From 72d2885b124a53a36b5ac1f6c14f43cf66c85d9a Mon Sep 17 00:00:00 2001 From: System Void Date: Tue, 4 Aug 2015 11:45:22 +0100 Subject: [PATCH 01/15] Removed closing PHP tags They aren't needed, and every little helps. :) --- web/index.php | 1 - 1 file changed, 1 deletion(-) diff --git a/web/index.php b/web/index.php index 35c889c9..be1ea8bc 100644 --- a/web/index.php +++ b/web/index.php @@ -5,4 +5,3 @@ if (isset($_SESSION['user'])) { } else { header("Location: /login/"); } -?> From 54f23757ea9d0eb43eed88568020443e45fbe4e4 Mon Sep 17 00:00:00 2001 From: System Void Date: Tue, 4 Aug 2015 14:41:32 +0100 Subject: [PATCH 02/15] Removed closing PHP tags. They aren't needed, and every little helps. --- web/api/index.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/web/api/index.php b/web/api/index.php index cfa74ff7..7806a0b4 100644 --- a/web/api/index.php +++ b/web/api/index.php @@ -78,5 +78,3 @@ if (isset($_POST['user']) || isset($_POST['hash'])) { } } } - -?> From 7a7788b18547a9282e9cad79d882a5cfca20f7ee Mon Sep 17 00:00:00 2001 From: System Void Date: Tue, 4 Aug 2015 14:42:06 +0100 Subject: [PATCH 03/15] Removed closing PHP tags. --- web/inc/main.php | 1 - 1 file changed, 1 deletion(-) diff --git a/web/inc/main.php b/web/inc/main.php index c7305a6f..3f449d2b 100644 --- a/web/inc/main.php +++ b/web/inc/main.php @@ -340,4 +340,3 @@ function list_timezones() { } return $timezone_list; } -?> From 9b68b7eb93d644e5ba78bbc881433b61597d82c8 Mon Sep 17 00:00:00 2001 From: System Void Date: Tue, 4 Aug 2015 14:42:32 +0100 Subject: [PATCH 04/15] Removed closing PHP tags. --- web/inc/mail-wrapper.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/web/inc/mail-wrapper.php b/web/inc/mail-wrapper.php index bf1c3d9e..a8c48a09 100755 --- a/web/inc/mail-wrapper.php +++ b/web/inc/mail-wrapper.php @@ -32,5 +32,3 @@ $mailtext = file_get_contents("php://stdin"); if ((!empty($to)) && (!empty($subject))) { send_email($to,$subject,$mailtext,$from); } - -?> From fe21f1cc32373829c345320e15944a39305c589f Mon Sep 17 00:00:00 2001 From: System Void Date: Tue, 4 Aug 2015 14:44:11 +0100 Subject: [PATCH 05/15] Removed closing PHP tags. --- web/login/index.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/web/login/index.php b/web/login/index.php index 332f8ee6..cdb98b39 100644 --- a/web/login/index.php +++ b/web/login/index.php @@ -90,5 +90,3 @@ if (empty($_SESSION['language'])) $_SESSION['language']='en'; require_once($_SERVER['DOCUMENT_ROOT'].'/inc/i18n/'.$_SESSION['language'].'.php'); require_once('../templates/header.html'); require_once('../templates/login.html'); - -?> From b2766e5d881270409ce6cf3ca3f286bb11994eb1 Mon Sep 17 00:00:00 2001 From: System Void Date: Tue, 4 Aug 2015 14:44:55 +0100 Subject: [PATCH 06/15] Removed double space that was not needed. Saving bytes, that's all! --- web/login/index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/login/index.php b/web/login/index.php index cdb98b39..62541b04 100644 --- a/web/login/index.php +++ b/web/login/index.php @@ -14,7 +14,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php"); // Login as someone else if (isset($_SESSION['user'])) { - if ($_SESSION['user'] == 'admin' && !empty($_GET['loginas'])) { + if ($_SESSION['user'] == 'admin' && !empty($_GET['loginas'])) { exec (VESTA_CMD . "v-list-user ".escapeshellarg($_GET['loginas'])." json", $output, $return_var); if ( $return_var == 0 ) { $data = json_decode(implode('', $output), true); From 01541088ce8810bdc5323cd6d819eac08175014d Mon Sep 17 00:00:00 2001 From: System Void Date: Tue, 4 Aug 2015 14:46:35 +0100 Subject: [PATCH 07/15] Removed closing PHP tags. --- web/generate/ssl/index.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/web/generate/ssl/index.php b/web/generate/ssl/index.php index 2d093db2..3f96ebf9 100644 --- a/web/generate/ssl/index.php +++ b/web/generate/ssl/index.php @@ -108,5 +108,3 @@ $_SESSION['back'] = $_SERVER['REQUEST_URI']; include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_ssl.html'); include($_SERVER['DOCUMENT_ROOT'].'/templates/footer.html'); unset($_SESSION['ok_msg']); - -?> From de6fcff868245e12a3b1e0086ed7df588ac9d2a2 Mon Sep 17 00:00:00 2001 From: System Void Date: Tue, 4 Aug 2015 15:00:51 +0100 Subject: [PATCH 08/15] Cleaned it up a bit. --- web/file_manager/files.php | 107 ++++++++++++++----------------------- 1 file changed, 40 insertions(+), 67 deletions(-) diff --git a/web/file_manager/files.php b/web/file_manager/files.php index c11cd917..657194dc 100644 --- a/web/file_manager/files.php +++ b/web/file_manager/files.php @@ -4,25 +4,18 @@ //define(LISTING_TIMEOUT, 0.000001); define(LISTING_TIMEOUT, 5); - - - //echo 'files: '; //$files = scandir(__DIR__); - //echo '
';
 //print_r($files);
 
-
 //$_REQUEST['sort_field'] = 'size';
 $_REQUEST['sort_field'] = 'name';
 //$_REQUEST['sort_field'] = 'atime';
 //$_REQUEST['sort_field'] = 'mtime';
 $_REQUEST['sort_desc'] = 1;
 
-
-
 /*
 +-  copy file / dir [ recursive ]
 +-  rename(move) file / dir
@@ -33,7 +26,7 @@ $_REQUEST['sort_desc'] = 1;
 +-  create dir
 */
 
-switch($_REQUEST['action']){
+switch($_REQUEST['action']) {
     case 'copy': fm_copy($_REQUEST['source'], $_REQUEST['dest']); break;
     case 'rename': fm_rename($_REQUEST['source'], $_REQUEST['dest']); break;
     case 'delete': fm_delete($_REQUEST['source']); break;
@@ -53,24 +46,12 @@ switch($_REQUEST['action']){
     break;
 }
 
-
-
-
-
-
 //echo $_GET['sort_field'];
 
 //    if(in_array($_GET['sort_field'], $available_sort_fields)){
 //	echo '1';
 //    }	
 
-
-
-
-
-
-
-
 /*
   upload_file
 
@@ -87,17 +68,16 @@ switch($_REQUEST['action']){
   download file / image   
 */
 
-
-
-function fm_create_file($filename){
+function fm_create_file($filename)
+{
     if(is_file($filename))
         return array('error' => 'file exists', 'code' => 1);
 
-    return !!fopen($filename, 'w');
+    return (bool) fopen($filename, 'w'); // (bool) > !!, sorry
 }
 
-
-function fm_create_dir($dirname){
+function fm_create_dir($dirname)
+{
     if(is_dir($filename))
         return array('error' => 'directory exists', 'code' => 1);
 
@@ -105,49 +85,49 @@ function fm_create_dir($dirname){
     return mkdir($dirname);
 }
 
-
-function fm_chown($filename, $recursive = 0, $uid = FALSE, $gid = FALSE){
-    if(is_dir($filename) && $recursive){
+function fm_chown($filename, $recursive = 0, $uid = FALSE, $gid = FALSE)
+{
+    if (is_dir($filename) && $recursive) {
         $dir_handle  = opendir($dir);
-	while ($item = readdir($dir_handle)){
-    	    if (!in_array($item, array('.','..'))){
+	while ($item = readdir($dir_handle)) {
+    	    if (!in_array($item, array('.','..'))) {
 		$new_item = $filename.'/'.$item;
 
-	        if($uid !== FALSE) chown($new_item, (int)$uid);
-		if($gid !== FALSE) chgrp($new_item, (int)$gid); 
+	        if ($uid !== FALSE) chown($new_item, (int)$uid);
+		if ($gid !== FALSE) chgrp($new_item, (int)$gid); 
 
-		if(is_dir($new_item)){
+		if (is_dir($new_item)) {
 		    fm_chown($new_item, $recursive, $uid, $gid);
 		}
 	    }
 	}
-    }else{
+    } else {
         if($uid !== FALSE) chown($filename, (int)$uid);
 	if($gid !== FALSE) chgrp($filename, (int)$gid); 
     }
 }
 
-
-function fm_chmod($filename, $recursive = 0, $mode){
-    if(is_dir($filename) && $recursive){
+function fm_chmod($filename, $recursive = 0, $mode)
+{
+    if(is_dir($filename) && $recursive) {
         $dir_handle  = opendir($dir);
-	while ($item = readdir($dir_handle)){
-    	    if (!in_array($item, array('.','..'))){
+	while ($item = readdir($dir_handle)) {
+    	    if (!in_array($item, array('.','..'))) {
 		$new_item = $filename.'/'.$item;
 	        chmod($new_item, octdec($mode));
 
-		if(is_dir($new_item)){
+		if (is_dir($new_item)) {
 		    fm_chmod($new_item, $recursive, $mode);
 		}
 	    }
 	}
-    }else{
+    } else {
 	chmod($filename, octdec($mode));
     }
 }
 
-
-function fm_delete($filename){
+function fm_delete($filename)
+{
     if(is_dir($filename)){
 	foreach (
 	    $iterator = new RecursiveIteratorIterator(
@@ -162,19 +142,21 @@ function fm_delete($filename){
 //	    copy($item, $dest . DIRECTORY_SEPARATOR . $iterator->getSubPathName());
 	  }
 	}
-    }else{
+    } else {
 	return unlink($filename);
     }
 }
 
 
-function fm_rename($source, $dest){
+function fm_rename($source, $dest)
+{
     return rename($source, $dest);
 }
 
 
-function fm_copy($source, $dest){
-    if(is_dir($source)){
+function fm_copy($source, $dest)
+{
+    if (is_dir($source)) {
 	foreach (
 	    $iterator = new RecursiveIteratorIterator(
 	    new RecursiveDirectoryIterator($source, RecursiveDirectoryIterator::SKIP_DOTS),
@@ -187,14 +169,13 @@ function fm_copy($source, $dest){
 	    copy($item, $dest . DIRECTORY_SEPARATOR . $iterator->getSubPathName());
 	  }
 	}
-    
     }else{
 	return copy($source, $dest);
     }
 }
 
-
-function list_dir(){
+function list_dir()
+{
     $dir_iterator = new RecursiveDirectoryIterator("/path");
     $iterator = new RecursiveIteratorIterator($dir_iterator, RecursiveIteratorIterator::SELF_FIRST);
     // could use CHILD_FIRST if you so wish
@@ -214,12 +195,9 @@ function list_dir(){
     echo "\nTotal file size: ", $size, " bytes\n";
 }
 
-
-
-
 /// fast removing directory 
-function rmrf($dir) {
-    
+function rmrf($dir)
+{
     foreach (glob($dir) as $file) {
         if (is_dir($file)) {
             rmrf("$file/*");
@@ -230,9 +208,6 @@ function rmrf($dir) {
     }
 }
 
-
-
-
 function dir_list($dir, $sort = 0)
 {
     $sort_order_for_filename = SORT_ASC;
@@ -252,7 +227,7 @@ function dir_list($dir, $sort = 0)
         if (!in_array($object, array('.','..'))){
             $filename    = $dir . $object;
 	    $time = microtime(true) - $start;
-	    if($time <= LISTING_TIMEOUT){
+	    if ($time <= LISTING_TIMEOUT) {
     		$stats = stat($filename);
     		$mode = explain_mode($stats['mode']);
 		$perms = decoct(fileperms($filename));
@@ -274,8 +249,11 @@ function dir_list($dir, $sort = 0)
             	);
 	    }else{
 		$listing['timeout_exeeded'] = TRUE;
-		if(is_dir($filename)){   $type = 'd';
-		}else{   $type = '-'; }
+		if (is_dir($filename)) {
+			$type = 'd';
+		} else {
+			$type = '-';
+		}
 
 	        $item = array(
             	    'name' => $object,
@@ -294,7 +272,6 @@ function dir_list($dir, $sort = 0)
             	);
 	    }
 
-
 	    $listing['count']++;
 
 	    if($item['type'] == 'd'){
@@ -311,7 +288,6 @@ function dir_list($dir, $sort = 0)
     }
     $listing['time'] = microtime(TRUE) - $start;
 
-
     if(!$listing['timeout_exeeded']){
 	if(in_array($_REQUEST['sort_field'], $available_sort_fields)){
 	    if($_REQUEST['sort_desc']){
@@ -324,7 +300,6 @@ function dir_list($dir, $sort = 0)
 
     return $listing;
 }
-
 	
 function explain_mode($mode)
 {
@@ -355,5 +330,3 @@ function explain_mode($mode)
 
     return $info;
 }
-
-?>

From 0a32d520fc0c3e1a8688d7c7c46715fc9720d072 Mon Sep 17 00:00:00 2001
From: System Void 
Date: Tue, 4 Aug 2015 15:22:06 +0100
Subject: [PATCH 09/15] Less installation steps.

I prefer installing like this, so I assume other will.
---
 README.md | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index d0fdbe4c..1dc7f1fa 100644
--- a/README.md
+++ b/README.md
@@ -13,12 +13,18 @@ Connect to your server as root via SSH
 ssh root@your.server
 ```
 
-Download the installation script
+Download the installation script, and run it:
+```bash
+curl http://vestacp.com/pub/vst-install.sh | bash
+```
+
+If the above example does not work, try this 2 step method:
+
+Download the installation script:
 ```bash
 curl -O http://vestacp.com/pub/vst-install.sh
 ```
-
-Run it
+Then run it:
 ```bash
 bash vst-install.sh
 ```

From 6cfa7dde10a546ab899df970bbb06e397ce3892f Mon Sep 17 00:00:00 2001
From: Kaiden Prince 
Date: Sat, 29 Aug 2015 21:38:41 -0400
Subject: [PATCH 10/15] fix 1/2

serghey-rodin/vesta/#434
---
 web/index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/index.php b/web/index.php
index 35c889c9..b0d34a3f 100644
--- a/web/index.php
+++ b/web/index.php
@@ -1,7 +1,7 @@
 
Date: Sat, 29 Aug 2015 21:42:26 -0400
Subject: [PATCH 11/15] fix 2/2

serghey-rodin/vesta#434
---
 web/list/index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/list/index.php b/web/list/index.php
index 35c889c9..b0d34a3f 100644
--- a/web/list/index.php
+++ b/web/list/index.php
@@ -1,7 +1,7 @@
 
Date: Sat, 3 Oct 2015 02:45:43 +0300
Subject: [PATCH 12/15] Update v-update-user-quota

---
 bin/v-update-user-quota | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bin/v-update-user-quota b/bin/v-update-user-quota
index 85330e45..013ee386 100755
--- a/bin/v-update-user-quota
+++ b/bin/v-update-user-quota
@@ -33,7 +33,7 @@ is_object_valid 'user' 'USER' "$user"
 # Updating disk quota
 quota=$(get_user_value '$DISK_QUOTA')
 soft=$((quota * 1000))
-hard=$((quota + 50000))
+hard=$((soft + 50000))
 
 # Searching home mount point
 mnt=$(df -P /home |awk '{print $6}' |tail -n1)

From 70a8f75f1b880ccbd31dfdf52f5927f870a8c397 Mon Sep 17 00:00:00 2001
From: Daniel Ting 
Date: Thu, 8 Oct 2015 19:10:59 +1100
Subject: [PATCH 13/15] Update SSL Ciphers

To fix RC4 immediate deprecation by major web browsers. Using old configuration results in "Insecure Certificate" errors.
Strong Ciphers via CloudFlare (https://github.com/cloudflare/sslconfig/blob/master/conf).
Excluded CloudFlare's use of ChaCha cipher due to compatibility patch required.

Info Source:
https://tools.ietf.org/html/rfc7465
https://www.pcicomplianceguide.org/pci-dss-v3-1-and-ssl-what-you-should-do-now/
https://blog.digicert.com/major-browsers-announce-rc4-deprecation/
---
 src/rpm/conf/nginx.conf | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/rpm/conf/nginx.conf b/src/rpm/conf/nginx.conf
index 4fea2436..9d4ffbfd 100644
--- a/src/rpm/conf/nginx.conf
+++ b/src/rpm/conf/nginx.conf
@@ -37,7 +37,8 @@ http {
 
 
     # SSL PCI Compliance
-    ssl_ciphers                 RC4:HIGH:!aNULL:!MD5:!kEDH;
+    ssl_protocols               TLSv1.2 TLSv1.1 TLSv1;
+    ssl_ciphers                 EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
     ssl_session_cache           shared:SSL:10m;
     ssl_prefer_server_ciphers   on;
 

From 3bcad0078db9996164e57d2112fe626962e7b5a5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Serta=C3=A7=20=C3=87EL=C4=B0K?= 
Date: Sat, 10 Oct 2015 00:23:33 +0300
Subject: [PATCH 14/15] Update v-update-user-quota

# Hard quota set to more than 10% of soft quota. This is more meaningful.
---
 bin/v-update-user-quota | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/bin/v-update-user-quota b/bin/v-update-user-quota
index 013ee386..fcb22018 100755
--- a/bin/v-update-user-quota
+++ b/bin/v-update-user-quota
@@ -31,9 +31,10 @@ is_object_valid 'user' 'USER' "$user"
 #----------------------------------------------------------#
 
 # Updating disk quota
+# Hard quota set to more than 10%. This is more meaningful.
 quota=$(get_user_value '$DISK_QUOTA')
-soft=$((quota * 1000))
-hard=$((soft + 50000))
+soft=$((quota * 1024))
+hard=$((soft * 1.10))
 
 # Searching home mount point
 mnt=$(df -P /home |awk '{print $6}' |tail -n1)

From 83f1b3a426d760b20c25be6eaa16052763e6a1fd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Serta=C3=A7=20=C3=87EL=C4=B0K?= 
Date: Sat, 10 Oct 2015 00:39:53 +0300
Subject: [PATCH 15/15] Update v-update-user-quota

---
 bin/v-update-user-quota | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/bin/v-update-user-quota b/bin/v-update-user-quota
index fcb22018..3dffb122 100755
--- a/bin/v-update-user-quota
+++ b/bin/v-update-user-quota
@@ -31,10 +31,10 @@ is_object_valid 'user' 'USER' "$user"
 #----------------------------------------------------------#
 
 # Updating disk quota
-# Hard quota set to more than 10%. This is more meaningful.
+# Had quota equals package value. Soft quota equals 90% of package value for warnings.
 quota=$(get_user_value '$DISK_QUOTA')
-soft=$((quota * 1024))
-hard=$((soft * 1.10))
+soft=$((quota * 1024 * 0.90))
+hard=$((quota * 1024))
 
 # Searching home mount point
 mnt=$(df -P /home |awk '{print $6}' |tail -n1)