Fix readme file path

Freeze and thaw zone when re-signing.

CHANGELOG.md

@@ -1,5 +1,8 @@
 ## Changelog
 
+#### Version 1.920 (July 04, 2019)
+This update includes the latest theme version, translation updates, the ability to disable hosts file entries, easier monitoring of bootup actions, and a bunch of bugfixes.
+
 #### Version 1.910 (May 09, 2019)
 This release includes theme and translation updates, a page for editing package repositories, cron and status module improvements, and a bunch of other bugfixes and small improvements.
 

README.md

@@ -29,7 +29,7 @@ Webmin can be installed in two different ways:
  1. By downloading a pre-built package, available for different distributions (CentOS, Fedora, SuSE, Mandriva, Debian, Ubuntu, Solaris and [other](http://www.webmin.com/support.html)) from our [download page](http://webmin.com/download.html);
   <kbd>Note: It is highly recommended to [add repository](https://doxfer.webmin.com/Webmin/Installation) to your system for having automatic updates.</kbd>
 
- 2. By downloading, extracting [source file](https://prdownloads.sourceforge.net/webadmin/webmin-1.920.tar.gz), and running [_setup.sh_](http://www.webmin.com/tgz.html) script, with no arguments, which will setup to run it directly from this directory, or with a command-line argument, such as targeted directory.
+ 2. By downloading, extracting [source file](https://prdownloads.sourceforge.net/webadmin/webmin-1.930.tar.gz), and running [_setup.sh_](http://www.webmin.com/tgz.html) script, with no arguments, which will setup to run it directly from this directory, or with a command-line argument, such as targeted directory.
   <kbd>Note: If you are installing Webmin [on Windows](http://www.webmin.com/windows.html) system, you must run the command `perl setup.pl` instead. The Windows version depends on several programs, and modules that may not be part of the standard distribution. You will need _process.exe_ commmand, _sc.exe_ command, and _Win32::Daemon_ Perl module.</kbd>
 
 ## Documentation

apache/virt_index.cgi

@@ -18,7 +18,7 @@ if ($in{'virt'} && $access{'types'} eq '*') {
 		     "name" => $text{'virt_edit'},
 		     "link" => "manual_form.cgi?virt=$in{'virt'}" };
 	}
-if ($v->{'value'} =~ /:80/ && $v->{'value'} !~ /:443/) {
+if ($v->{'value'} =~ /:80$/ || $v->{'value'} !~ /:/) {
 	# Hide SSL icon for non-SSL sites
 	$access_types{14} = 0;
 	}

bind8/edit_zonekey.cgi

@@ -38,7 +38,8 @@ if (@keyrecs) {
 		my ($keyrec) = grep { $_->{'values'}->[0] ==
 				 ($key->{'ksk'} ? 257 : 256) } @keyrecs;
 		my $keyline = join(" ", $keyrec->{'name'}, $keyrec->{'class'},
-				     $keyrec->{'type'}, @{$keyrec->{'values'}});
+				     $keyrec->{'type'},
+				     join("", @{$keyrec->{'values'}}));
 		print &ui_hidden_start($text{'zonekey_expand'.$kt},
 				       $kt, 0, "edit_zonekey.cgi?$in");
 		print $text{'zonekey_public'},"<br>\n";

bind8/records-lib.pl

@@ -863,7 +863,7 @@ else {
 	# All one one line
 	my @rv;
 	foreach my $v (@{$r->{'values'}}) {
-		push(@rv, $v =~ /\s/ ? "\"$v\"" : $v);
+		push(@rv, $v =~ /\s|;/ ? "\"$v\"" : $v);
 		}
 	return join(" ", @rv);
 	}

bind8/resign.pl

@@ -67,7 +67,9 @@ foreach my $z (@zones) {
 	print STDERR "  Age in days $old\n" if ($debug);
 	if ($old > $period) {
 		# Too old .. signing
+		before_editing($z);
 		my $err = &resign_dnssec_key($z);
+		after_editing($z);
 		if ($err) {
 			print STDERR "  Re-signing of $z->{'name'} failed : $err\n";
 			$errcount++;

bind8/save_record.cgi

@@ -431,7 +431,7 @@ else {
 		# For other record types, just save the lines
 		$in{'values'} =~ s/\r//g;
 		my @vlines = split(/\n/, $in{'values'});
-		$vals = join(" ",map { $_ =~ /^\S+$/ ? $_ : "\"$_\"" } @vlines);
+		$vals = join(" ",map { $_ =~ /\s|;/ ? "\"$_\"" : $_ } @vlines);
 		}
 	$fullname = &convert_to_absolute($in{'name'}, $in{'origin'});
 	if ($config{'short_names'}) {

cluster-useradmin/edit_group.cgi

@@ -111,10 +111,10 @@ if (@icons < @hosts) {
 	      "value=\"$text{'uedit_sync'}\"></td>\n";
 	}
 
-print "</form><form action=\"delete_group.cgi\">\n";
+print "</tr></table></form><p><form action=\"delete_group.cgi\">\n";
 print "<input type=hidden name=group value=\"$ginfo{'group'}\">\n";
-print "<td align=right><input type=submit value=\"$text{'delete'}\"></td> </tr>\n";
-print "</form></table><p>\n";
+print "<input type=submit value=\"$text{'delete'}\">\n";
+print "</form><p>\n";
 
 print &ui_hr();
 print &ui_subheading($text{'uedit_hosts'});

cluster-useradmin/edit_user.cgi

@@ -429,11 +429,11 @@ if (@icons < @hosts) {
 	      "value=\"$text{'uedit_sync'}\"></td>\n";
 	}
 
-print "</form><form action=\"delete_user.cgi\">\n";
+print "</tr></table></form><p><form action=\"delete_user.cgi\">\n";
 print "<input type=hidden name=user value=\"$uinfo{'user'}\">\n";
-print "<td align=right><input type=submit ",
-      "value=\"$text{'delete'}\"></td> </tr>\n";
-print "</form></table><p>\n";
+print "<input type=submit ",
+      "value=\"$text{'delete'}\">\n";
+print "</form><p>\n";
 
 print &ui_hr();
 print &ui_subheading($text{'uedit_hosts'});

cluster-useradmin/index.cgi

@@ -68,7 +68,7 @@ else {
 	print "<b>$text{'index_nohosts'}</b><p>\n";
 	}
 $formno++;
-print "<form action=add.cgi>\n";
+print "<br><br><form action=add.cgi>\n";
 print "<table width=100%><tr>\n";
 @addservers = grep { !$gothost{$_->{'id'}} } @servers;
 if (@addservers) {

cron/lang/hu

@@ -40,6 +40,7 @@ edit_hours=
 edit_input=Adatbevitel a parancshoz
 edit_mins=Percek
 edit_months=Hónapok
+edit_next=Következő futtatás ideje
 edit_range=Dátum határok a futtatáshoz
 edit_return=cron munka
 edit_run=Futtatás most
@@ -85,15 +86,21 @@ index_create=
 index_delete=Kiválasztott munka törlése
 index_disable=Kiválasztott munka letiltása
 index_ecmd=A $1 Cron parancsot amit a felhasználónak állítani szeretne nem találom. Talán a Cron nincs telepítve a rendszerbe?
+index_econfigcheck=A Cron munkákat nem tudjuk kezelni az ön rendszerén, mivel a modul beállítások nem megfelelőek: $1
 index_ecreate=Új környezeti változó létrehozása
+index_ecrondir=A Cron munka könyvtár ( $1 ) nem létezik. Előfordulhat, hogy a modul beállításai nem pontosak vagy a Cron nincs telepítve?
+index_ecrondir_create=Megpróbálja létrehozni $1 könyvtárat a munkáknak?
 index_enable=Kiválasztott munka engedélyezése
 index_env=Környezeti változó
 index_esearch=Nem található a keresett $1
 index_esingle=Ez a fájl $1 a Cron munkák listájában nem létezik. Talán a Cron nincs telepítve a rendszerbe?
+index_manual=Beállítások kézi szerkesztése.
 index_move=Mozgatás
+index_next=Következő futtatás
 index_none=Ezen a rendszeren nincsenek cron munkák
 index_none2=Jelenleg nincs olyan crom munka, amihez Önnek joga lenne.
 index_none3=Önnek nincs semmilyen cron munkája jelenleg.
+index_nunknown=Ismeretlen
 index_ok=Keresés
 index_reset=Keresés visszaállítása.
 index_return=a cron listához
@@ -101,6 +108,7 @@ index_run=Fut?
 index_search=Időzített feladat (Cron munka) keresése:
 index_searchres=Egyező Cron munkák: $1 ..
 index_title=Időzitett futtatások (Cron munkák)
+index_toomany2=Túl sok megjelenítendő munka. Használja a keresési mezőt a lista szűrésére!
 index_user=Felhasználó
 index_when=Futtatás megadott időben
 kill_ecannot=Önnek nincs joga megszakítani ezt a munkát
@@ -134,6 +142,12 @@ log_kill_l="$2" Cron munka megszak
 log_modify=Cron munka módosítása $1 -nek
 log_modify_l="$2" Cron munka módosítása $1-nek
 log_move=Cron munka mozgatása $1 -nak
+manual_ecannot=Nincs engedélye kézzel szerkeszteni a Cron munkákat
+manual_edit=Szerkesztendő Cron állomány:
+manual_editing=Használja az alábbi szövegdobozt a $1 Cron munkáinak szerkesztésére. Legyen óvatos, a Webmin nem végez rajta ellenőrzést!
+manual_efile=A kiválasztott állomány érvénytelen!
+manual_ok=Szerkesztés
+manual_title=Cron munkák kézi szerkesztése
 move_err=Nem lehet mozgatni a Cron munkát
 move_etype=Ezt a munkát nem lehet mozgatni
 range_all=Fussán bármilyen dátumnál
@@ -145,19 +159,24 @@ save_eallow=A(z) '$1' felhaszn
 save_ecannot=Önnek nincs jogosultsága létrehozni '$1' cron munkáit.
 save_ecannot2=Önnek nincs joga cron munkákat létrehozni
 save_ecmd=Ön nem adott meg futtatandó parancsot.
+save_eidx=A Cron állomány sikeresen mentésre került, azonban nem került futtatásra mivel nem találta meg a rendszer!
 save_enone=Semmilyen $1 nem lett kiválasztva végrehajtáshoz.
 save_err=A cron munka elmentése nem sikerült.
 save_euser=Egy felhasználót muszáj kiválasztani.
 save_euser2=A $1 felhasználó nem létezik
+ucwhen_boot=Rendszerindításkor
 ucwhen_cron=A cron időben $1
 ucwhen_day=Minden nap $2:$1 időben
 ucwhen_hour=Minden órában $1 óra után
+ucwhen_interval=Minden $1 másodpercben
 ucwhen_min=Minden percben
 ucwhen_month=A $napokon minden hónapban $2:$1
 ucwhen_weekday=Minden $3 -ban $2:$1 időben
+when_boot=rendszerindításkor
 when_cron=a cron időben $1
 when_day=minden nap $2:$1 időben
 when_hour=minden órában $1 után óránként
+when_interval=minden $1 másodpercben
 when_min=minden percben
 when_month=a $3 napon minden hónapban $2:$1
 when_weekday=minden $3 a $2:$1

filemin/filemin-lib.pl

@@ -76,6 +76,9 @@ sub get_paths {
     }
     @allowed_paths = map { &simplify_path($_) } &unique(@allowed_paths);
     $path = $in{'path'} || '';
+    $html_escaped_path = html_escape($path);
+    $urlized_path = urlize($path);
+    
     $cwd = &simplify_path($base.$path);
 
     # Work out max upload size
@@ -378,7 +381,7 @@ sub print_interface {
         print &ui_checked_columns_row(\@row_data, "", "name", $vlink);
     }
     print ui_columns_end();
-    print &ui_hidden("path", $path),"\n";
+    print &ui_hidden("path", $urlized_path),"\n";
     print &ui_form_end();
 }
 

filemin/unauthenticated/templates/dialogs.html

@@ -27,7 +27,7 @@
                     <div class="form-group">
                         <label>$text{'new_folder_name'}</label>
                         <input id="name" name="name" type="text" class="form-control" data-placement="right" data-content="$text{'provide_folder_name'}" data-trigger="manual">
-                        <input type='hidden' name='path' value='$path'>
+                        <input type='hidden' name='path' value='$urlized_path'>
                     </div>
                 </form>
             </div>
@@ -51,7 +51,7 @@
                     <div class="form-group">
                         <label>$text{'new_file_name'}</label>
                         <input name="name" type="text" class="form-control" data-placement="right" data-content="$text{'provide_file_name'}" data-trigger="manual">
-                        <input type='hidden' name='path' value='$path'>
+                        <input type='hidden' name='path' value='$urlized_path'>
                     </div>
                 </form>
             </div>
@@ -76,7 +76,7 @@
                         <label>$text{'new_name'}</label>
                         <input name="name" type="text" class="form-control" data-placement="right" data-content="$text{'provide_new_file_name'}" data-trigger="manual">
                         <input type='hidden' name='file' value='' required>
-                        <input type='hidden' name='path' value='$path'>
+                        <input type='hidden' name='path' value='$urlized_path'>
                     </div>
                 </form>
             </div>
@@ -310,7 +310,7 @@
             <label>$text{'dialog_user_pass'}</label>
             <input name="password" type="password" class="form-control">
           </div>
-          <input type='hidden' name='path' value='$path'>
+          <input type='hidden' name='path' value='$urlized_path'>
         </form>
       </div>
       <div class="modal-footer">
@@ -329,9 +329,9 @@
         <h4 class="warning">$text{'upload_files'}</h4>
       </div>
       <div class="modal-body">
-        <form id='upload-form' method='post' action='upload.cgi?path=$path&id=$upid' enctype='multipart/form-data' onsubmit='window.open("$gconfig{'webprefix'}/uptracker.cgi?id=$upid&uid=$uid", "uptracker", "toolbar=no, menubar=no, scrollbars=no, location=no, resizable=no, width=screen.width, height=screen.height")'>
+        <form id='upload-form' method='post' action='upload.cgi?path=$urlized_path&id=$upid' enctype='multipart/form-data' onsubmit='window.open("$gconfig{'webprefix'}/uptracker.cgi?id=$upid&uid=$uid", "uptracker", "toolbar=no, menubar=no, scrollbars=no, location=no, resizable=no, width=screen.width, height=screen.height")'>
             <input type='file' id='upfiles' name='upfiles' multiple onchange='countUploads(this)'>
-            <input type='hidden' name='path' value='$path'>
+            <input type='hidden' name='path' value='$urlized_path'>
         </form>
           <div id="readyForUploadList" class="well">
           </div>
@@ -357,7 +357,7 @@
                         <label>$text{'search_label'}</label>
                         <input id="query" name="query" type="text" class="form-control" data-placement="right" data-content="$text{'provide_search_query'}" data-trigger="manual"><br>
                         <input id="caseins" name="caseins" type="checkbox" checked="checked"> $text{'search_insensitive'}
-                        <input type='hidden' name='path' value='$path'>
+                        <input type='hidden' name='path' value='$urlized_path'>
                     </div>
                 </form>
             </div>

filemin/unauthenticated/templates/legacy_dialogs.html

@@ -7,7 +7,7 @@
       <div class="form-group">
           <label>$text{'new_folder_name'}</label>
           <input id="name" name="name" type="text" title="$text{'provide_folder_name'}">
-          <input type='hidden' name='path' value='$path'>
+          <input type='hidden' name='path' value='$urlized_path'>
       </div>
   </form>
 </div>
@@ -17,7 +17,7 @@
       <div class="form-group">
           <label>$text{'new_file_name'}</label>
           <input name="name" type="text">
-          <input type='hidden' name='path' value='$path'>
+          <input type='hidden' name='path' value='$urlized_path'>
       </div>
   </form>
 </div>
@@ -28,7 +28,7 @@
           <label>$text{'new_name'}</label>
           <input name="name" type="text">
           <input type='hidden' name='file' value='' required>
-          <input type='hidden' name='path' value='$path'>
+          <input type='hidden' name='path' value='$urlized_path'>
       </div>
   </form>
 </div>
@@ -97,15 +97,15 @@
       <input name="username" type="text"><br>
       <label>$text{'dialog_user_pass'}</label>
       <input name="password" type="password">
-      <input type='hidden' name='path' value='$path'>
+      <input type='hidden' name='path' value='$urlized_path'>
     </div>
   </form>
 </div>
 
 <div id="readyForUploadDialog" class="modal">
-    <form id='upload-form' method='post' action='upload.cgi?path=$path&id=$upid' enctype='multipart/form-data' onsubmit='window.open("$gconfig{'webprefix'}/uptracker.cgi?id=$upid&uid=$uid", "uptracker", "toolbar=no, menubar=no, scrollbars=no, location=no, resizable=no, width=screen.width, height=screen.height")'>
+    <form id='upload-form' method='post' action='upload.cgi?path=$urlized_path&id=$upid' enctype='multipart/form-data' onsubmit='window.open("$gconfig{'webprefix'}/uptracker.cgi?id=$upid&uid=$uid", "uptracker", "toolbar=no, menubar=no, scrollbars=no, location=no, resizable=no, width=screen.width, height=screen.height")'>
         <input type='file' id='upfiles' name='upfiles' multiple onchange='countUploads(this)'>
-        <input type='hidden' name='path' value='$path'>
+        <input type='hidden' name='path' value='$urlized_path'>
     </form>
     <div id="readyForUploadList" class="well">
     </div>
@@ -179,7 +179,7 @@
           <label>$text{'search_label'}</label>
           <input id="query" name="query" type="text" title="$text{'provide_search_query'}"><br>
           <input id="caseins" name="caseins" type="checkbox" checked="checked"> $text{'search_insensitive'}
-          <input type='hidden' name='path' value='$path'>
+          <input type='hidden' name='path' value='$urlized_path'>
       </div>
   </form>
 </div>

filemin/unauthenticated/templates/legacy_quicks.html

@@ -1,6 +1,6 @@
 <div id="quicks" style="float:right">
 <a href="javascript:void(0)" onclick='searchDialog()' title="$text{'search'}"><img src='images/icons/quick/edit-find.png' alt="$text{'search'}" /></a>
-<a href="bookmark.cgi?path=$path" title="$text{'bookmark_folder'}"><img src='images/icons/quick/bookmark-new.png' alt="$text{'bookmark_folder'}" /></a>
+<a href="bookmark.cgi?path=$urlized_path" title="$text{'bookmark_folder'}"><img src='images/icons/quick/bookmark-new.png' alt="$text{'bookmark_folder'}" /></a>
 <a tabindex="0" class="fg-button fg-button-icon-right ui-widget ui-state-default ui-corner-all" id="flat">
   <img src="images/icons/quick/go-down.png" alt="$text{'config_bookmarks'}">
 </a>
@@ -13,7 +13,7 @@
 <a href="javascript:void(0)" onclick='invertSelection()' title="$text{'invert_selection'}"><img src='images/icons/quick/invert.png' alt="$text{'invert_selection'}" /></a>
 <a href="javascript:void(0)" onclick='copySelected()' title="$text{'copy_selected'}"><img src='images/icons/quick/edit-copy.png' alt="$text{'copy_selected'}" /></a>
 <a href="javascript:void(0)" onclick='cutSelected()' title="$text{'cut_selected'}"><img src='images/icons/quick/edit-cut.png' alt="$text{'cut_selected'}" /></a>
-<a href='paste.cgi?path=$path' title="$text{'paste'}"><img src='images/icons/quick/edit-paste.png' alt="$text{'paste'}" /></a>
+<a href='paste.cgi?path=$urlized_path' title="$text{'paste'}"><img src='images/icons/quick/edit-paste.png' alt="$text{'paste'}" /></a>
 <a href="javascript:void(0)" onclick='createFolderDialog()' title="$text{'create_folder'}"><img src='images/icons/quick/folder-new.png' alt="$text{'create_folder'}" /></a>
 <a href="javascript:void(0)" onclick='createFileDialog()' title="$text{'create_file'}"><img src='images/icons/quick/document-new.png' alt="$text{'create_file'}" /></a>
 <a href="javascript:void(0)" onclick='compressDialog()' title="$text{'compress_selected'}"><img src='images/icons/quick/compress.png' alt="$text{'compress_selected'}" /></a>

filemin/unauthenticated/templates/menu.html

@@ -5,7 +5,7 @@
   <button class="btn btn-inverse" onclick='invertSelection()' title="$text{'invert_selection'}" data-toggle="tooltip" data-placement="bottom" data-container="body">
       <i class="fa fa-check-square" aria-hidden="true"></i>
   </button>
-  <button class="btn btn-inverse" onclick='window.location.href="index.cgi?path=$path"' title="$text{'refresh'}" data-toggle="tooltip" data-placement="bottom" data-container="body">
+  <button class="btn btn-inverse" onclick='window.location.href="index.cgi?path=$urlized_path"' title="$text{'refresh'}" data-toggle="tooltip" data-placement="bottom" data-container="body">
   	<i class="fa fa-refresh" aria-hidden="true"></i>
   </button>
   <div class="btn-group">
@@ -50,7 +50,7 @@
         </a>
       </li>
       <li>
-        <a onclick="location.href='paste.cgi?path=$path'">
+        <a onclick="location.href='paste.cgi?path=$urlized_path'">
             <i class="fa fa-paste" aria-hidden="true"></i> $text{'paste'}
         </a>
       </li>
@@ -97,7 +97,7 @@
     $text{'menu_bookmarks'} <span class="caret"></span></button>
     <ul class="dropdown-menu pull-right" aria-labelledby="dropdownMenu1">
       <li>
-        <a href="bookmark.cgi?path=$path">
+        <a href="bookmark.cgi?path=$urlized_path">
         	<i class="fa fa-bookmark-o" aria-hidden="true"></i> $text{'bookmark_folder'}
         </a>
         $bookmarks

filemin/unauthenticated/templates/quicks.html

@@ -2,7 +2,7 @@
 <button class="btn btn-inverse" onclick='searchDialog()' title="$text{'search'}" data-toggle="tooltip" data-placement="bottom" data-container="body">
 	<i class="fa fa-search" aria-hidden="true"></i>
 </button>
-<button class="btn btn-inverse" onclick="location.href='bookmark.cgi?path=$path'" title="$text{'bookmark_folder'}" data-toggle="tooltip" data-placement="bottom" data-container="body">
+<button class="btn btn-inverse" onclick="location.href='bookmark.cgi?path=$urlized_path'" title="$text{'bookmark_folder'}" data-toggle="tooltip" data-placement="bottom" data-container="body">
 	<i class="fa fa-bookmark-o" aria-hidden="true"></i>
 </button>
 <div class="btn-group">
@@ -13,7 +13,7 @@
     $bookmarks
   </ul>
 </div>
-<button class="btn btn-inverse" onclick='window.location.href="index.cgi?path=$path"' title="$text{'refresh'}" data-toggle="tooltip" data-placement="bottom" data-container="body">
+<button class="btn btn-inverse" onclick='window.location.href="index.cgi?path=$urlized_path"' title="$text{'refresh'}" data-toggle="tooltip" data-placement="bottom" data-container="body">
 	<i class="fa fa-refresh" aria-hidden="true"></i>
 </button>
 <button class="btn btn-inverse" onclick='selectAll()' title="$text{'select_all'}" data-toggle="tooltip" data-placement="bottom" data-container="body">
@@ -28,7 +28,7 @@
 <button class="btn btn-inverse" onclick='cutSelected()' title="$text{'cut_selected'}" data-toggle="tooltip" data-placement="bottom" data-container="body">
     <i class="fa fa-cut" aria-hidden="true"></i>
 </button>
-<button class="btn btn-inverse" onclick="location.href='paste.cgi?path=$path'" title="$text{'paste'}" data-toggle="tooltip" data-placement="bottom" data-container="body">
+<button class="btn btn-inverse" onclick="location.href='paste.cgi?path=$urlized_path'" title="$text{'paste'}" data-toggle="tooltip" data-placement="bottom" data-container="body">
     <i class="fa fa-paste" aria-hidden="true"></i>
 </button>
 <button class="btn btn-inverse" onclick='createFolderDialog()' title="$text{'create_folder'}" data-toggle="tooltip" data-placement="bottom" data-container="body">

makedebian.pl

@@ -92,7 +92,7 @@ if ($< == 0) {
 $size = int(`du -sk $tmp_dir`);
 
 # Create the control file
-@deps = ( "perl", "libnet-ssleay-perl", "openssl", "libauthen-pam-perl", "libpam-runtime", "libio-pty-perl", "apt-show-versions" );
+@deps = ( "perl", "libnet-ssleay-perl", "openssl", "libauthen-pam-perl", "libpam-runtime", "libio-pty-perl", "apt-show-versions", "unzip", "shared-mime-info" );
 if ($baseproduct eq "webmin") {
 	push(@deps, "python");
 	}

makedist.pl

@@ -15,9 +15,9 @@ $zipdir = "zips";
 @files = ("config.cgi", "config-*-linux",
 	  "config-solaris", "images", "index.cgi", "mime.types",
 	  "miniserv.pl", "os_list.txt", "perlpath.pl", "setup.sh", "setup.pl", "setup.bat",
-	  "version", "web-lib.pl", "web-lib-funcs.pl", "README",
+	  "version", "web-lib.pl", "web-lib-funcs.pl",
 	  "config_save.cgi", "chooser.cgi", "miniserv.pem",
-	  "config-aix", "update-from-repo.sh",
+	  "config-aix", "update-from-repo.sh", "README.md",
 	  "newmods.pl", "copyconfig.pl", "config-hpux", "config-freebsd",
 	  "changepass.pl", "help.cgi", "user_chooser.cgi",
 	  "group_chooser.cgi", "config-irix", "config-osf1", "thirdparty.pl",

makerpm.pl

@@ -74,7 +74,7 @@ Version: $ver
 Release: $rel
 Provides: %{name}-%{version} perl(WebminCore)
 PreReq: /bin/sh /usr/bin/perl /bin/rm
-Requires: /bin/sh /usr/bin/perl /bin/rm perl(Net::SSLeay) perl(Time::Local) perl(Encode::Detect) perl(Data::Dumper) openssl
+Requires: /bin/sh /usr/bin/perl /bin/rm perl(Net::SSLeay) perl(Time::Local) perl(Encode::Detect) perl(Data::Dumper) openssl unzip
 AutoReq: 0
 License: Freeware
 Group: System/Tools

miniserv.pl

@@ -1451,6 +1451,11 @@ while(1) {
 # for logging unless trust_real_ip is set
 local $headerhost = $header{'x-forwarded-for'} ||
 		    $header{'x-real-ip'};
+if ($headerhost) {
+	# Only real IPs are allowed
+	$headerhost = undef if (!&check_ipaddress($headerhost) &&
+				!&check_ip6address($headerhost));
+	}
 if ($config{'trust_real_ip'}) {
 	$acpthost = $headerhost || $acpthost;
 	if (&check_ipaddress($headerhost) || &check_ip6address($headerhost)) {

mysql/mysql-lib.pl

@@ -1118,6 +1118,7 @@ foreach (@$lref) {
 	elsif (/^\s*\!includedir\s+(\S+)/) {
 		# Including sections from files in a directory
 		my $dir = $1;
+		$dir =~ s/\/$//;
 		opendir(DIR, $dir);
 		my @files = map { $dir."/".$_ } readdir(DIR);
 		closedir(DIR);

mysql/save_vars.cgi

@@ -12,7 +12,7 @@ if ($in{'save'} || !@d) {
 	foreach $v (keys %in) {
 		if ($v =~ /^value_(\S+)$/) {
 			&execute_sql_logged($master_db,
-					    "set global $1 = $in{$v}");
+					    "set global $1 = '$in{$v}'");
 			$first ||= $1;
 			$count++;
 			}

net/linux-lib.pl

@@ -26,13 +26,13 @@ if (&has_command("ip")) {
 		$l =~ /^\d+:\s+([^ \t\r\n\@]+):/ || next;
 		$ifc{'name'} = $1;
 		$ifc{'fullname'} = $1;
-		if ($l =~ /\sinet\s+([0-9\.]+)\s+peer\s+([0-9\.]+)\/(\d+)(\s+brd\s+([0-9\.]+))?\s+scope\s+global(\s+dynamic)?\s+(\S+)/ && $7 eq $ifc{'name'}) {
+		if ($l =~ /\sinet\s+([0-9\.]+)\s+peer\s+([0-9\.]+)\/(\d+)(\s+brd\s+([0-9\.]+))?\s+scope\s+global(\s+noprefixroute)?(\s+dynamic)?\s+(\S+)/ && $8 eq $ifc{'name'}) {
 			# Line like :
 			# inet 193.9.101.120 peer 193.9.101.104/32 brd 193.9.101.120 scope global eth0
 			$ifc{'address'} = $1;
 			$ifc{'netmask'} = &prefix_to_mask("$3");
 			}
-		elsif ($l =~ /\sinet\s+([0-9\.]+)\/(\d+)(\s+brd\s+(\S+))?\s+scope\s+global(\s+dynamic)?\s+(\S+)/ && $6 eq $ifc{'name'}) {
+		elsif ($l =~ /\sinet\s+([0-9\.]+)\/(\d+)(\s+brd\s+(\S+))?\s+scope\s+global(\s+noprefixroute)?(\s+dynamic)?\s+(\S+)/ && $7 eq $ifc{'name'}) {
 			# Line like :
 			# inet 193.9.101.120/24 brd 193.9.101.255 scope global br0
 			$ifc{'address'} = $1;

package-updates/package-updates-lib.pl

@@ -682,11 +682,47 @@ sub check_reboot_required
 if ($gconfig{'os_type'} eq 'debian-linux') {
         return -e "/var/run/reboot-required" ? 1 : 0;
         }
-elsif ($gconfig{'os_type'} eq 'redhat-linux' &&
-       &has_command("needs-restarting")) {
-	my $ex = &execute_command(
-		"needs-restarting -r", undef, undef, undef, 0, 1);
-	return $ex ? 1 : 0;
+elsif ($gconfig{'os_type'} eq 'redhat-linux') {
+	my $needs_restarting = has_command("needs-restarting");
+	my $needs_restarting_correct = 0;
+	if ($needs_restarting) {
+		($needs_restarting_correct) = `needs-restarting -h` =~ /reboothint/;
+		}
+	if ($needs_restarting && $needs_restarting_correct) {
+		my $ex = &execute_command(
+			"needs-restarting -r", undef, undef, undef, 0, 1);
+		return $ex ? 1 : 0;
+		}
+	else {
+		my ($new_kernel_install_time, $last_reboot_time, $new_kernel, $cur_kernel);
+		
+		&execute_command('rpm -q kernel --qf "%{INSTALLTIME}\n"', undef, \$new_kernel_install_time);
+		$new_kernel_install_time =~ /(.*$)/;
+		$new_kernel_install_time = $1;
+
+		&execute_command("sed -n '/^btime /s///p' /proc/stat", undef, \$last_reboot_time);
+
+		&execute_command("rpm -q --last kernel", undef, \$new_kernel);
+		$new_kernel =~ /(kernel-\S+)/;
+		$new_kernel = $1;
+		$new_kernel =~ s/^\s+|\s+$//g;
+
+		&execute_command("uname -r", undef, \$cur_kernel);
+		$cur_kernel =~ /^(\S+)$/;
+		# make sure to prevent false positive alerts on custom kernels 
+		&execute_command("rpm -q kernel-$cur_kernel", undef, \$cur_kernel);
+		$cur_kernel =~ s/^\s+|\s+$//g;
+		$cur_kernel = undef if ($cur_kernel =~ /not installed/);
+
+		if ($new_kernel_install_time && $last_reboot_time && 
+			$new_kernel_install_time > $last_reboot_time &&
+			$cur_kernel && $new_kernel && $cur_kernel ne $new_kernel) {
+			return 1;
+			}
+		else {
+			return 0;
+			}
+		}
 	}
 return 0;
 }

password_change.cgi

@@ -2,7 +2,7 @@
 # password_change.cgi
 # Actually update a user's password by directly modifying /etc/shadow
 
-BEGIN { push(@INC, ".."); };
+BEGIN { push(@INC, "."); };
 use WebminCore;
 
 $ENV{'MINISERV_INTERNAL'} || die "Can only be called by miniserv.pl";

proc/index_tree.cgi

@@ -16,7 +16,7 @@ foreach $pr (@procs) {
 	$procmap{$p} = $pr;
 	$argmap{$p} = $pr->{'args'};
 	$usermap{$p} = $pr->{'user'};
-	$stimemap{$p} = $pr->{'_stime'};
+	$stimemap{$p} = &format_stime($pr);
 	push(@{$children{$pp}}, $p);
 	$inlist{$pr->{'pid'}}++;
 	}

proc/index_user.cgi

@@ -30,7 +30,7 @@ foreach $u (@users) {
 			}
 		push(@cols, $pr->{'cpu'});
 		if ($info_arg_map{'_stime'}) {
-			push(@cols, $pr->{'_stime'});
+			push(@cols, &format_stime($pr));
 			}
 		push(@cols, &html_escape(&cut_string($pr->{'args'})));
 		print &ui_columns_row(\@cols);

proc/linux-lib.pl

@@ -28,6 +28,7 @@ if ($ver >= 2) {
 		}
 	open(PS, "ps --cols 2048 -eo user$width,ruser$width,group$width,rgroup$width,pid,ppid,pgid,pcpu,vsz,nice,etime,time,stime,tty,args 2>/dev/null |");
 	$dummy = <PS>;
+	my @now = localtime(time());
 	for($i=0; $line=<PS>; $i++) {
 		chop($line);
 		$line =~ s/^\s+//g;
@@ -52,6 +53,17 @@ if ($ver >= 2) {
 		$plist[$i]->{"bytes"} = $w[8]*1024;
 		$plist[$i]->{"time"} = $w[11];
 		$plist[$i]->{"_stime"} = $w[12];
+		if ($w[12] =~ /^(\d+):(\d+)$/ ||
+		    $w[12] =~ /^(\d+):(\d+):(\d+)$/) {
+			# Started today
+			$plist[$i]->{"_stime_unix"} =
+			  timelocal($3 || 0, $2, $1, $now[3], $now[4], $now[5]);
+			}
+		elsif ($w[12] =~ /^(\S\S\S)\s*(\d+)$/) {
+			# Started on some other day
+			$plist[$i]->{"_stime_unix"} =
+			  timelocal(0, 0, 0, $2, &month_to_number($1), $now[5]);
+			}
 		$plist[$i]->{"nice"} = $w[9];
 		$plist[$i]->{"args"} = @w<15 ? "defunct" : join(' ', @w[14..$#w]);
 		$plist[$i]->{"_group"} = $w[2];

proc/proc-lib.pl

@@ -641,5 +641,21 @@ else {
 	}
 }
 
+# format_stime(&proc)
+# Returns the process start time in human-readable format
+sub format_stime
+{
+my ($p) = @_;
+if (!$p->{'_stime_unix'}) {
+	return $p->{'_stime'}
+	}
+elsif (time() - $p->{'_stime_unix'} > 86400) {
+	return &make_date($p->{'_stime_unix'}, 1);
+	}
+else {
+	return &make_date($p->{'_stime_unix'});
+	}
+}
+
 1;
 

version

@@ -1 +1 @@
-1.920
+1.930

web-lib-funcs.pl

@@ -720,6 +720,7 @@ if ($ENV{'QUERY_STRING'}) {
 	}
 @in = split(/\&/, $in);
 foreach my $i (@in) {
+	$i =~ /\0/ && &error("Null byte in query string");
 	my ($k, $v) = split(/=/, $i, 2);
 	if (!$_[2]) {
 		$k =~ tr/\+/ /;
@@ -1271,11 +1272,11 @@ if (!$_[$i]) {
 		print "$postbody\n";
 		}
 	if ($tconfig{'postbodyinclude'}) {
-    my ($theme, $overlay) = split(' ', $gconfig{'theme'});
-    my $file_contents = read_file_contents("$root_directory/$overlay/$tconfig{'postbodyinclude'}");
-    $file_contents = replace_meta($file_contents);
-    print $file_contents;
-    }
+		my ($theme, $overlay) = split(' ', $gconfig{'theme'});
+		my $file_contents = read_file_contents("$root_directory/$overlay/$tconfig{'postbodyinclude'}");
+		$file_contents = replace_meta($file_contents);
+		print $file_contents;
+		}
 	if (defined(&theme_postbody)) {
 		&theme_postbody(@_);
 		}
@@ -4963,6 +4964,7 @@ if ($ENV{'HTTP_X_REQUESTED_WITH'} ne "XMLHttpRequest" &&
 	}
 if (!$trust) {
 	# Looks like a link from elsewhere .. show an error
+	$current_theme = undef;
 	&header($text{'referer_title'}, "", undef, 0, 1, 1);
 
 	$prot = lc($ENV{'HTTPS'}) eq 'on' ? "https" : "http";
@@ -4983,6 +4985,7 @@ if (!$trust) {
 		}
 	print "<p>\n";
 
+	&footer();
 	exit;
 	}
 $main::no_referers_check++;
@@ -7306,7 +7309,7 @@ elsif ($v[0] eq 'REF') {
 elsif ($v[0] eq 'UNDEF') {
 	$rv = undef;
 	}
-elsif ($v[0] =~ /^OBJECT\s+(.*)$/) {
+elsif ($v[0] =~ /^OBJECT\s+([A-Za-z0-9_:]+)$/) {
 	# An object hash that we have to re-bless
 	my $cls = $1;
 	$rv = { };

webmin/letsencrypt-lib.pl

@@ -161,6 +161,7 @@ if (($letsencrypt_cmd && -d "/etc/letsencrypt/accounts") || $wildcard) {
 			" --manual-public-ip-logging-ok".
 			" --config $temp".
 			" --rsa-key-size $size".
+			" --cert-name ".quotemeta($doms[0]).
 			($staging ? " --test-cert" : "").
 			" 2>&1)");
 		&reset_environment();
@@ -179,6 +180,7 @@ if (($letsencrypt_cmd && -d "/etc/letsencrypt/accounts") || $wildcard) {
 			" --manual-public-ip-logging-ok".
 			" --config $temp".
 			" --rsa-key-size $size".
+			" --cert-name ".quotemeta($doms[0]).
 			($staging ? " --test-cert" : "").
 			" 2>&1)");
 		&reset_environment();

webminlog/search.cgi

@@ -219,7 +219,9 @@ elsif (@match) {
 		if ($anno) {
 			$cols[$#cols] .= "&nbsp;<img src=images/star.gif>";
 			}
-		push(@cols, $minfo->{'desc'}, $act->{'user'}, $act->{'ip'});
+		push(@cols, $minfo->{'desc'},
+			    &html_escape($act->{'user'}),
+			    &html_escape($act->{'ip'}));
 		if ($config{'host_search'}) {
 			push(@cols, $act->{'webmin'});
 			}

webminlog/view.cgi

@@ -43,10 +43,10 @@ else {
 	}
 
 print &ui_table_row($text{'view_user'},
-		    $act->{'user'});
+		    &html_escape($act->{'user'}));
 
 print &ui_table_row($text{'view_ip'},
-		    $act->{'ip'});
+		    &html_escape($act->{'ip'}));
 
 if ($act->{'sid'} ne '-') {
 	print &ui_table_row($text{'view_sid'},