certificate'], "'\\") . "';\n";
 		$userdata .= "// enable debugging to browser in case of SQL errors\n";
 		$userdata .= "\$sql['debug'] = false;\n";
 		$userdata .= "?>";
@@ -360,6 +381,30 @@ class FroxlorInstall
 		return $content;
 	}
 
+	/**
+	 * generate safe unique token
+	 *
+	 * @param int $length
+	 * @return string
+	 */
+	private function genUniqueToken(int $length = 16)
+	{
+		if(!isset($length) || intval($length) <= 8 ){
+			$length = 16;
+		}
+		if (function_exists('random_bytes')) {
+			return bin2hex(random_bytes($length));
+		}
+		if (function_exists('mcrypt_create_iv')) {
+			return bin2hex(mcrypt_create_iv($length, MCRYPT_DEV_URANDOM));
+		}
+		if (function_exists('openssl_random_pseudo_bytes')) {
+			return bin2hex(openssl_random_pseudo_bytes($length));
+		}
+		// if everything else fails, use unsafe fallback
+		return md5(uniqid(microtime(), 1));
+	}
+
 	/**
 	 * create corresponding entries in froxlor database
 	 *
@@ -403,8 +448,8 @@ class FroxlorInstall
 		$content .= $this->_status_message('begin', $this->_lng['install']['adding_admin_user']);
 		$ins_data = array(
 			'loginname' => $this->_data['admin_user'],
-				/* use SHA256 default crypt */
+			/* use SHA256 default crypt */
-				'password' => crypt($this->_data['admin_pass1'], '$5$' . md5(uniqid(microtime(), 1)) . md5(uniqid(microtime(), 1))),
+			'password' => crypt($this->_data['admin_pass1'], '$5$' . $this->genUniqueToken() . $this->genUniqueToken()),
 			'email' => 'admin@' . $this->_data['servername'],
 			'deflang' => $this->_languages[$this->_activelng]
 		);
@@ -555,6 +600,12 @@ class FroxlorInstall
 		$options = array(
 			'PDO::MYSQL_ATTR_INIT_COMMAND' => 'SET names utf8'
 		);
+
+		if (!empty($this->_data['mysql_ssl_ca_file'])) {
+			$options[\PDO::MYSQL_ATTR_SSL_CA] = $this->_data['mysql_ssl_ca_file'];
+			$options[\PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = (bool) $this->_data['mysql_ssl_verify_server_certificate'];
+		}
+
 		$dsn = "mysql:host=" . $this->_data['mysql_host'] . ";dbname=" . $this->_data['mysql_database'] . ";";
 		$fatal_fail = false;
 		try {
@@ -733,38 +784,56 @@ class FroxlorInstall
 		));
 		$rows = $db_root->query("SELECT FOUND_ROWS()")->fetchColumn();
 
+		$content .= $this->_status_message('begin', $this->_lng['install']['check_db_exists']);
+
 		// check result
 		if ($result_stmt !== false && $rows > 0) {
 			$tables_exist = true;
 		}
 
 		if ($tables_exist) {
-			// tell what's going on
+			if ((int)$this->_data['mysql_forcecreate'] > 0) {
-			$content .= $this->_status_message('begin', $this->_lng['install']['backup_old_db']);
+				// set status
+				$content .= $this->_status_message('orange', 'exists (' . $this->_data['mysql_database'] . ')');
+				// tell what's going on
+				$content .= $this->_status_message('begin', $this->_lng['install']['backup_old_db']);
 
-			// create temporary backup-filename
+				// create temporary backup-filename
-			$filename = "/tmp/froxlor_backup_" . date('YmdHi') . ".sql";
+				$filename = "/tmp/froxlor_backup_" . date('YmdHi') . ".sql";
 
-			// look for mysqldump
+				// look for mysqldump
-			$do_backup = false;
+				$do_backup = false;
-			if (file_exists("/usr/bin/mysqldump")) {
+				if (file_exists("/usr/bin/mysqldump")) {
-				$do_backup = true;
+					$do_backup = true;
-				$mysql_dump = '/usr/bin/mysqldump';
+					$mysql_dump = '/usr/bin/mysqldump';
-			} elseif (file_exists("/usr/local/bin/mysqldump")) {
+				} elseif (file_exists("/usr/local/bin/mysqldump")) {
-				$do_backup = true;
+					$do_backup = true;
-				$mysql_dump = '/usr/local/bin/mysqldump';
+					$mysql_dump = '/usr/local/bin/mysqldump';
-			}
+				}
 
-			if ($do_backup) {
+				// create temporary .cnf file
-				$command = $mysql_dump . " " . escapeshellarg($this->_data['mysql_database']) . " -u " . escapeshellarg($this->_data['mysql_root_user']) . " --password='" . escapeshellarg($this->_data['mysql_root_pass']) . "' --result-file=" . $filename;
+				$cnffilename = "/tmp/froxlor_dump.cnf";
-				$output = exec($command);
+				$dumpcnf = "[mysqldump]" . PHP_EOL . "password=\"" . $this->_data['mysql_root_pass'] . "\"" . PHP_EOL;
-				if (stristr($output, "error")) {
+				file_put_contents($cnffilename, $dumpcnf);
-					$content .= $this->_status_message('red', $this->_lng['install']['backup_failed']);
+
+				if ($do_backup) {
+					$command = $mysql_dump . " --defaults-extra-file=" . $cnffilename . " " . escapeshellarg($this->_data['mysql_database']) . " -u " . escapeshellarg($this->_data['mysql_root_user']) . " --result-file=" . $filename;
+					$output = [];
+					exec($command, $output);
+					@unlink($cnffilename);
+					if (stristr(implode(" ", $output), "error") || ! file_exists($filename)) {
+						$content .= $this->_status_message('red', $this->_lng['install']['backup_failed']);
+						$this->_abort = true;
+					} else {
+						$content .= $this->_status_message('green', 'OK (' . $filename . ')');
+					}
 				} else {
-					$content .= $this->_status_message('green', 'OK (' . $filename . ')');
+					$content .= $this->_status_message('red', $this->_lng['install']['backup_binary_missing']);
+					$this->_abort = true;
 				}
 			} else {
-				$content .= $this->_status_message('red', $this->_lng['install']['backup_binary_missing']);
+				$content .= $this->_status_message('red', $this->_lng['install']['db_exists']);
+				$this->_abort = true;
 			}
 		}
 
@@ -801,6 +870,8 @@ class FroxlorInstall
 		$formdata .= $this->_getSectionItemString('mysql_host', true);
 		// database
 		$formdata .= $this->_getSectionItemString('mysql_database', true);
+		// database overwrite if exists?
+		$formdata .= $this->_getSectionItemYesNo('mysql_forcecreate', false);
 		// unpriv-user has to be different from root
 		if ($this->_data['mysql_unpriv_user'] == $this->_data['mysql_root_user']) {
 			$style = 'blue';
@@ -830,6 +901,9 @@ class FroxlorInstall
 		}
 		$formdata .= $this->_getSectionItemString('mysql_root_pass', true, $style, 'password');
 
+		$formdata .= $this->_getSectionItemString('mysql_ssl_ca_file', false, $style);
+		$formdata .= $this->_getSectionItemYesNo('mysql_ssl_verify_server_certificate', false, $style);
+
 		/**
 		 * admin data
 		 */
@@ -1363,7 +1437,14 @@ class FroxlorInstall
 
 			// read os-release
 			if (file_exists('/etc/os-release')) {
-				$os_dist = parse_ini_file('/etc/os-release', false);
+				$os_dist_content = file_get_contents('/etc/os-release');
+				$os_dist_arr = explode("\n", $os_dist_content);
+				$os_dist = [];
+				foreach ($os_dist_arr as $os_dist_line) {
+					if (empty(trim($os_dist_line))) continue;
+					$tmp = explode("=", $os_dist_line);
+					$os_dist[$tmp[0]] = str_replace('"', "", trim($tmp[1]));
+				}
 				if (is_array($os_dist) && array_key_exists('ID', $os_dist) && array_key_exists('VERSION_ID', $os_dist)) {
 					$os_version = explode('.', $os_dist['VERSION_ID'])[0];
 				}

install/lng/english.lng.php

@@ -53,10 +53,13 @@ $lng['install']['welcometext'] = 'Thank you for choosing Froxlor. Please fill ou
 $lng['install']['database'] = 'Database connection';
 $lng['install']['mysql_host'] = 'MySQL-Hostname';
 $lng['install']['mysql_database'] = 'Database name';
+$lng['install']['mysql_forcecreate'] = 'Backup and overwrite database if exists?';
 $lng['install']['mysql_unpriv_user'] = 'Username for the unprivileged MySQL-account';
 $lng['install']['mysql_unpriv_pass'] = 'Password for the unprivileged MySQL-account';
 $lng['install']['mysql_root_user'] = 'Username for the MySQL-root-account';
 $lng['install']['mysql_root_pass'] = 'Password for the MySQL-root-account';
+$lng['install']['mysql_ssl_ca_file'] = 'MySQL server certificate file path';
+$lng['install']['mysql_ssl_verify_server_certificate'] = 'Verify MySQL TLS certificate';
 $lng['install']['admin_account'] = 'Administrator Account';
 $lng['install']['admin_user'] = 'Administrator Username';
 $lng['install']['admin_pass1'] = 'Administrator Password';
@@ -79,6 +82,8 @@ $lng['install']['testing_mysql_fail'] = 'There seems to be a problem with the da
 $lng['install']['backup_old_db'] = 'Creating backup of old database...';
 $lng['install']['backup_binary_missing'] = 'Could not find mysqldump';
 $lng['install']['backup_failed'] = 'Could not backup database';
+$lng['install']['check_db_exists'] = 'Checking database...';
+$lng['install']['db_exists'] = 'Unable to create database. A database with the same name exists and should not be overwritten';
 $lng['install']['prepare_db'] = 'Preparing database...';
 $lng['install']['create_mysqluser_and_db'] = 'Creating database and username...';
 $lng['install']['testing_new_db'] = 'Testing if database and user have been created correctly...';

install/lng/german.lng.php

@@ -53,10 +53,13 @@ $lng['install']['welcometext'] = 'Vielen Dank dass Sie sich für Froxlor entschi
 $lng['install']['database'] = 'Datenbankverbindung';
 $lng['install']['mysql_host'] = 'MySQL-Hostname';
 $lng['install']['mysql_database'] = 'Datenbank Name';
+$lng['install']['mysql_forcecreate'] = 'Datenbank sichern und überschreiben wenn vorhanden?';
 $lng['install']['mysql_unpriv_user'] = 'Benutzername für den unprivilegierten MySQL-Account';
 $lng['install']['mysql_unpriv_pass'] = 'Passwort für den unprivilegierten MySQL-Account';
 $lng['install']['mysql_root_user'] = 'Benutzername für den MySQL-Root-Account';
 $lng['install']['mysql_root_pass'] = 'Passwort für den MySQL-Root-Account';
+$lng['install']['mysql_ssl_ca_file'] = 'MySQL-Server Zertifikatspfad';
+$lng['install']['mysql_ssl_verify_server_certificate'] = 'Validieren des MySQL-Server Zertifikats';
 $lng['install']['admin_account'] = 'Admin-Zugang';
 $lng['install']['admin_user'] = 'Administrator-Benutzername';
 $lng['install']['admin_pass1'] = 'Administrator-Passwort';
@@ -79,6 +82,8 @@ $lng['install']['testing_mysql_fail'] = 'Bei der Verwendung der Datenbank gibt e
 $lng['install']['backup_old_db'] = 'Sicherung vorheriger Datenbank...';
 $lng['install']['backup_binary_missing'] = 'Konnte mysqldump nicht finden';
 $lng['install']['backup_failed'] = 'Sicherung fehlgeschlagen';
+$lng['install']['check_db_exists'] = 'Databenbank wird geprüft...';
+$lng['install']['db_exists'] = 'Datenbank kann nicht erstellt werden. Eine Datenbank mit dem selben Namen existiert bereits und soll nicht überschrieben werden.';
 $lng['install']['prepare_db'] = 'Datenbank wird vorbereitet...';
 $lng['install']['create_mysqluser_and_db'] = 'Erstelle Datenbank und Benutzer...';
 $lng['install']['testing_new_db'] = 'Teste, ob Datenbank und Benutzer korrekt angelegt wurden...';

install/updates/froxlor/0.10/update_0.10.inc.php

@@ -926,3 +926,20 @@ if (\Froxlor\Froxlor::isFroxlorVersion('0.10.27')) {
 	showUpdateStep("Updating from 0.10.27 to 0.10.28", false);
 	\Froxlor\Froxlor::updateToVersion('0.10.28');
 }
+
+if (\Froxlor\Froxlor::isDatabaseVersion('202108180')) {
+	showUpdateStep("Adding czech language file", true);
+	Database::query("INSERT INTO `" . TABLE_PANEL_LANGUAGE . "` SET `language` = 'Česká republika', `iso` = 'cs', `file` = 'lng/czech.lng.php'");
+	lastStepStatus(0);
+	\Froxlor\Froxlor::updateToDbVersion('202109040');
+}
+
+if (\Froxlor\Froxlor::isFroxlorVersion('0.10.28')) {
+	showUpdateStep("Updating from 0.10.28 to 0.10.29", false);
+	\Froxlor\Froxlor::updateToVersion('0.10.29');
+}
+
+if (\Froxlor\Froxlor::isFroxlorVersion('0.10.29')) {
+	showUpdateStep("Updating from 0.10.29 to 0.10.29.1", false);
+	\Froxlor\Froxlor::updateToVersion('0.10.29.1');
+}

lib/Froxlor/Database/Database.php

@@ -279,6 +279,8 @@ class Database
 			$host = $sql_root[self::$dbserver]['host'];
 			$socket = isset($sql_root[self::$dbserver]['socket']) ? $sql_root[self::$dbserver]['socket'] : null;
 			$port = isset($sql_root[self::$dbserver]['port']) ? $sql_root[self::$dbserver]['port'] : '3306';
+			$sslCAFile = $sql_root[self::$dbserver]['ssl']['caFile'] ?? "";
+			$sslVerifyServerCertificate = $sql_root[self::$dbserver]['ssl']['verifyServerCertificate'] ?? false;
 		} else {
 			$caption = 'localhost';
 			$user = $sql["user"];
@@ -286,6 +288,8 @@ class Database
 			$host = $sql["host"];
 			$socket = isset($sql['socket']) ? $sql['socket'] : null;
 			$port = isset($sql['port']) ? $sql['port'] : '3306';
+			$sslCAFile = $sql['ssl']['caFile'] ?? "";
+			$sslVerifyServerCertificate = $sql['ssl']['verifyServerCertificate'] ?? false;
 		}
 
 		// save sql-access-data if needed
@@ -297,7 +301,9 @@ class Database
 				'port' => $port,
 				'socket' => $socket,
 				'db' => $sql["db"],
-				'caption' => $caption
+				'caption' => $caption,
+				'ssl_ca_file' => $sslCAFile,
+				'ssl_verify_server_certificate' => $sslVerifyServerCertificate
 			);
 		}
 
@@ -321,6 +327,11 @@ class Database
 		} else {
 			$dbconf["dsn"]['host'] = $host;
 			$dbconf["dsn"]['port'] = $port;
+
+			if (!empty(self::$sqldata['ssl_ca_file'])) {
+				$options[\PDO::MYSQL_ATTR_SSL_CA] = self::$sqldata['ssl_ca_file'];
+				$options[\PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = (bool) self::$sqldata['ssl_verify_server_certificate'];
+			}
 		}
 
 		self::$dbname = $sql["db"];

lib/Froxlor/Database/DbManager.php

@@ -82,10 +82,10 @@ class DbManager
 			// get all usernames from db-manager
 			$allsqlusers = $this->getManager()->getAllSqlUsers();
 			// generate random username
-			$username = $loginname . '-' . substr(md5(uniqid(microtime(), 1)), 20, 3);
+			$username = $loginname . '-' . substr(\Froxlor\Froxlor::genSessionId(), 20, 3);
 			// check whether it exists on the DBMS
 			while (in_array($username, $allsqlusers)) {
-				$username = $loginname . '-' . substr(md5(uniqid(microtime(), 1)), 20, 3);
+				$username = $loginname . '-' . substr(\Froxlor\Froxlor::genSessionId(), 20, 3);
 			}
 		} elseif (strtoupper(Settings::Get('customer.mysqlprefix')) == 'DBNAME') {
 			$username = $loginname;

lib/Froxlor/Dns/PowerDNS.php

@@ -62,6 +62,11 @@ class PowerDNS
 		} else {
 			$dbconf["dsn"]['host'] = $mysql_data['gmysql-host'];
 			$dbconf["dsn"]['port'] = $mysql_data['gmysql-port'];
+
+			if (!empty($mysql_data['gmysql-ssl-ca-file'])) {
+				$options[\PDO::MYSQL_ATTR_SSL_CA] = $mysql_data['gmysql-ssl-ca-file'];
+				$options[\PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = (bool) $mysql_data['gmysql-ssl-verify-server-certificate'];
+			}
 		}
 
 		// add options to dsn-string

lib/Froxlor/Domain/Domain.php

@@ -340,7 +340,7 @@ class Domain
 				// run remove command
 				\Froxlor\FileDir::safe_exec($acmesh . $params);
 				// remove certificates directory
-				@unlink($certificate_folder);
+				\Froxlor\FileDir::safe_exec('rm -rf ' . $certificate_folder);
 			}
 		}
 		return true;

lib/Froxlor/Froxlor.php

@@ -7,10 +7,10 @@ final class Froxlor
 {
 
 	// Main version variable
-	const VERSION = '0.10.28';
+	const VERSION = '0.10.29.1';
 
 	// Database version (YYYYMMDDC where C is a daily counter)
-	const DBVERSION = '202108180';
+	const DBVERSION = '202109040';
 
 	// Distribution branding-tag (used for Debian etc.)
 	const BRANDING = '';
@@ -202,6 +202,30 @@ final class Froxlor
 		return false;
 	}
 
+	/**
+	 * generate safe unique session id
+	 *
+	 * @param int $length
+	 * @return string
+	 */
+	public static function genSessionId(int $length = 16)
+	{
+		if(!isset($length) || intval($length) <= 8 ){
+			$length = 16;
+		}
+		if (function_exists('random_bytes')) {
+			return bin2hex(random_bytes($length));
+		}
+		if (function_exists('mcrypt_create_iv')) {
+			return bin2hex(mcrypt_create_iv($length, MCRYPT_DEV_URANDOM));
+		}
+		if (function_exists('openssl_random_pseudo_bytes')) {
+			return bin2hex(openssl_random_pseudo_bytes($length));
+		}
+		// if everything else fails, use unsafe fallback
+		return md5(uniqid(microtime(), 1));
+	}
+
 	/**
 	 * compare of froxlor versions
 	 *

lib/configfiles/bionic.xml

@@ -917,6 +917,8 @@ gmysql-dbname=pdns
 gmysql-user=powerdns
 gmysql-group=client
 gmysql-password=
+#gmysql-ssl-ca-file=
+#gmysql-ssl-verify-server-certificate=0
 ]]>
 						</content>
 					</file>

lib/configfiles/bullseye.xml

@@ -891,6 +891,8 @@ gmysql-dbname=pdns
 gmysql-user=powerdns
 gmysql-group=client
 gmysql-password=
+#gmysql-ssl-ca-file=
+#gmysql-ssl-verify-server-certificate=0
 ]]>
 						</content>
 					</file>

lib/configfiles/buster.xml

@@ -891,6 +891,8 @@ gmysql-dbname=pdns
 gmysql-user=powerdns
 gmysql-group=client
 gmysql-password=
+#gmysql-ssl-ca-file=
+#gmysql-ssl-verify-server-certificate=0
 ]]>
 						</content>
 					</file>

lib/configfiles/focal.xml

@@ -904,6 +904,8 @@ gmysql-dbname=pdns
 gmysql-user=powerdns
 gmysql-group=client
 gmysql-password=
+#gmysql-ssl-ca-file=
+#gmysql-ssl-verify-server-certificate=0
 ]]>
 						</content>
 					</file>

lib/configfiles/gentoo.xml

@@ -912,6 +912,8 @@ gmysql-dbname=pdns
 gmysql-user=powerdns
 gmysql-group=client
 gmysql-password=
+#gmysql-ssl-ca-file=
+#gmysql-ssl-verify-server-certificate=0
 ]]>
 						</content>
 					</file>

lib/configfiles/stretch.xml

@@ -906,6 +906,8 @@ gmysql-dbname=pdns
 gmysql-user=powerdns
 gmysql-group=client
 gmysql-password=
+#gmysql-ssl-ca-file=
+#gmysql-ssl-verify-server-certificate=0
 ]]>
 						</content>
 					</file>

lib/configfiles/xenial.xml

@@ -917,6 +917,8 @@ gmysql-dbname=pdns
 gmysql-user=powerdns
 gmysql-group=client
 gmysql-password=
+#gmysql-ssl-ca-file=
+#gmysql-ssl-verify-server-certificate=0
 ]]>
 						</content>
 					</file>

lib/init.php

@@ -103,7 +103,7 @@ unset($_);
 unset($value);
 unset($key);
 
-$filename = htmlentities(basename($_SERVER['PHP_SELF']));
+$filename = htmlentities(basename($_SERVER['SCRIPT_NAME']));
 
 // check whether the userdata file exists
 if (! file_exists(\Froxlor\Froxlor::getInstallDir() . '/lib/userdata.inc.php')) {
@@ -161,7 +161,9 @@ $idna_convert = new \Froxlor\Idna\IdnaWrapper();
 /**
  * If Froxlor was called via HTTPS -> enforce it for the next time by settings HSTS header according to settings
  */
+$is_ssl = false;
 if (isset($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) != 'off')) {
+	$is_ssl = true;
 	$maxage = Settings::Get('system.hsts_maxage');
 	if (empty($maxage)) {
 		$maxage = 0;
@@ -217,6 +219,8 @@ if (isset($s) && $s != "" && $nosession != 1) {
 	ini_set("session.name", "s");
 	ini_set("url_rewriter.tags", "");
 	ini_set("session.use_cookies", false);
+	ini_set("session.cookie_httponly", true);
+	ini_set("session.cookie_secure", $is_ssl);
 	session_id($s);
 	session_start();
 	$query = "SELECT `s`.*, `u`.* FROM `" . TABLE_PANEL_SESSIONS . "` `s` LEFT JOIN `";

lng/czech.lng.php

@@ -382,7 +382,7 @@ $lng['serversettings']['pathedit']['description'] = 'Měla by cesta být na výb
 $lng['serversettings']['nameservers']['title'] = 'Názvy serverů';
 $lng['serversettings']['nameservers']['description'] = 'Seznam oddělený čárkami obsahující názvy hostitelů všech jmenných serverů. První bude primární.';
 $lng['serversettings']['mxservers']['title'] = 'MX servery';
-$lng['serversettings']['mxservers']['description'] = 'Seznam oddělený čárkami obsahující dvojici čísla a jméno hostitele oddělené mezerou (např. \ '10 mx.example.com \ ') obsahující servery mx.';
+$lng['serversettings']['mxservers']['description'] = 'Seznam oddělený čárkami obsahující dvojici čísla a jméno hostitele oddělené mezerou (např. \'10 mx.example.com\') obsahující servery mx.';
 
 /**
  * CHANGED BETWEEN 1.2.12 and 1.2.13

templates/Sparkle/login/fpwd.tpl

@@ -10,7 +10,7 @@ $header
 				</div>
 			</if>
 			<section class="loginsec">
-				<form method="post" action="$filename" enctype="application/x-www-form-urlencoded">
+				<form method="post" action="index.php" enctype="application/x-www-form-urlencoded">
 					<fieldset>
 					<legend>Froxlor&nbsp;-&nbsp;{$lng['login']['presend']}</legend>
 					<p>

templates/Sparkle/login/login.tpl

@@ -25,7 +25,7 @@ $header
 		</if>
 
 		<section class="loginsec">
-			<form method="post" action="$filename" enctype="application/x-www-form-urlencoded">
+			<form method="post" action="index.php" enctype="application/x-www-form-urlencoded">
 				<input type="hidden" name="script" value="{$lastscript}" />
 				<input type="hidden" name="qrystr" value="{$lastqrystr}" />
 				<fieldset>

templates/Sparkle/login/login_ftp.tpl

@@ -1,41 +0,0 @@
-	<article class="login bradius">
-		<header class="dark">
-			<img src="{$header_logo_login}" alt="{t}Froxlor Server Management Panel{/t}" />
-		</header>
-
-		{if isset($successmessage)}
-			<div class="successcontainer bradius">
-				<div class="successtitle">{t}Success{/t}</div>
-				<div class="success">{$successmessage}</div>
-			</div>
-		{/if}
-
-		{if isset($errormessage)}
-			<div class="errorcontainer bradius">
-				<div class="errortitle">{t}Error{/t}</div>
-				<div class="error">{$errormessage}</div>
-			</div>
-		{/if}
-
-		<section class="loginsec">
-			<form method="post" action="webftp.php" enctype="application/x-www-form-urlencoded">
-				<fieldset>
-				<legend>{t}Froxlor - WebFTP - Login{/t}</legend>
-				<p>
-					<label for="loginname">{t}Username{/t}:</label>&nbsp;
-					<input type="text" name="loginname" id="loginname" value="" required/>
-				</p>
-				<p>
-					<label for="password">{t}Password{/t}:</label>&nbsp;
-					<input type="password" name="password" id="password" required/>
-				</p>
-				<p class="submit">
-					<input type="hidden" name="send" value="send" />
-					<input type="submit" value="{t}Login{/t}" />
-				</p>
-				</fieldset>
-			</form>
-			<aside>&nbsp;</aside>
-		</section>
-
-	</article>

templates/Sparkle/login/rpwd.tpl

@@ -11,7 +11,7 @@ $header
 			</if>
 			<section class="loginsec">
 				<h3>{$lng['pwdreminder']['choosenew']}</h3>
-				<form method="post" action="{$filename}?action=resetpwd&resetcode={$activationcode}" enctype="application/x-www-form-urlencoded">
+				<form method="post" action="index.php?action=resetpwd&resetcode={$activationcode}" enctype="application/x-www-form-urlencoded">
 					<fieldset>
 					<legend>Froxlor&nbsp;-&nbsp;{$lng['login']['presend']}</legend>
 					<p>