set version to 2.0.10 for security release

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
fix possible privilege escalation from customer to root when specifying custom error documents in directory-options
2023-01-28 20:07:15 +01:00 · 2023-01-28 20:00:24 +01:00 · 2023-01-28 13:06:44 +01:00 · 2023-01-28 12:16:40 +01:00 · 2023-01-28 11:57:43 +01:00 · 2023-01-28 11:40:07 +01:00
70 changed files with 959 additions and 246 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -2,6 +2,7 @@ install/update.log
 install/*.json
 lib/userdata.inc.php
 lib/userdata.inc.php.bak
 lib/config.inc.php
 logs/*
 !logs/index.html
 .buildpath
--- a/README.md
+++ b/README.md
@@ -57,7 +57,7 @@ May be found in [COPYING](COPYING)
 ### Tarball
 https://files.froxlor.org/releases/froxlor-latest.tar.gz [MD5](https://files.froxlor.org/releases/froxlor-latest.tar.gz.md5) [SHA1](https://files.froxlor.org/releases/froxlor-latest.tar.gz.sha1)
-### Debian / Ubutnu repository
+### Debian / Ubuntu repository
 [HowTo](https://docs.froxlor.org/latest/general/installation/apt-package.html)
--- a/actions/admin/settings/100.panel.php
+++ b/actions/admin/settings/100.panel.php
@@ -269,7 +269,8 @@ return [
 						'traffic' => lng('menue.traffic.traffic'),
 						'traffic.http' => lng('menue.traffic.traffic') . " / HTTP",
 						'traffic.ftp' => lng('menue.traffic.traffic') . " / FTP",
-						'traffic.mail' => lng('menue.traffic.traffic') . " / Mail"
+						'traffic.mail' => lng('menue.traffic.traffic') . " / Mail",
 						'misc.documentation' => lng('admin.documentation'),
 					],
 					'save_method' => 'storeSettingField',
 					'advanced_mode' => true
--- a/actions/admin/settings/131.ssl.php
+++ b/actions/admin/settings/131.ssl.php
@@ -180,7 +180,9 @@ return [
 						'letsencrypt' => 'Let\'s Encrypt (Live)',
 						'buypass_test' => 'Buypass (Test / Staging)',
 						'buypass' => 'Buypass (Live)',
-						'zerossl' => 'ZeroSSL (Live)'
+						'zerossl' => 'ZeroSSL (Live)',
 						'google' => 'Google (Live)',
 						'google_test' => 'Google (Test / Staging)',
 					],
 					'save_method' => 'storeSettingField'
 				],
@@ -239,6 +241,16 @@ return [
 					'type' => 'checkbox',
 					'default' => true,
 					'save_method' => 'storeSettingField'
 				],
 				'system_le_domain_dnscheck_resolver' => [
 					'label' => lng('serversettings.le_domain_dnscheck_resolver'),
 					'settinggroup' => 'system',
 					'varname' => 'le_domain_dnscheck_resolver',
 					'type' => 'text',
 					'string_regexp' => '/^(([0-9]+ [a-z0-9\-\._]+, ?)*[0-9]+ [a-z0-9\-\._]+)?$/i',
 					'string_emptyallowed' => true,
 					'default' => '',
 					'save_method' => 'storeSettingField'
 				]
 			]
 		]
--- a/admin_configfiles.php
+++ b/admin_configfiles.php
@@ -92,6 +92,7 @@ if ($userinfo['change_serversettings'] == '1') {
 	if ($distribution != "" && isset($_POST['finish'])) {
 		unset($_POST['finish']);
 		unset($_POST['csrf_token']);
 		$params = $_POST;
 		$params['distro'] = $distribution;
 		$params['system'] = [];
@@ -121,8 +122,6 @@ if ($userinfo['change_serversettings'] == '1') {
 				'distribution' => $distribution
 			]);
 		} else {
 			// @fixme check set distribution from settings
 			$cfg_formfield = [
 				'config' => [
 					'title' => lng('admin.configfiles.serverconfiguration'),
--- a/admin_settings.php
+++ b/admin_settings.php
@@ -43,12 +43,6 @@ use PHPMailer\PHPMailer\PHPMailer;
 const AREA = 'admin';
 require __DIR__ . '/lib/init.php';
 // get sql-root access data
 Database::needRoot(true);
 Database::needSqlData();
 $sql_root = Database::getSqlData();
 Database::needRoot(false);
 if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
 	$settings_data = PhpHelper::loadConfigArrayDir('./actions/admin/settings/');
 	Settings::loadSettingsInto($settings_data);
--- a/admin_templates.php
+++ b/admin_templates.php
@@ -253,6 +253,9 @@ if ($action == '') {
 	if (isset($_POST['prepare']) && $_POST['prepare'] == 'prepare') {
 		// email templates
 		$language = htmlentities(Validate::validate($_POST['language'], 'language', '/^[^\r\n\0"\']+$/', 'nolanguageselect'));
 		if (!array_key_exists($language, $languages)) {
 			Response::standardError('templatelanguageinvalid');
 		}
 		$template = Validate::validate($_POST['template'], 'template');
 		$result_stmt = Database::prepare("
@@ -288,6 +291,9 @@ if ($action == '') {
 	} elseif (isset($_POST['send']) && $_POST['send'] == 'send' && !isset($_POST['filesend'])) {
 		// email templates
 		$language = htmlentities(Validate::validate($_POST['language'], 'language', '/^[^\r\n\0"\']+$/', 'nolanguageselect'));
 		if (!array_key_exists($language, $languages)) {
 			Response::standardError('templatelanguageinvalid');
 		}
 		$template = Validate::validate($_POST['template'], 'template');
 		$subject = Validate::validate($_POST['subject'], 'subject', '/^[^\r\n\0]+$/', 'nosubjectcreate');
 		$mailbody = Validate::validate($_POST['mailbody'], 'mailbody', '/^[^\0]+$/', 'nomailbodycreate');
--- a/bin/froxlor-cli
+++ b/bin/froxlor-cli
@@ -35,6 +35,7 @@ use Froxlor\Cli\UpdateCommand;
 use Froxlor\Cli\InstallCommand;
 use Froxlor\Cli\MasterCron;
 use Froxlor\Cli\UserCommand;
 use Froxlor\Cli\ValidateAcmeWebroot;
 use Froxlor\Froxlor;
 // validate correct php version
@@ -59,4 +60,5 @@ $application->add(new UpdateCommand());
 $application->add(new InstallCommand());
 $application->add(new MasterCron());
 $application->add(new UserCommand());
 $application->add(new ValidateAcmeWebroot());
 $application->run();
--- a/composer.json
+++ b/composer.json
@@ -52,7 +52,8 @@
 		"voku/anti-xss": "^4.1",
 		"twig/twig": "^3.3",
 		"erusev/parsedown": "^1.7",
-		"symfony/console": "^5.4"
+		"symfony/console": "^5.4",
 		"pear/net_dns2": "^1.5"
    },
 	"require-dev": {
 		"phpunit/phpunit": "^9",
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
        "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
        "This file is @generated automatically"
    ],
-    "content-hash": "f8370edea3c85bcb7b681926a1fff04e",
+    "content-hash": "41e7a3bc0e13b47c4f245334b113c3be",
    "packages": [
        {
            "name": "erusev/parsedown",
@@ -198,6 +198,57 @@
            ],
            "time": "2022-06-09T08:53:42+00:00"
        },
        {
            "name": "pear/net_dns2",
            "version": "v1.5.3",
            "source": {
                "type": "git",
                "url": "https://github.com/mikepultz/netdns2.git",
                "reference": "dc8053772132a855b8bb6193422a959995f3a773"
            },
            "dist": {
                "type": "zip",
                "url": "https://api.github.com/repos/mikepultz/netdns2/zipball/dc8053772132a855b8bb6193422a959995f3a773",
                "reference": "dc8053772132a855b8bb6193422a959995f3a773",
                "shasum": ""
            },
            "require": {
                "php": ">=5.4"
            },
            "require-dev": {
                "phpunit/phpunit": "^9"
            },
            "type": "library",
            "autoload": {
                "psr-0": {
                    "Net_DNS2": ""
                }
            },
            "notification-url": "https://packagist.org/downloads/",
            "license": [
                "BSD-2-Clause"
            ],
            "authors": [
                {
                    "name": "Mike Pultz",
                    "email": "mike@mikepultz.com",
                    "homepage": "https://mikepultz.com/",
                    "role": "lead"
                }
            ],
            "description": "Native PHP DNS Resolver and Updater Library",
            "homepage": "https://netdns2.com/",
            "keywords": [
                "PEAR",
                "dns",
                "network"
            ],
            "support": {
                "issues": "https://github.com/mikepultz/netdns2/issues",
                "source": "https://github.com/mikepultz/netdns2"
            },
            "time": "2022-11-28T19:16:31+00:00"
        },
        {
            "name": "phpmailer/phpmailer",
            "version": "v6.6.3",
--- a/customer_domains.php
+++ b/customer_domains.php
@@ -59,7 +59,6 @@ if ($page == 'overview' || $page == 'domains') {
 			$domain_list_data = include_once dirname(__FILE__) . '/lib/tablelisting/customer/tablelisting.domains.php';
 			$collection = (new Collection(SubDomains::class, $userinfo))
 				->withPagination($domain_list_data['domain_list']['columns'], $domain_list_data['domain_list']['default_sorting']);
 			$parentDomainCollection = (new Collection(SubDomains::class, $userinfo, ['sql_search' => ['d.parentdomainid' => 0]]));
 		} catch (Exception $e) {
 			Response::dynamicError($e->getMessage());
 		}
--- a/customer_ftp.php
+++ b/customer_ftp.php
@@ -40,7 +40,7 @@ use Froxlor\UI\Response;
 use Froxlor\CurrentUser;
 // redirect if this customer page is hidden via settings
-if (Settings::IsInList('panel.customer_hide_options', 'ftp') || $userinfo['ftps'] == 0) {
+if (Settings::IsInList('panel.customer_hide_options', 'ftp')) {
 	Response::redirectTo('customer_index.php');
 }
--- a/customer_index.php
+++ b/customer_index.php
@@ -115,10 +115,14 @@ if ($page == 'overview') {
 	if ($usages) {
 		$userinfo['diskspace_bytes_used'] = $usages['webspace'] * 1024;
 		$userinfo['mailspace_used']  = $usages['mail'] * 1024;
 		$userinfo['dbspace_used'] = $usages['mysql'] * 1024;
 		$userinfo['total_bytes_used'] = ($usages['webspace'] + $usages['mail'] + $usages['mysql']) * 1024;
 	} else {
 		$userinfo['diskspace_bytes_used'] = 0;
 		$userinfo['total_bytes_used'] = 0;
 		$userinfo['mailspace_used']  = 0;
 		$userinfo['dbspace_used'] = 0;
 	}
 	UI::twig()->addGlobal('userinfo', $userinfo);
--- a/customer_mysql.php
+++ b/customer_mysql.php
@@ -92,7 +92,7 @@ if ($page == 'overview' || $page == 'mysqls') {
 		$result = json_decode($json_result, true)['data'];
 		if (isset($result['databasename']) && $result['databasename'] != '') {
-			Database::needRoot(true, $result['dbserver']);
+			Database::needRoot(true, $result['dbserver'], false);
 			Database::needSqlData();
 			$sql_root = Database::getSqlData();
 			Database::needRoot(false);
--- a/error_report.php
+++ b/error_report.php
@@ -33,6 +33,7 @@ use Froxlor\Froxlor;
 use Froxlor\UI\Panel\UI;
 use Froxlor\UI\Request;
 use Froxlor\UI\Response;
 use Froxlor\Database\Database;
 // This file is being included in admin_domains and customer_domains
 // and therefore does not need to require lib/init.php
--- a/install/froxlor.sql.php
+++ b/install/froxlor.sql.php
@@ -225,7 +225,7 @@ CREATE TABLE `panel_customers` (
  `allowed_mysqlserver` text NOT NULL,
   PRIMARY KEY  (`customerid`),
   UNIQUE KEY `loginname` (`loginname`)
-) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;
+) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci ROW_FORMAT=DYNAMIC;
 DROP TABLE IF EXISTS `panel_databases`;
@@ -642,7 +642,7 @@ opcache.validate_timestamps'),
 	('system', 'leprivatekey', 'unset'),
 	('system', 'lepublickey', 'unset'),
 	('system', 'letsencryptca', 'letsencrypt'),
-	('system', 'letsencryptchallengepath', '/var/www/froxlor'),
+	('system', 'letsencryptchallengepath', '/var/www/html/froxlor'),
 	('system', 'letsencryptkeysize', '4096'),
 	('system', 'letsencryptreuseold', 0),
 	('system', 'leenabled', '0'),
@@ -670,6 +670,7 @@ opcache.validate_timestamps'),
 	('system', 'leaccount', ''),
 	('system', 'nssextrausers', '1'),
 	('system', 'le_domain_dnscheck', '1'),
 	('system', 'le_domain_dnscheck_resolver', '1.1.1.1'),
 	('system', 'ssl_protocols', 'TLSv1.2'),
 	('system', 'tlsv13_cipher_list', ''),
 	('system', 'honorcipherorder', '0'),
@@ -696,7 +697,7 @@ opcache.validate_timestamps'),
 	('system', 'distribution', ''),
 	('system', 'update_channel', 'stable'),
 	('system', 'updatecheck_data', ''),
-	('system', 'update_notify_last', '2.0.3'),
+	('system', 'update_notify_last', '2.0.10'),
 	('system', 'traffictool', 'goaccess'),
 	('api', 'enabled', '0'),
 	('2fa', 'enabled', '1'),
@@ -740,8 +741,8 @@ opcache.validate_timestamps'),
 	('panel', 'logo_overridetheme', '0'),
 	('panel', 'logo_overridecustom', '0'),
 	('panel', 'settings_mode', '0'),
-	('panel', 'version', '2.0.3'),
+	('panel', 'version', '2.0.10'),
-	('panel', 'db_version', '202212060');
+	('panel', 'db_version', '202301180');
 DROP TABLE IF EXISTS `panel_tasks`;
--- a/install/updates/froxlor/update_2.x.inc.php
+++ b/install/updates/froxlor/update_2.x.inc.php
@@ -38,7 +38,6 @@ if (!defined('_CRON_UPDATE')) {
 // last 0.10.x release
 if (Froxlor::isFroxlorVersion('0.10.38.3')) {
 	$update_to = '2.0.0-beta1';
 	Update::showUpdateStep("Updating from 0.10.38.3 to " . $update_to, false);
@@ -66,8 +65,8 @@ if (Froxlor::isFroxlorVersion('0.10.38.3')) {
 	KEY customerid (customerid)
 	) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;";
 	Database::query($sql);
 	Database::query("SET SESSION innodb_strict_mode=OFF;");
 	// new customer allowed_mysqlserver field
 	Database::query("ALTER TABLE `" . TABLE_PANEL_CUSTOMERS . "` ROW_FORMAT=DYNAMIC;");
 	Database::query("ALTER TABLE `" . TABLE_PANEL_CUSTOMERS . "` CHANGE COLUMN `customernumber` `customernumber` varchar(100) NOT NULL default '';");
 	Database::query("ALTER TABLE `" . TABLE_PANEL_CUSTOMERS . "` CHANGE COLUMN `allowed_phpconfigs` `allowed_phpconfigs` text NOT NULL;");
 	Database::query("ALTER TABLE `" . TABLE_PANEL_CUSTOMERS . "` ADD `allowed_mysqlserver` text NOT NULL;");
@@ -183,17 +182,16 @@ if (Froxlor::isFroxlorVersion('0.10.38.3')) {
 	Update::lastStepStatus(0);
 	Update::showUpdateStep("Updating email account password-hashes");
-	Database::query("UPDATE `" . TABLE_MAIL_USERS . "` SET `password` = REPLACE(`password`, '$1$', '{MD5-CRYPT}$1$') WHERE SUBSTRING(`password`, 1, 3) = '$1$'");
+	Database::query("UPDATE `" . TABLE_MAIL_USERS . "` SET `password_enc` = REPLACE(`password_enc`, '$1$', '{MD5-CRYPT}$1$') WHERE SUBSTRING(`password_enc`, 1, 3) = '$1$'");
-	Database::query("UPDATE `" . TABLE_MAIL_USERS . "` SET `password` = REPLACE(`password`, '$5$', '{SHA256-CRYPT}$5$') WHERE SUBSTRING(`password`, 1, 3) = '$5$'");
+	Database::query("UPDATE `" . TABLE_MAIL_USERS . "` SET `password_enc` = REPLACE(`password_enc`, '$5$', '{SHA256-CRYPT}$5$') WHERE SUBSTRING(`password_enc`, 1, 3) = '$5$'");
-	Database::query("UPDATE `" . TABLE_MAIL_USERS . "` SET `password` = REPLACE(`password`, '$6$', '{SHA512-CRYPT}$6$') WHERE SUBSTRING(`password`, 1, 3) = '$6$'");
+	Database::query("UPDATE `" . TABLE_MAIL_USERS . "` SET `password_enc` = REPLACE(`password_enc`, '$6$', '{SHA512-CRYPT}$6$') WHERE SUBSTRING(`password_enc`, 1, 3) = '$6$'");
-	Database::query("UPDATE `" . TABLE_MAIL_USERS . "` SET `password` = REPLACE(`password`, '$2y$', '{BLF-CRYPT}$2y$') WHERE SUBSTRING(`password`, 1, 4) = '$2y$'");
+	Database::query("UPDATE `" . TABLE_MAIL_USERS . "` SET `password_enc` = REPLACE(`password_enc`, '$2y$', '{BLF-CRYPT}$2y$') WHERE SUBSTRING(`password_enc`, 1, 4) = '$2y$'");
 	Update::lastStepStatus(0);
 	Froxlor::updateToVersion($update_to);
 }
 if (Froxlor::isDatabaseVersion('202112310')) {
 	Update::showUpdateStep("Adjusting traffic tool settings");
 	$traffic_tool = Settings::Get('system.awstats_enabled') == 1 ? 'awstats' : 'webalizer';
 	Settings::AddNew("system.traffictool", $traffic_tool);
@@ -204,20 +202,30 @@ if (Froxlor::isDatabaseVersion('202112310')) {
 }
 if (Froxlor::isDatabaseVersion('202211030')) {
 	Update::showUpdateStep("Creating backward compatibility for cronjob");
 	$disabled = explode(',', ini_get('disable_functions'));
 	$exec_allowed = !in_array('exec', $disabled);
 	// check whether old files could be deleted in previous updates and if not,
 	// user should run cron to regenerate cron.d-file manually as he will run
 	// the other commands manually only after the update so this file would be deleted too
 	if ($exec_allowed) {
 		$complete_filedir = Froxlor::getInstallDir() . '/scripts';
 		mkdir($complete_filedir, 0750, true);
 		$newCronBin = Froxlor::getInstallDir() . '/bin/froxlor-cli';
 		$compCron = <<<EOF
 <?php
-chmod($newCronBin, 0755);
+chmod('$newCronBin', 0755);
 // re-create cron.d configuration file
 exec('$newCronBin froxlor:cron -r 99');
 exit;
 EOF;
 		file_put_contents($complete_filedir . '/froxlor_master_cronjob.php', $compCron);
 		Update::lastStepStatus(0);
 	} else {
 		$cron_run_cmd = 'chmod +x ' . FileDir::makeCorrectFile(Froxlor::getInstallDir() . '/bin/froxlor-cli') . PHP_EOL;
 		$cron_run_cmd .= FileDir::makeCorrectFile(Froxlor::getInstallDir() . '/bin/froxlor-cli') . ' froxlor:cron -r 99';
 		Update::lastStepStatus(1, 'manual commands needed', 'Please run the following commands manually:<br><pre>' . $cron_run_cmd . '</pre>');
 	}
 	Froxlor::updateToDbVersion('202212060');
 }
@@ -251,3 +259,126 @@ if (Froxlor::isFroxlorVersion('2.0.2')) {
 	Update::showUpdateStep("Updating from 2.0.2 to 2.0.3", false);
 	Froxlor::updateToVersion('2.0.3');
 }
 if (Froxlor::isFroxlorVersion('2.0.3')) {
 	Update::showUpdateStep("Updating from 2.0.3 to 2.0.4", false);
 	$complete_filedir = Froxlor::getInstallDir() . '/scripts';
 	// check if compat. cronjob still exists (most likely didn't run successfully b/c of error from former 2.0 release)
 	if (@file_exists($complete_filedir . '/froxlor_master_cronjob.php')) {
 		Update::showUpdateStep("Adjusting backward compatibility for cronjob");
 		$disabled = explode(',', ini_get('disable_functions'));
 		$exec_allowed = !in_array('exec', $disabled);
 		if ($exec_allowed) {
 			$newCronBin = Froxlor::getInstallDir() . '/bin/froxlor-cli';
 			$compCron = <<<EOF
 <?php
 chmod('$newCronBin', 0755);
 // re-create cron.d configuration file
 exec('$newCronBin froxlor:cron -r 99');
 exit;
 EOF;
 			file_put_contents($complete_filedir . '/froxlor_master_cronjob.php', $compCron);
 			Update::lastStepStatus(0);
 		} else {
 			$cron_run_cmd = 'chmod +x ' . FileDir::makeCorrectFile(Froxlor::getInstallDir() . '/bin/froxlor-cli') . PHP_EOL;
 			$cron_run_cmd .= FileDir::makeCorrectFile(Froxlor::getInstallDir() . '/bin/froxlor-cli') . ' froxlor:cron -r 99';
 			Update::lastStepStatus(1, 'manual commands needed', 'Please run the following commands manually:<br><pre>' . $cron_run_cmd . '</pre>');
 		}
 	}
 	Froxlor::updateToVersion('2.0.4');
 }
 if (Froxlor::isFroxlorVersion('2.0.4')) {
 	Update::showUpdateStep("Updating from 2.0.4 to 2.0.5", false);
 	Froxlor::updateToVersion('2.0.5');
 }
 if (Froxlor::isFroxlorVersion('2.0.5')) {
 	Update::showUpdateStep("Updating from 2.0.5 to 2.0.6", false);
 	Update::showUpdateStep("Updating possible missing email account password-hashes");
 	Database::query("UPDATE `" . TABLE_MAIL_USERS . "` SET `password_enc` = REPLACE(`password_enc`, '$1$', '{MD5-CRYPT}$1$') WHERE SUBSTRING(`password_enc`, 1, 3) = '$1$'");
 	Database::query("UPDATE `" . TABLE_MAIL_USERS . "` SET `password_enc` = REPLACE(`password_enc`, '$5$', '{SHA256-CRYPT}$5$') WHERE SUBSTRING(`password_enc`, 1, 3) = '$5$'");
 	Database::query("UPDATE `" . TABLE_MAIL_USERS . "` SET `password_enc` = REPLACE(`password_enc`, '$6$', '{SHA512-CRYPT}$6$') WHERE SUBSTRING(`password_enc`, 1, 3) = '$6$'");
 	Database::query("UPDATE `" . TABLE_MAIL_USERS . "` SET `password_enc` = REPLACE(`password_enc`, '$2y$', '{BLF-CRYPT}$2y$') WHERE SUBSTRING(`password_enc`, 1, 4) = '$2y$'");
 	Update::lastStepStatus(0);
 	Froxlor::updateToVersion('2.0.6');
 }
 if (Froxlor::isFroxlorVersion('2.0.6')) {
 	Update::showUpdateStep("Updating from 2.0.6 to 2.0.7", false);
 	Update::showUpdateStep("Correcting allowed_mysqlserver for customers");
 	Database::query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `allowed_mysqlserver` = '[0]' WHERE `allowed_mysqlserver` = ''");
 	Update::lastStepStatus(0);
 	Froxlor::updateToVersion('2.0.7');
 }
 if (Froxlor::isDatabaseVersion('202212060')) {
 	Update::showUpdateStep("Validating acme.sh challenge path");
 	$acmesh_challenge_dir = Settings::Get('system.letsencryptchallengepath');
 	$system_letsencryptchallengepath_upd = isset($_POST['system_letsencryptchallengepath_upd']) ? $_POST['system_letsencryptchallengepath_upd'] : $acmesh_challenge_dir;
 	if ($acmesh_challenge_dir != $system_letsencryptchallengepath_upd) {
 		Settings::Set('system.letsencryptchallengepath', $system_letsencryptchallengepath_upd);
 		if ((int) Settings::Get('system.leenabled') == 1) {
 			// create JSON string for --apply
 			$dist = Settings::Get('system.distribution');
 			$webserver = Settings::Get('system.webserver');
 			if ($webserver == 'apache2') {
 				$webserver = 'apache22';
 				if (Settings::Get('system.apache24')) {
 					$webserver = 'apache24';
 				}
 			}
 			$apply_json = '{"http":"' . $webserver . '","dns":"x","smtp":"x","mail":"x","ftp":"x","distro":"' . $dist . '","system":[]}';
 			Update::lastStepStatus(1, 'manual commands needed',
 				"Please reconfigure webserver service using <pre>bin/froxlor-cli froxlor:config-services --apply='" . $apply_json . "'</pre>" .
 				'<br>or adjust the path manually in <pre>' . Settings::Get('system.letsencryptacmeconf') . '</pre>' .
 				'<br><br>In case you already have certificates issued, run the following command to validate and correct the webroot used for renewal:<br>' .
 				'<pre>bin/froxlor-cli froxlor:validate-acme-webroot</pre><br>'
 			);
 		} else {
 			Update::lastStepStatus(0);
 		}
 	} else {
 		Update::lastStepStatus(0);
 	}
 	Froxlor::updateToDbVersion('202301120');
 }
 if (Froxlor::isFroxlorVersion('2.0.7')) {
 	Update::showUpdateStep("Updating from 2.0.7 to 2.0.8", false);
 	// adjust file-logging to be set to froxlor/logs/
 	$logtypes = explode(',', Settings::Get('logger.logtypes'));
 	if (in_array('file', $logtypes)) {
 		Update::showUpdateStep("Adjusting froxlor logfile for system-logging to be stored in logs/froxlor.log");
 		Settings::Set('logger.logfile', 'froxlor.log');
 		Update::lastStepStatus(0);
 	}
 	Froxlor::updateToVersion('2.0.8');
 }
 if (Froxlor::isDatabaseVersion('202301120')) {
 	Update::showUpdateStep("Adding new setting for DNS resolver when using Let's Encrypt");
 	$system_le_domain_dnscheck_resolver = isset($_POST['system_le_domain_dnscheck_resolver']) ? $_POST['system_le_domain_dnscheck_resolver'] : '1.1.1.1';
 	Settings::AddNew("system.le_domain_dnscheck_resolver", $system_le_domain_dnscheck_resolver);
 	Update::lastStepStatus(0);
 	Froxlor::updateToDbVersion('202301180');
 }
 if (Froxlor::isFroxlorVersion('2.0.8')) {
 	Update::showUpdateStep("Updating from 2.0.8 to 2.0.9", false);
 	Froxlor::updateToVersion('2.0.9');
 }
 if (Froxlor::isFroxlorVersion('2.0.9')) {
 	Update::showUpdateStep("Updating from 2.0.9 to 2.0.10", false);
 	Froxlor::updateToVersion('2.0.10');
 }
--- a/install/updates/preconfig/preconfig_0.10.inc.php
+++ b/install/updates/preconfig/preconfig_0.10.inc.php
@@ -34,9 +34,14 @@ $return = [];
 if (Update::versionInUpdate($current_db_version, '202004140')) {
 	$has_preconfig = true;
 	$description = 'Froxlor can now optionally validate the dns entries of domains that request Lets Encrypt certificates to reduce dns-related problems (e.g. freshly registered domain or updated a-record).';
 	$return['system_le_domain_dnscheck_note'] = ['type' => 'infotext', 'value' => $description];
 	$question = '<strong>Validate DNS of domains when using Lets Encrypt&nbsp;';
-	$return['system_le_domain_dnscheck'] = ['type' => 'checkbox', 'value' => 1, 'checked' => 1, 'label' => $question];
+	$return['system_le_domain_dnscheck'] = [
 		'type' => 'checkbox',
 		'value' => 1,
 		'checked' => 1,
 		'label' => $question,
 		'prior_infotext' => $description
 	];
 }
 $preconfig['fields'] = $return;
--- a/install/updates/preconfig/preconfig_2.x.inc.php
+++ b/install/updates/preconfig/preconfig_2.x.inc.php
@@ -27,6 +27,7 @@ use Froxlor\Froxlor;
 use Froxlor\FileDir;
 use Froxlor\Config\ConfigParser;
 use Froxlor\Install\Update;
 use Froxlor\Settings;
 $preconfig = [
 	'title' => '2.x updates',
@@ -36,7 +37,6 @@ $return = [];
 if (Update::versionInUpdate($current_version, '2.0.0-beta1')) {
 	$description = 'We have rearranged the settings and split them into basic and advanced categories. This makes it easier for users who do not need all the detailed or very specific settings and options and gives a better overview of the basic/mostly used settings.';
 	$return['panel_settings_mode_note'] = ['type' => 'infotext', 'value' => $description];
 	$question = '<strong>Chose settings mode (you can change that at any time)</strong>';
 	$return['panel_settings_mode'] = [
 		'type' => 'select',
@@ -45,11 +45,11 @@ if (Update::versionInUpdate($current_version, '2.0.0-beta1')) {
 			1 => 'Advanced'
 		],
 		'selected' => 1,
-		'label' => $question
+		'label' => $question,
 		'prior_infotext' => $description
 	];
 	$description = 'The configuration page now can preselect a distribution, please select your current distribution';
 	$return['system_distribution_note'] = ['type' => 'infotext', 'value' => $description];
 	$question = '<strong>Select distribution</strong>';
 	$config_dir = FileDir::makeCorrectDir(Froxlor::getInstallDir() . '/lib/configfiles/');
 	// show list of available distro's
@@ -68,9 +68,44 @@ if (Update::versionInUpdate($current_version, '2.0.0-beta1')) {
 		'type' => 'select',
 		'select_var' => $distributions_select,
 		'selected' => '',
-		'label' => $question
+		'label' => $question,
 		'prior_infotext' => $description
 	];
 }
 if (Update::versionInUpdate($current_db_version, '202301120')) {
 	$acmesh_challenge_dir = rtrim(FileDir::makeCorrectDir(Settings::Get('system.letsencryptchallengepath')), "/");
 	$recommended = rtrim(FileDir::makeCorrectDir(Froxlor::getInstallDir()), "/");
 	if ((int) Settings::Get('system.leenabled') == 1 && $acmesh_challenge_dir != $recommended) {
 		$has_preconfig = true;
 		$description = 'ACME challenge docroot from settings differs from the current installation directory.';
 		$question = '<strong>Validate Let\'s Encrypt challenge path (recommended value: ' . $recommended . ')</strong>';
 		$return['system_letsencryptchallengepath_upd'] = [
 			'type' => 'text',
 			'value' => $recommended,
 			'placeholder' => $acmesh_challenge_dir,
 			'label' => $question,
 			'prior_infotext' => $description,
 			'mandatory' => true,
 		];
 	}
 }
 if (Update::versionInUpdate($current_db_version, '202301180')) {
 	if ((int) Settings::Get('system.leenabled') == 1) {
 		$has_preconfig = true;
 		$description = 'Froxlor now supports to set an external DNS resolver for the Let\'s Encrypt pre-check.';
 		$question = '<strong>Specify a DNS resolver IP (recommended value: 1.1.1.1 or similar)</strong>';
 		$return['system_le_domain_dnscheck_resolver'] = [
 			'type' => 'text',
 			'pattern' => '^(?:(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.){3}(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])$|^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$|^\s*$',
 			'value' => '1.1.1.1',
 			'placeholder' => '1.1.1.1',
 			'label' => $question,
 			'prior_infotext' => $description,
 		];
 	}
 }
 $preconfig['fields'] = $return;
 return $preconfig;
--- a/lib/Froxlor/Ajax/Ajax.php
+++ b/lib/Froxlor/Ajax/Ajax.php
@@ -162,7 +162,7 @@ class Ajax
 				$content = preg_replace("/[\r\n]+/", " ", strip_tags($item->description));
 				$content = substr($content, 0, 150) . "...";
-				$items .= UI::twig()->render($this->theme . '/user/newsfeeditem.html.twig', [
+				$items .= UI::twig()->render(UI::validateThemeTemplate('/user/newsfeeditem.html.twig', $this->theme), [
 					'link' => $link,
 					'title' => $title,
 					'date' => $date,
@@ -201,7 +201,7 @@ class Ajax
 			$result['last_update_check'] = $uc_data['ts'];
 			$result['channel'] = Settings::Get('system.update_channel');
-			$result_rendered = UI::twig()->render($this->theme . '/misc/version_top.html.twig', $result);
+			$result_rendered = UI::twig()->render(UI::validateThemeTemplate('/misc/version_top.html.twig', $this->theme), $result);
 			return $this->jsonResponse($result_rendered);
 		} catch (Exception $e) {
 			// don't display anything if just not allowed due to permissions
--- a/lib/Froxlor/Api/Api.php
+++ b/lib/Froxlor/Api/Api.php
@@ -117,6 +117,6 @@ class Api
 	private function stripcslashesDeep($value)
 	{
-		return is_array($value) ? array_map([$this, 'stripcslashesDeep'], $value) : stripcslashes($value);
+		return is_array($value) ? array_map([$this, 'stripcslashesDeep'], $value) : (!empty($value) ? stripcslashes($value) : null);
 	}
 }
--- a/lib/Froxlor/Api/Commands/Cronjobs.php
+++ b/lib/Froxlor/Api/Commands/Cronjobs.php
@@ -32,6 +32,7 @@ use Froxlor\Cron\TaskId;
 use Froxlor\Database\Database;
 use Froxlor\FroxlorLogger;
 use Froxlor\System\Cronjob;
 use Froxlor\UI\Response;
 use Froxlor\Validate\Validate;
 use PDO;
@@ -41,6 +42,14 @@ use PDO;
 class Cronjobs extends ApiCommand implements ResourceEntity
 {
 	private array $allowed_intervals = [
 		'MINUTE',
 		'HOUR',
 		'DAY',
 		'WEEK',
 		'MONTH'
 	];
 	/**
 	 * You cannot add new cronjobs yet.
 	 */
@@ -118,6 +127,10 @@ class Cronjobs extends ApiCommand implements ResourceEntity
 			$interval_value = Validate::validate($interval_value, 'interval_value', '/^([0-9]+)$/Di', 'stringisempty', [], true);
 			$interval_interval = Validate::validate($interval_interval, 'interval_interval', '', '', [], true);
 			if (!in_array(strtoupper($interval_interval), $this->allowed_intervals)) {
 				Response::standardError('invalidcronjobintervalvalue', implode(", ", $this->allowed_intervals), true);
 			}
 			// put together interval value
 			$interval = $interval_value . ' ' . strtoupper($interval_interval);
--- a/lib/Froxlor/Api/Commands/DirOptions.php
+++ b/lib/Froxlor/Api/Commands/DirOptions.php
@@ -157,16 +157,15 @@ class DirOptions extends ApiCommand implements ResourceEntity
 	 * this functions validates a given value as ErrorDocument
 	 * refs #267
 	 *
-	 * @param
+	 * @param string $errdoc
 	 *            string error-document-string
 	 * @param bool $throw_exception
 	 *
 	 * @return string error-document-string
 	 *
 	 */
-	private function correctErrorDocument($errdoc = null, $throw_exception = false)
+	private function correctErrorDocument(string $errdoc, $throw_exception = false)
 	{
-		if ($errdoc !== null && $errdoc != '') {
+		if (trim($errdoc) != '') {
 			// not a URL
 			if ((strtoupper(substr($errdoc, 0, 5)) != 'HTTP:' && strtoupper(substr($errdoc, 0, 6)) != 'HTTPS:') || !Validate::validateUrl($errdoc)) {
 				// a file
@@ -176,14 +175,14 @@ class DirOptions extends ApiCommand implements ResourceEntity
 					if (!substr($errdoc, 0, 1) == '/') {
 						$errdoc = '/' . $errdoc;
 					}
-				} else {
+				} elseif (preg_match('/^"([^\r\n\t\f\0"]+)"$/', $errdoc)) {
 					// a string (check for ending ")
 					// string won't work for lighty
 					if (Settings::Get('system.webserver') == 'lighttpd') {
 						Response::standardError('stringerrordocumentnotvalidforlighty', '', $throw_exception);
 					} elseif (substr($errdoc, -1) != '"') {
 						$errdoc .= '"';
 					}
 				} else {
 					Response::standardError('invaliderrordocumentvalue', '', $throw_exception);
 				}
 			} else {
 				if (Settings::Get('system.webserver') == 'lighttpd') {
@@ -191,7 +190,7 @@ class DirOptions extends ApiCommand implements ResourceEntity
 				}
 			}
 		}
-		return $errdoc;
+		return trim($errdoc);
 	}
 	/**
--- a/lib/Froxlor/Api/Commands/DirProtections.php
+++ b/lib/Froxlor/Api/Commands/DirProtections.php
@@ -87,7 +87,8 @@ class DirProtections extends ApiCommand implements ResourceEntity
 		$path = FileDir::makeCorrectDir($customer['documentroot'] . '/' . $path);
 		$username = Validate::validate($username, 'username', '/^[a-zA-Z0-9][a-zA-Z0-9\-_]+\$?$/', '', [], true);
 		$authname = Validate::validate($authname, 'directory_authname', '/^[a-zA-Z0-9][a-zA-Z0-9\-_ ]+\$?$/', '', [], true);
-		Validate::validate($password, 'password', '', '', [], true);
+		$password = Validate::validate($password, 'password', '', '', [], true);
 		$password = Crypt::validatePassword($password, true);
 		// check for duplicate usernames for the path
 		$username_path_check_stmt = Database::prepare("
@@ -244,7 +245,8 @@ class DirProtections extends ApiCommand implements ResourceEntity
 		// validation
 		$authname = Validate::validate($authname, 'directory_authname', '/^[a-zA-Z0-9][a-zA-Z0-9\-_ ]+\$?$/', '', [], true);
-		Validate::validate($password, 'password', '', '', [], true);
+		$password = Validate::validate($password, 'password', '', '', [], true);
 		$password = Crypt::validatePassword($password, true);
 		$upd_query = "";
 		$upd_params = [
--- a/lib/Froxlor/Api/Commands/Domains.php
+++ b/lib/Froxlor/Api/Commands/Domains.php
@@ -559,7 +559,7 @@ class Domains extends ApiCommand implements ResourceEntity
 				// validate dns if lets encrypt is enabled to check whether we can use it at all
 				if ($letsencrypt == '1' && Settings::Get('system.le_domain_dnscheck') == '1') {
-					$domain_ips = PhpHelper::gethostbynamel6($domain);
+					$domain_ips = PhpHelper::gethostbynamel6($domain, true, Settings::Get('system.le_domain_dnscheck_resolver'));
 					$selected_ips = $this->getIpsFromIdArray($ssl_ipandports);
 					if ($domain_ips == false || count(array_intersect($selected_ips, $domain_ips)) <= 0) {
 						Response::standardError('invaliddnsforletsencrypt', '', true);
@@ -1523,7 +1523,7 @@ class Domains extends ApiCommand implements ResourceEntity
 			// validate dns if lets encrypt is enabled to check whether we can use it at all
 			if ($letsencrypt == '1' && Settings::Get('system.le_domain_dnscheck') == '1') {
-				$domain_ips = PhpHelper::gethostbynamel6($result['domain']);
+				$domain_ips = PhpHelper::gethostbynamel6($result['domain'], true, Settings::Get('system.le_domain_dnscheck_resolver'));
 				$selected_ips = $this->getIpsFromIdArray($ssl_ipandports);
 				if ($domain_ips == false || count(array_intersect($selected_ips, $domain_ips)) <= 0) {
 					Response::standardError('invaliddnsforletsencrypt', '', true);
--- a/lib/Froxlor/Api/Commands/Mysqls.php
+++ b/lib/Froxlor/Api/Commands/Mysqls.php
@@ -73,12 +73,12 @@ class Mysqls extends ApiCommand implements ResourceEntity
 			$password = $this->getParam('mysql_password');
 			// parameters
 			$dbserver = $this->getParam('mysql_server', true, 0);
 			$databasedescription = $this->getParam('description', true, '');
 			$databasename = $this->getParam('custom_suffix', true, '');
 			$sendinfomail = $this->getBoolParam('sendinfomail', true, 0);
 			// get needed customer info to reduce the mysql-usage-counter by one
 			$customer = $this->getCustomerData('mysqls');
 			$dbserver = $this->getParam('mysql_server', true, $this->getDefaultMySqlServer($customer));
 			// validation
 			$password = Validate::validate($password, 'password', '', '', [], true);
@@ -90,7 +90,7 @@ class Mysqls extends ApiCommand implements ResourceEntity
 			// validate whether the dbserver exists
 			$dbserver = Validate::validate($dbserver, html_entity_decode(lng('mysql.mysql_server')), '/^[0-9]+$/', '', 0, true);
-			Database::needRoot(true, $dbserver);
+			Database::needRoot(true, $dbserver, false);
 			Database::needSqlData();
 			$sql_root = Database::getSqlData();
 			Database::needRoot(false);
@@ -150,7 +150,7 @@ class Mysqls extends ApiCommand implements ResourceEntity
 					$pma = Settings::Get('panel.phpmyadmin_url');
 				}
-				Database::needRoot(true, $dbserver);
+				Database::needRoot(true, $dbserver, false);
 				Database::needSqlData();
 				$sql_root = Database::getSqlData();
 				Database::needRoot(false);
@@ -287,7 +287,7 @@ class Mysqls extends ApiCommand implements ResourceEntity
 		}
 		$result = Database::pexecute_first($result_stmt, $params, true, true);
 		if ($result) {
-			Database::needRoot(true, $result['dbserver']);
+			Database::needRoot(true, $result['dbserver'], false);
 			$mbdata_stmt = Database::prepare("
 				SELECT SUM(data_length + index_length) as MB FROM information_schema.TABLES
 				WHERE table_schema = :table_schema
@@ -364,7 +364,7 @@ class Mysqls extends ApiCommand implements ResourceEntity
 			}
 			// Begin root-session
-			Database::needRoot(true, $result['dbserver']);
+			Database::needRoot(true, $result['dbserver'], false);
 			$dbmgr = new DbManager($this->logger());
 			foreach (array_map('trim', explode(',', Settings::Get('system.mysql_access_host'))) as $mysql_access_host) {
 				$dbmgr->getManager()->grantPrivilegesTo($result['databasename'], $password, $mysql_access_host, false, true);
@@ -449,7 +449,7 @@ class Mysqls extends ApiCommand implements ResourceEntity
 					'dbserver' => $_dbserver['dbserver']
 				], $query_fields), true, true);
 				// Begin root-session
-				Database::needRoot(true, $_dbserver['dbserver']);
+				Database::needRoot(true, $_dbserver['dbserver'], false);
 				while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 					$mbdata_stmt = Database::prepare("
 						SELECT SUM(data_length + index_length) as MB FROM information_schema.TABLES
@@ -536,7 +536,7 @@ class Mysqls extends ApiCommand implements ResourceEntity
 		$id = $result['id'];
 		// Begin root-session
-		Database::needRoot(true, $result['dbserver']);
+		Database::needRoot(true, $result['dbserver'], false);
 		$dbm = new DbManager($this->logger());
 		$dbm->getManager()->deleteDatabase($result['databasename']);
 		Database::needRoot(false);
@@ -558,4 +558,13 @@ class Mysqls extends ApiCommand implements ResourceEntity
 		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_WARNING, "[API] deleted database '" . $result['databasename'] . "'");
 		return $this->response($result);
 	}
 	private function getDefaultMySqlServer(array $customer) {
 		$allowed_mysqlservers = json_decode($customer['allowed_mysqlserver'] ?? '[]', true);
 		asort($allowed_mysqlservers, SORT_NUMERIC);
 		if (count($allowed_mysqlservers) == 1 && $allowed_mysqlservers[0] != 0) {
 			return (int) $allowed_mysqlservers[0];
 		}
 		return (int) array_shift($allowed_mysqlservers);
 	}
 }
--- a/lib/Froxlor/Api/Commands/SubDomains.php
+++ b/lib/Froxlor/Api/Commands/SubDomains.php
@@ -262,7 +262,7 @@ class SubDomains extends ApiCommand implements ResourceEntity
 			// validate dns if lets encrypt is enabled to check whether we can use it at all
 			if ($letsencrypt == '1' && Settings::Get('system.le_domain_dnscheck') == '1') {
 				$our_ips = Domain::getIpsOfDomain($domain_check['id']);
-				$domain_ips = PhpHelper::gethostbynamel6($completedomain);
+				$domain_ips = PhpHelper::gethostbynamel6($completedomain, true, Settings::Get('system.le_domain_dnscheck_resolver'));
 				if ($domain_ips == false || count(array_intersect($our_ips, $domain_ips)) <= 0) {
 					Response::standardError('invaliddnsforletsencrypt', '', true);
 				}
@@ -701,11 +701,13 @@ class SubDomains extends ApiCommand implements ResourceEntity
 		$wwwserveralias = ($selectserveralias == '1') ? '1' : '0';
 		// if allowed, check for 'is email domain'-flag
-		if ($result['parentdomainid'] != '0' && ($result['subcanemaildomain'] == '1' || $result['subcanemaildomain'] == '2') && $isemaildomain != $result['isemaildomain']) {
+		if ($isemaildomain != $result['isemaildomain']) {
 			if ($result['parentdomainid'] != '0' && ($result['subcanemaildomain'] == '1' || $result['subcanemaildomain'] == '2')) {
 				$isemaildomain = intval($isemaildomain);
 			} elseif ($result['parentdomainid'] != '0') {
 				$isemaildomain = $result['subcanemaildomain'] == '3' ? 1 : 0;
 			}
 		}
 		// check changes of openbasedir-path variable
 		if ($openbasedir_path > 2 && $openbasedir_path < 0) {
@@ -736,7 +738,7 @@ class SubDomains extends ApiCommand implements ResourceEntity
 		// validate dns if lets encrypt is enabled to check whether we can use it at all
 		if ($result['letsencrypt'] != $letsencrypt && $letsencrypt == '1' && Settings::Get('system.le_domain_dnscheck') == '1') {
 			$our_ips = Domain::getIpsOfDomain($result['parentdomainid']);
-			$domain_ips = PhpHelper::gethostbynamel6($result['domain']);
+			$domain_ips = PhpHelper::gethostbynamel6($result['domain'], true, Settings::Get('system.le_domain_dnscheck_resolver'));
 			if ($domain_ips == false || count(array_intersect($our_ips, $domain_ips)) <= 0) {
 				Response::standardError('invaliddnsforletsencrypt', '', true);
 			}
--- a/lib/Froxlor/Cli/CliCommand.php
+++ b/lib/Froxlor/Cli/CliCommand.php
@@ -37,7 +37,7 @@ use Symfony\Component\Console\Output\OutputInterface;
 class CliCommand extends Command
 {
-	protected function validateRequirements(InputInterface $input, OutputInterface $output): int
+	protected function validateRequirements(InputInterface $input, OutputInterface $output, bool $ignore_has_updates = false): int
 	{
 		if (!file_exists(Froxlor::getInstallDir() . '/lib/userdata.inc.php')) {
 			$output->writeln("<error>Could not find froxlor's userdata.inc.php file. You should use this script only with an installed froxlor system.</>");
@@ -51,7 +51,7 @@ class CliCommand extends Command
 			$output->writeln("<error>" . $e->getMessage() . "</>");
 			return self::INVALID;
 		}
-		if (Froxlor::hasUpdates() || Froxlor::hasDbUpdates()) {
+		if (!$ignore_has_updates && (Froxlor::hasUpdates() || Froxlor::hasDbUpdates())) {
 			if ((int)Settings::Get('system.cron_allowautoupdate') == 1) {
 				return $this->runUpdate($output);
 			} else {
--- a/lib/Froxlor/Cli/InstallCommand.php
+++ b/lib/Froxlor/Cli/InstallCommand.php
@@ -246,8 +246,11 @@ final class InstallCommand extends Command
 					}
 				} catch (Exception $e) {
 					$this->io->error($e->getMessage());
 					if ($this->io->confirm('Retry?', empty($decoded_input))) {
 						return $this->showStep($step, $extended, $decoded_input);
 					}
 					return self::FAILURE;
 				}
 				if ($step == 3) {
 					// do actual install with data from $this->formfielddata
 					$core = new Core($this->formfielddata);
@@ -297,7 +300,7 @@ final class InstallCommand extends Command
 		$json_output = [];
 		foreach ($fields['install']['sections'] as $section => $section_fields) {
 			foreach ($section_fields['fields'] as $name => $field) {
-				if ($name == 'system' || $name == 'manual_config') {
+				if ($name == 'system' || $name == 'manual_config' || $name == 'target_servername') {
 					continue;
 				}
 				if ($field['type'] == 'text' || $field['type'] == 'email') {
--- a/lib/Froxlor/Cli/ValidateAcmeWebroot.php
+++ b/lib/Froxlor/Cli/ValidateAcmeWebroot.php
@@ -0,0 +1,165 @@
 <?php
 /**
 * This file is part of the Froxlor project.
 * Copyright (c) 2010 the Froxlor Team (see authors).
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, you can also view it online at
 * https://files.froxlor.org/misc/COPYING.txt
 *
 * @copyright  the authors
 * @author     Froxlor team <team@froxlor.org>
 * @license    https://files.froxlor.org/misc/COPYING.txt GPLv2
 */
 namespace Froxlor\Cli;
 use Froxlor\Cron\TaskId;
 use Froxlor\Database\Database;
 use Froxlor\FileDir;
 use Froxlor\Froxlor;
 use Froxlor\Settings;
 use Froxlor\System\Cronjob;
 use PDO;
 use Symfony\Component\Console\Input\InputInterface;
 use Symfony\Component\Console\Input\InputOption;
 use Symfony\Component\Console\Output\OutputInterface;
 use Symfony\Component\Console\Question\ConfirmationQuestion;
 use Symfony\Component\Console\Style\SymfonyStyle;
 final class ValidateAcmeWebroot extends CliCommand
 {
 	protected function configure()
 	{
 		$this->setName('froxlor:validate-acme-webroot');
 		$this->setDescription('Validates the Le_Webroot value is correct for froxlor managed domains with Let\'s Encrypt certificate.');
 		$this->addOption('yes-to-all', 'A', InputOption::VALUE_NONE, 'Do not ask for confirmation, update files if necessary');
 	}
 	protected function execute(InputInterface $input, OutputInterface $output)
 	{
 		$result = self::SUCCESS;
 		$result = $this->validateRequirements($input, $output, true);
 		$io = new SymfonyStyle($input, $output);
 		if ((int) Settings::Get('system.leenabled') == 0) {
 			$io->info("Let's Encrypt not activated in froxlor settings.");
 			$result = self::INVALID;
 		}
 		if ($result == self::SUCCESS) {
 			$yestoall = $input->getOption('yes-to-all') !== false;
 			$helper = $this->getHelper('question');
 			$count_changes = 0;
 			// get all Let's Encrypt enabled domains
 			$sel_stmt = Database::prepare("SELECT id, domain FROM panel_domains WHERE `letsencrypt` = '1' AND aliasdomain IS NULL ORDER BY id ASC");
 			Database::pexecute($sel_stmt);
 			$domains = $sel_stmt->fetchAll(PDO::FETCH_ASSOC);
 			// check for froxlor-vhost
 			if (Settings::Get('system.le_froxlor_enabled') == '1') {
 				$domains[] = [
 					'id' => 0,
 					'domain' => Settings::Get('system.hostname')
 				];
 			}
 			$upd_stmt = Database::prepare("UPDATE domain_ssl_settings SET expirationdate=NULL WHERE `domainid` = :did");
 			$acmesh_dir = dirname(Settings::Get('system.acmeshpath'));
 			$acmesh_challenge_dir = rtrim(FileDir::makeCorrectDir(Settings::Get('system.letsencryptchallengepath')), "/");
 			$recommended = rtrim(FileDir::makeCorrectDir(Froxlor::getInstallDir()), "/");
 			if ($acmesh_challenge_dir != $recommended) {
 				$io->warning([
 					"ACME challenge docroot from settings differs from the current installation directory.",
 					"Settings: '" . $acmesh_challenge_dir . "'",
 					"Default/recommended value: '" . $recommended . "'",
 				]);
 				$question = new ConfirmationQuestion('Fix ACME challenge docroot setting? [yes] ', true, '/^(y|j)/i');
 				if ($yestoall || $helper->ask($input, $output, $question)) {
 					Settings::Set('system.letsencryptchallengepath', $recommended);
 					$former_value = $acmesh_challenge_dir;
 					$acmesh_challenge_dir = $recommended;
 					// need to update the corresponding acme-alias config-file
 					$acme_alias_file = Settings::Get('system.letsencryptacmeconf');
 					$sed_params = "s@".$former_value."@" . $acmesh_challenge_dir . "@";
 					FileDir::safe_exec('sed -i -e "' . $sed_params . '" ' . escapeshellarg($acme_alias_file));
 					$count_changes++;
 				}
 			}
 			foreach ($domains as $domain_arr) {
 				$domain = $domain_arr['domain'];
 				$acme_domain_conf = FileDir::makeCorrectFile($acmesh_dir . '/' . $domain . '/' . $domain . '.conf');
 				if (file_exists($acme_domain_conf)) {
 					$io->text("Getting info from " . $acme_domain_conf);
 					$conf_content = file_get_contents($acme_domain_conf);
 				} else {
 					$acme_domain_conf = FileDir::makeCorrectFile($acmesh_dir . '/' . $domain . '_ecc/' . $domain . '.conf');
 					if (file_exists($acme_domain_conf)) {
 						$io->text("Getting info from " . $acme_domain_conf);
 						$conf_content = file_get_contents($acme_domain_conf);
 					} else {
 						$io->info("No domain configuration file found in '" . $acmesh_dir . "'");
 						continue;
 					}
 				}
 				if (!empty($conf_content)) {
 					$lines = explode("\n", $conf_content);
 					foreach ($lines as $line) {
 						$val_key = explode("=", $line);
 						if ($val_key[0] == 'Le_Webroot') {
 							$domain_webroot = trim(trim($val_key[1], "'"), '"');
 							if ($domain_webroot != $acmesh_challenge_dir) {
 								$io->warning("Domain '" . $domain . "' has old/wrong Le_Webroot setting: '" . $domain_webroot . ' <> ' . $acmesh_challenge_dir . "'");
 								$question = new ConfirmationQuestion('Fix Le_Webroot? [yes] ', true, '/^(y|j)/i');
 								if ($yestoall || $helper->ask($input, $output, $question)) {
 									$sed_params = "s@Le_Webroot=.*@Le_Webroot='" . $acmesh_challenge_dir . "'@";
 									FileDir::safe_exec('sed -i -e "' . $sed_params . '" ' . escapeshellarg($acme_domain_conf));
 									Database::pexecute($upd_stmt, ['did' => $domain_arr['id']]);
 									$io->success("Correction of Le_Webroot successful");
 									$count_changes++;
 								} else {
 									continue;
 								}
 							} else {
 								$io->info("Domain '" . $domain . "' Le_Webroot value is correct");
 							}
 							break;
 						} else {
 							continue;
 						}
 					}
 				}
 			}
 			if ($count_changes > 0) {
 				if (Froxlor::hasUpdates() || Froxlor::hasDbUpdates()) {
 					$io->info("Changes detected but froxlor has been updated. Inserting task to rebuild vhosts after update.");
 					Cronjob::inserttask(TaskId::REBUILD_VHOST);
 				} else {
 					$question = new ConfirmationQuestion('Changes detected. Force cronjob to refresh certificates? [yes] ', true, '/^(y|j)/i');
 					if ($yestoall || $helper->ask($input, $output, $question)) {
 						passthru(FileDir::makeCorrectFile(Froxlor::getInstallDir() . '/bin/froxlor-cli') . ' froxlor:cron -f -d');
 					}
 				}
 			} else {
 				$io->success("No changes necessary.");
 			}
 		}
 		return $result;
 	}
 }
--- a/lib/Froxlor/Config/ConfigDisplay.php
+++ b/lib/Froxlor/Config/ConfigDisplay.php
@@ -148,7 +148,7 @@ class ConfigDisplay
 			if ($lasttype != '' && $lasttype != $_action['type']) {
 				$commands = trim($commands);
 				$numbrows = count(explode("\n", $commands));
-				$configpage .= UI::twig()->render(self::$theme . '/settings/conf/command.html.twig', [
+				$configpage .= UI::twig()->render(UI::validateThemeTemplate('/settings/conf/command.html.twig', self::$theme), [
 					'commands' => $commands,
 					'numbrows' => $numbrows
 				]);
@@ -182,7 +182,7 @@ class ConfigDisplay
 					$commands = trim($commands_pre);
 					if ($commands != "") {
 						$numbrows = count(explode("\n", $commands));
-						$commands_pre = UI::twig()->render(self::$theme . '/settings/conf/command.html.twig', [
+						$commands_pre = UI::twig()->render(UI::validateThemeTemplate('/settings/conf/command.html.twig', self::$theme), [
 							'commands' => $commands,
 							'numbrows' => $numbrows
 						]);
@@ -190,12 +190,12 @@ class ConfigDisplay
 					$commands = trim($commands_post);
 					if ($commands != "") {
 						$numbrows = count(explode("\n", $commands));
-						$commands_post = UI::twig()->render(self::$theme . '/settings/conf/command.html.twig', [
+						$commands_post = UI::twig()->render(UI::validateThemeTemplate('/settings/conf/command.html.twig', self::$theme), [
 							'commands' => $commands,
 							'numbrows' => $numbrows
 						]);
 					}
-					$configpage .= UI::twig()->render(self::$theme . '/settings/conf/fileblock.html.twig', [
+					$configpage .= UI::twig()->render(UI::validateThemeTemplate('/settings/conf/fileblock.html.twig', self::$theme), [
 						'realname' => $realname,
 						'commands_pre' => $commands_pre,
 						'commands_file' => $commands_file,
@@ -210,7 +210,7 @@ class ConfigDisplay
 		$commands = trim($commands);
 		if ($commands != '') {
 			$numbrows = count(explode("\n", $commands));
-			$configpage .= UI::twig()->render(self::$theme . '/settings/conf/command.html.twig', [
+			$configpage .= UI::twig()->render(UI::validateThemeTemplate('/settings/conf/command.html.twig', self::$theme), [
 				'commands' => $commands,
 				'numbrows' => $numbrows
 			]);
@@ -233,7 +233,7 @@ class ConfigDisplay
 			$file_content = htmlspecialchars($file_content);
 			$numbrows = count(explode("\n", $file_content));
 			//eval("\$files=\"" . \Froxlor\UI\Template::getTemplate("configfiles/configfiles_file") . "\";");
-			$files = UI::twig()->render(self::$theme . '/settings/conf/file.html.twig', [
+			$files = UI::twig()->render(UI::validateThemeTemplate('/settings/conf/file.html.twig', self::$theme), [
 				'distro_editor' => self::$editor,
 				'realname' => $realname,
 				'numbrows' => $numbrows,
--- a/lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php
+++ b/lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php
@@ -46,7 +46,9 @@ class AcmeSh extends FroxlorCron
 		'letsencrypt_test' => "https://acme-staging-v02.api.letsencrypt.org/directory",
 		'buypass' => "https://api.buypass.com/acme/directory",
 		'buypass_test' => "https://api.test4.buypass.no/acme/directory",
-		'zerossl' => "https://acme.zerossl.com/v2/DV90"
+		'zerossl' => "https://acme.zerossl.com/v2/DV90",
 		'google' => "https://dv.acme-v02.api.pki.goog/directory",
 		'google_test' => "https://dv.acme-v02.test-api.pki.goog/directory",
 	];
 	public static $no_inserttask = false;
 	private static $apiserver = "";
@@ -519,7 +521,7 @@ EOC;
 			foreach ($loop_domains as $idx => $domain) {
 				$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Validating DNS of " . $domain);
 				// ips according to NS
-				$domain_ips = PhpHelper::gethostbynamel6($domain);
+				$domain_ips = PhpHelper::gethostbynamel6($domain, true, Settings::Get('system.le_domain_dnscheck_resolver'));
 				if ($domain_ips == false || count(array_intersect($our_ips, $domain_ips)) <= 0) {
 					// no common ips...
 					$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_WARNING, "Skipping Let's Encrypt generation for " . $domain . " due to no system known IP address via DNS check");
@@ -555,7 +557,7 @@ EOC;
 			if (Settings::Get('system.letsencryptreuseold') != '1') {
 				$acmesh_cmd .= " --always-force-new-domain-key";
 			}
-			if (Settings::Get('system.letsencryptca') == 'letsencrypt_test') {
+			if (substr(Settings::Get('system.letsencryptca'), -5) == '_test') {
 				$acmesh_cmd .= " --staging";
 			}
 			if ($force) {
--- a/lib/Froxlor/Cron/System/BackupCron.php
+++ b/lib/Froxlor/Cron/System/BackupCron.php
@@ -146,6 +146,7 @@ class BackupCron extends FroxlorCron
 			FileDir::safe_exec('mkdir -p ' . escapeshellarg(FileDir::makeCorrectDir($tmpdir . '/mysql')));
 			// get all customer database-names
 			// @fixme respect multiple dbservers
 			$sel_stmt = Database::prepare("SELECT `databasename` FROM `" . TABLE_PANEL_DATABASES . "` WHERE `customerid` = :cid");
 			Database::pexecute($sel_stmt, [
 				'cid' => $data['customerid']
--- a/lib/Froxlor/Cron/Traffic/TrafficCron.php
+++ b/lib/Froxlor/Cron/Traffic/TrafficCron.php
@@ -127,7 +127,7 @@ class TrafficCron extends FroxlorCron
 		while ($row_database = $databases_stmt->fetch(PDO::FETCH_ASSOC)) {
 			if ($last_dbserver != $row_database['dbserver']) {
-				Database::needRoot(true, $row_database['dbserver']);
+				Database::needRoot(true, $row_database['dbserver'], true);
 				$last_dbserver = $row_database['dbserver'];
 				$databases_list = [];
--- a/lib/Froxlor/Database/Database.php
+++ b/lib/Froxlor/Database/Database.php
@@ -28,6 +28,7 @@ namespace Froxlor\Database;
 use Exception;
 use Froxlor\FileDir;
 use Froxlor\Froxlor;
 use Froxlor\PhpHelper;
 use Froxlor\Settings;
 use Froxlor\UI\Panel\UI;
 use PDO;
@@ -79,6 +80,8 @@ class Database
 	private static $sqldata = null;
 	private static $need_dbname = true;
 	/**
 	 * Wrapper for PDOStatement::execute so we can catch the PDOException
 	 * and display the error nicely on the panel - also fetches the
@@ -135,7 +138,7 @@ class Database
 		require Froxlor::getInstallDir() . "/lib/userdata.inc.php";
 		// le format
-		if (isset($sql['root_user']) && isset($sql['root_password']) && !is_array($sql_root)) {
+		if (isset($sql['root_user']) && isset($sql['root_password']) && empty($sql_root)) {
 			$sql_root = [
 				0 => [
 					'caption' => 'Default',
@@ -145,12 +148,20 @@ class Database
 					'password' => $sql['root_password']
 				]
 			];
 			unset($sql['root_user']);
 			unset($sql['root_password']);
 			// write new layout so this won't happen again
 			self::generateNewUserData($sql, $sql_root);
 			// re-read file
 			require Froxlor::getInstallDir() . "/lib/userdata.inc.php";
 		}
 		$substitutions = [
 			$sql['password'] => 'DB_UNPRIV_PWD',
 			$sql_root[0]['password'] => 'DB_ROOT_PWD'
 		];
 		foreach ($sql_root as $dbserver => $sql_root_data) {
 			$substitutions[$sql_root_data[$dbserver]]['password'] = 'DB_ROOT_PWD';
 		}
 		// hide username/password in messages
 		$error_message = $error->getMessage();
@@ -341,12 +352,13 @@ class Database
 	 * @param int $dbserver
 	 *            optional
 	 */
-	public static function needRoot($needroot = false, $dbserver = 0)
+	public static function needRoot(bool $needroot = false, int $dbserver = 0, bool $need_db = true)
 	{
 		// force re-connecting to the db with corresponding user
 		// and set the $dbserver (mostly to 0 = default)
 		self::setServer($dbserver);
 		self::$needroot = $needroot;
 		self::$need_dbname = $need_db;
 	}
 	/**
@@ -405,7 +417,7 @@ class Database
 		require Froxlor::getInstallDir() . "/lib/userdata.inc.php";
 		// le format
-		if (self::$needroot == true && isset($sql['root_user']) && isset($sql['root_password']) && (!isset($sql_root) || !is_array($sql_root))) {
+		if (isset($sql['root_user']) && isset($sql['root_password']) && (!isset($sql_root) || !is_array($sql_root))) {
 			$sql_root = [
 				0 => [
 					'caption' => 'Default',
@@ -417,6 +429,10 @@ class Database
 			];
 			unset($sql['root_user']);
 			unset($sql['root_password']);
 			// write new layout so this won't happen again
 			self::generateNewUserData($sql, $sql_root);
 			// re-read file
 			require Froxlor::getInstallDir() . "/lib/userdata.inc.php";
 		}
 		// either root or unprivileged user
@@ -465,10 +481,11 @@ class Database
 			'ATTR_ERRMODE' => 'ERRMODE_EXCEPTION'
 		];
-		$dbconf["dsn"] = [
+		$dbconf["dsn"] = ['charset' => 'utf8'];
-			'dbname' => $sql["db"],
+
-			'charset' => 'utf8'
+		if (self::$need_dbname) {
-		];
+			$dbconf["dsn"]['dbname'] = $sql["db"];
 		}
 		if ($socket != null) {
 			$dbconf["dsn"]['unix_socket'] = FileDir::makeCorrectFile($socket);
@@ -578,4 +595,22 @@ class Database
 		}
 		return $result;
 	}
 	/**
 	 * write new userdata.inc.php file
 	 */
 	private static function generateNewUserData(array $sql, array $sql_root)
 	{
 		$content = PhpHelper::parseArrayToPhpFile(
 			['sql' => $sql, 'sql_root' => $sql_root],
 			'automatically generated userdata.inc.php for froxlor'
 		);
 		chmod(Froxlor::getInstallDir() . "/lib/userdata.inc.php", 0700);
 		file_put_contents(Froxlor::getInstallDir() . "/lib/userdata.inc.php", $content);
 		chmod(Froxlor::getInstallDir() . "/lib/userdata.inc.php", 0400);
 		clearstatcache();
 		if (function_exists('opcache_invalidate')) {
 			@opcache_invalidate(Froxlor::getInstallDir() . "/lib/userdata.inc.php", true);
 		}
 	}
 }
--- a/lib/Froxlor/Database/DbManager.php
+++ b/lib/Froxlor/Database/DbManager.php
@@ -96,7 +96,7 @@ class DbManager
 		$dbservers_stmt = Database::query("SELECT DISTINCT `dbserver` FROM `" . TABLE_PANEL_DATABASES . "`");
 		while ($dbserver = $dbservers_stmt->fetch(PDO::FETCH_ASSOC)) {
 			// require privileged access for target db-server
-			Database::needRoot(true, $dbserver['dbserver']);
+			Database::needRoot(true, $dbserver['dbserver'], false);
 			$dbm = new DbManager(FroxlorLogger::getInstanceOf());
 			$users = $dbm->getManager()->getAllSqlUsers(false);
@@ -144,7 +144,7 @@ class DbManager
 	 */
 	public function createDatabase($loginname = null, $password = null, int $dbserver = 0, $last_accnumber = 0)
 	{
-		Database::needRoot(true, $dbserver);
+		Database::needRoot(true, $dbserver, false);
 		// check whether we shall create a random username
 		if (strtoupper(Settings::Get('customer.mysqlprefix')) == 'RANDOM') {
@@ -169,18 +169,17 @@ class DbManager
 		// now create the database itself
 		$this->getManager()->createDatabase($username);
 		$this->log->logAction(FroxlorLogger::USR_ACTION, LOG_INFO, "created database '" . $username . "'");
 		// and give permission to the user on every access-host we have
 		foreach (array_map('trim', explode(',', Settings::Get('system.mysql_access_host'))) as $mysql_access_host) {
 			$this->getManager()->grantPrivilegesTo($username, $password, $mysql_access_host);
 			$this->log->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, "grant all privileges for '" . $username . "'@'" . $mysql_access_host . "'");
 		}
 		$this->getManager()->flushPrivileges();
 		Database::needRoot(false);
 		$this->log->logAction(FroxlorLogger::USR_ACTION, LOG_INFO, "created database '" . $username . "'");
 		return $username;
 	}
--- a/lib/Froxlor/FileDir.php
+++ b/lib/Froxlor/FileDir.php
@@ -147,9 +147,9 @@ class FileDir
 	 */
 	public static function makeSecurePath($path)
 	{
-		// check for bad characters, some are allowed with escaping
+		// check for bad characters, some are allowed with escaping,
 		// but we generally don't want them in our directory-names,
-		// thx to aaronmueller for this snipped
+		// thx to aaronmueller for this snippet
 		$badchars = [
 			':',
 			';',
@@ -161,7 +161,11 @@ class FileDir
 			'$',
 			'~',
 			'?',
-			"\0"
+			"\0",
 			"\n",
 			"\r",
 			"\t",
 			"\f"
 		];
 		foreach ($badchars as $bc) {
 			$path = str_replace($bc, "", $path);
--- a/lib/Froxlor/Froxlor.php
+++ b/lib/Froxlor/Froxlor.php
@@ -31,10 +31,10 @@ final class Froxlor
 {
 	// Main version variable
-	const VERSION = '2.0.3';
+	const VERSION = '2.0.10';
 	// Database version (YYYYMMDDC where C is a daily counter)
-	const DBVERSION = '202212060';
+	const DBVERSION = '202301180';
 	// Distribution branding-tag (used for Debian etc.)
 	const BRANDING = '';
--- a/lib/Froxlor/FroxlorLogger.php
+++ b/lib/Froxlor/FroxlorLogger.php
@@ -100,11 +100,17 @@ class FroxlorLogger
 						self::$ml->pushHandler(new SyslogHandler('froxlor', LOG_USER, Logger::DEBUG));
 						break;
 					case 'file':
-						$logger_logfile = Settings::Get('logger.logfile');
+						$logger_logfile = FileDir::makeCorrectFile(Froxlor::getInstallDir() . '/logs/' . Settings::Get('logger.logfile'));
 						// is_writable needs an existing file to check if it's actually writable
 						@touch($logger_logfile);
 						if (empty($logger_logfile) || !is_writable($logger_logfile)) {
-							Settings::Set('logger.logfile', '/tmp/froxlor.log');
+							Settings::Set('logger.logfile', 'froxlor.log');
 							$logger_logfile = FileDir::makeCorrectFile(Froxlor::getInstallDir() . '/logs/froxlor.log');
 							@touch($logger_logfile);
 							if (empty($logger_logfile) || !is_writable($logger_logfile)) {
 								// not writable in our own directory? Skip
 								break;
 							}
 						}
 						self::$ml->pushHandler(new StreamHandler($logger_logfile, Logger::DEBUG));
 						break;
--- a/lib/Froxlor/Install/Preconfig.php
+++ b/lib/Froxlor/Install/Preconfig.php
@@ -101,7 +101,7 @@ class Preconfig
 			$agree = [
 				'title' => 'Check',
 				'fields' => [
-					'update_changesagreed' => ['type' => 'checkbox', 'value' => 1, 'label' => '<strong>I have read the update notifications above and I am aware of the changes made to my system.</strong>'],
+					'update_changesagreed' => ['mandatory' => true, 'type' => 'checkrequired', 'value' => 1, 'label' => '<strong>I have read the update notifications above and I am aware of the changes made to my system.</strong>'],
 					'update_preconfig' => ['type' => 'hidden', 'value' => 1]
 				]
 			];
--- a/lib/Froxlor/PhpHelper.php
+++ b/lib/Froxlor/PhpHelper.php
@@ -27,6 +27,8 @@ namespace Froxlor;
 use Exception;
 use Froxlor\UI\Panel\UI;
 use Net_DNS2_Exception;
 use Net_DNS2_Resolver;
 use Throwable;
 use voku\helper\AntiXSS;
@@ -244,47 +246,66 @@ class PhpHelper
 	 * ipv6 aware gethostbynamel function
 	 *
 	 * @param string $host
-	 * @param boolean $try_a
+	 * @param boolean $try_a default true
-	 *            default true
+	 * @param string|null $nameserver set additional resolver nameserver to use (e.g. 1.1.1.1)
 	 * @return boolean|array
 	 */
-	public static function gethostbynamel6($host, $try_a = true)
+	public static function gethostbynamel6(string $host, bool $try_a = true, string $nameserver = null)
 	{
 		$dns6 = @dns_get_record($host, DNS_AAAA);
 		if (!is_array($dns6)) {
 			// no record or failed to check
 			$dns6 = [];
 		}
 		if ($try_a == true) {
 			$dns4 = @dns_get_record($host, DNS_A);
 			if (!is_array($dns4)) {
 				// no record or failed to check
 				$dns4 = [];
 			}
 			$dns = array_merge($dns4, $dns6);
 		} else {
 			$dns = $dns6;
 		}
 		$ips = [];
-		foreach ($dns as $record) {
+
-			if ($record["type"] == "A") {
+		try {
-				// always use compressed ipv6 format
+			// set the default nameservers to use, use the system default if none are provided
-				$ip = inet_ntop(inet_pton($record["ip"]));
+			$resolver = new Net_DNS2_Resolver($nameserver ? ['nameservers' => [$nameserver]] : []);
-				$ips[] = $ip;
+
-			}
+			// get all ip addresses from the A record and normalize them
-			if ($record["type"] == "AAAA") {
+			if ($try_a) {
-				// always use compressed ipv6 format
+				try {
-				$ip = inet_ntop(inet_pton($record["ipv6"]));
+					$answer = $resolver->query($host, 'A')->answer;
-				$ips[] = $ip;
+					foreach ($answer as $rr) {
 						if ($rr instanceof Net_DNS2_RR_A) {
 							$ips[] = inet_ntop(inet_pton($rr->address));
 						}
 					}
-		if (count($ips) < 1) {
+				} catch (Net_DNS2_Exception $e) {
-			return false;
+					// we can't do anything here, just continue
 		} else {
 			return $ips;
 				}
 			}
 			// get all ip addresses from the AAAA record and normalize them
 			try {
 				$answer = $resolver->query($host, 'AAAA')->answer;
 				foreach ($answer as $rr) {
 					if ($rr instanceof Net_DNS2_RR_AAAA) {
 						$ips[] = inet_ntop(inet_pton($rr->address));
 					}
 				}
 			} catch (Net_DNS2_Exception $e) {
 				// we can't do anything here, just continue
 			}
 		} catch (Net_DNS2_Exception $e) {
 			// fallback to php's dns_get_record if Net_DNS2 has no resolver available, but this may cause
 			// problems if the system's dns is not configured correctly; for example, the acme pre-check
 			// will fail because some providers put a local ip in /etc/hosts
 			// get all ip addresses from the A record and normalize them
 			if ($try_a) {
 				$answer = @dns_get_record($host, DNS_A);
 				foreach ($answer as $rr) {
 					$ips[] = inet_ntop(inet_pton($rr['ip']));
 				}
 			}
 			// get all ip addresses from the AAAA record and normalize them
 			$answer = @dns_get_record($host, DNS_AAAA);
 			foreach ($answer as $rr) {
 				$ips[] = inet_ntop(inet_pton($rr['ipv6']));
 			}
 		}
 		return count($ips) > 0 ? $ips : false;
 	}
 	/**
 	 * Function randomStr
 	 *
--- a/lib/Froxlor/UI/Callbacks/Mysql.php
+++ b/lib/Froxlor/UI/Callbacks/Mysql.php
@@ -32,7 +32,7 @@ class Mysql
 	public static function dbserver(array $attributes): string
 	{
 		// get sql-root access data
-		Database::needRoot(true, (int)$attributes['data']);
+		Database::needRoot(true, (int)$attributes['data'], false);
 		Database::needSqlData();
 		$sql_root = Database::getSqlData();
 		Database::needRoot(false);
--- a/lib/Froxlor/UI/Callbacks/Text.php
+++ b/lib/Froxlor/UI/Callbacks/Text.php
@@ -92,7 +92,7 @@ class Text
 		$result = $attributes['fields'];
 		$apikey_data = include Froxlor::getInstallDir() . '/lib/formfields/formfield.api_key.php';
-		$body = UI::twig()->render(UI::getTheme() . '/user/inline-form.html.twig', [
+		$body = UI::twig()->render(UI::validateThemeTemplate('/user/inline-form.html.twig'), [
 			'formaction' => $linker->getLink(['section' => 'index', 'page' => 'apikeys']),
 			'formdata' => $apikey_data['apikey'],
 			'editid' => $attributes['fields']['id']
--- a/lib/Froxlor/UI/Panel/FroxlorTwig.php
+++ b/lib/Froxlor/UI/Panel/FroxlorTwig.php
@@ -87,6 +87,10 @@ class FroxlorTwig extends AbstractExtension
 			new TwigFunction('linker', [
 				$this,
 				'getLink'
 			]),
 			new TwigFunction('mix', [
 				$this,
 				'getMix'
 			])
 		];
 	}
@@ -158,4 +162,9 @@ class FroxlorTwig extends AbstractExtension
 	{
 		return 'froxlortwig';
 	}
 	public function getMix($mix = '')
 	{
 		return mix($mix);
 	}
 }
--- a/lib/Froxlor/UI/Panel/UI.php
+++ b/lib/Froxlor/UI/Panel/UI.php
@@ -95,7 +95,7 @@ class UI
 		session_set_cookie_params([
 			'lifetime' => self::$install_mode ? 7200 : 600, // will be renewed based on settings in lib/init.php
 			'path' => '/',
-			'domain' => $_SERVER['HTTP_HOST'],
+			'domain' => explode(':', $_SERVER['HTTP_HOST'])[0],
 			'secure' => self::requestIsHttps(),
 			'httponly' => true,
 			'samesite' => 'Strict'
@@ -260,11 +260,28 @@ class UI
 	 */
 	public static function twigBuffer($name, array $context = [])
 	{
 		$template_file = self::validateThemeTemplate($name);
 		self::$twigbuf[] = [
-			self::getTheme() . '/' . $name => $context
+			$template_file => $context
 		];
 	}
 	public static function validateThemeTemplate(string $name, string $theme = "") {
 		if (empty(trim($theme))) {
 			$theme = self::getTheme();
 		}
 		$template_file = $theme . '/' . $name;
 		if (!file_exists(Froxlor::getInstallDir() . '/templates/' . $template_file)) {
 			PhpHelper::phpErrHandler(E_USER_WARNING, "Template '" . $template_file . "' could not be found, trying fallback theme", __FILE__, __LINE__);
 			$template_file = self::$default_theme . '/'. $name;
 			if (!file_exists(Froxlor::getInstallDir() . '/templates/' . $template_file)) {
 				PhpHelper::phpErrHandler(E_USER_ERROR, "Unknown template '" . $template_file . "'", __FILE__, __LINE__);
 			}
 		}
 		return $template_file;
 	}
 	public static function getTheme()
 	{
 		// fallback
--- a/lib/config.example.inc.php
+++ b/lib/config.example.inc.php
@@ -0,0 +1,14 @@
 <?php
 /**
 * change the options below to either true or false
 */
 return [
 	/**
 	 * enable/disable the possibility to update froxlor from within the web-interface,
 	 * recommended value for debian/ubuntu package users is false to rely on apt and not have version mixup.
 	 * This is also useful for providers that manage the servers but give admin access to froxlor to handle
 	 * updates the way the providers does it (e.g. automation, etc.)
 	 */
 	'enable_webupdate' => false,
 ];
--- a/lib/config.inc.php
+++ b/lib/config.inc.php
@@ -1,8 +0,0 @@
 <?php
 /**
 * change the options below to either true or false
 */
 return [
 	'enable_webupdate' => false
 ];
--- a/lib/configfiles/bionic.xml
+++ b/lib/configfiles/bionic.xml
@@ -3458,11 +3458,7 @@ ssl_key = <<SSL_KEY_FILE>
 # auth_ssl_username_from_cert=yes.
 #ssl_cert_username_field = commonName
-# SSL DH parameters
+ssl_dh_parameters_length = 2048
 # Generate new params with `openssl dhparam -out /etc/dovecot/dh.pem 4096`
 # Or migrate from old ssl-parameters.dat file with the command dovecot
 # gives on startup when ssl_dh is unset.
 ssl_dh = </usr/share/dovecot/dh.pem
 # SSL protocols to use
 #ssl_protocols = !SSLv3
@@ -4678,7 +4674,7 @@ aliases:     files
 						<command><![CDATA[mkdir -p {{settings.system.mod_fcgid_configdir}}]]></command>
 						<command><![CDATA[mkdir -p {{settings.system.mod_fcgid_tmpdir}}]]></command>
 						<command><![CDATA[chmod 1777 {{settings.system.mod_fcgid_tmpdir}}]]></command>
-						<command><![CDATA[a2dismod php7.2]]></command>
+						<command><![CDATA[a2dismod php7.4]]></command>
 					</commands>
 					<!-- instead of just restarting apache, we let the cronjob do all the
 						dirty work -->
@@ -4711,7 +4707,7 @@ aliases:     files
 						</visibility>
 						<visibility mode="true">{{settings.phpfpm.enabled_ownvhost}}
 						</visibility>
-						<command><![CDATA[a2dismod php7.2]]></command>
+						<command><![CDATA[a2dismod php7.4]]></command>
 					</commands>
 					<!-- instead of just restarting apache, we let the cronjob do all the
 						dirty work -->
--- a/lib/formfields/admin/domains/formfield.domains_add.php
+++ b/lib/formfields/admin/domains/formfield.domains_add.php
@@ -30,6 +30,7 @@ return [
 		'title' => lng('admin.domain_add'),
 		'image' => 'fa-solid fa-globe',
 		'self_overview' => ['section' => 'domains', 'page' => 'domains'],
 		'id' => 'domain_add',
 		'sections' => [
 			'section_a' => [
 				'title' => lng('domains.domainsettings'),
--- a/lib/formfields/admin/domains/formfield.domains_edit.php
+++ b/lib/formfields/admin/domains/formfield.domains_edit.php
@@ -30,6 +30,7 @@ return [
 		'title' => lng('admin.domain_edit'),
 		'image' => 'fa-solid fa-globe',
 		'self_overview' => ['section' => 'domains', 'page' => 'domains'],
 		'id' => 'domain_edit',
 		'sections' => [
 			'section_a' => [
 				'title' => lng('domains.domainsettings'),
--- a/lib/formfields/customer/mysql/formfield.mysql_edit.php
+++ b/lib/formfields/customer/mysql/formfield.mysql_edit.php
@@ -33,10 +33,16 @@ return [
 						'value' => $result['databasename']
 					],
 					'mysql_server' => [
 						'visible' => count($mysql_servers) > 1,
 						'type' => 'hidden',
 						'value' => $result['dbserver'] ?? 0,
 					],
 					'mysql_server_info' => [
 						'visible' => count($mysql_servers) > 1,
 						'label' => lng('mysql.mysql_server'),
 						'type' => 'label',
-						'value' => $mysql_servers[$result['dbserver']] ?? 'unknown db server'
+						'disabled' => true,
 						'value' => $mysql_servers[$result['dbserver']] ?? 'unknown db server',
 					],
 					'description' => [
 						'label' => lng('mysql.databasedescription'),
--- a/lib/functions.php
+++ b/lib/functions.php
@@ -26,6 +26,14 @@
 use Froxlor\Language;
 use Froxlor\UI\Request;
 /**
 * Render a template with the given data.
 * Mostly used if we have no template-engine (twig).
 *
 * @param $template
 * @param $attributes
 * @return array|false|string|string[]
 */
 function view($template, $attributes)
 {
 	$view = file_get_contents(dirname(__DIR__) . '/templates/' . $template);
@@ -33,11 +41,26 @@ function view($template, $attributes)
 	return str_replace(array_keys($attributes), array_values($attributes), $view);
 }
 /**
 * Get the current translation for a given string.
 *
 * @param string $identifier
 * @param array $arguments
 * @return array|string
 */
 function lng(string $identifier, array $arguments = [])
 {
 	return Language::getTranslation($identifier, $arguments);
 }
 /**
 * Get the value of a request variable.
 *
 * @param string $identifier
 * @param string|null $default
 * @param string|null $session
 * @return mixed|string|null
 */
 function old(string $identifier, string $default = null, string $session = null)
 {
 	if ($session && isset($_SESSION[$session])) {
@@ -45,3 +68,26 @@ function old(string $identifier, string $default = null, string $session = null)
 	}
 	return Request::any($identifier, $default);
 }
 /**
 * Loading the mix manifest file from given theme.
 * This file contains the hashed filenames of the assets.
 * It must be always placed in the theme assets folder.
 *
 * @param $filename
 * @return mixed|string
 */
 function mix($filename)
 {
 	if (preg_match('/templates\/(.+)\/assets\/(.+)\/(.+)/', $filename, $matches)) {
 		$mixManifest = dirname(__DIR__) . '/templates/' . $matches[1] . '/assets/mix-manifest.json';
 		if (file_exists($mixManifest)) {
 			$manifest = json_decode(file_get_contents($mixManifest), true);
 			$key = '/' . $matches[2] . '/' . $matches[3];
 			if ($manifest && !empty($manifest[$key])) {
 				$filename = 'templates/' . $matches[1] . '/assets' . $manifest[$key];
 			}
 		}
 	}
 	return $filename;
 }
--- a/lib/init.php
+++ b/lib/init.php
@@ -277,14 +277,14 @@ if (is_array($_themeoptions) && array_key_exists('js', $_themeoptions['variants'
 	if (is_array($_themeoptions['variants'][$themevariant]['js'])) {
 		foreach ($_themeoptions['variants'][$themevariant]['js'] as $jsfile) {
 			if (file_exists('templates/' . $theme . '/assets/js/' . $jsfile)) {
-				$js .= '<script type="text/javascript" src="templates/' . $theme . '/assets/js/' . $jsfile . '"></script>' . "\n";
+				$js .= '<script type="text/javascript" src="' . mix('templates/' . $theme . '/assets/js/' . $jsfile) . '"></script>' . "\n";
 			}
 		}
 	}
 	if (is_array($_themeoptions['variants'][$themevariant]['css'])) {
 		foreach ($_themeoptions['variants'][$themevariant]['css'] as $cssfile) {
 			if (file_exists('templates/' . $theme . '/assets/css/' . $cssfile)) {
-				$css .= '<link href="templates/' . $theme . '/assets/css/' . $cssfile . '" rel="stylesheet" type="text/css" />' . "\n";
+				$css .= '<link href="' . mix('templates/' . $theme . '/assets/css/' . $cssfile) . '" rel="stylesheet" type="text/css" />' . "\n";
 			}
 		}
 	}
@@ -332,7 +332,7 @@ if (CurrentUser::hasSession()) {
 	$cookie_params = [
 		'expires' => time() + Settings::Get('session.sessiontimeout'),
 		'path' => '/',
-		'domain' => $_SERVER['HTTP_HOST'],
+		'domain' => explode(':', $_SERVER['HTTP_HOST'])[0],
 		'secure' => UI::requestIsHttps(),
 		'httponly' => true,
 		'samesite' => 'Strict'
--- a/lib/navigation/00.froxlor.main.php
+++ b/lib/navigation/00.froxlor.main.php
@@ -158,6 +158,7 @@ return [
 		'docs' => [
 			'label' => lng('admin.documentation'),
 			'icon' => 'fa-solid fa-circle-info',
 			'show_element' => (!Settings::IsInList('panel.customer_hide_options', 'misc.documentation')),
 			'elements' => [
 				[
 					'url' => 'https://docs.froxlor.org/v2/user-guide/',
--- a/lib/tablelisting/admin/tablelisting.customers.php
+++ b/lib/tablelisting/admin/tablelisting.customers.php
@@ -110,6 +110,11 @@ return [
 				'class' => 'text-center',
 				'callback' => [Text::class, 'boolean'],
 			],
 			'c.lastlogin_succ' => [
 				'label' => lng('admin.lastlogin_succ'),
 				'field' => 'lastlogin_succ',
 				'callback' => [Text::class, 'timestamp'],
 			],
 			'c.phpenabled' => [
 				'label' => lng('admin.phpenabled'),
 				'field' => 'phpenabled',
@@ -138,7 +143,7 @@ return [
 				'class' => 'text-center',
 				'callback' => [Text::class, 'boolean'],
 			],
-			'api_allowed' => [
+			'c.api_allowed' => [
 				'label' => lng('usersettings.api_allowed.title'),
 				'field' => 'api_allowed',
 				'class' => 'text-center',
--- a/lng/de.lng.php
+++ b/lng/de.lng.php
@@ -773,6 +773,7 @@ return [
 		'destinationiswrong' => 'Die Weiterleitungsadresse "%s" enthält ungültige Zeichen oder ist nicht vollständig.',
 		'backupfoldercannotbedocroot' => 'Der Ordner für Backups darf nicht das Heimatverzeichnis sein, wählen Sie einen Ordner unterhalb des Heimatverzeichnisses, z.B. /backups',
 		'templatelanguagecombodefined' => 'Die gewählte Kombination aus Sprache und Vorlage ist bereits definiert.',
 		'templatelanguageinvalid' => 'Die gewählte Sprache existiert nicht',
 		'ipstillhasdomains' => 'Die IP/Port-Kombination, die Sie löschen wollen, ist noch bei einer oder mehreren Domains eingetragen. Bitte ändern Sie die Domains vorher auf eine andere IP/Port-Kombination, um diese löschen zu können.',
 		'cantdeletedefaultip' => 'Sie können die Standard-IP/Port-Kombination für Reseller nicht löschen. Bitte setzen Sie eine andere IP/Port-Kombination als Standard, um diese löschen zu können.',
 		'cantdeletesystemip' => 'Sie können die letzte System-IP-Adresse nicht löschen. Entweder legen Sie eine neue IP/Port-Kombination an oder Sie ändern die System-IP-Adresse.',
@@ -836,6 +837,7 @@ return [
 		'notrequiredpasswordcomplexity' => 'Die vorgegebene Passwort-Komplexität wurde nicht erfüllt.<br />Bitte kontaktieren Sie Ihren Administrator, wenn Sie Fragen zur Komplexitäts-Vorgabe haben.',
 		'stringerrordocumentnotvalidforlighty' => 'Ein Text als Fehlerdokument funktioniert leider in LigHTTPd nicht, bitte geben Sie einen Pfad zu einer Datei an',
 		'urlerrordocumentnotvalidforlighty' => 'Eine URL als Fehlerdokument funktioniert leider in LigHTTPd nicht, bitte geben Sie einen Pfad zu einer Datei an',
 		'invaliderrordocumentvalue' => 'Der angegebene Wert für das Fehlederdokument ist keine gültige Datei, URL oder Text-Zeile.',
 		'intvaluetoolow' => 'Die angegebene Zahl ist zu klein (Feld "%s")',
 		'intvaluetoohigh' => 'Die angegebene Zahl ist zu groß (Feld "%s")',
 		'phpfpmstillenabled' => 'PHP-FPM ist derzeit aktiviert. Bitte deaktivieren Sie es, um FCGID zu aktivieren',
@@ -919,6 +921,7 @@ return [
 		'pathmustberelative' => 'Der Benutzer hat nicht die benötigten Berechtigungen, um Pfade außerhalb des Kunden-Heimatverzeichnisses anzugeben. Bitte einen relativen Pfad angeben (kein führendes /).',
 		'mysqlserverstillhasdbs' => 'Datenbank-Server kann für den Kunden nicht entfernt werden, da sich dort noch Datenbanken befinden.',
 		'domaincannotbeedited' => 'Keine Berechtigung, um die Domain %s zu bearbeiten',
 		'invalidcronjobintervalvalue' => 'Cronjob Intervall muss einer der folgenden Werte sein: %s',
 	],
 	'extras' => [
 		'description' => 'Hier können Sie zusätzliche Extras einrichten, wie zum Beispiel einen Verzeichnisschutz.<br />Die Änderungen sind erst nach einer kurzen Zeit wirksam.',
@@ -1494,7 +1497,10 @@ Vielen Dank, Ihr Administrator',
 				'title' => 'Log-Art(en)',
 				'description' => 'Wählen Sie hier die gewünschten Logtypen. Für Mehrfachauswahl, halten Sie während der Auswahl STRG gedrückt<br />Mögliche Logtypen sind: syslog, file, mysql',
 			],
-			'logfile' => 'Log-Datei Pfad inklusive Dateinamen',
+			'logfile' => [
 				'title' => 'Dateiname der Logdatei',
 				'description' => 'Wird nur verwendet, wenn die Log-Art "file" ausgewählt ist. Diese Datei wird unter froxlor/logs/ geschrieben. Dieser Ordner ist vor Webzugriff geschützt.',
 			],
 			'logcron' => 'Logge Cronjobs',
 			'logcronoption' => [
 				'never' => 'Nie',
@@ -1962,6 +1968,10 @@ Vielen Dank, Ihr Administrator',
 			'title' => 'Validiere DNS der Domains wenn Let\'s Encrypt genutzt wird',
 			'description' => 'Wenn aktiviert wird froxlor überprüfen ob die DNS Einträge der Domains, welche ein Let\'s Encrypt Zertifikat beantragt, mindestens auf eine der System IP Adressen auflöst.',
 		],
 		'le_domain_dnscheck_resolver' => [
 			'title' => 'DNS Resolver für die DNS Überprüfung',
 			'description' => 'IP Adresse des DNS Servers, welcher für die DNS Überprüfung genutzt werden soll. Wenn leer, wird der Standard DNS Resolver des Systems genutzt.',
 		],
 		'phpsettingsforsubdomains' => [
 			'description' => 'Wenn ja, wird die gewählte PHP-Config für alle Subdomains übernommen',
 		],
@@ -2124,17 +2134,31 @@ Vielen Dank, Ihr Administrator',
 		],
 		'mb' => 'Traffic',
 		'day' => 'Tag',
-		'distribution' => '<span color="#019522">FTP</span> | <span color="#0000FF">HTTP</span> | <span color="#800000">Mail</span>',
+		'sumtotal' => 'Gesamt Traffic',
-		'sumhttp' => 'Gesamt HTTP-Traffic',
+		'sumhttp' => 'HTTP-Traffic',
-		'sumftp' => 'Gesamt FTP-Traffic',
+		'sumftp' => 'FTP-Traffic',
-		'summail' => 'Gesamt Mail-Traffic',
+		'summail' => 'Mail-Traffic',
 		'customer' => 'Kunde',
-		'trafficoverview' => 'Übersicht Traffic je',
+		'trafficoverview' => 'Übersicht Traffic',
 		'bycustomers' => 'Traffic nach Kunden',
 		'details' => 'Details',
 		'http' => 'HTTP',
 		'ftp' => 'FTP',
 		'mail' => 'Mail',
 		'nocustomers' => 'Es wird mindestens ein Kunde benötigt um die Traffic Statistiken anzuzeigen.',
 		'top5customers' => 'Top 5 Kunden',
 		'nodata' => 'Keine Daten im angegebenen Zeitraum.',
 		'ranges' => [
 			'last24h' => 'die letzten 24 Std',
 			'last7d' => 'die letzten 7 Tage',
 			'last30d' => 'die letzten  30 Tage',
 			'cm' => 'Aktueller Monat',
 			'last3m' => 'die letzten 3 Monate',
 			'last6m' => 'die letzten 6 Monate',
 			'last12m' => 'die letzten 12 Monate',
 			'cy' => 'Aktuelles Jahr',
 		],
 		'byrange' => 'Nach angegebenem Zeitraum',
 	],
 	'translator' => '',
 	'update' => [
--- a/lng/en.lng.php
+++ b/lng/en.lng.php
@@ -839,6 +839,7 @@ return [
 		'destinationiswrong' => 'The forwarder %s contains invalid character(s) or is incomplete.',
 		'backupfoldercannotbedocroot' => 'The folder for backups cannot be your homedir, please chose a folder within your homedir, e.g. /backups',
 		'templatelanguagecombodefined' => 'The selected language/template combination has already been defined.',
 		'templatelanguageinvalid' => 'The selected language does not exist',
 		'ipstillhasdomains' => 'The IP/Port combination you want to delete still has domains assigned to it, please reassign those to other IP/Port combinations before deleting this IP/Port combination.',
 		'cantdeletedefaultip' => 'You cannot delete the default IP/Port combination, please make another IP/Port combination default for before deleting this IP/Port combination.',
 		'cantdeletesystemip' => 'You cannot delete the last system IP, either create a new IP/Port combination for the system IP or change the system IP.',
@@ -904,6 +905,7 @@ return [
 		'notrequiredpasswordcomplexity' => 'The specified password-complexity was not satisfied.<br />Please contact your administrator if you have any questions about the complexity-specification',
 		'stringerrordocumentnotvalidforlighty' => 'A string as ErrorDocument does not work in lighttpd, please specify a path to a file',
 		'urlerrordocumentnotvalidforlighty' => 'An URL as ErrorDocument does not work in lighttpd, please specify a path to a file',
 		'invaliderrordocumentvalue' => 'The value given as ErrorDocument does not seem to be a valid file, URL or string.',
 		'intvaluetoolow' => 'The given number is too low (field %s)',
 		'intvaluetoohigh' => 'The given number is too high (field %s)',
 		'phpfpmstillenabled' => 'PHP-FPM is currently active. Please deactivate it before activating FCGID',
@@ -988,6 +990,7 @@ return [
 		'pathmustberelative' => 'The user does not have the permission to specify directories outside the customers home-directory. Please specify a relative path (no leading /).',
 		'mysqlserverstillhasdbs' => 'Cannot remove database server from customers allow-list as there are still databases on it.',
 		'domaincannotbeedited' => 'You are not permitted to edit the domain %s',
 		'invalidcronjobintervalvalue' => 'Cronjob interval must be one of: %s',
 	],
 	'extras' => [
 		'description' => 'Here you can add some extras, for example directory protection.<br />The system will need some time to apply the new settings after every change.',
@@ -1613,7 +1616,10 @@ Yours sincerely, your administrator',
 				'title' => 'Log-type(s)',
 				'description' => 'Specify logtypes. To select multiple types, hold down CTRL while selecting.<br />Available logtypes are: syslog, file, mysql',
 			],
-			'logfile' => 'Logfile path including filename',
+			'logfile' => [
 				'title' => 'Filename for log',
 				'description' => 'Only used if log-type includes "file". This file will be created in froxlor/logs/. This folder is protected against public access.',
 			],
 			'logcron' => 'Log cronjobs',
 			'logcronoption' => [
 				'never' => 'Never',
@@ -2081,6 +2087,10 @@ Yours sincerely, your administrator',
 			'title' => 'Validate DNS of domains when using Let\'s Encrypt',
 			'description' => 'If activated, froxlor will validate whether the domain which requests a Let\'s Encrypt certificate resolves to at least one of the system ip addresses.',
 		],
 		'le_domain_dnscheck_resolver' => [
 			'title' => 'Use a external nameserver for DNS validation',
 			'description' => 'If set, froxlor will use this DNS to validate the DNS of domains when using Let\'s Encrypt. If empty, the system\'s default DNS resolver will be used.',
 		],
 		'phpsettingsforsubdomains' => [
 			'description' => 'If yes the chosen php-config will be updated to all subdomains',
 		],
@@ -2254,18 +2264,32 @@ Yours sincerely, your administrator',
 			'total' => 'Total',
 		],
 		'mb' => 'Traffic',
-		'distribution' => '<font color="#019522">FTP</font> | <font color="#0000FF">HTTP</font> | <font color="#800000">Mail</font>',
+		'sumtotal' => 'Total traffic',
-		'sumhttp' => 'Total HTTP-Traffic',
+		'sumhttp' => 'HTTP traffic',
-		'sumftp' => 'Total FTP-Traffic',
+		'sumftp' => 'FTP traffic',
-		'summail' => 'Total Mail-Traffic',
+		'summail' => 'Mail traffic',
 		'customer' => 'Customer',
 		'domain' => 'Domain',
-		'trafficoverview' => 'Traffic summary by',
+		'trafficoverview' => 'Traffic summary',
 		'bycustomers' => 'Traffic by customers',
 		'details' => 'Details',
 		'http' => 'HTTP',
 		'ftp' => 'FTP',
 		'mail' => 'Mail',
 		'nocustomers' => 'You need at least one customer to view the traffic reports.',
 		'top5customers' => 'Top 5 customers',
 		'nodata' => 'No data for given range found.',
 		'ranges' => [
 			'last24h' => 'last 24 hours',
 			'last7d' => 'last 7 days',
 			'last30d' => 'last 30 days',
 			'cm' => 'Current month',
 			'last3m' => 'last 3 months',
 			'last6m' => 'last 6 months',
 			'last12m' => 'last 12 months',
 			'cy' => 'Current year',
 		],
 		'byrange' => 'Specified by range',
 	],
 	'translator' => '',
 	'update' => [
--- a/package-lock.json
+++ b/package-lock.json
@@ -5103,9 +5103,9 @@
 			}
 		},
 		"node_modules/img-loader/node_modules/json5": {
-			"version": "1.0.1",
+			"version": "1.0.2",
-			"resolved": "https://registry.npmjs.org/json5/-/json5-1.0.1.tgz",
+			"resolved": "https://registry.npmjs.org/json5/-/json5-1.0.2.tgz",
-			"integrity": "sha512-aKS4WQjPenRxiQsC93MNfjx+nbF4PAdYzmd/1JIj8HYzqfbu86beTuNgXDzPknWk0n0uARlyewZo4s++ES36Ow==",
+			"integrity": "sha512-g1MWMLBiz8FKi1e4w0UyVL3w+iJceWAFBAaBnnGKOpNa5f8TLktkbre1+s6oICydWAm+HRUGTmI+//xv2hvXYA==",
 			"dev": true,
 			"dependencies": {
 				"minimist": "^1.2.0"
@@ -5437,9 +5437,9 @@
 			"dev": true
 		},
 		"node_modules/json5": {
-			"version": "2.2.1",
+			"version": "2.2.3",
-			"resolved": "https://registry.npmjs.org/json5/-/json5-2.2.1.tgz",
+			"resolved": "https://registry.npmjs.org/json5/-/json5-2.2.3.tgz",
-			"integrity": "sha512-1hqLFMSrGHRHxav9q9gNjJ5EXznIxGVO09xQRrwplcS8qs28pZ8s8hupZAmqDwZUmVZ2Qb2jnyPOWcDH8m8dlA==",
+			"integrity": "sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg==",
 			"dev": true,
 			"bin": {
 				"json5": "lib/cli.js"
@@ -8448,9 +8448,9 @@
 			}
 		},
 		"node_modules/vue-style-loader/node_modules/json5": {
-			"version": "1.0.1",
+			"version": "1.0.2",
-			"resolved": "https://registry.npmjs.org/json5/-/json5-1.0.1.tgz",
+			"resolved": "https://registry.npmjs.org/json5/-/json5-1.0.2.tgz",
-			"integrity": "sha512-aKS4WQjPenRxiQsC93MNfjx+nbF4PAdYzmd/1JIj8HYzqfbu86beTuNgXDzPknWk0n0uARlyewZo4s++ES36Ow==",
+			"integrity": "sha512-g1MWMLBiz8FKi1e4w0UyVL3w+iJceWAFBAaBnnGKOpNa5f8TLktkbre1+s6oICydWAm+HRUGTmI+//xv2hvXYA==",
 			"dev": true,
 			"dependencies": {
 				"minimist": "^1.2.0"
@@ -12919,9 +12919,9 @@
 			},
 			"dependencies": {
 				"json5": {
-					"version": "1.0.1",
+					"version": "1.0.2",
-					"resolved": "https://registry.npmjs.org/json5/-/json5-1.0.1.tgz",
+					"resolved": "https://registry.npmjs.org/json5/-/json5-1.0.2.tgz",
-					"integrity": "sha512-aKS4WQjPenRxiQsC93MNfjx+nbF4PAdYzmd/1JIj8HYzqfbu86beTuNgXDzPknWk0n0uARlyewZo4s++ES36Ow==",
+					"integrity": "sha512-g1MWMLBiz8FKi1e4w0UyVL3w+iJceWAFBAaBnnGKOpNa5f8TLktkbre1+s6oICydWAm+HRUGTmI+//xv2hvXYA==",
 					"dev": true,
 					"requires": {
 						"minimist": "^1.2.0"
@@ -13165,9 +13165,9 @@
 			"dev": true
 		},
 		"json5": {
-			"version": "2.2.1",
+			"version": "2.2.3",
-			"resolved": "https://registry.npmjs.org/json5/-/json5-2.2.1.tgz",
+			"resolved": "https://registry.npmjs.org/json5/-/json5-2.2.3.tgz",
-			"integrity": "sha512-1hqLFMSrGHRHxav9q9gNjJ5EXznIxGVO09xQRrwplcS8qs28pZ8s8hupZAmqDwZUmVZ2Qb2jnyPOWcDH8m8dlA==",
+			"integrity": "sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg==",
 			"dev": true
 		},
 		"jsonfile": {
@@ -15379,9 +15379,9 @@
 			},
 			"dependencies": {
 				"json5": {
-					"version": "1.0.1",
+					"version": "1.0.2",
-					"resolved": "https://registry.npmjs.org/json5/-/json5-1.0.1.tgz",
+					"resolved": "https://registry.npmjs.org/json5/-/json5-1.0.2.tgz",
-					"integrity": "sha512-aKS4WQjPenRxiQsC93MNfjx+nbF4PAdYzmd/1JIj8HYzqfbu86beTuNgXDzPknWk0n0uARlyewZo4s++ES36Ow==",
+					"integrity": "sha512-g1MWMLBiz8FKi1e4w0UyVL3w+iJceWAFBAaBnnGKOpNa5f8TLktkbre1+s6oICydWAm+HRUGTmI+//xv2hvXYA==",
 					"dev": true,
 					"requires": {
 						"minimist": "^1.2.0"
--- a/templates/Froxlor/base.html.twig
+++ b/templates/Froxlor/base.html.twig
@@ -11,7 +11,7 @@
 	<!-- CSS -->
 	{% if theme_css is empty %}
-		<link href="{{ basehref|default('') }}templates/Froxlor/assets/css/main.css" rel="stylesheet" type="text/css" />
+		<link href="{{ basehref|default('') }}{{ mix('templates/Froxlor/assets/css/main.css') }}" rel="stylesheet" type="text/css" />
 	{% else %}
 		{{ theme_css|raw }}
 	{% endif %}
@@ -19,7 +19,7 @@
 	<!-- Scripts -->
 	{% if theme_js is empty %}
-		<script type="text/javascript" src="{{ basehref|default('') }}templates/Froxlor/assets/js/main.js"></script>
+		<script type="text/javascript" src="{{ basehref|default('') }}{{ mix('templates/Froxlor/assets/js/main.js') }}"></script>
 	{% else %}
 		{{ theme_js|raw }}
 	{% endif %}
--- a/templates/Froxlor/form/form.html.twig
+++ b/templates/Froxlor/form/form.html.twig
@@ -50,7 +50,7 @@
 	</form>
 	{# add translation for custom validations #}
-	{% if form_data.id is defined and form_data.id in ['customer_add', 'customer_edit'] %}
+	{% if form_data.id is defined and form_data.id in ['customer_add', 'customer_edit', 'domain_add', 'domain_edit'] %}
 		<script>$(function() { $.extend($.validator.messages, {required: "{{ lng('error.requiredfield') }}"}) });</script>
 	{% endif %}
 {% endmacro %}
--- a/templates/Froxlor/form/formfields.html.twig
+++ b/templates/Froxlor/form/formfields.html.twig
@@ -2,6 +2,9 @@
 	{% if field.visible is not defined or (field.visible is defined and field.visible) or nohide == true %}
 		{% if norow == false and (field.type != 'hidden' or (field.type == 'hidden' and field.display is defined and field.display is not empty)) %}
 			<div class="row g-0 formfield d-flex align-items-center">
 				{% if field.prior_infotext is defined and field.prior_infotext|length > 0 %}
 					<h5>{{ field.prior_infotext }}</h5>
 				{% endif %}
 				{% if field.label is iterable %}
 					<label for="{{ id }}" class="col-sm-6 col-form-label pe-3">
 						{% if em %}
@@ -51,6 +54,8 @@
 					{{ _self.input_ul(id, field) }}
 				{% elseif field.type == 'checkbox' %}
 					{{ _self.bool(id, field) }}
 				{% elseif field.type == 'checkrequired' %}
 					{{ _self.chk_required(id, field) }}
 				{% elseif field.type == 'select' %}
 					{{ _self.select(id, field) }}
 				{% elseif field.type == 'textarea' %}
@@ -116,6 +121,12 @@
 	{% endif %}
 {% endmacro %}
 {% macro chk_required(id, field) %}
 	<div class="form-check form-switch">
 		<input type="checkbox" value="{{ field.value }}" id="{{ id }}" name="{{ id }}" class="form-check-input" {% if field.mandatory is defined and field.mandatory == 1 %} required {% endif %} />
 	</div>
 {% endmacro %}
 {% macro infotext(id, field) %}
 	{% if field.next_to is defined %}
 		<div class="input-group">
@@ -148,7 +159,7 @@
 	{% if field.next_to is defined %}
 		<div class="input-group">
 		{% endif %}
-		<input type="{{ field.type }}" {% if field.visible is defined and field.visible == false %} disabled {% endif %} {% if field.type == 'number' and field.min is defined %} min="{{ field.min }}" {% endif %} {% if field.type == 'number' and field.max is defined %} max="{{ field.max }}" {% endif %} {% if field.type != 'number' and field.maxlength is defined %} maxlength="{{ field.maxlength }}" {% endif %} id="{{ id }}" name="{{ id }}" value="{{ field.value|raw }}" class="form-control {% if field.valid is defined and field.valid == false %}is-invalid{% endif %}" {% if field.mandatory is defined and field.mandatory %} required {% endif %} {% if field.readonly is defined and field.readonly %} readonly {% endif %} {% if field.autocomplete is defined %} autocomplete="{{ field.autocomplete }}" {% endif %} {% if field.placeholder is defined %} placeholder="{{ field.placeholder }}" {% endif %} {% if field.type == 'file' and field.accept is defined %} accept="{{ field.accept }}" {% endif %}/>
+		<input type="{{ field.type }}" {% if field.visible is defined and field.visible == false %} disabled {% endif %} {% if field.type == 'number' and field.min is defined %} min="{{ field.min }}" {% endif %} {% if field.type == 'number' and field.max is defined %} max="{{ field.max }}" {% endif %} {% if field.type != 'number' and field.maxlength is defined %} maxlength="{{ field.maxlength }}" {% endif %} id="{{ id }}" name="{{ id }}" value="{{ field.value|raw }}" class="form-control {% if field.valid is defined and field.valid == false %}is-invalid{% endif %}" {% if field.mandatory is defined and field.mandatory %} required {% endif %} {% if field.readonly is defined and field.readonly %} readonly {% endif %} {% if field.autocomplete is defined %} autocomplete="{{ field.autocomplete }}" {% endif %} {% if field.placeholder is defined %} placeholder="{{ field.placeholder }}" {% endif %} {% if field.type == 'file' and field.accept is defined %} accept="{{ field.accept }}" {% endif %} {% if field.pattern is defined %} pattern="{{ field.pattern }}" {% endif %}/>
 		{% if field.type == 'hidden' and field.display is defined %}
 			<input type="text" readonly class="form-control-plaintext" value="{{ field.display|raw }}">
 		{% endif %}
@@ -165,7 +176,7 @@
 {% macro image(id, field) %}
 	{% if field.value is not empty %}
-		<img src="/{{ field.value }}" alt="Current Image" class="field-image-preview"><br>
+		<img src="{{ field.value }}" alt="Current Image" class="field-image-preview"><br>
 		<div class="form-check form-switch mb-2">
 			<input type="checkbox" value="1" name="{{ id }}_delete" class="form-check-input">
 			<label class="form-check-label">
@@ -197,7 +208,7 @@
 	{% if field.next_to is defined %}
 		<div class="input-group">
 		{% endif %}
-		<select {% if field.visible is defined and field.visible == false %} disabled {% endif %} class="form-select {% if field.valid is defined and field.valid == false %}is-invalid{% endif %}" name="{{ id }}{% if field.select_mode is defined and field.select_mode == 'multiple' %}[]{% endif %}" id="{{ id }}" {% if field.mandatory is defined and field.mandatory %} required {% endif %} {% if field.select_mode is defined and field.select_mode == 'multiple' %} multiple="multiple" {% endif %}>
+		<select {% if field.visible is defined and field.visible == false %} disabled {% endif %} class="form-select {% if field.valid is defined and field.valid == false %}is-invalid{% endif %}" name="{{ id }}{% if field.select_mode is defined and field.select_mode == 'multiple' %}[]{% endif %}" id="{{ id }}" {% if field.mandatory is defined and field.mandatory %} required {% endif %} {% if field.select_mode is defined and field.select_mode == 'multiple' %} multiple="multiple" {% endif %}{% if field.readonly is defined and field.readonly %} readonly {% endif %}>
 			{% for val,txt in field.select_var %}
 				<option value="{{ val }}" {% if field.selected is defined and ((field.selected is not iterable and field.selected == val) or (field.selected is iterable and val in field.selected|keys)) %} selected="selected" {% endif %}>{{ txt|raw }}</option>
 			{% endfor %}
--- a/templates/Froxlor/settings/configuration.html.twig
+++ b/templates/Froxlor/settings/configuration.html.twig
@@ -112,7 +112,6 @@
 				{{ lng('admin.configfiles.recommendednote') }}
 			</div>
 			<div class="col-12 col-md-6 text-end">
 				<input type="hidden" name="dist" value="{{ distribution }}"/>
 				<button type="button" class="btn btn-outline-secondary" id="selectRecommendedConfig">{{ lng('admin.configfiles.selectrecommended') }}</button>
 				<button type="button" class="btn btn-outline-secondary" id="downloadSelectionAsJson">
 					<i class="fa-solid fa-download"></i>
--- a/templates/Froxlor/src/js/components/validation.js
+++ b/templates/Froxlor/src/js/components/validation.js
@@ -21,4 +21,17 @@ $(document).ready(function() {
 			},
 		});
 	});
 	$('#domain_add,#domain_edit').each(function () {
 		$(this).validate({
 			rules: {
 				'ipandport[]': {
 					required: true,
 					minlength: 1
 				}
 			},
 			errorPlacement: function(error, element) {
 				$(error).prependTo($(element).parent().parent());
 			}
 		});
 	});
 });
--- a/templates/Froxlor/src/scss/components/_generic.scss
+++ b/templates/Froxlor/src/scss/components/_generic.scss
@@ -3,6 +3,10 @@
@import "~@fortawesome/fontawesome-free/css/all";
 // Generic
 .header-logo {
 	height: 24px;
 }
 .form-control-plaintext {
 	outline: none;
 }
--- a/templates/Froxlor/user/dashboard-item.html.twig
+++ b/templates/Froxlor/user/dashboard-item.html.twig
@@ -1,7 +1,7 @@
-{% macro ditem(lngstr, available, used, assigned = null, formatbytes = false) %}
+{% macro ditem(lngstr, available, used, assigned = null, formatbytes = false, byte_usage  = null) %}
    <div class="col border-end border-bottom p-3">
        <div class="row mb-1">
-            <div class="col text-truncate">{{ lng(lngstr) }}</div>
+			<div class="col text-truncate">{{ lng(lngstr) }}{% if byte_usage %} <small>({{ byte_usage|formatBytes }})</small>{% endif %}</div>
            <div class="col-auto">
                <small>{% if formatbytes %}{{ used|formatBytes }}{% else %}{{ used }}{% endif %}/{% if available < 0 %}{{ lng('panel.unlimited') }}{% else %}{% if formatbytes %}{{ available|formatBytes }}{% else %}{{ available }}{% endif %}{% endif %}</small>
            </div>
--- a/templates/Froxlor/user/index.html.twig
+++ b/templates/Froxlor/user/index.html.twig
@@ -33,12 +33,13 @@
 		{% else %}
 			{# customer-resources #}
 			<div class="row row-cols-1 row-cols-sm-2 row-cols-xl-4 g-0">
 				{{ dashboard.ditem('customer.total_diskspace', userinfo.diskspace_bytes, userinfo.total_bytes_used, null, true) }}
 				{{ dashboard.ditem('customer.diskspace', userinfo.diskspace_bytes, userinfo.diskspace_bytes_used, null, true) }}
 				{{ dashboard.ditem('customer.traffic', userinfo.traffic_bytes, userinfo.traffic_bytes_used, null, true) }}
 				{{ dashboard.ditem('customer.subdomains', userinfo.subdomains, userinfo.subdomains_used) }}
-				{{ dashboard.ditem('customer.mysqls', userinfo.mysqls, userinfo.mysqls_used) }}
+				{{ dashboard.ditem('customer.mysqls', userinfo.mysqls, userinfo.mysqls_used, null, false, userinfo.dbspace_used) }}
 				{{ dashboard.ditem('customer.emails', userinfo.emails, userinfo.emails_used) }}
-				{{ dashboard.ditem('customer.accounts', userinfo.email_accounts, userinfo.email_accounts_used) }}
+				{{ dashboard.ditem('customer.accounts', userinfo.email_accounts, userinfo.email_accounts_used, null, false, userinfo.mailspace_used) }}
 				{{ dashboard.ditem('customer.forwarders', userinfo.email_forwarders, userinfo.email_forwarders_used) }}
 				{{ dashboard.ditem('customer.ftps', userinfo.ftps, userinfo.ftps_used) }}
 			</div>
--- a/templates/Froxlor/user/traffic.html.twig
+++ b/templates/Froxlor/user/traffic.html.twig
@@ -18,14 +18,14 @@
 	<!-- TODO: set url on change. e.g.: ?param=days:7 -->
 	<div class="d-flex justify-content-center justify-content-md-end">
 		<select class="form-select mb-3 mb-md-4 w-auto mt-md-n4" aria-label="select the traffic range" name="range" data-baseref="{{ linker({'section':'traffic'}) }}">
-			<option value="hours:24" {% if range == 'hours:24' %}selected{% endif %}>last 24 hours</option>
+			<option value="hours:24" {% if range == 'hours:24' %}selected{% endif %}>{{ lng('traffic.ranges.last24h') }}</option>
-			<option value="days:7" {% if range == 'days:7' %}selected{% endif %}>last 7 days</option>
+			<option value="days:7" {% if range == 'days:7' %}selected{% endif %}>{{ lng('traffic.ranges.last7d') }}</option>
-			<option value="days:30" {% if range == 'days:30' %}selected{% endif %}>last 30 days</option>
+			<option value="days:30" {% if range == 'days:30' %}selected{% endif %}>{{ lng('traffic.ranges.last30d') }}</option>
-			<option value="currentmonth" {% if range == 'currentmonth' %}selected{% endif %}>current month</option>
+			<option value="currentmonth" {% if range == 'currentmonth' %}selected{% endif %}>{{ lng('traffic.ranges.cm') }}</option>
-			<option value="months:3" {% if range == 'months:3' %}selected{% endif %}>last 3 months</option>
+			<option value="months:3" {% if range == 'months:3' %}selected{% endif %}>{{ lng('traffic.ranges.last3m') }}</option>
-			<option value="months:6" {% if range == 'months:6' %}selected{% endif %}>last 6 months</option>
+			<option value="months:6" {% if range == 'months:6' %}selected{% endif %}>{{ lng('traffic.ranges.last6m') }}</option>
-			<option value="months:12" {% if range == 'months:12' %}selected{% endif %}>last 12 months</option>
+			<option value="months:12" {% if range == 'months:12' %}selected{% endif %}>{{ lng('traffic.ranges.last12m') }}</option>
-			<option value="currentyear" {% if range == 'currentyear' %}selected{% endif %}>current year</option>
+			<option value="currentyear" {% if range == 'currentyear' %}selected{% endif %}>{{ lng('traffic.ranges.cy') }}</option>
 			{% for yd in years_avail %}
 				{% if yd.year != "now"|date('Y') %}
 					<option value="year:{{ yd.year }}" {% if range == 'year:' ~ yd.year %}selected{% endif %}>{{ yd.year }}</option>
@@ -50,37 +50,36 @@
 		<div class="row row-cols-2 row-cols-md-4 g-0">
 			<div class="col p-3 border-end">
 				<h3>{{ metrics.total|formatBytes }}</h3>
-				<span>Total</span>
+				<span>{{ lng('traffic.months.total') }}</span>
 			</div>
 			<div class="col p-3 border-end">
 				<h3>{{ metrics.http|formatBytes }}</h3>
-				<span>HTTP</span>
+				<span>{{ lng('traffic.http') }}</span>
 			</div>
 			<div class="col p-3 border-end">
 				<h3>{{ metrics.ftp|formatBytes }}</h3>
-				<span>FTP</span>
+				<span>{{ lng('traffic.ftp') }}</span>
 			</div>
 			<div class="col p-3 border-end">
 				<h3>{{ metrics.mail|formatBytes }}</h3>
-				<span>Mail</span>
+				<span>{{ lng('traffic.mail') }}</span>
 			</div>
 		</div>
 	</div>
 	{% if userinfo.adminsession == 1 %}
 		<!-- Overview for given range by user -->
-		<h4 class="page-header">Traffic by customers</h4>
+		<h4 class="page-header">{{ lng('traffic.bycustomers') }}</h4>
 		{% if users is not empty %}
 			<div class="card table-responsive">
 				<table class="table table-borderless table-striped align-middle mb-0 px-3">
 					<thead>
 						<tr>
 							<th scope="col">{{ lng('login.username') }}</th>
-							<th scope="col">Total</th>
+							<th scope="col">{{ lng('traffic.months.total') }}</th>
-							<th scope="col">HTTP</th>
+							<th scope="col">{{ lng('traffic.http') }}</th>
-							<th scope="col">FTP</th>
+							<th scope="col">{{ lng('traffic.ftp') }}</th>
-							<th scope="col">Mail
+							<th scope="col">{{ lng('traffic.mail') }}</th>
 							</th>
 						</tr>
 					</thead>
 					<tbody>
@@ -101,19 +100,19 @@
 		{% else %}
 			<div class="card">
 				<div class="card-body">
-					<p>No data for given range found.</p>
+					<p>{{ lng('traffic.nodata') }}</p>
 				</div>
 			</div>
 		{% endif %}
 	{% endif %}
 	<script>
-		const labelsS = ['HTTP', 'FTP', 'Mail'];
+		const labelsS = ['{{ lng('traffic.http') }}', '{{ lng('traffic.ftp') }}', '{{ lng('traffic.mail') }}'];
 		const dataS = {
 			labels: labelsS,
 			datasets: [{
-				label: 'Traffic summary',
+				label: '{{ lng('traffic.trafficoverview') }}',
 				backgroundColor: ['rgb(255, 99, 132)', 'rgb(200, 199, 132)', 'rgb(255, 99, 0)'],
 				data: [{value: '{{ metrics.http|default(0) }}', formatted: '{{ metrics.http|formatBytes }}'}, {value: '{{ metrics.ftp|default(0) }}', formatted: '{{ metrics.ftp|formatBytes }}'}, {value: '{{ metrics.mail|default(0) }}', formatted: '{{ metrics.mail|formatBytes }}'}]
 			}]
@@ -130,7 +129,7 @@
 				plugins: {
 					title: {
 						display: true,
-						text: 'Total traffic'
+						text: '{{ lng('traffic.sumtotal') }}'
 					},
 					legend: {
 						position: 'right'
@@ -161,7 +160,7 @@
 			const dataC = {
 				labels: labelsC,
 				datasets: [{
-					label: 'Top 5 customers',
+					label: '{{ lng('traffic.top5customers') }}',
 					backgroundColor: ['rgb(255, 99, 132)', 'rgb(200, 199, 132)', 'rgb(255, 99, 0)', 'rgb(100, 100, 132)', 'rgb(240, 150, 232)'],
 					data: dataValues
 				}]
@@ -178,7 +177,7 @@
 					plugins: {
 						title: {
 							display: true,
-							text: 'Top 5 customers'
+							text: '{{ lng('traffic.top5customers') }}'
 						},
 						legend: {
 							position: 'right'
@@ -220,7 +219,7 @@
 				labels: labelsC,
 				datasets: [
 					{
-					label: 'HTTP traffic',
+					label: '{{ lng('traffic.sumhttp') }}',
 					backgroundColor: 'rgb(255, 99, 132)',
 					{% if range starts with 'days' or range == 'currentmonth' %}
 						data: [{% for d,dd in days %}{value: '{{ dd.http|default(0) }}', formatted: '{{ dd.http|formatBytes }}', axisv: '{{ d }}'},{% endfor %}],
@@ -234,7 +233,7 @@
 					}
 				},
 				{
-					label: 'FTP traffic',
+					label: '{{ lng('traffic.sumftp') }}',
 					backgroundColor: 'rgb(200, 199, 132)',
 					{% if range starts with 'days' or range == 'currentmonth' %}
 						data: [{% for d,dd in days %}{value: '{{ dd.ftp|default(0) }}', formatted: '{{ dd.ftp|formatBytes }}', axisv: '{{ d }}'},{% endfor %}],
@@ -248,7 +247,7 @@
 					}
 				},
 				{
-					label: 'Mail traffic',
+					label: '{{ lng('traffic.summail') }}',
 					backgroundColor: 'rgb(255, 99, 0)',
 					{% if range starts with 'days' or range == 'currentmonth' %}
 						data: [{% for d,dd in days %}{value: '{{ dd.mail|default(0) }}', formatted: '{{ dd.mail|formatBytes }}', axisv: '{{ d }}'},{% endfor %}],
@@ -283,7 +282,7 @@
 					plugins: {
 						title: {
 							display: true,
-							text: 'Specified by range'
+							text: '{{ lng('traffic.byrange') }}'
 						},
 						tooltip: {
 							enabled: true,
--- a/templates/Froxlor/userarea.html.twig
+++ b/templates/Froxlor/userarea.html.twig
@@ -25,7 +25,7 @@
 				</button>
 			</div>
 			<a class="navbar-brand me-0 {% if block('heading') %}shadow-sm{% endif %}" href="{{ linker({'section': 'index'}) }}">
-				<img src="{{ header_logo }}" alt="" width="auto" height="24" class="d-inline-block align-text-top ms-md-3">
+				<img src="{{ header_logo }}" alt="logo" class="header-logo d-inline-block align-text-top ms-md-3">
 			</a>
 			<div class="order-0 order-md-1 d-flex flex-grow-0 flex-md-grow-1" id="navbar">
 				<ul class="navbar-nav ms-md-auto me-3 me-lg-5">
--- a/tests/Extras/DirOptionsTest.php
+++ b/tests/Extras/DirOptionsTest.php
@@ -191,4 +191,49 @@ class DirOptionsTest extends TestCase
 		$this->expectExceptionMessage("Directory option with id #1 could not be found");
 		DirOptions::getLocal($admin_userdata, $data)->get();
 	}
 	public function testCustomerDirOptionsAddMalformed()
 	{
 		global $admin_userdata;
 		// get customer
 		$json_result = Customers::getLocal($admin_userdata, array(
 			'loginname' => 'test1'
 		))->get();
 		$customer_userdata = json_decode($json_result, true)['data'];
 		$data = [
 			'path' => '/testmalformed',
 			'error404path' => '/"'.PHP_EOL.'something/../../../../weird 404.html'.PHP_EOL.'#'
 		];
 		$json_result = DirOptions::getLocal($customer_userdata, $data)->add();
 		$result = json_decode($json_result, true)['data'];
 		$expected = '/"something/././././weird\ 404.html#';
 		$this->assertEquals($expected, $result['error404path']);
 	}
 	public function testCustomerDirOptionsAddMalformedInvalid()
 	{
 		global $admin_userdata;
 		// get customer
 		$json_result = Customers::getLocal($admin_userdata, array(
 			'loginname' => 'test1'
 		))->get();
 		$customer_userdata = json_decode($json_result, true)['data'];
 		$data = [
 			'path' => '/testmalformed',
 			'error404path' => '"'.PHP_EOL.'IncludeOptional /something/else/'.PHP_EOL.'#'
 		];
 		$this->expectExceptionMessage("The value given as ErrorDocument does not seem to be a valid file, URL or string.");
 		DirOptions::getLocal($customer_userdata, $data)->add();
 		$data = [
 			'path' => '/testmalformed',
 			'error404path' => '"something"oh no a quote within the string"'
 		];
 		$this->expectExceptionMessage("The value given as ErrorDocument does not seem to be a valid file, URL or string.");
 		DirOptions::getLocal($customer_userdata, $data)->add();
 	}
 }
--- a/webpack.mix.js
+++ b/webpack.mix.js
@@ -10,4 +10,5 @@ mix
 	.copyDirectory('node_modules/@fortawesome/fontawesome-free/webfonts', 'templates/Froxlor/assets/webfonts')
 	.js('templates/Froxlor/src/js/main.js', 'js')
 	.sass('templates/Froxlor/src/scss/main.scss', 'css')
-	.sass('templates/Froxlor/src/scss/dark.scss', 'css');
+	.sass('templates/Froxlor/src/scss/dark.scss', 'css')
 	.version();
Author	SHA1	Message	Date
Michael Kaufmann	c5bece64ce	set version to 2.0.10 for security release Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-28 20:07:15 +01:00
Michael Kaufmann	0034681412	fix possible privilege escalation from customer to root when specifying custom error documents in directory-options Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-28 20:00:24 +01:00
Michael Kaufmann	bd5b99dc1c	verify cronjob interval is one of the fixed available values Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-28 13:06:44 +01:00
Michael Kaufmann	2feb802094	validate existence of language in admin-templates Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-28 12:16:40 +01:00
Michael Kaufmann	7b08a71c59	add missing use statement for error-reporting to include the dbms version Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-28 11:57:43 +01:00
Michael Kaufmann	2a84e9c120	enforce password requirements set in settings for directory-protection Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-28 11:40:07 +01:00
Michael Kaufmann	d854e8e991	Merge branch 'main' of github.com:Froxlor/Froxlor	2023-01-26 15:23:03 +01:00
Michael Kaufmann	0a363910d6	fix potential infinite loop on errors in cli-installation; fixes #1092 Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-26 15:22:39 +01:00
Maurice Preuß (envoyr)	b23d5cd909	merge branch 'main' of github.com:Froxlor/Froxlor	2023-01-25 18:51:03 +01:00
Maurice Preuß (envoyr)	3b753aa69d	change session/cookie domain value, this prevents using the _ server_name when using nginx Signed-off-by: Maurice Preuß (envoyr) <envoyr@froxlor.org>	2023-01-25 18:50:49 +01:00
Michael Kaufmann	492cd288bc	enhanced themefile validation for non-default themes Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-25 13:09:06 +01:00
Marvin Stark	47938c5082	Update README.md (#1090 ) Fixed typo.	2023-01-24 18:56:29 +01:00
Michael Kaufmann	d090e48544	validate result of Net_DNS2_Resolver::query (CNAME's are being resolved to their corresponding target A/AAAA addresses); fixes #1089 Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-23 08:58:42 +01:00
Michael Kaufmann	314e4407a0	add lasst successful login to table-columns for customer overview Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-22 15:04:19 +01:00
Michael Kaufmann	dff7530cc5	include froxlor-vhost in validate-acme-webroot command; fixes #1088 Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-22 13:01:20 +01:00
Maurice Preuß (envoyr)	19423c9644	normalize (compress) ip addresses Signed-off-by: Maurice Preuß (envoyr) <envoyr@froxlor.org>	2023-01-20 21:26:24 +01:00
Michael Kaufmann	42b3f1e59d	set version to 2.0.9 Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-20 18:01:28 +01:00
Michael Kaufmann	1b77632fa8	correctly display config-services command in updater if manual commands are needed Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-19 20:19:43 +01:00
Maurice Preuß (envoyr)	867b7b1390	fix domain variable for gethostbynamel6 function Signed-off-by: Maurice Preuß (envoyr) <envoyr@froxlor.org>	2023-01-18 14:47:25 +01:00
Maurice Preuß (envoyr)	4c6ebde58c	adding new dns resolver setting for let's encrypt Signed-off-by: Maurice Preuß (envoyr) <envoyr@froxlor.org> Co-authored-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-18 13:57:47 +01:00
Michael Kaufmann	1e013d9e9a	enhance information on updater regarding acme-challenge (if lets encrypt is enabled and applicable) Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-18 11:47:55 +01:00
Michael Kaufmann	c56bc651b9	allow hiding documentation menu for customers via customers-hide-option; use --staging for acme.sh for every test-CA Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-18 08:59:59 +01:00
aPollO2k	6cbdf45a7c	Typo fixed in update_2.x.inc.php (#1082 ) PHO_EOL => PHP_EOL	2023-01-16 21:32:56 +01:00
Michael Kaufmann	715667e227	Merge branch 'main' of github.com:Froxlor/Froxlor	2023-01-15 23:49:09 +01:00
Michael Kaufmann	41de161555	show exact froxlor:config-services parameter for updater; better checks for changed acme-challenge paths; fix typo in PHP_EOL statement; remove crsf token from config-apply-parameter generation from within the ui Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-15 23:48:37 +01:00
Maurice Preuß (envoyr)	1f1ea370c0	add version to mix-manifest.json and add mix function Signed-off-by: Maurice Preuß (envoyr) <envoyr@froxlor.org>	2023-01-14 21:14:55 +01:00
Michael Kaufmann	090cfc26f2	set file-log (if enabled) to be in froxlor/logs/ folder; fix ssl param directive for dovecot in Ubuntu Bionic; set version to 2.0.8 Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-14 13:09:42 +01:00
Michael Kaufmann	529890b5d2	fix typo in langauge-definition Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-12 22:27:45 +01:00
Michael Kaufmann	d4a6ab146d	re-add total-disspace dashboard-display on customer dashboard Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-12 16:52:14 +01:00
Michael Kaufmann	e3f02879cf	restore mandatory field on domain-formfields; add translated require message and correct error-placement of the message Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-12 15:16:42 +01:00
Michael Kaufmann	b52d6df777	[UI] change require of ipandport field in domains.add and domains.delete to one-of instead of all; fixes #1078 Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-12 14:53:05 +01:00
Michael Kaufmann	9e671100ae	acme-challenge path adjustments if docroot changed after update from 0.10.x (via apt) Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-12 14:21:14 +01:00
Michael Kaufmann	7e801ea502	Merge branch 'main' of github.com:Froxlor/Froxlor	2023-01-12 12:20:23 +01:00
Daniel	b68522f7d5	Fix formfield image preview path (#1077 )	2023-01-12 12:19:31 +01:00
Michael Kaufmann	86852942e0	add missing language-strings for traffic page Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-12 11:30:52 +01:00
Michael Kaufmann	ec05c84f4d	check whether let's encrypt is enabled at all and correct acme-alias configuration file if necessary/selected Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-12 09:40:35 +01:00
Michael Kaufmann	9e13c077e9	show command to regenerate cron.d-file if previous deletion of old files could not be done automatically, fixes #1076 Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-12 08:33:19 +01:00
Maurice Preuß (envoyr)	da8d315e77	remove hardcoded logo height Signed-off-by: Maurice Preuß (envoyr) <envoyr@froxlor.org>	2023-01-11 22:43:00 +01:00
Michael Kaufmann	cb67e3ae63	continue checking domains even if no config was found, thx knox Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-11 21:07:00 +01:00
Michael Kaufmann	82d15c4dc2	fixes for ValidateAcmeWebroot command Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-11 20:47:07 +01:00
Michael Kaufmann	6d048e2cee	fix default mysql-dbserver for customers if not allowed to use the default (id=0) one; fixes #1075 Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-11 19:41:24 +01:00
Michael Kaufmann	87bd80eea1	reenable access to ftp view for customers with ftps=0 because the main account is always being created Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-11 14:58:18 +01:00
Michael Kaufmann	80e442e396	set version to 2.0.7 Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-10 22:15:57 +01:00
Michael Kaufmann	489ad375bd	ensure latest userdata.inc.php layout for updaters/users of old format Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-10 16:54:20 +01:00
Michael Kaufmann	c420196e73	check explicitly for template existence and try to use default theme as fallback; fixes #1071 Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-10 16:53:36 +01:00
Michael Kaufmann	cc6d8d5f8b	fix login if non-standard ports are used for froxlor vhost Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-10 12:43:04 +01:00
Michael Kaufmann	24f47bc58b	set version to 2.0.6 Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-09 10:09:15 +01:00
Michael Kaufmann	c769c074e0	add Google CA to available acme.sh providers; fixes #1065 Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-09 10:00:08 +01:00
dependabot[bot]	2ecb8eb034	Bump json5 from 1.0.1 to 1.0.2 (#1069 ) Bumps [json5](https://github.com/json5/json5) from 1.0.1 to 1.0.2. - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](https://github.com/json5/json5/compare/v1.0.1...v1.0.2) --- updated-dependencies: - dependency-name: json5 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-09 09:51:52 +01:00
Michael Kaufmann	6827c100c3	fix updating email account password-hashes in updater Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-09 09:50:51 +01:00
Michael Kaufmann	c402acd1bd	disable correct mod_php in bionic-config-templates when fcgid/php-fpm is selected Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-09 09:25:29 +01:00
Michael Kaufmann	c4ec2509fa	fix resetting of isemaildomain-flag of subdomains when nothing changed; fixes #1067 Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-09 09:24:22 +01:00
Michael Kaufmann	0f382586ce	set version to 2.0.5 Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-08 23:24:43 +01:00
Michael Kaufmann	9c2f12ecb1	mysql-remote-server fixes Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-08 23:20:31 +01:00
Michael Kaufmann	12da117cab	fix chmod() command in compatibility cronjob for updaters Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-08 20:20:44 +01:00