set version to 0.10.30 for upcoming release

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>

admin_apcuinfo.php

@@ -67,6 +67,9 @@ if ($page == 'showinfo') {
 	$uptime_duration = duration($cache['start_time']);
 	$size_vars = bsize($cache['mem_size']);
 
+	$num_hits_and_misses = $cache['num_hits'] + $cache['num_misses'];
+	$num_hits_and_misses = 0 >= $num_hits_and_misses ? 1 : $num_hits_and_misses;
+
 	// check for possible empty values that are used in the templates
 	if (! isset($cache['file_upload_progress'])) {
 		$cache['file_upload_progress'] = $lng['logger']['unknown'];
@@ -84,8 +87,8 @@ if ($page == 'showinfo') {
 
 	$freemem = bsize($mem_avail) . sprintf(" (%.1f%%)", $mem_avail * 100 / $mem_size);
 	$usedmem = bsize($mem_used) . sprintf(" (%.1f%%)", $mem_used * 100 / $mem_size);
-	$hits = $cache['num_hits'] . @sprintf(" (%.1f%%)", $cache['num_hits'] * 100 / ($cache['num_hits'] + $cache['num_misses']));
+	$hits = $cache['num_hits'] . @sprintf(" (%.1f%%)", $cache['num_hits'] * 100 / $num_hits_and_misses);
-	$misses = $cache['num_misses'] . @sprintf(" (%.1f%%)", $cache['num_misses'] * 100 / ($cache['num_hits'] + $cache['num_misses']));
+	$misses = $cache['num_misses'] . @sprintf(" (%.1f%%)", $cache['num_misses'] * 100 / $num_hits_and_misses);
 
 	// Fragmentation: (freeseg - 1) / total_seg
 	$nseg = $freeseg = $fragsize = $freetotal = 0;

admin_configfiles.php

@@ -38,13 +38,43 @@ if ($userinfo['change_serversettings'] == '1') {
 
 	// try to convert namserver hosts to ip's
 	$ns_ips = "";
+	$known_ns_ips = [];
 	if (Settings::Get('system.nameservers') != '') {
 		$nameservers = explode(',', Settings::Get('system.nameservers'));
 		foreach ($nameservers as $nameserver) {
 			$nameserver = trim($nameserver);
+			// DNS servers might be multi homed; allow transfer from all ip
+			// addresses of the DNS server
 			$nameserver_ips = \Froxlor\PhpHelper::gethostbynamel6($nameserver);
-			if (is_array($nameserver_ips) && count($nameserver_ips) > 0) {
+			// append dot to hostname
-				$ns_ips .= implode(",", $nameserver_ips);
+			if (substr($nameserver, - 1, 1) != '.') {
+				$nameserver .= '.';
+			}
+			// ignore invalid responses
+			if (! is_array($nameserver_ips)) {
+				// act like \Froxlor\PhpHelper::gethostbynamel6() and return unmodified hostname on error
+				$nameserver_ips = array(
+					$nameserver
+				);
+			} else {
+				$known_ns_ips = array_merge($known_ns_ips, $nameserver_ips);
+			}
+			if (!empty($ns_ips)) {
+				$ns_ips .= ',';
+			}
+			$ns_ips .= implode(",", $nameserver_ips);
+		}
+	}
+
+	// AXFR server
+	if (Settings::Get('system.axfrservers') != '') {
+		$axfrservers = explode(',', Settings::Get('system.axfrservers'));
+		foreach ($axfrservers as $axfrserver) {
+			if (!in_array(trim($axfrserver), $known_ns_ips)) {
+				if (!empty($ns_ips)) {
+					$ns_ips .= ',';
+				}
+				$ns_ips .= trim($axfrserver);
 			}
 		}
 	}
@@ -59,7 +89,6 @@ if ($userinfo['change_serversettings'] == '1') {
 		'<SERVERIP>' => Settings::Get('system.ipaddress'),
 		'<NAMESERVERS>' => Settings::Get('system.nameservers'),
 		'<NAMESERVERS_IP>' => $ns_ips,
-		'<AXFRSERVERS>' => Settings::Get('system.axfrservers'),
 		'<VIRTUAL_MAILBOX_BASE>' => Settings::Get('system.vmail_homedir'),
 		'<VIRTUAL_UID_MAPS>' => Settings::Get('system.vmail_uid'),
 		'<VIRTUAL_GID_MAPS>' => Settings::Get('system.vmail_gid'),

install/froxlor.sql

@@ -532,7 +532,7 @@ opcache.interned_strings_buffer'),
 	('system', 'vmail_gid', '2000'),
 	('system', 'vmail_homedir', '/var/customers/mail/'),
 	('system', 'vmail_maildirname', 'Maildir'),
-	('system', 'bind_enable', '1'),
+	('system', 'bind_enable', '0'),
 	('system', 'bindconf_directory', '/etc/bind/'),
 	('system', 'bindreload_command', '/etc/init.d/bind9 reload'),
 	('system', 'hostname', 'SERVERNAME'),
@@ -722,7 +722,7 @@ opcache.interned_strings_buffer'),
 	('panel', 'logo_image_login', ''),
 	('panel', 'logo_overridetheme', '0'),
 	('panel', 'logo_overridecustom', '0'),
-	('panel', 'version', '0.10.29'),
+	('panel', 'version', '0.10.30'),
 	('panel', 'db_version', '202109040');
 
 

install/lib/class.FroxlorInstall.php

@@ -791,48 +791,52 @@ class FroxlorInstall
 			$tables_exist = true;
 		}
 
-		if ($tables_exist && (int)$this->_data['mysql_forcecreate'] > 0) {
+		if ($tables_exist) {
-			// set status
+			if ((int)$this->_data['mysql_forcecreate'] > 0) {
-			$content .= $this->_status_message('orange', 'exists (' . $this->_data['mysql_database'] . ')');
+				// set status
-			// tell what's going on
+				$content .= $this->_status_message('orange', 'exists (' . $this->_data['mysql_database'] . ')');
-			$content .= $this->_status_message('begin', $this->_lng['install']['backup_old_db']);
+				// tell what's going on
+				$content .= $this->_status_message('begin', $this->_lng['install']['backup_old_db']);
 
-			// create temporary backup-filename
+				// create temporary backup-filename
-			$filename = "/tmp/froxlor_backup_" . date('YmdHi') . ".sql";
+				$filename = "/tmp/froxlor_backup_" . date('YmdHi') . ".sql";
 
-			// look for mysqldump
+				// look for mysqldump
-			$do_backup = false;
+				$do_backup = false;
-			if (file_exists("/usr/bin/mysqldump")) {
+				if (file_exists("/usr/bin/mysqldump")) {
-				$do_backup = true;
+					$do_backup = true;
-				$mysql_dump = '/usr/bin/mysqldump';
+					$mysql_dump = '/usr/bin/mysqldump';
-			} elseif (file_exists("/usr/local/bin/mysqldump")) {
+				} elseif (file_exists("/usr/local/bin/mysqldump")) {
-				$do_backup = true;
+					$do_backup = true;
-				$mysql_dump = '/usr/local/bin/mysqldump';
+					$mysql_dump = '/usr/local/bin/mysqldump';
-			}
+				}
 
-			// create temporary .cnf file
+				// create temporary .cnf file
-			$cnffilename = "/tmp/froxlor_dump.cnf";
+				$cnffilename = "/tmp/froxlor_dump.cnf";
-			$dumpcnf = "[mysqldump]".PHP_EOL."password=\"".$this->_data['mysql_root_pass']."\"".PHP_EOL;
+				$dumpcnf = "[mysqldump]" . PHP_EOL . "password=\"" . $this->_data['mysql_root_pass'] . "\"" . PHP_EOL;
-			file_put_contents($cnffilename, $dumpcnf);
+				file_put_contents($cnffilename, $dumpcnf);
 
-			if ($do_backup) {
+				if ($do_backup) {
-				$command = $mysql_dump . " --defaults-extra-file=" . $cnffilename . " " . escapeshellarg($this->_data['mysql_database']) . " -u " . escapeshellarg($this->_data['mysql_root_user']) . " --result-file=" . $filename;
+					$command = $mysql_dump . " --defaults-extra-file=" . $cnffilename . " " . escapeshellarg($this->_data['mysql_database']) . " -u " . escapeshellarg($this->_data['mysql_root_user']) . " --result-file=" . $filename;
-				$output = [];
+					$output = [];
-				exec($command, $output);
+					exec($command, $output);
-				@unlink($cnffilename);
+					@unlink($cnffilename);
-				if (stristr(implode(" ", $output), "error") || !file_exists($filename)) {
+					if (stristr(implode(" ", $output), "error") || ! file_exists($filename)) {
-					$content .= $this->_status_message('red', $this->_lng['install']['backup_failed']);
+						$content .= $this->_status_message('red', $this->_lng['install']['backup_failed']);
-					$this->_abort = true;
+						$this->_abort = true;
+					} else {
+						$content .= $this->_status_message('green', 'OK (' . $filename . ')');
+					}
 				} else {
-					$content .= $this->_status_message('green', 'OK (' . $filename . ')');
+					$content .= $this->_status_message('red', $this->_lng['install']['backup_binary_missing']);
+					$this->_abort = true;
 				}
 			} else {
-				$content .= $this->_status_message('red', $this->_lng['install']['backup_binary_missing']);
+				$content .= $this->_status_message('red', $this->_lng['install']['db_exists']);
 				$this->_abort = true;
 			}
 		} else {
-			$content .= $this->_status_message('red', $this->_lng['install']['db_exists']);
+			$content .= $content .= $this->_status_message('green', 'OK');
-			$this->_abort = true;
 		}
 
 		return $content;

install/updates/froxlor/0.10/update_0.10.inc.php

@@ -938,3 +938,13 @@ if (\Froxlor\Froxlor::isFroxlorVersion('0.10.28')) {
 	showUpdateStep("Updating from 0.10.28 to 0.10.29", false);
 	\Froxlor\Froxlor::updateToVersion('0.10.29');
 }
+
+if (\Froxlor\Froxlor::isFroxlorVersion('0.10.29')) {
+	showUpdateStep("Updating from 0.10.29 to 0.10.29.1", false);
+	\Froxlor\Froxlor::updateToVersion('0.10.29.1');
+}
+
+if (\Froxlor\Froxlor::isFroxlorVersion('0.10.29.1')) {
+	showUpdateStep("Updating from 0.10.29.1 to 0.10.30", false);
+	\Froxlor\Froxlor::updateToVersion('0.10.30');
+}

lib/Froxlor/Api/Commands/Domains.php

@@ -239,7 +239,7 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 	 *        	optional, whether to create an exclusive web-logfile for this domain, default 0 (false)
 	 * @param int $alias
 	 *        	optional, domain-id of a domain that the new domain should be an alias of, default 0 (none)
-	 * @param bool $issubof
+	 * @param int $issubof
 	 *        	optional, domain-id of a domain this domain is a subdomain of (required for webserver-cronjob to generate the correct order), default 0 (none)
 	 * @param string $registration_date
 	 *        	optional, date of domain registration in form of YYYY-MM-DD, default empty (none)
@@ -901,7 +901,7 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 	 *        	optional, when setting $speciallogfile to false, this needs to be set to true to confirm the action, default 0 (false)
 	 * @param int $alias
 	 *        	optional, domain-id of a domain that the new domain should be an alias of, default 0 (none)
-	 * @param bool $issubof
+	 * @param int $issubof
 	 *        	optional, domain-id of a domain this domain is a subdomain of (required for webserver-cronjob to generate the correct order), default 0 (none)
 	 * @param string $registration_date
 	 *        	optional, date of domain registration in form of YYYY-MM-DD, default empty (none)

lib/Froxlor/Api/Commands/Mysqls.php

@@ -61,7 +61,9 @@ class Mysqls extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 		$password = \Froxlor\Validate\Validate::validate($password, 'password', '', '', array(), true);
 		$password = \Froxlor\System\Crypt::validatePassword($password, true);
 		$databasedescription = \Froxlor\Validate\Validate::validate(trim($databasedescription), 'description', '', '', array(), true);
-		$databasename = \Froxlor\Validate\Validate::validate(trim($databasename), 'database_name', '', '', array(), true);
+		if (!empty($databasename)) {
+			$databasename = \Froxlor\Validate\Validate::validate(trim($databasename), 'database_name', '/^[A-Za-z0-9][A-Za-z0-9\-_]+$/i', '', array(), true);
+		}
 
 		// validate whether the dbserver exists
 		$dbserver = \Froxlor\Validate\Validate::validate($dbserver, html_entity_decode($this->lng['mysql']['mysql_server']), '', '', 0, true);

lib/Froxlor/Api/Commands/PhpSettings.php

@@ -217,7 +217,9 @@ class PhpSettings extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
 	 *        	optional number of seconds for idle-timeout if FPM is used, default is fpm-daemon-value
 	 * @param string $limit_extensions
 	 *        	optional limitation of php-file-extensions if FPM is used, default is fpm-daemon-value
-	 *        	
+	 * @param bool $allow_all_customers
+	 *        	optional add this configuration to the list of every existing customer's allowed-fpm-config list, default is false (no)
+	 *
 	 * @access admin
 	 * @throws \Exception
 	 * @return string json-encoded array
@@ -261,6 +263,7 @@ class PhpSettings extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
 			$max_requests = $this->getParam('max_requests', true, $def_fpmconfig['max_requests']);
 			$idle_timeout = $this->getParam('idle_timeout', true, $def_fpmconfig['idle_timeout']);
 			$limit_extensions = $this->getParam('limit_extensions', true, $def_fpmconfig['limit_extensions']);
+			$allow_all_customers = $this->getBoolParam('allow_all_customers', true, 0);
 
 			// validation
 			$description = \Froxlor\Validate\Validate::validate($description, 'description', '', '', array(), true);
@@ -367,6 +370,8 @@ class PhpSettings extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
 			$result = $this->apiCall('PhpSettings.get', array(
 				'id' => $ins_data['id']
 			));
+
+			$this->addForAllCustomers($allow_all_customers, $ins_data['id']);
 			return $this->response(200, "successful", $result);
 		}
 		throw new \Exception("Not allowed to execute given command.", 403);
@@ -418,6 +423,8 @@ class PhpSettings extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
 	 *        	optional number of seconds for idle-timeout if FPM is used, default is fpm-daemon-value
 	 * @param string $limit_extensions
 	 *        	optional limitation of php-file-extensions if FPM is used, default is fpm-daemon-value
+	 * @param bool $allow_all_customers
+	 *        	optional add this configuration to the list of every existing customer's allowed-fpm-config list, default is false (no)
 	 *        	
 	 * @access admin
 	 * @throws \Exception
@@ -456,6 +463,7 @@ class PhpSettings extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
 			$max_requests = $this->getParam('max_requests', true, $result['max_requests']);
 			$idle_timeout = $this->getParam('idle_timeout', true, $result['idle_timeout']);
 			$limit_extensions = $this->getParam('limit_extensions', true, $result['limit_extensions']);
+			$allow_all_customers = $this->getBoolParam('allow_all_customers', true, 0);
 
 			// validation
 			$description = \Froxlor\Validate\Validate::validate($description, 'description', '', '', array(), true);
@@ -563,6 +571,8 @@ class PhpSettings extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
 			$result = $this->apiCall('PhpSettings.get', array(
 				'id' => $id
 			));
+
+			$this->addForAllCustomers($allow_all_customers, $id);
 			return $this->response(200, "successful", $result);
 		}
 		throw new \Exception("Not allowed to execute given command.", 403);
@@ -618,4 +628,38 @@ class PhpSettings extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
 		}
 		throw new \Exception("Not allowed to execute given command.", 403);
 	}
+
+	/**
+	 * add given php-config id to the list of allowed php-config to all currently existing customers
+	 * if allow_all_customers parameter is true in PhpSettings::add() or PhpSettings::update()
+	 *
+	 * @param bool $allow_all_customers
+	 * @param int $config_id
+	 */
+	private function addForAllCustomers(bool $allow_all_customers, int $config_id)
+	{
+		// should this config be added to the allowed list of all existing customers?
+		if ($allow_all_customers) {
+			$sel_stmt = Database::prepare("SELECT customerid, allowed_phpconfigs FROM `" . TABLE_PANEL_CUSTOMERS . "`");
+			$upd_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET allowed_phpconfigs = :ap WHERE customerid = :cid");
+			Database::pexecute($sel_stmt);
+			while ($cust = $sel_stmt->fetch(\PDO::FETCH_ASSOC)) {
+				// get existing entries of customer
+				$ap = json_decode($cust['allowed_phpconfigs'], true);
+				// initialize array if it's empty
+				if (empty($ap)) {
+					$ap = [];
+				}
+				// add this config
+				$ap[] = $config_id;
+				// check for duplicates and force value-type to be int
+				$ap = array_map('intval', array_unique($ap));
+				// update customer-entry
+				Database::pexecute($upd_stmt, [
+					'ap' => json_encode($ap),
+					'cid' => $cust['customerid']
+				]);
+			}
+		}
+	}
 }

lib/Froxlor/Api/Commands/SubDomains.php

@@ -262,6 +262,16 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 				$phpsid_result['phpsettingid'] = intval($phpsettingid);
 			}
 
+			$allowed_phpconfigs = $customer['allowed_phpconfigs'];
+			if (! empty($allowed_phpconfigs)) {
+				$allowed_phpconfigs = json_decode($allowed_phpconfigs, true);
+			} else {
+				$allowed_phpconfigs = [];
+			}
+			if (! in_array($phpsid_result['phpsettingid'], $allowed_phpconfigs)) {
+				\Froxlor\UI\Response::standard_error('notallowedphpconfigused', '', true);
+			}
+
 			// actually insert domain
 			$stmt = Database::prepare("
 				INSERT INTO `" . TABLE_PANEL_DOMAINS . "` SET
@@ -616,7 +626,7 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 
 		// We can't enable let's encrypt for wildcard-domains
 		if ($iswildcarddomain == '1' && $letsencrypt == '1') {
-			\Froxlor\UI\Response::standard_error('nowildcardwithletsencrypt');
+			\Froxlor\UI\Response::standard_error('nowildcardwithletsencrypt', '', true);
 		}
 
 		// Temporarily deactivate ssl_redirect until Let's Encrypt certificate was generated
@@ -638,6 +648,16 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 			$this->logger()->logAction($this->isAdmin() ? \Froxlor\FroxlorLogger::ADM_ACTION : \Froxlor\FroxlorLogger::USR_ACTION, LOG_NOTICE, "[API] automatically deleted mail-table entries for '" . $idna_convert->decode($result['domain']) . "'");
 		}
 
+		$allowed_phpconfigs = $customer['allowed_phpconfigs'];
+		if (! empty($allowed_phpconfigs)) {
+			$allowed_phpconfigs = json_decode($allowed_phpconfigs, true);
+		} else {
+			$allowed_phpconfigs = [];
+		}
+		if (! in_array($phpsettingid, $allowed_phpconfigs)) {
+			\Froxlor\UI\Response::standard_error('notallowedphpconfigused', '', true);
+		}
+
 		// handle redirect
 		if ($_doredirect) {
 			\Froxlor\Domain\Domain::updateRedirectOfDomain($id, $redirectcode);

lib/Froxlor/Bulk/BulkAction.php

@@ -133,7 +133,7 @@ abstract class BulkAction
 
 		$new_data = array();
 		foreach ($this->api_params as $idx => $param) {
-			if (isset($data_array[$idx]) && ! empty($data_array[$idx])) {
+			if (isset($data_array[$idx])) {
 				$new_data[$param] = $data_array[$idx];
 			}
 		}

lib/Froxlor/Cli/Action/ConfigServicesAction.php

@@ -341,13 +341,43 @@ class ConfigServicesAction extends \Froxlor\Cli\Action
 
 		// try to convert namserver hosts to ip's
 		$ns_ips = "";
+		$known_ns_ips = [];
 		if (Settings::Get('system.nameservers') != '') {
 			$nameservers = explode(',', Settings::Get('system.nameservers'));
 			foreach ($nameservers as $nameserver) {
 				$nameserver = trim($nameserver);
+				// DNS servers might be multi homed; allow transfer from all ip
+				// addresses of the DNS server
 				$nameserver_ips = \Froxlor\PhpHelper::gethostbynamel6($nameserver);
-				if (is_array($nameserver_ips) && count($nameserver_ips) > 0) {
+				// append dot to hostname
-					$ns_ips .= implode(",", $nameserver_ips);
+				if (substr($nameserver, - 1, 1) != '.') {
+					$nameserver .= '.';
+				}
+				// ignore invalid responses
+				if (! is_array($nameserver_ips)) {
+					// act like \Froxlor\PhpHelper::gethostbynamel6() and return unmodified hostname on error
+					$nameserver_ips = array(
+						$nameserver
+					);
+				} else {
+					$known_ns_ips = array_merge($known_ns_ips, $nameserver_ips);
+				}
+				if (!empty($ns_ips)) {
+					$ns_ips .= ',';
+				}
+				$ns_ips .= implode(",", $nameserver_ips);
+			}
+		}
+
+		// AXFR server
+		if (Settings::Get('system.axfrservers') != '') {
+			$axfrservers = explode(',', Settings::Get('system.axfrservers'));
+			foreach ($axfrservers as $axfrserver) {
+				if (!in_array(trim($axfrserver), $known_ns_ips)) {
+					if (!empty($ns_ips)) {
+						$ns_ips .= ',';
+					}
+					$ns_ips .= trim($axfrserver);
 				}
 			}
 		}
@@ -365,7 +395,6 @@ class ConfigServicesAction extends \Froxlor\Cli\Action
 			'<SERVERIP>' => Settings::Get('system.ipaddress'),
 			'<NAMESERVERS>' => Settings::Get('system.nameservers'),
 			'<NAMESERVERS_IP>' => $ns_ips,
-			'<AXFRSERVERS>' => Settings::Get('system.axfrservers'),
 			'<VIRTUAL_MAILBOX_BASE>' => Settings::Get('system.vmail_homedir'),
 			'<VIRTUAL_UID_MAPS>' => Settings::Get('system.vmail_uid'),
 			'<VIRTUAL_GID_MAPS>' => Settings::Get('system.vmail_gid'),

lib/Froxlor/Cron/Dns/PowerDNS.php

@@ -15,7 +15,7 @@ use Froxlor\Settings;
  * @author Froxlor team <team@froxlor.org> (2016-)
  * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
  * @package Cron
- *
+ *         
  */
 class PowerDNS extends DnsBase
 {
@@ -99,30 +99,32 @@ class PowerDNS extends DnsBase
 			));
 			$pdns_domain = $pdns_domains_stmt->fetch(\PDO::FETCH_ASSOC);
 
-			$del_rec_stmt->execute(array(
+			if ($pdns_domain && ! empty($pdns_domain['id'])) {
-				'did' => $pdns_domain['id']
+				$del_rec_stmt->execute(array(
-			));
+					'did' => $pdns_domain['id']
-			$del_meta_stmt->execute(array(
+				));
-				'did' => $pdns_domain['id']
+				$del_meta_stmt->execute(array(
-			));
+					'did' => $pdns_domain['id']
-			$del_dom_stmt->execute(array(
+				));
-				'did' => $pdns_domain['id']
+				$del_dom_stmt->execute(array(
-			));
+					'did' => $pdns_domain['id']
+				));
+			}
 		}
 	}
 
 	private function insertZone($domainname, $serial = 0)
 	{
-        $ins_stmt = \Froxlor\Dns\PowerDNS::getDB()->prepare("
+		$ins_stmt = \Froxlor\Dns\PowerDNS::getDB()->prepare("
 			INSERT INTO domains set `name` = :domainname, `notified_serial` = :serial, `type` = :type
 		");
-        $ins_stmt->execute(array(
+		$ins_stmt->execute(array(
-            'domainname' => $domainname,
+			'domainname' => $domainname,
-            'serial' => $serial,
+			'serial' => $serial,
-            'type' => strtoupper(Settings::Get('system.powerdns_mode'))
+			'type' => strtoupper(Settings::Get('system.powerdns_mode'))
-        ));
+		));
-        $lastid = \Froxlor\Dns\PowerDNS::getDB()->lastInsertId();
+		$lastid = \Froxlor\Dns\PowerDNS::getDB()->lastInsertId();
-        return $lastid;;
+		return $lastid;
 	}
 
 	private function insertRecords($domainid = 0, $records = array(), $origin = "")

lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php

@@ -131,7 +131,8 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
 				'ssl_key_file' => null,
 				'ssl_ca_file' => null,
 				'ssl_csr_file' => null,
-				'id' => null
+				'id' => null,
+				'wwwserveralias' => 0
 			);
 
 			// add to queue
@@ -165,7 +166,8 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
 				'ssl_key_file' => is_array($renew_froxlor) ? $renew_froxlor['ssl_key_file'] : null,
 				'ssl_ca_file' => is_array($renew_froxlor) ? $renew_froxlor['ssl_ca_file'] : null,
 				'ssl_csr_file' => is_array($renew_froxlor) ? $renew_froxlor['ssl_csr_file'] : null,
-				'id' => is_array($renew_froxlor) ? $renew_froxlor['id'] : null
+				'id' => is_array($renew_froxlor) ? $renew_froxlor['id'] : null,
+				'wwwserveralias' => 0
 			);
 			$renew_domains[] = $certrow;
 		}

lib/Froxlor/Froxlor.php

@@ -7,7 +7,7 @@ final class Froxlor
 {
 
 	// Main version variable
-	const VERSION = '0.10.29';
+	const VERSION = '0.10.30';
 
 	// Database version (YYYYMMDDC where C is a daily counter)
 	const DBVERSION = '202109040';

lib/configfiles/bionic.xml

@@ -382,13 +382,12 @@ exit "$RETVAL"
 				</daemon>
 				<daemon name="powerdns" title="PowerDNS (standalone)">
 					<install><![CDATA[apt-get install pdns-server pdns-backend-mysql]]></install>
-					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
+					<file name="/etc/powerdns/pdns.conf" backup="true" chown="root:pdns" chmod="640">
 						<content><![CDATA[
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
 allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
-# add these entries to the list if any specified: <AXFRSERVERS>
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -907,7 +906,7 @@ include-dir=/etc/powerdns/froxlor/
 					</file>
 					<command><![CDATA[mkdir -p /etc/powerdns/froxlor/]]></command>
 					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf"
-						chown="root:root" chmod="600">
+						chown="root:pdns" chmod="640">
 						<content><![CDATA[
 # mysql-settings / you need to create the power-dns database for yourself!
 launch=gmysql
@@ -927,13 +926,12 @@ gmysql-password=
 				<daemon name="powerdns_bind"
 					title="PowerDNS via bind-backend">
 					<install><![CDATA[apt-get install pdns-server]]></install>
-					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
+					<file name="/etc/powerdns/pdns.conf" backup="true" chown="root:pdns" chmod="640">
 						<content><![CDATA[
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
 # allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
-# add these entries to the list if any specified: <AXFRSERVERS>
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -1453,7 +1451,7 @@ include-dir=/etc/powerdns/froxlor/
 					</file>
 					<command><![CDATA[mkdir -p /etc/powerdns/froxlor/]]></command>
 					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf"
-						chown="root:root" chmod="600">
+						chown="root:pdns" chmod="640">
 						<content><![CDATA[
 # Bind backend configuration
 
@@ -3879,6 +3877,15 @@ plugin {
   # (Currently only relevant for ManageSieve)
   #sieve_quota_max_storage = 0
 }
+]]>
+							</content>
+						</file>
+						<file name="/etc/dovecot/conf.d/90-quota.conf" chown="root:0"
+							chmod="0644" backup="true">
+							<content><![CDATA[
+plugin {
+  quota = maildir:User quota
+}
 ]]>
 							</content>
 						</file>

lib/configfiles/bullseye.xml

@@ -75,7 +75,7 @@ Alias "/.well-known/acme-challenge" "{{settings.system.letsencryptchallengepath}
 ]]>
 						</content>
 					</file>
-					<command><![CDATA[/etc/init.d/apache2 restart]]></command>
+					<command><![CDATA[service apache2 restart]]></command>
 				</daemon>
 				<!-- HTTP Lighttpd -->
 				<daemon name="lighttpd" title="LigHTTPd">
@@ -139,7 +139,7 @@ include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
 					</command>
 					<command><![CDATA[lighty-disable-mod cgi]]></command>
 					<command><![CDATA[lighty-disable-mod fastcgi]]></command>
-					<command><![CDATA[/etc/init.d/lighttpd restart]]></command>
+					<command><![CDATA[service lighttpd restart]]></command>
 				</daemon>
 				<!-- HTTP Nginx -->
 				<daemon name="nginx" title="nginx">
@@ -355,7 +355,7 @@ exit "$RETVAL"
 						</visibility>
 						<content><![CDATA[/etc/init.d/php-fcgi restart]]></content>
 					</command>
-					<command><![CDATA[/etc/init.d/nginx restart]]></command>
+					<command><![CDATA[service nginx restart]]></command>
 				</daemon>
 			</service>
 			<!--DNS -->
@@ -367,17 +367,16 @@ exit "$RETVAL"
 					<command><![CDATA[touch {{settings.system.bindconf_directory}}froxlor_bind.conf]]></command>
 					<command><![CDATA[chown bind:0 {{settings.system.bindconf_directory}}froxlor_bind.conf]]></command>
 					<command><![CDATA[chmod 0644 {{settings.system.bindconf_directory}}froxlor_bind.conf]]></command>
-					<command><![CDATA[/etc/init.d/bind9 restart]]></command>
+					<command><![CDATA[service bind9 restart]]></command>
 				</daemon>
 				<daemon name="powerdns" title="PowerDNS (standalone)">
 					<install><![CDATA[apt-get install pdns-server pdns-backend-mysql]]></install>
-					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
+					<file name="/etc/powerdns/pdns.conf" backup="true" chown="root:pdns" chmod="640">
 						<content><![CDATA[
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
 allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
-# add these entries to the list if any specified: <AXFRSERVERS>
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -881,7 +880,7 @@ include-dir=/etc/powerdns/froxlor/
 					</file>
 					<command><![CDATA[mkdir -p /etc/powerdns/froxlor/]]></command>
 					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf"
-						chown="root:root" chmod="600">
+						chown="root:pdns" chmod="640">
 						<content><![CDATA[
 # mysql-settings / you need to create the power-dns database for yourself!
 launch=gmysql
@@ -896,18 +895,17 @@ gmysql-password=
 ]]>
 						</content>
 					</file>
-					<command><![CDATA[/etc/init.d/pdns restart]]></command>
+					<command><![CDATA[service pdns restart]]></command>
 				</daemon>
 				<daemon name="powerdns_bind"
 					title="PowerDNS via bind-backend">
 					<install><![CDATA[apt-get install pdns-server]]></install>
-					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
+					<file name="/etc/powerdns/pdns.conf" backup="true" chown="root:pdns" chmod="640">
 						<content><![CDATA[
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
 # allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
-# add these entries to the list if any specified: <AXFRSERVERS>
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -1412,7 +1410,7 @@ include-dir=/etc/powerdns/froxlor/
 					</file>
 					<command><![CDATA[mkdir -p /etc/powerdns/froxlor/]]></command>
 					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf"
-						chown="root:root" chmod="600">
+						chown="root:pdns" chmod="640">
 						<content><![CDATA[
 # Bind backend configuration
 
@@ -1428,7 +1426,7 @@ bind-check-interval=180
 ]]>
 						</content>
 					</file>
-					<command><![CDATA[/etc/init.d/pdns restart]]></command>
+					<command><![CDATA[service pdns restart]]></command>
 				</daemon>
 			</service>
 			<!-- SMTP services -->
@@ -1551,7 +1549,7 @@ root:               root@<SERVERNAME>
 					</files>
 					<commands index="3">
 						<command><![CDATA[newaliases]]></command>
-						<command><![CDATA[/etc/init.d/postfix restart]]></command>
+						<command><![CDATA[service postfix restart]]></command>
 					</commands>
 				</general>
 				<!-- postfix with dovecot -->
@@ -4086,12 +4084,21 @@ plugin {
   # the source line numbers.
   #sieve_trace_addresses = no 
 }
+]]>
+							</content>
+						</file>
+						<file name="/etc/dovecot/conf.d/90-quota.conf" chown="root:0"
+							chmod="0644" backup="true">
+							<content><![CDATA[
+plugin {
+  quota = maildir:User quota
+}
 ]]>
 							</content>
 						</file>
 					</files>
 					<commands index="1">
-						<command><![CDATA[/etc/init.d/dovecot restart]]></command>
+						<command><![CDATA[service dovecot restart]]></command>
 					</commands>
 				</general>
 				<!-- Dovecot with postfix -->
@@ -4518,7 +4525,7 @@ TLSVerifyClient                         off
 ]]>
 						</content>
 					</file>
-					<command><![CDATA[/etc/init.d/proftpd restart]]></command>
+					<command><![CDATA[service proftpd restart]]></command>
 				</daemon>
 				<!-- Pureftpd -->
 				<daemon name="pureftpd" title="PureFTPd">
@@ -4744,7 +4751,7 @@ UPLOADGID=
 ]]>
 						</content>
 					</file>
-					<command><![CDATA[/etc/init.d/pure-ftpd-mysql restart]]></command>
+					<command><![CDATA[service pure-ftpd-mysql restart]]></command>
 				</daemon>
 			</service>
 			<!-- System tools/services -->
@@ -4838,7 +4845,7 @@ aliases:     files
 						<command><![CDATA[useradd -s /bin/false -g {{settings.system.mod_fcgid_httpgroup}} {{settings.system.mod_fcgid_httpuser}}]]></command>
 						<command><![CDATA[mkdir -p {{settings.system.mod_fcgid_configdir}}]]></command>
 						<command><![CDATA[mkdir -p {{settings.system.mod_fcgid_tmpdir}}]]></command>
-						<command><![CDATA[a2dismod php7.3]]></command>
+						<command><![CDATA[a2dismod php7.4]]></command>
 					</commands>
 					<!-- instead of just restarting apache, we let the cronjob do all the 
 						dirty work -->
@@ -4871,12 +4878,12 @@ aliases:     files
 						</visibility>
 						<visibility mode="true">{{settings.phpfpm.enabled_ownvhost}}
 						</visibility>
-						<command><![CDATA[a2dismod php7.3]]></command>
+						<command><![CDATA[a2dismod php7.4]]></command>
 					</commands>
 					<commands index="5">
 						<visibility mode="equals" value="apache2">{{settings.system.webserver}}
 						</visibility>
-						<command><![CDATA[/etc/init.d/apache2 restart]]></command>
+						<command><![CDATA[service apache2 restart]]></command>
 					</commands>
 					<!-- instead of just restarting apache, we let the cronjob do all the 
 						dirty work -->

lib/configfiles/buster.xml

@@ -371,13 +371,12 @@ exit "$RETVAL"
 				</daemon>
 				<daemon name="powerdns" title="PowerDNS (standalone)">
 					<install><![CDATA[apt-get install pdns-server pdns-backend-mysql]]></install>
-					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
+					<file name="/etc/powerdns/pdns.conf" backup="true" chown="root:pdns" chmod="640">
 						<content><![CDATA[
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
 allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
-# add these entries to the list if any specified: <AXFRSERVERS>
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -881,7 +880,7 @@ include-dir=/etc/powerdns/froxlor/
 					</file>
 					<command><![CDATA[mkdir -p /etc/powerdns/froxlor/]]></command>
 					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf"
-						chown="root:root" chmod="600">
+						chown="root:pdns" chmod="640">
 						<content><![CDATA[
 # mysql-settings / you need to create the power-dns database for yourself!
 launch=gmysql
@@ -901,13 +900,12 @@ gmysql-password=
 				<daemon name="powerdns_bind"
 					title="PowerDNS via bind-backend">
 					<install><![CDATA[apt-get install pdns-server]]></install>
-					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
+					<file name="/etc/powerdns/pdns.conf" backup="true" chown="root:pdns" chmod="640">
 						<content><![CDATA[
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
 # allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
-# add these entries to the list if any specified: <AXFRSERVERS>
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -1412,7 +1410,7 @@ include-dir=/etc/powerdns/froxlor/
 					</file>
 					<command><![CDATA[mkdir -p /etc/powerdns/froxlor/]]></command>
 					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf"
-						chown="root:root" chmod="600">
+						chown="root:pdns" chmod="640">
 						<content><![CDATA[
 # Bind backend configuration
 
@@ -4081,6 +4079,15 @@ plugin {
   # the source line numbers.
   #sieve_trace_addresses = no 
 }
+]]>
+							</content>
+						</file>
+						<file name="/etc/dovecot/conf.d/90-quota.conf" chown="root:0"
+							chmod="0644" backup="true">
+							<content><![CDATA[
+plugin {
+  quota = maildir:User quota
+}
 ]]>
 							</content>
 						</file>

lib/configfiles/centos7.xml

@@ -1712,6 +1712,15 @@ plugin {
   # (Currently only relevant for ManageSieve)
   #sieve_quota_max_storage = 0
 }
+]]>
+						</content>
+					</file>
+					<file name="/etc/dovecot/conf.d/90-quota.conf" chown="root:0"
+						chmod="0644" backup="true">
+						<content><![CDATA[
+plugin {
+  quota = maildir:User quota
+}
 ]]>
 						</content>
 					</file>

lib/configfiles/centos8.xml

@@ -1713,6 +1713,15 @@ plugin {
   # (Currently only relevant for ManageSieve)
   #sieve_quota_max_storage = 0
 }
+]]>
+						</content>
+					</file>
+					<file name="/etc/dovecot/conf.d/90-quota.conf" chown="root:0"
+						chmod="0644" backup="true">
+						<content><![CDATA[
+plugin {
+  quota = maildir:User quota
+}
 ]]>
 						</content>
 					</file>

lib/configfiles/focal.xml

@@ -369,13 +369,12 @@ exit "$RETVAL"
 				</daemon>
 				<daemon name="powerdns" title="PowerDNS (standalone)">
 					<install><![CDATA[apt-get install pdns-server pdns-backend-mysql]]></install>
-					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
+					<file name="/etc/powerdns/pdns.conf" backup="true" chown="root:pdns" chmod="640">
 						<content><![CDATA[
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
 allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
-# add these entries to the list if any specified: <AXFRSERVERS>
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -894,7 +893,7 @@ include-dir=/etc/powerdns/froxlor/
 					</file>
 					<command><![CDATA[mkdir -p /etc/powerdns/froxlor/]]></command>
 					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf"
-						chown="root:root" chmod="600">
+						chown="root:pdns" chmod="640">
 						<content><![CDATA[
 # mysql-settings / you need to create the power-dns database for yourself!
 launch=gmysql
@@ -914,13 +913,12 @@ gmysql-password=
 				<daemon name="powerdns_bind"
 					title="PowerDNS via bind-backend">
 					<install><![CDATA[apt-get install pdns-server]]></install>
-					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
+					<file name="/etc/powerdns/pdns.conf" backup="true" chown="root:pdns" chmod="640">
 						<content><![CDATA[
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
 # allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
-# add these entries to the list if any specified: <AXFRSERVERS>
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -1440,7 +1438,7 @@ include-dir=/etc/powerdns/froxlor/
 					</file>
 					<command><![CDATA[mkdir -p /etc/powerdns/froxlor/]]></command>
 					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf"
-						chown="root:root" chmod="600">
+						chown="root:pdns" chmod="640">
 						<content><![CDATA[
 # Bind backend configuration
 
@@ -3295,6 +3293,15 @@ plugin {
   # (Currently only relevant for ManageSieve)
   #sieve_quota_max_storage = 0
 }
+]]>
+							</content>
+						</file>
+						<file name="/etc/dovecot/conf.d/90-quota.conf" chown="root:0"
+							chmod="0644" backup="true">
+							<content><![CDATA[
+plugin {
+  quota = maildir:User quota
+}
 ]]>
 							</content>
 						</file>

lib/configfiles/gentoo.xml

@@ -391,14 +391,13 @@ mail	IN		A	<SERVERIP>
 				</daemon>
 				<daemon name="powerdns" title="PowerDNS (standalone)">
 					<install><![CDATA[emerge net-dns/pdns]]></install>
-					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
+					<file name="/etc/powerdns/pdns.conf" backup="true" chown="root:pdns" chmod="640">
 						<content><![CDATA[
 # Autogenerated configuration file template
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
 allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
-# add these entries to the list if any specified: <AXFRSERVERS>
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -902,7 +901,7 @@ include-dir=/etc/powerdns/froxlor/
 					</file>
 					<command><![CDATA[mkdir -p /etc/powerdns/froxlor/]]></command>
 					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf"
-						chown="root:root" chmod="600">
+						chown="root:pdns" chmod="640">
 						<content><![CDATA[
 # mysql-settings / you need to create the power-dns database for yourself!
 launch=gmysql
@@ -922,14 +921,13 @@ gmysql-password=
 				<daemon name="powerdns_bind"
 					title="PowerDNS via bind-backend">
 					<install><![CDATA[emerge net-dns/pdns]]></install>
-					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
+					<file name="/etc/powerdns/pdns.conf" backup="true" chown="root:pdns" chmod="640">
 						<content><![CDATA[
 # Autogenerated configuration file template
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
 allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
-# add these entries to the list if any specified: <AXFRSERVERS>
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -1433,7 +1431,7 @@ include-dir=/etc/powerdns/froxlor/
 					</file>
 					<command><![CDATA[mkdir -p /etc/powerdns/froxlor/]]></command>
 					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf"
-						chown="root:root" chmod="600">
+						chown="root:pdns" chmod="640">
 						<content><![CDATA[
 #local-ipv6=YOUR_IPv6_(if_any)
 bind-config=<BIND_CONFIG_PATH>named.conf
@@ -2347,6 +2345,15 @@ plugin {
 ]]>
 						</content>
 					</file>
+						<file name="/etc/dovecot/conf.d/90-quota.conf" chown="root:0"
+							chmod="0644" backup="true">
+							<content><![CDATA[
+plugin {
+  quota = maildir:User quota
+}
+]]>
+							</content>
+						</file>
 					<command><![CDATA[rc-update add dovecot default]]></command>
 					<command><![CDATA[/etc/init.d/dovecot restart]]></command>
 				</daemon>

lib/configfiles/stretch.xml

@@ -371,13 +371,12 @@ exit "$RETVAL"
 				</daemon>
 				<daemon name="powerdns" title="PowerDNS (standalone)">
 					<install><![CDATA[apt-get install pdns-server pdns-backend-mysql]]></install>
-					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
+					<file name="/etc/powerdns/pdns.conf" backup="true" chown="root:pdns" chmod="640">
 						<content><![CDATA[
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
 allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
-# add these entries to the list if any specified: <AXFRSERVERS>
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -896,7 +895,7 @@ include-dir=/etc/powerdns/froxlor/
 					</file>
 					<command><![CDATA[mkdir -p /etc/powerdns/froxlor/]]></command>
 					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf"
-						chown="root:root" chmod="600">
+						chown="root:pdns" chmod="640">
 						<content><![CDATA[
 # mysql-settings / you need to create the power-dns database for yourself!
 launch=gmysql
@@ -916,13 +915,12 @@ gmysql-password=
 				<daemon name="powerdns_bind"
 					title="PowerDNS via bind-backend">
 					<install><![CDATA[apt-get install pdns-server]]></install>
-					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
+					<file name="/etc/powerdns/pdns.conf" backup="true" chown="root:pdns" chmod="640">
 						<content><![CDATA[
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
 # allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
-# add these entries to the list if any specified: <AXFRSERVERS>
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -1442,7 +1440,7 @@ include-dir=/etc/powerdns/froxlor/
 					</file>
 					<command><![CDATA[mkdir -p /etc/powerdns/froxlor/]]></command>
 					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf"
-						chown="root:root" chmod="600">
+						chown="root:pdns" chmod="640">
 						<content><![CDATA[
 # Bind backend configuration
 
@@ -3868,6 +3866,15 @@ plugin {
   # (Currently only relevant for ManageSieve)
   #sieve_quota_max_storage = 0
 }
+]]>
+							</content>
+						</file>
+						<file name="/etc/dovecot/conf.d/90-quota.conf" chown="root:0"
+							chmod="0644" backup="true">
+							<content><![CDATA[
+plugin {
+  quota = maildir:User quota
+}
 ]]>
 							</content>
 						</file>

lib/configfiles/xenial.xml

@@ -382,13 +382,12 @@ exit "$RETVAL"
 				</daemon>
 				<daemon name="powerdns" title="PowerDNS (standalone)">
 					<install><![CDATA[apt-get install pdns-server pdns-backend-mysql]]></install>
-					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
+					<file name="/etc/powerdns/pdns.conf" backup="true" chown="root:pdns" chmod="640">
 						<content><![CDATA[
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
 allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
-# add these entries to the list if any specified: <AXFRSERVERS>
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -907,7 +906,7 @@ include-dir=/etc/powerdns/froxlor/
 					</file>
 					<command><![CDATA[mkdir -p /etc/powerdns/froxlor/]]></command>
 					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf"
-						chown="root:root" chmod="600">
+						chown="root:pdns" chmod="640">
 						<content><![CDATA[
 # mysql-settings / you need to create the power-dns database for yourself!
 launch=gmysql
@@ -927,13 +926,12 @@ gmysql-password=
 				<daemon name="powerdns_bind"
 					title="PowerDNS via bind-backend">
 					<install><![CDATA[apt-get install pdns-server]]></install>
-					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
+					<file name="/etc/powerdns/pdns.conf" backup="true" chown="root:pdns" chmod="640">
 						<content><![CDATA[
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
 # allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
-# add these entries to the list if any specified: <AXFRSERVERS>
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -1453,7 +1451,7 @@ include-dir=/etc/powerdns/froxlor/
 					</file>
 					<command><![CDATA[mkdir -p /etc/powerdns/froxlor/]]></command>
 					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf"
-						chown="root:root" chmod="600">
+						chown="root:pdns" chmod="640">
 						<content><![CDATA[
 # Bind backend configuration
 
@@ -3879,6 +3877,15 @@ plugin {
   # (Currently only relevant for ManageSieve)
   #sieve_quota_max_storage = 0
 }
+]]>
+							</content>
+						</file>
+						<file name="/etc/dovecot/conf.d/90-quota.conf" chown="root:0"
+							chmod="0644" backup="true">
+							<content><![CDATA[
+plugin {
+  quota = maildir:User quota
+}
 ]]>
 							</content>
 						</file>

lib/formfields/admin/phpconfig/formfield.phpconfig_add.php

@@ -179,6 +179,18 @@ return array(
 						'cols' => 80,
 						'rows' => 20,
 						'value' => $result['phpsettings']
+					),
+					'allow_all_customers' => array(
+						'label' => $lng['serversettings']['phpfpm_settings']['allow_all_customers']['title'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['allow_all_customers']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array()
 					)
 				)
 			)

lib/formfields/admin/phpconfig/formfield.phpconfig_edit.php

@@ -187,6 +187,18 @@ return array(
 						'cols' => 80,
 						'rows' => 20,
 						'value' => $result['phpsettings']
+					),
+					'allow_all_customers' => array(
+						'label' => $lng['serversettings']['phpfpm_settings']['allow_all_customers']['title'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['allow_all_customers']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array()
 					)
 				)
 			)

lng/english.lng.php

@@ -2131,3 +2131,7 @@ $lng['serversettings']['froxlorusergroup']['description'] = 'Usage of libnss-ext
 $lng['error']['local_group_exists'] = 'The given group already exists on the system.';
 $lng['error']['local_group_invalid'] = 'The given group name is invalid';
 $lng['error']['invaliddnsforletsencrypt'] = 'The domains DNS does not include any of the chosen IP addresses. Let\'s Encrypt certificate generation not possible.';
+$lng['error']['notallowedphpconfigused'] = 'Trying to use php-config which is not assigned to customer';
+
+$lng['serversettings']['phpfpm_settings']['allow_all_customers']['title'] = 'Assign this configuration to all currently existing customers';
+$lng['serversettings']['phpfpm_settings']['allow_all_customers']['description'] = 'Set this to "true" if you want to assign this configuration to all currently existing customers so it can be used by them. This setting is not permanent but can be run multiple times.';

lng/german.lng.php

@@ -1777,3 +1777,7 @@ $lng['serversettings']['froxlorusergroup']['description'] = 'Voraussetzung hierf
 $lng['error']['local_group_exists'] = 'Die angegebene Gruppe existiert bereits auf dem System';
 $lng['error']['local_group_invalid'] = 'Der angegebene Gruppen-Name ist nicht gültig';
 $lng['error']['invaliddnsforletsencrypt'] = 'Die DNS-Einträge der Domain enhalten keine der gewählten IP Adressen. Let\'s Encrypt Zertifikats-Erstellung ist nicht möglich.';
+$lng['error']['notallowedphpconfigused'] = 'Nutzung einer PHP-Konfiguration welche nicht dem Kunden zugeordnet ist';
+
+$lng['serversettings']['phpfpm_settings']['allow_all_customers']['title'] = 'Für aktuelle Kunden automatisch hinzufügen';
+$lng['serversettings']['phpfpm_settings']['allow_all_customers']['description'] = 'Ist diese Einstellung aktiv, wird die Konfiguration automatisch allen aktuell existierenden Kunden-Accounts zugewiesen. Diese Einstellung ist nicht permanent, kann aber mehrfach / nach Bedarf ausgeführt werden.';

templates/misc/standardcustomer/index.html

@@ -67,7 +67,7 @@ a:hover {
 		<span> <img
 			src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEgAAAAQCAYAAAC1MDndAAAACXBIWXMAAAsTAAALEwEAmpwYAAAKT2lDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAHjanVNnVFPpFj333vRCS4iAlEtvUhUIIFJCi4AUkSYqIQkQSoghodkVUcERRUUEG8igiAOOjoCMFVEsDIoK2AfkIaKOg6OIisr74Xuja9a89+bN/rXXPues852zzwfACAyWSDNRNYAMqUIeEeCDx8TG4eQuQIEKJHAAEAizZCFz/SMBAPh+PDwrIsAHvgABeNMLCADATZvAMByH/w/qQplcAYCEAcB0kThLCIAUAEB6jkKmAEBGAYCdmCZTAKAEAGDLY2LjAFAtAGAnf+bTAICd+Jl7AQBblCEVAaCRACATZYhEAGg7AKzPVopFAFgwABRmS8Q5ANgtADBJV2ZIALC3AMDOEAuyAAgMADBRiIUpAAR7AGDIIyN4AISZABRG8lc88SuuEOcqAAB4mbI8uSQ5RYFbCC1xB1dXLh4ozkkXKxQ2YQJhmkAuwnmZGTKBNA/g88wAAKCRFRHgg/P9eM4Ors7ONo62Dl8t6r8G/yJiYuP+5c+rcEAAAOF0ftH+LC+zGoA7BoBt/qIl7gRoXgugdfeLZrIPQLUAoOnaV/Nw+H48PEWhkLnZ2eXk5NhKxEJbYcpXff5nwl/AV/1s+X48/Pf14L7iJIEyXYFHBPjgwsz0TKUcz5IJhGLc5o9H/LcL//wd0yLESWK5WCoU41EScY5EmozzMqUiiUKSKcUl0v9k4t8s+wM+3zUAsGo+AXuRLahdYwP2SycQWHTA4vcAAPK7b8HUKAgDgGiD4c93/+8//UegJQCAZkmScQAAXkQkLlTKsz/HCAAARKCBKrBBG/TBGCzABhzBBdzBC/xgNoRCJMTCQhBCCmSAHHJgKayCQiiGzbAdKmAv1EAdNMBRaIaTcA4uwlW4Dj1wD/phCJ7BKLyBCQRByAgTYSHaiAFiilgjjggXmYX4IcFIBBKLJCDJiBRRIkuRNUgxUopUIFVIHfI9cgI5h1xGupE7yAAygvyGvEcxlIGyUT3UDLVDuag3GoRGogvQZHQxmo8WoJvQcrQaPYw2oefQq2gP2o8+Q8cwwOgYBzPEbDAuxsNCsTgsCZNjy7EirAyrxhqwVqwDu4n1Y8+xdwQSgUXACTYEd0IgYR5BSFhMWE7YSKggHCQ0EdoJNwkDhFHCJyKTqEu0JroR+cQYYjIxh1hILCPWEo8TLxB7iEPENyQSiUMyJ7mQAkmxpFTSEtJG0m5SI+ksqZs0SBojk8naZGuyBzmULCAryIXkneTD5DPkG+Qh8lsKnWJAcaT4U+IoUspqShnlEOU05QZlmDJBVaOaUt2ooVQRNY9aQq2htlKvUYeoEzR1mjnNgxZJS6WtopXTGmgXaPdpr+h0uhHdlR5Ol9BX0svpR+iX6AP0dwwNhhWDx4hnKBmbGAcYZxl3GK+YTKYZ04sZx1QwNzHrmOeZD5lvVVgqtip8FZHKCpVKlSaVGyovVKmqpqreqgtV81XLVI+pXlN9rkZVM1PjqQnUlqtVqp1Q61MbU2epO6iHqmeob1Q/pH5Z/YkGWcNMw09DpFGgsV/jvMYgC2MZs3gsIWsNq4Z1gTXEJrHN2Xx2KruY/R27iz2qqaE5QzNKM1ezUvOUZj8H45hx+Jx0TgnnKKeX836K3hTvKeIpG6Y0TLkxZVxrqpaXllirSKtRq0frvTau7aedpr1Fu1n7gQ5Bx0onXCdHZ4/OBZ3nU9lT3acKpxZNPTr1ri6qa6UbobtEd79up+6Ynr5egJ5Mb6feeb3n+hx9L/1U/W36p/VHDFgGswwkBtsMzhg8xTVxbzwdL8fb8VFDXcNAQ6VhlWGX4YSRudE8o9VGjUYPjGnGXOMk423GbcajJgYmISZLTepN7ppSTbmmKaY7TDtMx83MzaLN1pk1mz0x1zLnm+eb15vft2BaeFostqi2uGVJsuRaplnutrxuhVo5WaVYVVpds0atna0l1rutu6cRp7lOk06rntZnw7Dxtsm2qbcZsOXYBtuutm22fWFnYhdnt8Wuw+6TvZN9un2N/T0HDYfZDqsdWh1+c7RyFDpWOt6azpzuP33F9JbpL2dYzxDP2DPjthPLKcRpnVOb00dnF2e5c4PziIuJS4LLLpc+Lpsbxt3IveRKdPVxXeF60vWdm7Obwu2o26/uNu5p7ofcn8w0nymeWTNz0MPIQ+BR5dE/C5+VMGvfrH5PQ0+BZ7XnIy9jL5FXrdewt6V3qvdh7xc+9j5yn+M+4zw33jLeWV/MN8C3yLfLT8Nvnl+F30N/I/9k/3r/0QCngCUBZwOJgUGBWwL7+Hp8Ib+OPzrbZfay2e1BjKC5QRVBj4KtguXBrSFoyOyQrSH355jOkc5pDoVQfujW0Adh5mGLw34MJ4WHhVeGP45wiFga0TGXNXfR3ENz30T6RJZE3ptnMU85ry1KNSo+qi5qPNo3ujS6P8YuZlnM1VidWElsSxw5LiquNm5svt/87fOH4p3iC+N7F5gvyF1weaHOwvSFpxapLhIsOpZATIhOOJTwQRAqqBaMJfITdyWOCnnCHcJnIi/RNtGI2ENcKh5O8kgqTXqS7JG8NXkkxTOlLOW5hCepkLxMDUzdmzqeFpp2IG0yPTq9MYOSkZBxQqohTZO2Z+pn5mZ2y6xlhbL+xW6Lty8elQfJa7OQrAVZLQq2QqboVFoo1yoHsmdlV2a/zYnKOZarnivN7cyzytuQN5zvn//tEsIS4ZK2pYZLVy0dWOa9rGo5sjxxedsK4xUFK4ZWBqw8uIq2Km3VT6vtV5eufr0mek1rgV7ByoLBtQFr6wtVCuWFfevc1+1dT1gvWd+1YfqGnRs+FYmKrhTbF5cVf9go3HjlG4dvyr+Z3JS0qavEuWTPZtJm6ebeLZ5bDpaql+aXDm4N2dq0Dd9WtO319kXbL5fNKNu7g7ZDuaO/PLi8ZafJzs07P1SkVPRU+lQ27tLdtWHX+G7R7ht7vPY07NXbW7z3/T7JvttVAVVN1WbVZftJ+7P3P66Jqun4lvttXa1ObXHtxwPSA/0HIw6217nU1R3SPVRSj9Yr60cOxx++/p3vdy0NNg1VjZzG4iNwRHnk6fcJ3/ceDTradox7rOEH0x92HWcdL2pCmvKaRptTmvtbYlu6T8w+0dbq3nr8R9sfD5w0PFl5SvNUyWna6YLTk2fyz4ydlZ19fi753GDborZ752PO32oPb++6EHTh0kX/i+c7vDvOXPK4dPKy2+UTV7hXmq86X23qdOo8/pPTT8e7nLuarrlca7nuer21e2b36RueN87d9L158Rb/1tWeOT3dvfN6b/fF9/XfFt1+cif9zsu72Xcn7q28T7xf9EDtQdlD3YfVP1v+3Njv3H9qwHeg89HcR/cGhYPP/pH1jw9DBY+Zj8uGDYbrnjg+OTniP3L96fynQ89kzyaeF/6i/suuFxYvfvjV69fO0ZjRoZfyl5O/bXyl/erA6xmv28bCxh6+yXgzMV70VvvtwXfcdx3vo98PT+R8IH8o/2j5sfVT0Kf7kxmTk/8EA5jz/GMzLdsAAAAgY0hSTQAAeiUAAICDAAD5/wAAgOkAAHUwAADqYAAAOpgAABdvkl/FRgAAAy1JREFUeNrs1muIVlUUBuBnvqZkoswudKErZFOG0kWt6WpN0wWCDMOsgX4UmVS/KovKhIKYLhRBJvV1o/5VlJCmYEmUFYijaBYhSRQVBVE0ZnRBJ/vzfnA4nDN+wTh/pgWHc/baa6+z97v3et/d0Ww24SQ8ij5MNL7tN6zBvdjWiZOxDpP8b3JA5qAXPQ0MtAnOm9jZBvqbsQHbsGsMFrQLv+KPUc47CQONlFXZPsNfJd/buBrDFfHDWIDDcAZmohsPjwFAD+EQnL8Xcl/WqOGc+/FJyXcxVuHJivjX8Hx2cwGeweO4fIxOkL10Wg9o1HSsxUcl30V5P1JxnFuxp+M53I67cQ5mYwZexj2YlnarJBdl3BE4FfPxdfofSOwNhX+uwgXxf1Uz/024DpNxFHrwRIEiPs74XnyIq3A8Xion6qxIvj0TX1vyb8x7CJ/jrELfjrx/zgmS0p2bCWzHzejAQTgmO35J+OpInIcv8GLKeROuzcI24lAsRH/yzcGJFfMfDIB/B/ipeD8bNojX8W1hPR+gCxPwTzsAdaGRgTeGrAZLJXd4zc59l1Jr2dzC91S8g+PSXhFwGgGxO4s6Bd9gaQRkAHdhSQHso/FCzRweS56ezLmB1bgCb+DBCg67rwaLSud+uDAAvVLRfw1OqCO18JEKbusvgNMqA/F153sCpgegT+O7Iwt8NwrZwKsh5irbUuDMFoXMquhv2eKRSKiOg54OUFXSt3SEfPvi4Dz77IEAW/8uH+vdpf6dkXGF+F9GyNtRkXe4or8tqwNoWrigbDeFTEfDZhbKckuBy9blu0XkC1Pi++PK+Objy5q80/NeXSDl9wrgnDkaAIlyzCj5zh1FCb00JL07Jd2LKfgBx+LWXE6XJP6pcMiUiMg8/FmRd3GEYHNiZ+H6wgZP/i+T7MzPJo5wkjYU2t01cWfjp6hH2WZn0adVbM7KALAS3weYftwZIVgTIHtxS8YtD6kOYX2Uqi8iIKCsD6CDhXnNi+iI+vXhwD3g83tHs9l8K5JZZbfh2UL7x0jyeLFljVzUhtoc0DWOwBnCoga25s6wrHDhG8+2I1j0YOu/AwBUU7aBHvM/ZwAAAABJRU5ErkJggg=="
 			style="height: 13px; margin: 0 2px 3px 0; vertical-align: middle;" />
-			&copy; 2009-2018 by <a href="http://www.froxlor.org">the Froxlor
+			&copy; 2009-2021 by <a href="http://www.froxlor.org">the Froxlor
 				Team</a>
 		</span>
 	</footer>

tests/PhpAndFpm/PhpSettingsTest.php

@@ -97,4 +97,34 @@ class PhpSettingsText extends TestCase
 			'id' => 1
 		))->get();
 	}
+
+	/**
+	 * @depends testAdminPhpSettingsAdd
+	 */
+	public function testAdminPhpSettingsAddForAll()
+	{
+		global $admin_userdata;
+		$data = [
+			'description' => 'test php #2',
+			'phpsettings' => 'error_reporting=E_ALL',
+			'fpmconfig' => Settings::Get('phpfpm.defaultini'),
+			'allow_all_customers' => true
+		];
+		$json_result = PhpSettings::getLocal($admin_userdata, $data)->add();
+		$result = json_decode($json_result, true)['data'];
+		$required_id = $result['id'];
+
+		$json_result = Customers::getLocal($admin_userdata)->listing();
+		$result = json_decode($json_result, true)['data'];
+
+		$allowed_cnt = 0;
+		foreach ($result['list'] as $customer) {
+			$cust_phpconfigsallowed = json_decode($customer['allowed_phpconfigs'], true);
+			if (!in_array($required_id, $cust_phpconfigsallowed)) {
+				$this->fail("Customer does not have php-config assigned which was added for all customers");
+			}
+			$allowed_cnt++;
+		}
+		$this->assertTrue($allowed_cnt == $result['count']);
+	}
 }

tests/bootstrap.php

@@ -43,14 +43,25 @@ require dirname(__DIR__) . '/lib/tables.inc.php';
 use Froxlor\Database\Database;
 use Froxlor\Settings;
 
-Database::needRoot(true);
 if (TRAVIS_CI == 0) {
+	Database::needRoot(true);
 	Database::query("DROP DATABASE IF EXISTS `froxlor010`;");
 	Database::query("CREATE DATABASE `froxlor010`;");
 	exec("mysql -u root -p" . $rpwd . " froxlor010 < " . dirname(__DIR__) . "/install/froxlor.sql");
+	Database::query("DROP USER IF EXISTS 'test1sql1'@'localhost';");
+	Database::query("DROP USER IF EXISTS 'test1sql1'@'127.0.0.1';");
+	Database::query("DROP USER IF EXISTS 'test1sql1'@'172.17.0.1';");
+	Database::query("DROP USER IF EXISTS 'test1sql1'@'82.149.225.46';");
+	Database::query("DROP USER IF EXISTS 'test1sql1'@'2a01:440:1:12:82:149:225:46';");
+	Database::query("DROP USER IF EXISTS 'test1_abc123'@'localhost';");
+	Database::query("DROP USER IF EXISTS 'test1_abc123'@'127.0.0.1';");
+	Database::query("DROP USER IF EXISTS 'test1_abc123'@'172.17.0.1';");
+	Database::query("DROP USER IF EXISTS 'test1_abc123'@'82.149.225.46';");
+	Database::query("DROP USER IF EXISTS 'test1_abc123'@'2a01:440:1:12:82:149:225:46';");
+	Database::query("DROP DATABASE IF EXISTS `test1sql1`;");
+	Database::query("DROP DATABASE IF EXISTS `test1_abc123`;");
+	Database::needRoot(false);
 }
-Database::query("DROP DATABASE IF EXISTS `test1sql1`;");
-Database::needRoot(false);
 
 // clear all tables
 Database::query("TRUNCATE TABLE `" . TABLE_PANEL_CUSTOMERS . "`;");
@@ -162,6 +173,7 @@ Settings::Set('system.mysql_access_host', 'localhost,127.0.0.1,172.17.0.1,2a01:4
 Settings::Set('system.use_ssl', '1', true);
 Settings::Set('system.froxlordirectlyviahostname', '1', true);
 Settings::Set('system.dns_createhostnameentry', '1', true);
+Settings::Set('system.bind_enable', '1', true);
 Settings::Set('system.dnsenabled', '1', true);
 Settings::Set('system.dns_server', 'PowerDNS', true);
 Settings::Set('phpfpm.enabled', '1', true);