adjust spf-entry-regex; check for valid spf-entry in updater; set version to 2.1.0-rc2

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>

SECURITY.md

@@ -35,6 +35,8 @@ Only reproducible issues on a default/clean setup from the latest stable release
 - Theoretical attacks without proof of exploitability
 - Attacks that are the result of a third party library should be reported to the library maintainers
 - Social engineering
+- Attacks that require disabling security features or reducing the security level of the environment
+- Exploits by an admin user itself (privileged user and implicitly trusted)
 - Reflected file download
 - Physical attacks
 - Weak SSL/TLS/SSH algorithms or protocols

actions/admin/settings/185.spf.php

@@ -43,7 +43,8 @@ return [
 					'settinggroup' => 'spf',
 					'varname' => 'spf_entry',
 					'type' => 'text',
-					'default' => '"v=spf1 a mx -all"',
+					'string_regexp' => '/^v=spf[a-z0-9:~?\s.-]+$/i',
+					'default' => 'v=spf1 a mx -all',
 					'save_method' => 'storeSettingField'
 				]
 			]

index.php

@@ -327,11 +327,12 @@ if ($action == '2fa_entercode') {
 			if ($userinfo['type_2fa'] == 1) {
 				// generate code
 				$tfa = new FroxlorTwoFactorAuth('Froxlor ' . Settings::Get('system.hostname'));
-				$code = $tfa->getCode($tfa->createSecret());
+				$secret = $tfa->createSecret();
+				$code = $tfa->getCode($secret);
 				// set code for user
 				$stmt = Database::prepare("UPDATE $table SET `data_2fa` = :d2fa WHERE `$uid` = :uid");
 				Database::pexecute($stmt, [
-					"d2fa" => $code,
+					"d2fa" => $secret,
 					"uid" => $userinfo[$uid]
 				]);
 				// build up & send email

install/froxlor.sql.php

@@ -391,7 +391,7 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('admin', 'show_version_footer', '0'),
 	('caa', 'caa_entry', ''),
 	('spf', 'use_spf', '0'),
-	('spf', 'spf_entry', '"v=spf1 a mx -all"'),
+	('spf', 'spf_entry', 'v=spf1 a mx -all'),
 	('dkim', 'dkim_algorithm', 'all'),
 	('dkim', 'dkim_keylength', '1024'),
 	('dkim', 'dkim_servicetype', '0'),
@@ -679,7 +679,7 @@ opcache.validate_timestamps'),
 	('system', 'distribution', ''),
 	('system', 'update_channel', 'stable'),
 	('system', 'updatecheck_data', ''),
-	('system', 'update_notify_last', '2.1.0-rc1'),
+	('system', 'update_notify_last', '2.1.0-rc2'),
 	('system', 'traffictool', 'goaccess'),
 	('system', 'req_limit_per_interval', 60),
 	('system', 'req_limit_interval', 60),
@@ -727,7 +727,7 @@ opcache.validate_timestamps'),
 	('panel', 'logo_overridecustom', '0'),
 	('panel', 'settings_mode', '0'),
 	('panel', 'menu_collapsed', '1'),
-	('panel', 'version', '2.1.0-rc1'),
+	('panel', 'version', '2.1.0-rc2'),
 	('panel', 'db_version', '202305240');
 
 

install/updates/froxlor/update_2.1.inc.php

@@ -108,3 +108,18 @@ if (Froxlor::isFroxlorVersion('2.1.0-beta2')) {
 	Update::showUpdateStep("Updating from 2.1.0-beta2 to 2.1.0-rc1", false);
 	Froxlor::updateToVersion('2.1.0-rc1');
 }
+
+if (Froxlor::isFroxlorVersion('2.1.0-rc1')) {
+	Update::showUpdateStep("Updating from 2.1.0-rc1 to 2.1.0-rc2", false);
+
+	Update::showUpdateStep("Adjusting setting spf_entry");
+	$spf_entry = Settings::Get('spf.spf_entry');
+	if (!preg_match('/^v=spf[a-z0-9:~?\s.-]+$/i', $spf_entry)) {
+		Settings::Set('spf.spf_entry', 'v=spf1 a mx -all');
+		Update::lastStepStatus(1, 'corrected');
+	} else {
+		Update::lastStepStatus(0);
+	}
+
+	Froxlor::updateToVersion('2.1.0-rc2');
+}

lib/Froxlor/Api/Commands/Domains.php

@@ -349,6 +349,8 @@ class Domains extends ApiCommand implements ResourceEntity
 
 				if (substr($p_domain, 0, 4) == 'xn--') {
 					Response::standardError('domain_nopunycode', '', true);
+				} elseif (Validate::validate_ip2($p_domain, true, '', true, true)) {
+					Response::standardError('domain_noipaddress', '', true);
 				}
 
 				$idna_convert = new IdnaWrapper();
@@ -1667,6 +1669,7 @@ class Domains extends ApiCommand implements ResourceEntity
 				|| $hsts_sub != $result['hsts_sub']
 				|| $hsts_preload != $result['hsts_preload']
 				|| $ocsp_stapling != $result['ocsp_stapling']
+				|| $sslenabled != $result['ssl_enabled']
 			) {
 				Cronjob::inserttask(TaskId::REBUILD_VHOST);
 			}
@@ -1815,7 +1818,7 @@ class Domains extends ApiCommand implements ResourceEntity
 			$update_data['wwwserveralias'] = $wwwserveralias;
 			$update_data['iswildcarddomain'] = $iswildcarddomain;
 			$update_data['phpenabled'] = $phpenabled;
-			$update_data['openbasedir'] = $openbasedir;;
+			$update_data['openbasedir'] = $openbasedir;
 			$update_data['openbasedir_path'] = $openbasedir_path;
 			$update_data['speciallogfile'] = $speciallogfile;
 			$update_data['phpsettingid'] = $phpsettingid;

lib/Froxlor/CurrentUser.php

@@ -187,7 +187,8 @@ class CurrentUser
 		if (self::getField('type_2fa') == 1) {
 			// generate code
 			$tfa = new FroxlorTwoFactorAuth('Froxlor ' . Settings::Get('system.hostname'));
-			$code = $tfa->getCode($tfa->createSecret());
+			$secret = $tfa->createSecret();
+			$code = $tfa->getCode($secret);
 			// set code for user
 			$table = TABLE_PANEL_CUSTOMERS;
 			$uid = 'customerid';
@@ -197,7 +198,7 @@ class CurrentUser
 			}
 			$stmt = Database::prepare("UPDATE $table SET `data_2fa` = :d2fa WHERE `$uid` = :uid");
 			Database::pexecute($stmt, [
-				"d2fa" => $code,
+				"d2fa" => $secret,
 				"uid" => self::getField($uid)
 			]);
 			// build up & send email

lib/Froxlor/Froxlor.php

@@ -31,7 +31,7 @@ final class Froxlor
 {
 
 	// Main version variable
-	const VERSION = '2.1.0-rc1';
+	const VERSION = '2.1.0-rc2';
 
 	// Database version (YYYYMMDDC where C is a daily counter)
 	const DBVERSION = '202305240';

lib/Froxlor/Idna/IdnaWrapper.php

@@ -64,7 +64,7 @@ class IdnaWrapper
 	 */
 	public function encode(string $to_encode): string
 	{
-		$to_encode = $this->isUtf8($to_encode) ? $to_encode : utf8_encode($to_encode);
+		$to_encode = $this->isUtf8($to_encode) ? $to_encode : mb_convert_encoding($to_encode, 'UTF-8');
 		try {
 			return $this->idna_converter->encode($to_encode);
 		} catch (InvalidArgumentException $iae) {

lib/Froxlor/Install/Install.php

@@ -304,7 +304,7 @@ class Install
 			throw new Exception(lng('error.invalidip', [$serveripv4]));
 		} elseif (!empty($serveripv6) && (!Validate::validate_ip2($serveripv6, true, '', false, true) || IPTools::is_ipv6($serveripv6) == false)) {
 			throw new Exception(lng('error.invalidip', [$serveripv6]));
-		} elseif (!Validate::validateDomain($servername) && !Validate::validateLocalHostname($servername)) {
+		} elseif (!Validate::validateDomain($servername)) {
 			throw new Exception(lng('install.errors.servernameneedstobevalid'));
 		} elseif (posix_getpwnam($httpuser) === false) {
 			throw new Exception(lng('install.errors.websrvuserdoesnotexist'));

lib/Froxlor/UI/Form.php

@@ -193,10 +193,14 @@ class Form
 				if (!$do_show) {
 					$fielddata['note'] = lng('serversettings.option_requires_otp');
 					if (!$otp_enabled_system) {
+						$fielddata['disabled'] = true;
 						$fielddata['note'] .= '<br>' . lng('2fa.2fa_not_activated');
 					} elseif (!$otp_enabled_user) {
+						$fielddata['disabled'] = true;
 						$fielddata['note'] .= '<br>' . lng('2fa.2fa_not_activated_for_user');
 					}
+					// show field in any case
+					$do_show = true;
 				}
 			}
 

lib/Froxlor/Validate/Validate.php

@@ -224,7 +224,7 @@ class Validate
 	 * Check if the submitted string is a valid domainname
 	 *
 	 * @param string $domainname The domainname which should be checked.
-	 * @param bool $allow_underscore optional if true, allowes the underscore character in a domain label (DKIM etc.)
+	 * @param bool $allow_underscore optional if true, allows the underscore character in a domain label (DKIM etc.)
 	 *
 	 * @return string|boolean the domain-name if the domain is valid, false otherwise
 	 */

lib/config.example.inc.php

@@ -9,11 +9,18 @@ return [
 	 * recommended value for debian/ubuntu package users is false to rely on apt and not have version mixup.
 	 * This is also useful for providers that manage the servers but give admin access to froxlor to handle
 	 * updates the way the providers does it (e.g. automation, etc.)
+	 *
+	 * Default: false
 	 */
 	'enable_webupdate' => false,
 
 	/**
-	 * @todo description
+	 * settings that have a major impact on the system or which values are used to be executed with high
+	 * privileges on the system require the admin-user to have set up and enabled OTP for the corresponding
+	 * account to change these values.
+	 * To disable this extra security validation, set the value of this to true
+	 *
+	 * Default: false
 	 */
 	'disable_otp_security_check' => false,
 ];

lib/init.php

@@ -114,10 +114,10 @@ if (!isset($sql) || !is_array($sql)) {
 /**
  * Show nice note if requested domain is "unknown" to froxlor and thus is being lead to its vhost
  */
-if ($_SERVER['HTTP_HOST'] != Settings::Get('system.hostname') &&
-		!filter_var($_SERVER['HTTP_HOST'], FILTER_VALIDATE_IP) && (
+if ($_SERVER['SERVER_NAME'] != Settings::Get('system.hostname') &&
+		!filter_var($_SERVER['SERVER_NAME'], FILTER_VALIDATE_IP) && (
 		empty(Settings::Get('system.froxloraliases')) ||
-		(!empty(Settings::Get('system.froxloraliases')) && !in_array($_SERVER['HTTP_HOST'], array_map('trim', explode(',', Settings::Get('system.froxloraliases')))))
+		(!empty(Settings::Get('system.froxloraliases')) && !in_array($_SERVER['SERVER_NAME'], array_map('trim', explode(',', Settings::Get('system.froxloraliases')))))
 )) {
 	// not the froxlor system-hostname, show info page for domains not configured in froxlor
 	$unconfiguredPath = FileDir::makeCorrectFile(Froxlor::getInstallDir() . '/templates/misc/unconfigured/index.html');
@@ -346,6 +346,7 @@ if (CurrentUser::hasSession()) {
 	if (in_array($_SERVER['REQUEST_METHOD'], ['POST', 'PUT', 'PATCH', 'DELETE'])) {
 		$current_token = $_POST['csrf_token'] ?? $_SERVER['HTTP_X_CSRF_TOKEN'] ?? null;
 		if ($current_token != CurrentUser::getField('csrf_token')) {
+			http_response_code(403);
 			Response::dynamicError('CSRF validation failed');
 		}
 	}

lng/de.lng.php

@@ -920,6 +920,7 @@ return [
 		'dns_duplicate_entry' => 'Eintrag existiert bereits',
 		'dns_notfoundorallowed' => 'Domain nicht gefunden oder keine Berechtigung',
 		'domain_nopunycode' => 'Die Eingabe von Punycode (IDNA) ist nicht notwendig. Die Domain wird automatisch konvertiert.',
+		'domain_noipaddress' => 'Eine IP-Adresse kann nicht als Domain angelegt werden',
 		'dns_record_toolong' => 'Records/Labels können maximal 63 Zeichen lang sein',
 		'noipportgiven' => 'Keine IP/Port angegeben',
 		'nosslippportgiven' => 'Wenn SSL aktiviert ist, muss eine SSL IP/Port angegeben werden',
@@ -1308,6 +1309,7 @@ Vielen Dank, Ihr Administrator',
 		'dnsentry_reallydelete' => 'Wollen Sie den DNS-Eintrag wirklich löschen?',
 		'certificate_reallydelete' => 'Wollen Sie diese Zertifikat wirklich löschen?',
 		'cache_reallydelete' => 'Wollen Sie den Cache wirklich leeren?',
+		'please_enter_otp' => 'Bitte 2FA Code eingeben',
 	],
 	'serversettings' => [
 		'session_timeout' => [

lng/en.lng.php

@@ -992,6 +992,7 @@ return [
 		'dns_duplicate_entry' => 'Record already exists',
 		'dns_notfoundorallowed' => 'Domain not found or no permission',
 		'domain_nopunycode' => 'You must not specify punycode (IDNA). The domain will automatically be converted',
+		'domain_noipaddress' => 'Cannot add an IP address as domain',
 		'dns_record_toolong' => 'Records/labels can only be up to 63 characters',
 		'noipportgiven' => 'No IP/port given',
 		'nosslippportgiven' => 'When enabling SSL you need to select a SSL IP/port',
@@ -1423,6 +1424,7 @@ Yours sincerely, your administrator',
 		'dnsentry_reallydelete' => 'Do you really want to delete this zone entry?',
 		'certificate_reallydelete' => 'Do you really want to delete this certificate?',
 		'cache_reallydelete' => 'Do you really want to clear the cache?',
+		'please_enter_otp' => 'Please enter 2FA code',
 	],
 	'redirect_desc' => [
 		'rc_default' => 'default',

package-lock.json

@@ -9,7 +9,7 @@
 				"@fortawesome/fontawesome-free": "^6.4.2",
 				"@popperjs/core": "^2.11.8",
 				"@vitejs/plugin-vue": "^4.0.0",
-				"axios": "^1.1.2",
+				"axios": "^1.6.0",
 				"bootstrap": "^5.3.2",
 				"chart.js": "^4.4.0",
 				"jquery": "^3.6.1",
@@ -21,6 +21,9 @@
 				"sass": "^1.69.3",
 				"vite": "^4.0.0",
 				"vue": "^3.2.37"
+			},
+			"engines": {
+				"node": ">=18"
 			}
 		},
 		"node_modules/@babel/parser": {
@@ -577,9 +580,9 @@
 			"dev": true
 		},
 		"node_modules/axios": {
-			"version": "1.5.1",
-			"resolved": "https://registry.npmjs.org/axios/-/axios-1.5.1.tgz",
-			"integrity": "sha512-Q28iYCWzNHjAm+yEAot5QaAMxhMghWLFVf7rRdwhUI+c2jix2DUXjAHXVi+s1ibs3mjPO/cCgbA++3BjD0vP/A==",
+			"version": "1.6.0",
+			"resolved": "https://registry.npmjs.org/axios/-/axios-1.6.0.tgz",
+			"integrity": "sha512-EZ1DYihju9pwVB+jg67ogm+Tmqc6JmhamRN6I4Zt8DfZu5lbcQGw3ozH9lFejSJgs/ibaef3A9PMXPLeefFGJg==",
 			"dev": true,
 			"dependencies": {
 				"follow-redirects": "^1.15.0",

package.json

@@ -9,7 +9,7 @@
 		"@fortawesome/fontawesome-free": "^6.4.2",
 		"@popperjs/core": "^2.11.8",
 		"@vitejs/plugin-vue": "^4.0.0",
-		"axios": "^1.1.2",
+		"axios": "^1.6.0",
 		"bootstrap": "^5.3.2",
 		"chart.js": "^4.4.0",
 		"jquery": "^3.6.1",
@@ -21,5 +21,8 @@
 		"sass": "^1.69.3",
 		"vite": "^4.0.0",
 		"vue": "^3.2.37"
+	},
+	"engines": {
+		"node": ">=18"
 	}
 }

templates/Froxlor/assets/js/bootstrap.js

@@ -18,3 +18,4 @@ window.Chart = Chart;
 import axios from 'axios';
 window.axios = axios;
 window.axios.defaults.headers.common['X-Requested-With'] = 'XMLHttpRequest';
+window.axios.defaults.headers.common['X-CSRF-TOKEN'] = document.querySelector('meta[name="csrf-token"]').getAttribute('content');

templates/Froxlor/assets/js/jquery/customer.js

@@ -31,6 +31,9 @@ export default function () {
 						planid: pid
 					},
 					dataType: "json",
+					beforeSend: function(request) {
+						request.setRequestHeader('X-CSRF-TOKEN', document.querySelector('meta[name="csrf-token"]').getAttribute('content'));
+					},
 					success: function (json) {
 						for (var i in json) {
 							if (i == 'email_imap' || i == 'email_pop3' || i == 'perlenabled' || i == 'phpenabled' || i == 'dnsenabled' || i == 'logviewenabled') {

templates/Froxlor/assets/scss/components/_search.scss

@@ -17,7 +17,8 @@
 		position: absolute;
 		top: 2.75rem;
 		z-index: 50;
-		width: 70vh;
+		width: 90vw;
+		max-width: 750px;
 		max-height: 50vh;
 
 		background: $search-bg;

templates/Froxlor/form/formfields.html.twig

@@ -144,7 +144,7 @@
 {% endmacro %}
 
 {% macro plain(id, field) %}
-	<input type="text" readonly class="form-control-plaintext" id="{{ id }}" name="{{ id }}" value="{{ field.value|raw|e }}">
+	<input type="text" readonly class="form-control-plaintext" id="{{ id }}" name="{{ id }}" value="{{ field.value|raw }}">
 	{% if field.next_to is defined %}
 		{% for nid, nfield in field.next_to %}
 			{% if nfield.next_to_prefix is defined %}
@@ -159,9 +159,9 @@
 	{% if field.next_to is defined %}
 		<div class="input-group">
 		{% endif %}
-		<input type="{{ field.type }}" {% if field.visible is defined and field.visible == false %} disabled {% endif %} {% if field.type == 'number' and field.min is defined %} min="{{ field.min }}" {% endif %} {% if field.type == 'number' and field.max is defined %} max="{{ field.max }}" {% endif %} {% if field.type != 'number' and field.maxlength is defined %} maxlength="{{ field.maxlength }}" {% endif %} id="{{ id }}" name="{{ id }}" value="{{ field.value|raw|e }}" class="form-control {% if field.valid is defined and field.valid == false %}is-invalid{% endif %}" {% if field.mandatory is defined and field.mandatory %} required {% endif %} {% if field.readonly is defined and field.readonly %} readonly {% endif %} {% if field.autocomplete is defined %} autocomplete="{{ field.autocomplete }}" {% endif %} {% if field.placeholder is defined %} placeholder="{{ field.placeholder }}" {% endif %} {% if field.type == 'file' and field.accept is defined %} accept="{{ field.accept }}" {% endif %} {% if field.pattern is defined %} pattern="{{ field.pattern }}" {% endif %}/>
+	<input type="{{ field.type }}" {% if field.visible is defined and field.visible == false %} disabled {% endif %} {% if field.type == 'number' and field.min is defined %} min="{{ field.min }}" {% endif %} {% if field.type == 'number' and field.max is defined %} max="{{ field.max }}" {% endif %} {% if field.type != 'number' and field.maxlength is defined %} maxlength="{{ field.maxlength }}" {% endif %} id="{{ id }}" name="{{ id }}" value="{{ field.value|raw }}" class="form-control {% if field.valid is defined and field.valid == false %}is-invalid{% endif %}" {% if field.mandatory is defined and field.mandatory %} required {% endif %} {% if field.readonly is defined and field.readonly %} readonly {% endif %} {% if field.autocomplete is defined %} autocomplete="{{ field.autocomplete }}" {% endif %} {% if field.placeholder is defined %} placeholder="{{ field.placeholder }}" {% endif %} {% if field.type == 'file' and field.accept is defined %} accept="{{ field.accept }}" {% endif %} {% if field.pattern is defined %} pattern="{{ field.pattern }}" {% endif %}/>
 		{% if field.type == 'hidden' and field.display is defined %}
-			<input type="text" readonly class="form-control-plaintext" value="{{ field.display|raw|e }}">
+			<input type="text" readonly class="form-control-plaintext" value="{{ field.display|raw }}">
 		{% endif %}
 		{% if field.next_to is defined %}
 			{% for nid, nfield in field.next_to %}

templates/Froxlor/login/enter2fa.html.twig

@@ -27,7 +27,7 @@
 					<div class="card-body d-grid gap-2">
 						<input type="hidden" name="action" value="2fa_verify"/>
 						<input type="hidden" name="send" value="send"/>
-						<button class="btn btn-primary rounded-top-0" type="submit" name="2faverify">{{ lng('2fa.2fa_verify') }}</button>
+						<button class="btn btn-primary" type="submit" name="2faverify">{{ lng('2fa.2fa_verify') }}</button>
 					</div>
 				</div>
 			</form>

templates/Froxlor/login/fpwd.html.twig

@@ -38,7 +38,7 @@
 					</div>
 
 					<div class="card-body d-grid gap-2">
-						<button class="btn btn-primary rounded-top-0" type="submit" name="doremind">{{ lng('login.remind') }}</button>
+						<button class="btn btn-primary" type="submit" name="doremind">{{ lng('login.remind') }}</button>
 					</div>
 
 					<div class="card-footer">

templates/Froxlor/login/login.html.twig

@@ -39,7 +39,7 @@
 					</div>
 
 					<div class="card-body d-grid gap-2">
-						<button class="btn btn-primary rounded-top-0" type="submit" name="dologin">{{ lng('login.login') }}</button>
+						<button class="btn btn-primary" type="submit" name="dologin">{{ lng('login.login') }}</button>
 					</div>
 
 					{% if get_setting('panel.allow_preset') == '1' %}

templates/Froxlor/login/rpwd.html.twig

@@ -30,7 +30,7 @@
 					</div>
 
 					<div class="card-body d-grid gap-2">
-						<button class="btn btn-primary rounded-top-0" type="submit" name="doremind">{{ lng('login.remind') }}</button>
+						<button class="btn btn-primary" type="submit" name="doremind">{{ lng('login.remind') }}</button>
 					</div>
 
 					<div class="card-footer">

templates/Froxlor/user/2fa.html.twig

@@ -45,13 +45,13 @@
 						<input type="hidden" name="page" value="{{ page }}"/>
 						<input type="hidden" name="send" value="send"/>
 						{% if userinfo.type_2fa == 0 %}
-							<button class="btn btn-primary rounded-top-0" type="submit" name="preadd">
+							<button class="btn btn-primary" type="submit" name="preadd">
 								{{ lng('2fa.2fa_add') }}</button>
 						{% elseif userinfo['2fa_unsaved'] is defined and userinfo['2fa_unsaved'] %}
-							<button class="btn btn-primary rounded-top-0" type="submit" name="add">
+							<button class="btn btn-primary" type="submit" name="add">
 								{{ lng('2fa.2fa_add') }}</button>
 						{% else %}
-							<button class="btn btn-warning rounded-top-0" type="submit" name="delete">
+							<button class="btn btn-warning" type="submit" name="delete">
 								{{ lng('2fa.2fa_delete') }}</button>
 						{% endif %}
 					</div>

templates/Froxlor/user/profile.html.twig

@@ -64,7 +64,7 @@
 						<input type="hidden" name="csrf_token" value="{{ csrf_token }}"/>
 						<input type="hidden" name="page" value="{{ page }}"/>
 						<input type="hidden" name="send" value="changepassword"/>
-						<button class="btn btn-primary rounded-top-0" type="submit" name="dosave">
+						<button class="btn btn-primary" type="submit" name="dosave">
 							<i class="fa-regular fa-floppy-disk"></i>
 							{{ lng('menue.main.changepassword') }}</button>
 					</div>
@@ -96,7 +96,7 @@
 							<input type="hidden" name="csrf_token" value="{{ csrf_token }}"/>
 							<input type="hidden" name="page" value="{{ page }}"/>
 							<input type="hidden" name="send" value="changetheme"/>
-							<button class="btn btn-primary rounded-top-0" type="submit" name="dosave">
+							<button class="btn btn-primary" type="submit" name="dosave">
 								<i class="fa-regular fa-floppy-disk"></i>
 								{{ lng('menue.main.changetheme') }}
 							</button>
@@ -130,7 +130,7 @@
 						<input type="hidden" name="csrf_token" value="{{ csrf_token }}"/>
 						<input type="hidden" name="page" value="{{ page }}"/>
 						<input type="hidden" name="send" value="changelanguage"/>
-						<button class="btn btn-primary rounded-top-0" type="submit" name="dosave">
+						<button class="btn btn-primary" type="submit" name="dosave">
 							<i class="fa-regular fa-floppy-disk"></i>
 							{{ lng('menue.main.changelanguage') }}</button>
 					</div>

templates/Froxlor/userarea.html.twig

@@ -27,7 +27,7 @@
 			<a class="navbar-brand me-0 {% if block('heading') %}shadow-sm{% endif %}" href="{{ linker({'section': 'index'}) }}">
 				<img src="{{ header_logo }}" alt="logo" class="header-logo d-inline-block align-text-top ms-md-3">
 			</a>
-			<div class="order-0 order-md-1 d-flex flex-grow-0 flex-md-grow-1" id="navbar">
+			<div class="order-0 order-md-1 d-flex flex-grow-0 flex-md-grow-auto" id="navbar">
 				<ul class="navbar-nav ms-md-auto me-3 me-lg-5">
 					<a class="nav-link d-md-none" data-bs-toggle="collapse" href="#collapseSearch" role="button" aria-expanded="false" aria-controls="collapseSearch">
 						<i class="fa-solid fa-search text-body-secondary"></i>
@@ -77,10 +77,10 @@
 				</ul>
 			</div>
 			<div class="order-1 order-md-0 collapse navbar-collapse" id="collapseSearch">
-				<form class="ms-3 mt-3 ms-lg-5 my-md-0" id="search" method="post">
-					<div class="d-flex align-items-center">
+				<form class="ms-3 mt-3 ms-lg-5 my-md-0 w-100" id="search" method="post">
+					<div class="d-flex align-items-center w-100">
 						<i class="fa-solid fa-search text-body-secondary"></i>
-						<input tabindex="1" class="search-input" title="search" type="search" placeholder="{{ lng('panel.search') }}...">
+						<input tabindex="1" class="search-input w-75" title="search" type="search" placeholder="{{ lng('panel.search') }}...">
 					</div>
 					<div class="search-results-box p-2 shadow" style="display:none;">
 						<div class="search-results list-group-flush"></div>

templates/misc/unconfigured/index.html

@@ -4,7 +4,7 @@
 	<meta charset="UTF-8">
 	<meta name="robots" content="noindex, nofollow">
 	<meta name="viewport" content="width=device-width, initial-scale=1.0">
-	<title>froxlor - Deactivated page</title>
+	<title>froxlor - Domain not configured</title>
 	<style>
 		:root{--primary:#1872a2;--fonts:ui-sans-serif,system-ui,-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,"Noto Sans",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji"}
 		body{display:flex;flex-direction:column;background:#f8f9fa;color:#4b5563;align-items:center;justify-content:center;font-family:var(--fonts)}