- Write temp files to /tmp (accessible by all users)
- Website user can read from /tmp for cat command
- No permission issues with cross-directory operations
- Simplifies file operations (no intermediate copy needed)
- Clean up temp file with os.remove() as root
- Fixes: Files becoming empty due to permission issues
- Shell redirection requires shell=True parameter in executioner
- Without shell=True, the > is treated as literal argument
- Fixes: File contents not being replaced
- Change from cp to 'cat temp > target' for replacing file contents
- cat redirection is more reliable for overwriting existing files
- Ensures file contents are actually replaced
- Fixes: Files not being replaced even though cp returns success
- Write to /home/cyberpanel temp first (no user permission issues)
- Copy from /home/cyberpanel to user directory using executioner
- Use cp instead of mv for final file replacement (more reliable)
- Clean up temp files after successful operations
- Fixes: File corruption due to failed mv command via lscpd
- Write content to /home/cyberpanel/scanner_temp_{scan_id}_{timestamp}.tmp first
- Use Python open() instead of shell here-document to avoid:
- lscpd connection reset for large files (>2KB)
- EOF_MARKER conflicts in file content
- Shell command size limits
- Copy temp file to user directory using executioner with user context
- Clean up CyberPanel temp file after copy
- Fixes: [Errno 104] Connection reset by peer when writing large files
- Add bypass check for 'content' field INSIDE isAPIEndpoint block
- Prevents blocking of legitimate JavaScript/PHP code in replace-file API
- Bypass list includes: content, fileContent, configData, rewriteRules, modSecRules
- Security check still applies to other fields in API requests
- Fixes: Replace-file API being blocked by security middleware
- executioner() returns 1 for success, 0 for failure (inverted)
- Fix mkdir check: if mkdir_result != 1 (was != 0)
- Fix cp check: if cp_result[0] != 1 (was != 0)
- Fix double slash in backup path by stripping trailing slash from wp_path
- Add logging to show mkdir_result value for debugging
- Add external_app field to AuthWrapper class
- Get externalApp from website object during authentication
- For FileAccessToken: Use Websites.externalApp
- For API Key: Use WPSites.owner.externalApp
- Update all 5 file operation endpoints to use file_token.external_app
- scanner_backup_file
- scanner_get_file
- scanner_replace_file
- scanner_rename_file
- scanner_delete_file
- Ensures externalApp matches wp_path since they come from same source
- Fixes backup API failing due to incorrect user context
Separate acme.sh certificate issuance and installation steps to ensure
domain configurations are properly stored. Previously, combining --issue
with --cert-file/--key-file/--fullchain-file in a single command caused
acme.sh to skip storing domain configs, breaking automatic renewals and
requiring manual certificate recreation for domain aliases.
Fixes#1583 - Ubuntu 24 permission issues causing 404 errors
Changes:
- Move main public_html permission setting to END of fixPermissions function
- Ensures public_html maintains user:nogroup ownership (not user:user)
- Prevents child domain processing from interfering with main directory permissions
- Changed all async popenExecutioner calls to sync executioner calls
- Reordered operations: permissions first, then ownership
This fixes the issue where clicking "Fix Permissions" in file manager
would incorrectly change public_html group from nogroup to the user's group,
causing 404 errors on Ubuntu 24.
Fixes#1583
The fixPermissions function in file manager was causing sites to become
inaccessible after running "Fix Permissions" on Ubuntu 24. The root causes:
1. Async execution (popenExecutioner) caused race conditions where commands
executed in unpredictable order
2. The public_html directory group was incorrectly changed from 'nogroup'
to the user's group, breaking web server access
Changes:
- Changed all async popenExecutioner calls to sync executioner calls
- Reordered commands to set permissions before ownership
- Ensured public_html directory maintains correct group ownership (nogroup)
- Added comments to clarify the purpose of each step
This ensures the file manager's "Fix Permissions" feature works correctly
on Ubuntu 24 while maintaining proper security.
- Ensure /home/cyberpanel directory exists with proper permissions before download
- Set directory permissions to 755 to allow application write access
- Refactor SCP/SFTP fallback logic to work regardless of debug mode
- Add better status messages during download process
- MySQL restore may return warnings that don't indicate actual failure
- Database restoration verification is handled by subsequent password operations
- Improves reliability of compressed backup restoration
- Changed from checking exit code to verifying file existence and size
- Resolves issue where successful mysqldump was incorrectly reported as failed
- Ensures backup file is created and not empty before marking as successful
- Added configurable compression for database backups using gzip streaming
- Implemented auto-detection in restore function for compressed and uncompressed formats
- Added performance optimizations including --single-transaction and --extended-insert
- Created configuration file for gradual feature rollout with safe defaults
- Added helper functions for checking system capabilities and configuration
- Included comprehensive test suite to verify backward compatibility
- Maintained 100% backward compatibility with existing backup infrastructure
- Add comprehensive backup account overview with visual stats cards
- Display storage usage (total, used, available, percentage) from platform API
- Show last backup run timestamp and status (success/failed)
- Display total backups count and failed backups count
- Add recent backup error logs table with timestamp, website, and error message
- Fetch all stats from platform.cyberpersons.com/Billing/GetBackupStats endpoint
- Beautiful gradient cards for visual presentation of stats
- Progress bar for storage usage visualization
- Conditional display of error logs (only shown if errors exist)
- Add account info card showing SFTP user and plan name
- Graceful fallback to N/A if platform API is unavailable
- Comprehensive error logging for API failures
- Implement timestamp-based filename verification (Method 1)
- Add file size validation with 1KB minimum requirement (Method 2)
- Filter to only check today's backup directory for accuracy (Method 3)
- Add optional SHA256 checksum verification for integrity (Method 5)
- Use find command with size filter for efficient SSH verification
- Fallback to SFTP with comprehensive file validation
- Enhanced logging for all verification steps and failures
- Remove unused 'Yesterday' variable that was never used
- Prevents false positives from old backup files
- Detects corrupted/incomplete backups via size check
- Fix inverted .find() logic that sent notifications when backups SUCCEEDED
- Add 'status': 'failed' field required by platform API
- Change HTTP to HTTPS for BackupFailedNotify endpoint
- Add comprehensive error handling and logging
- Add 30-second timeout on API requests
- Properly handle actualDomain vs site.domain.domain cases
- Remove duplicate code blocks that handled success and "already deployed" cases
- Consolidate deployment logic into single code path
- Add validation for backup plan state before deployment
- Add specific exception handling for API requests and JSON parsing
- Add timeout to API requests (30 seconds)
- Change API endpoint from HTTP to HTTPS for security
- Improve error messages with actionable guidance
- Add comprehensive logging for all error paths
- Clarify return status: status=1 only on full success, status=0 on any failure
- Add early validation for missing SSH public key
- Handle edge case where account is deployed but destination creation fails
- Add specific exception handlers for common failure scenarios
- Support multiple SSH key formats (RSA, Ed25519, ECDSA, DSS)
- Add SSH key validation before connection attempts
- Add connection timeout and proper cleanup with finally block
- Provide actionable error messages for users
- Handle empty backup folders as success instead of error
- Add comprehensive logging for all error paths
- Improve path parsing with bounds checking
- Install python-dotenv in virtual environment during CyberPanel setup
- Fixes Django's inability to load .env file on AlmaLinux 8
- Resolves "Access denied for user 'cyberpanel'@'localhost'" errors
- Added to all installation paths (normal, DEV, and after_install)
This ensures Django can properly load database credentials from .env file
on AlmaLinux 8 systems where python-dotenv was missing.
- Updated .gitignore to include additional sensitive files and directories.
- Added python-dotenv to requirements for loading environment variables.
- Modified settings.py to load environment variables for sensitive configurations, including SECRET_KEY, DEBUG, and database credentials.
- Implemented secure .env file generation during installation to avoid hardcoding sensitive information.
- Introduced fallback method for settings update if environment generation fails.
- Introduced a new `cosmetic_context` processor to provide custom CSS data to templates.
- Updated `settings.py` to include the new context processor.
- Modified multiple HTML templates to utilize the `cosmetic` variable for dynamic CSS styling.
- Enhanced user interface elements with improved styling and accessibility features, including ARIA labels for form controls.
usmannasir
Master3395