From b13b82112a0b26ec0db5f56f34de75b786ff0da9 Mon Sep 17 00:00:00 2001 From: divinity76 Date: Sat, 9 Jul 2022 11:16:02 +0200 Subject: [PATCH 1/5] avoid out-of-memory serving large logfiles large logfiles previously resulted in out-of-memory errors, see https://github.com/hestiacp/hestiacp/issues/2736 hestacp PR: https://github.com/hestiacp/hestiacp/pull/2741 and no, removing the php end tag was not an accident, it was intentional. end tags, ideally, should only be used when they're absolutely required, because they can easily introduce bugs like printing a newline after the end tag. --- web/download/web-log/index.php | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/web/download/web-log/index.php b/web/download/web-log/index.php index 35ebc335..9078d20c 100644 --- a/web/download/web-log/index.php +++ b/web/download/web-log/index.php @@ -25,11 +25,18 @@ $v_domain = escapeshellarg($_GET['domain']); if ($_GET['type'] == 'access') $type = 'access'; if ($_GET['type'] == 'error') $type = 'error'; -exec (VESTA_CMD."v-list-web-domain-".$type."log $user ".$v_domain." 5000", $output, $return_var); -if ($return_var == 0 ) { - foreach($output as $file) { - echo $file . "\n"; - } + + +$cmd = implode(" ", array( + escapeshellarg(HESTIA_CMD . "v-list-web-domain-" . $type . "log"), + escapeshellarg($user), + escapeshellarg($v_domain), + "5000", +)); +passthru($cmd, $return_var); +if ($return_var != 0) { + $errstr = "Internal server error: command returned non-zero: {$return_var}: {$cmd}"; + echo $errstr; + throw new Exception($errstr); // make sure it ends up in an errorlog somewhere } -?> From b09d244af7ab6dd93f07e63331b483c5f8d10dd7 Mon Sep 17 00:00:00 2001 From: divinity76 Date: Sat, 9 Jul 2022 11:18:30 +0200 Subject: [PATCH 2/5] code-breaking-typo from copypasta --- web/download/web-log/index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/download/web-log/index.php b/web/download/web-log/index.php index 9078d20c..e9c63a8d 100644 --- a/web/download/web-log/index.php +++ b/web/download/web-log/index.php @@ -28,7 +28,7 @@ if ($_GET['type'] == 'error') $type = 'error'; $cmd = implode(" ", array( - escapeshellarg(HESTIA_CMD . "v-list-web-domain-" . $type . "log"), + escapeshellarg(VESTA_CMD . "v-list-web-domain-" . $type . "log"), escapeshellarg($user), escapeshellarg($v_domain), "5000", From 1a081dfdbe72eac0aeaf3a27a52f1ff3df8e4555 Mon Sep 17 00:00:00 2001 From: divinity76 Date: Tue, 12 Jul 2022 19:14:55 +0200 Subject: [PATCH 3/5] workaround for passthru() being disabled --- web/download/web-log/index.php | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/web/download/web-log/index.php b/web/download/web-log/index.php index e9c63a8d..4bef3528 100644 --- a/web/download/web-log/index.php +++ b/web/download/web-log/index.php @@ -26,14 +26,24 @@ if ($_GET['type'] == 'access') $type = 'access'; if ($_GET['type'] == 'error') $type = 'error'; - $cmd = implode(" ", array( escapeshellarg(VESTA_CMD . "v-list-web-domain-" . $type . "log"), escapeshellarg($user), escapeshellarg($v_domain), "5000", )); -passthru($cmd, $return_var); + +if(is_callable("passthru")){ + passthru($cmd, $return_var); +} else{ + // passthru is disabled, workaround it by writing the output to a file then reading the file. + // this is slower than passthru, but avoids running out of RAM... + $passthru_is_disabled_workaround_handle = tmpfile(); + $passthru_is_disabled_workaround_file = stream_get_meta_data($passthru_is_disabled_workaround_handle)['uri']; + exec ($cmd . " > " . escapeshellarg($passthru_is_disabled_workaround_file), $output, $return_var); + readfile($passthru_is_disabled_workaround_file); + fclose($passthru_is_disabled_workaround_handle); // fclose(tmpfile()) automatically deletes the file, unlink is not required :) +} if ($return_var != 0) { $errstr = "Internal server error: command returned non-zero: {$return_var}: {$cmd}"; echo $errstr; From 5aebfde6cf471fc69d46f2287c6a285d16f96013 Mon Sep 17 00:00:00 2001 From: divinity76 Date: Tue, 12 Jul 2022 19:17:01 +0200 Subject: [PATCH 4/5] avoid double-quoting v_domain --- web/download/web-log/index.php | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/web/download/web-log/index.php b/web/download/web-log/index.php index 4bef3528..5e882c89 100644 --- a/web/download/web-log/index.php +++ b/web/download/web-log/index.php @@ -10,8 +10,6 @@ if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) { exit(); } -$v_domain = $_GET['domain']; -$v_domain = escapeshellarg($_GET['domain']); if ($_GET['type'] == 'access') $type = 'access'; if ($_GET['type'] == 'error') $type = 'error'; @@ -21,7 +19,7 @@ header("Content-Disposition: attachment; filename=".$_GET['domain'].".".$type."- header("Content-Type: application/octet-stream; "); header("Content-Transfer-Encoding: binary"); -$v_domain = escapeshellarg($_GET['domain']); +$v_domain = $_GET['domain']; if ($_GET['type'] == 'access') $type = 'access'; if ($_GET['type'] == 'error') $type = 'error'; From 15c5bdac5134f398288f6c81f30aa9b3f51744a5 Mon Sep 17 00:00:00 2001 From: divinity76 Date: Tue, 12 Jul 2022 20:07:55 +0200 Subject: [PATCH 5/5] turns out VESTA_CMD is 2 commands --- web/download/web-log/index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/download/web-log/index.php b/web/download/web-log/index.php index 5e882c89..b9859c6f 100644 --- a/web/download/web-log/index.php +++ b/web/download/web-log/index.php @@ -25,7 +25,7 @@ if ($_GET['type'] == 'error') $type = 'error'; $cmd = implode(" ", array( - escapeshellarg(VESTA_CMD . "v-list-web-domain-" . $type . "log"), + VESTA_CMD . "v-list-web-domain-" . $type . "log", escapeshellarg($user), escapeshellarg($v_domain), "5000",