version bump

Add missing strings to german translation (and start translation)

.gitattributes

@@ -2,57 +2,8 @@
 # webmin .gitattribues file
 # help git / github to know the encoding of webmin (lang) files
 
-# set default encoding to iso-8859-1 aka ASCII
-*        working-tree-encoding=iso8859-1 git-encoding=iso8859-1
-
 # force module.info to iso-8859-1 even it contains other encodings
 */module.info        working-tree-encoding=iso8859-1 git-encoding=iso8859-1
 
 # set all .UTF-8 to UTF-8
 *.UTF-8      working-tree-encoding=UTF-8 git-encoding=UTF-8
-
-# set all non iso8859-1 lang files to correct encoding
-**/lang/ru_SU        working-tree-encoding=koi8-r       git-encoding=koi8-r
-**/lang/ru_RU        working-tree-encoding=windows-1251     git-encoding=windows-1251
-**/lang/zh_TW.Big5   working-tree-encoding=Big5         git-encoding=Big5
-**/lang/zh_CN        working-tree-encoding=GB2312       git-encoding=GB2312
-**/lang/hu       working-tree-encoding=iso-8859-2       git-encoding=iso-8859-2
-**/lang/he       working-tree-encoding=iso-8859-8-I     git-encoding=iso-8859-8-I
-**/lang/tr       working-tree-encoding=iso-8859-9       git-encoding=iso-8859-9
-**/lang/pl       working-tree-encoding=iso-8859-2       git-encoding=iso-8859-2
-**/lang/ja_JP.euc    working-tree-encoding=EUC-JP       git-encoding=EUC-JP
-**/lang/si       working-tree-encoding=iso-8859-2       git-encoding=iso-8859-2
-**/lang/ko_KR.euc    working-tree-encoding=EUC-KR       git-encoding=EUC-KR
-**/lang/cz       working-tree-encoding=iso-8859-2       git-encoding=iso-8859-2
-**/lang/th       working-tree-encoding=tis-620          git-encoding=tis-620
-**/lang/no       working-tree-encoding=iso-8859-15      git-encoding=iso-8859-15
-**/lang/sk       working-tree-encoding=iso-8859-2       git-encoding=iso-8859-2
-**/lang/lt       working-tree-encoding=windows-1257     git-encoding=windows-1257
-**/lang/bg       working-tree-encoding=windows-1251     git-encoding=windows-1251
-**/lang/el       working-tree-encoding=iso-8859-7       git-encoding=iso-8859-7
-**/lang/uk_UA    working-tree-encoding=windows-1251     git-encoding=windows-1251
-**/lang/ar       working-tree-encoding=iso-8859-6-I     git-encoding=iso-8859-6-I
-**/lang/fa       working-tree-encoding=UTF-8            git-encoding=UTF-8
-
-# set all non iso8859-1 config.info files to correct encoding
-*/config.info.ru_SU       working-tree-encoding=koi8-r          git-encoding=koi8-r
-*/lconfig.info.ru_RU      working-tree-encoding=windows-1251    git-encoding=windows-1251
-*/config.info.zh_TW.Big5  working-tree-encoding=Big5            git-encoding=Big5
-*/config.info.zh_CN       working-tree-encoding=GB2312          git-encoding=GB2312
-*/lconfig.info.hu         working-tree-encoding=iso-8859-2      git-encoding=iso-8859-2
-*/config.info.he          working-tree-encoding=iso-8859-8-I    git-encoding=iso-8859-8-I
-*/config.info.tr          working-tree-encoding=iso-8859-9      git-encoding=iso-8859-9
-*/config.info.pl          working-tree-encoding=iso-8859-2      git-encoding=iso-8859-2
-*/config.info.ja_JP.euc   working-tree-encoding=EUC-JP          git-encoding=EUC-JP
-*/config.info.si          working-tree-encoding=iso-8859-2      git-encoding=iso-8859-2
-*/config.info.ko_KR.euc   working-tree-encoding=EUC-KR          git-encoding=EUC-KR
-*/lconfig.info.cz         working-tree-encoding=iso-8859-2      git-encoding=iso-8859-2
-*/lconfig.info.th         working-tree-encoding=tis-620         git-encoding=tis-620
-*/config.info.no          working-tree-encoding=iso-8859-15     git-encoding=iso-8859-15
-*/config.info.sk          working-tree-encoding=iso-8859-2      git-encoding=iso-8859-2
-*/config.info.lt          working-tree-encoding=windows-1257    git-encoding=windows-1257
-*/lconfig.info.bg         working-tree-encoding=windows-1251    git-encoding=windows-1251
-*/config.info.el          working-tree-encoding=iso-8859-7      git-encoding=iso-8859-7
-*/config.info.uk_UA       working-tree-encoding=windows-1251    git-encoding=windows-1251
-*/config.info.ar          working-tree-encoding=iso-8859-6-I    git-encoding=iso-8859-6-I
-*/config.info.fa          working-tree-encoding=UTF-8           git-encoding=UTF-8

CHANGELOG.md

@@ -1,5 +1,8 @@
 ## Changelog
 
+#### Version 1.930 (August 18, 2019)
+These updates fix a [security vulnerability](http://webmin.com/security.html) and should be installed IMMEDIATELY by all users. Although it is not exploitable in a Webmin install with the default configuration, upgrading is strongly recommended.
+
 #### Version 1.920 (July 04, 2019)
 This update includes the latest theme version, translation updates, the ability to disable hosts file entries, easier monitoring of bootup actions, and a bunch of bugfixes.
 

IDEAS

@@ -1,29 +0,0 @@
- - DHCP class support
- - Jump to page support in sendmail mailq and other mailqs
-	- Common functionality between sendmail, qmail and postfix?
-	- Clean up mailq code in sendmail module!
- - Update all code which uses remote_ functions to pass in server object
- - Function to open a file in read mode, which checks for < or > characters
-	- Ties into common callback for modifying file, based on file and module
-	- Foreign_require should allow a different package name to be specified,
-	  for zone clones with different behaviour
-	- Change all open() calls to use new API, and mention in module docs
- - Bandwidth modules should use some kind of logging socket instead of
-   syslog, which writes to a daemon.
- - reset session timeout every time a key is pressed, to prevent timeouts
-   when composing mail. Do on all pages.
- - covert more modules to readonly support (init first)
-	- perhaps need untranslate_file function? call in software/*-lib.pl
-	- writes to temp files should be allowed
- - all firewall modules need ability to setup port redirection
-	- for calling from squid and frox modules, polymorphically
- - better support for includes in samba module
-	- need to expand inline
-	- keep track of file and line for each directive
- - allow copying from view_mail.cgi in mailboxes module (for subs too)
- - Support IPFW tables
- - integrate venu's file manager
- - clone user in useradmin / ldap-useradmin
- - improved NFS export support on OSX
- - Use CPAN to install Perl modules
-	- FS#5583

README.md

@@ -29,7 +29,7 @@ Webmin can be installed in two different ways:
  1. By downloading a pre-built package, available for different distributions (CentOS, Fedora, SuSE, Mandriva, Debian, Ubuntu, Solaris and [other](http://www.webmin.com/support.html)) from our [download page](http://webmin.com/download.html);
   <kbd>Note: It is highly recommended to [add repository](https://doxfer.webmin.com/Webmin/Installation) to your system for having automatic updates.</kbd>
 
- 2. By downloading, extracting [source file](https://prdownloads.sourceforge.net/webadmin/webmin-1.930.tar.gz), and running [_setup.sh_](http://www.webmin.com/tgz.html) script, with no arguments, which will setup to run it directly from this directory, or with a command-line argument, such as targeted directory.
+ 2. By downloading, extracting [source file](https://prdownloads.sourceforge.net/webadmin/webmin-1.941.tar.gz), and running [_setup.sh_](http://www.webmin.com/tgz.html) script, with no arguments, which will setup to run it directly from this directory, or with a command-line argument, such as targeted directory.
   <kbd>Note: If you are installing Webmin [on Windows](http://www.webmin.com/windows.html) system, you must run the command `perl setup.pl` instead. The Windows version depends on several programs, and modules that may not be part of the standard distribution. You will need _process.exe_ commmand, _sc.exe_ command, and _Win32::Daemon_ Perl module.</kbd>
 
 ## Documentation

RELEASE

@@ -1,104 +0,0 @@
-Release Checklist
------------------
-
- x Check all .cgi and .pl files for syntax errors!
-find . -name "*.cgi" | grep -v shellinabox.cgi | grep -v thirdparty-cgi-scripts | grep -v ipweb | grep -v ipcache | grep -v thejax-theme | xargs -l1 perl -c |& grep -v OK
-find . -name "*.pl" | grep -v config.info | grep -v makemodulerpm.pl | grep -v ipcache | grep -v swell-tsunami-theme | grep -v Authen-SolarisRBAC-0.1 | grep -v virtualmin-nuvola | grep -v win32.pl | grep -v asterisk | grep -v server-manager | grep -v thejax-theme | grep -v exim | grep -v Webmin-API-1.0 | xargs -l1 perl -c |& grep -v OK
-
- x Make sure all cgi programs are executable
-find . -name "*.cgi" | xargs chmod +x
-
- x Make sure all files are world-readable, but not world-writable
-find . -type f | grep -v shellinabox | grep -v asterisk | xargs chmod +r
-find . -type f | grep -v shellinabox | grep -v asterisk | xargs chmod o-w
-find . -type d | grep -v shellinabox | grep -v asterisk | xargs chmod +rx
-find . -type d | grep -v shellinabox | grep -v asterisk | xargs chmod o-w
-
- x Delete all ~, .rej and .orig files
-find . -name "*~" -o -name "*.rej" -o -name "*.orig" -o -name ".*.swp" | xargs rm
-
- x Create and check in UTF-8 translations
-./chinese-to-utf8.pl
-find . -name '*.UTF-8*' | grep -v sccb- | xargs -l1 git add
-git commit ; git push
-
- x Check language files for clashes
-langcheck.pl lang/en */lang/en | grep -v asterisk/lang | grep -v rae-mpp/lang
-
- x Update README and version files
-
- x Run Virtualmin tests
-	x fudu
-	x lentor
-	x xencentos
-
- x Build .tar.gz, minimal.tar.gz and Solaris, RPM and Debian packages
-
- x Install on test system
-	vm2 create-system --type kvm --host webmintest --kvm-host fudu.home --ssh-pass smeg --image kvm-centos5.4-base --desc "Webmin install test" --kvm-memory 256
-        vm2 upload-file --host webmintest.home --source /usr/local/webadmin/rpm/webmin-$ver-1.noarch.rpm --dest /tmp/webmin.rpm
-        vm2 run-command --host webmintest.home "/etc/init.d/iptables stop ; chkconfig iptables off"
-        vm2 run-command --host webmintest.home "rpm -U /tmp/webmin.rpm"
-        vm2 refresh-systems --host webmintest.home
-	vm2 reboot-system --host webmintest.home
-        vm2 refresh-systems --host webmintest.home
-        vm2 run-command --host webmintest.home "rpm -U --force /tmp/webmin.rpm"
-        vm2 refresh-systems --host webmintest.home
-	vm2 delete-system --host webmintest.home
-
- x Upload files to sourceforge
-	/usr/local/webadmin/copy-devels.sh
-	Create new dir at https://sourceforge.net/projects/webadmin/files/webmin/
-	scp /tmp/devel/*/*$ver* jcameron,webadmin@frs.sourceforge.net:/home/frs/project/w/we/webadmin/webmin/$ver/
-	Set default downloads for files at https://sourceforge.net/projects/webadmin/files/webmin/
-
- x Upload signatures to sourceforge (with copy-sigs.sh)
-
- x Update .htaccess redirects in download directory on sourceforge
-	scp .htaccess web.sourceforge.net:htdocs/.htaccess
-
- x Copy module .wbm files to sourceforge (with modules-release.sh)
-
- x Upload Debian files to site, with :
-	scp deb/webmin_*.dsc deb/webmin_*.diff webadmin@download.webmin.com:domains/download.webmin.com/public_html/download/deb/
-
- x Generate MD5 checksums with :
-	cd ~/webmin.com ; ./make-md5.pl $ver >md5.html
-
- x Update and upload website HTML, including lang.html, support.html
-   and standard.html
-   Need to run makestandard.pl, makesupport.pl and lang_table.pl
-
- x Update freshmeat.net entry
-
- x Send to mailing list
-
- x Add new modules to thirdpartymodules.com
-
- x Update versions on thirdpartymodules.com at https://mysql-w.sourceforge.net/
-    - w30065admin / 1diamond
-    - update webminmodules set version = XXX where standard = 'Y'
-
- x Add version to bug tracker
-    - https://sourceforge.net/tracker/admin/?group_id=17457
-
- x Add new modules to bug tracker
-
- n Notify mirror site owners at webmin-mirrors@webmin.com
-
- x Copy APT repository with commands (on lentor)
-    /usr/local/download/deb/repository/make-repo.sh
-    rsync -rv --rsh=ssh --delete /usr/local/download/deb/repository webadmin@download.webmin.com:domains/download.webmin.com/public_html/download
-
- x Create YUM repository with commands
-     /usr/local/download/rpm/yum/make-repo.sh
-     rsync -rv --rsh=ssh /usr/local/download/rpm/yum webadmin@download.webmin.com:domains/download.webmin.com/public_html/download
-
- - Tell Joe
-
- x Facebook
-
- x Update Cloudmin repos
-	x RPM
-	x .wbm
-	x Debian

acl/CHANGELOG

@@ -64,3 +64,5 @@ Converted all pages to use the common Webmin UI library for a more consistent in
 Made all code Perl strict and warnings compliant.
 ---- Changes since 1.670 ----
 Added a button for adding multiple Webmin users to a group.
+---- Changes since 1.930 ----
+Added support for creating "safe-mode" Webmin users who have access only to modules and permissions that don't grant root access.

acl/acl-lib.pl

@@ -755,9 +755,9 @@ my ($user, $oldpass, $miniserv) = @_;
 if ($oldpass ne $user->{'pass'} &&
     "!".$oldpass ne $user->{'pass'} &&
     $oldpass ne "!".$user->{'pass'} &&
-    $user->{'pass'} ne 'x' &&
-    $user->{'pass'} ne 'e' &&
-    $user->{'pass'} ne '*LK*') {
+    $oldpass ne 'x' &&
+    $oldpass ne 'e' &&
+    $oldpass ne '*LK*') {
 	# Password change detected .. update change time
 	# and save the old one
 	my $nolock = $oldpass;
@@ -2167,5 +2167,16 @@ foreach $a (split(/\s+/, $miniserv{'anonymous'})) {
 return @rv;
 }
 
+# get_safe_acl(module)
+# Returns the safe ACL hash ref for a module, if there is one, or undef
+sub get_safe_acl
+{
+my ($m) = @_;
+my $mdir = &module_root_directory($m);
+my %rv;
+&read_file_cached("$mdir/safeacl", \%rv) || return undef;
+return \%rv;
+}
+
 1;
 

acl/edit_acl.cgi

@@ -54,17 +54,26 @@ if ($in{'mod'} && $in{'user'} && &supports_rbac($in{'mod'}) &&
 			  [ 0, $text{'no'} ] ]), 3);
 	}
 
-if ($in{'mod'}) {
+# Load custom ACL library
+my $mdir = &module_root_directory($in{'mod'});
+if (-r "$mdir/acl_security.pl") {
+	&foreign_require($in{'mod'}, "acl_security.pl");
+	}
+
+my $shown_config = 0;
+if ($in{'mod'} && -r "$mdir/config.info" &&
+    (!&foreign_defined($in{'mod'}, "acl_security_noconfig") ||
+     !&foreign_call($in{'mod'}, "acl_security_noconfig"))) {
 	# Show module config editing option
 	print &ui_table_row($text{'acl_config'},
 		&ui_radio("noconfig", $maccess{'noconfig'} ? 1 : 0,
 			[ [ 0, $text{'yes'} ], [ 1, $text{'no'} ] ]), 3);
+	$shown_config = 1;
 	}
 
-my $mdir = &module_root_directory($in{'mod'});
+# Show custom ACL form
 if (-r "$mdir/acl_security.pl") {
-	print &ui_table_hr() if ($in{'mod'});
-	&foreign_require($in{'mod'}, "acl_security.pl");
+	print &ui_table_hr() if ($shown_config);
 	&foreign_call($in{'mod'}, "load_theme_library");
 	&foreign_call($in{'mod'}, "acl_security_form", \%maccess);
 	}

acl/edit_user.cgi

@@ -9,7 +9,7 @@ our (%in, %text, %config, %access, $config_directory, $base_remote_user);
 &foreign_require("webmin", "webmin-lib.pl");
 
 &ReadParse();
-my ($u, %user);
+my ($u, %user,  $safe);
 if ($in{'user'}) {
 	# Editing an existing user
 	&can_edit_user($in{'user'}) || &error($text{'edit_euser'});
@@ -17,20 +17,27 @@ if ($in{'user'}) {
 	$u = &get_user($in{'user'});
 	$u || &error($text{'edit_egone'});
 	%user = %$u;
+	my %gacl = &get_module_acl($in{'user'}, '');
+	$safe = $gacl{'_safe'};
 	}
 else {
 	# Creating a new user
 	$access{'create'} || &error($text{'edit_ecreate'});
-	&ui_print_header(undef, $text{'edit_title2'}, "");
 	if ($in{'clone'}) {
 		# Initial settings come from clone
 		$u = &get_user($in{'clone'});
 		%user = %$u;
 		delete($user{'name'});
+		my %gacl = &get_module_acl($in{'clone'}, '');
+		$safe = $gacl{'_safe'};
 		}
 	else {
+		# User starts out empty
 		%user = ( );
+		$safe = $in{'safe'};
 		}
+	&ui_print_header(undef, $safe ? $text{'edit_title3'}
+				      : $text{'edit_title2'}, "");
 	}
 my $me = &get_user($base_remote_user);
 
@@ -51,6 +58,7 @@ if ($in{'user'}) {
 if ($in{'clone'}) {
 	print &ui_hidden("clone", $in{'clone'});
 	}
+print &ui_hidden("safe", $safe);
 print &ui_hidden_table_start($text{'edit_rights'}, "width=100%", 2, "rights",
 			     1, [ "width=30%" ]);
 
@@ -155,6 +163,17 @@ if ($in{'user'}) {
 		$text{'edit_proto_'.($user{'proto'} || '')});
 	}
 
+# Safe or not?
+my $smsg;
+if ($in{'user'} && $safe) {
+	$smsg = &ui_radio("unsafe", 0, [ [ 0, $text{'edit_safe1'} ],
+					 [ 1, $text{'edit_safe0'} ] ]);
+	}
+else {
+	$smsg = $safe ? $text{'edit_safe1'} : $text{'edit_safe0'};
+	}
+print &ui_table_row($text{'edit_safe'}, $smsg);
+
 print &ui_hidden_table_end("rights");
 
 # Start of UI options section
@@ -332,9 +351,16 @@ my @groups = &list_groups();
 print &ui_hidden_table_start(@groups ? $text{'edit_modsg'} : $text{'edit_mods'},
 			     "width=100%", 2, "mods");
 
+# Build list of modules, based on safe mode
+my @allmods = &list_module_infos();
+if ($safe) {
+	@allmods = grep { $has{$_->{'dir'}} ||
+			  &get_safe_acl($_->{'dir'}) } @allmods;
+	}
+
 # Show available modules, under categories
 my @mlist = grep { $access{'others'} || $has{$_->{'dir'}} ||
-		   $mcan{$_->{'dir'}} } &list_module_infos();
+		   $mcan{$_->{'dir'}} } @allmods;
 my @links = ( &select_all_link("mod", 0, $text{'edit_selall'}),
 	      &select_invert_link("mod", 0, $text{'edit_invert'}) );
 my @cats = &unique(map { $_->{'category'} || '' } @mlist);
@@ -359,7 +385,7 @@ foreach my $c (sort { $b cmp $a } @cats) {
 			}
 		elsif ($mcan{$md}) {
 			my $label;
-			if ($access{'acl'} && $in{'user'}) {
+			if ($access{'acl'} && $in{'user'} && !$safe) {
 				# Show link for editing ACL
 				$label = ui_link("edit_acl.cgi?" .
 				     "mod=" . urlize($m->{'dir'}) .
@@ -387,7 +413,7 @@ print &ui_hidden_table_end("mods");
 
 # Add global ACL section, but only if not set from the group
 my $groupglobal = $memg && -r "$config_directory/$memg->{'name'}.acl";
-if ($access{'acl'} && !$groupglobal && $in{'user'}) {
+if ($access{'acl'} && !$groupglobal && $in{'user'} && !$safe) {
 	print &ui_hidden_table_start($text{'edit_global'}, "width=100%", 2,
 				     "global", 0, [ "width=30%" ]);
 	my %uaccess;

acl/index.cgi

@@ -54,7 +54,10 @@ if (!@canulist) {
 		print &ui_subheading($text{'index_users'})
 			if (!$config{'display'});
 		print "<b>$text{'index_nousers'}</b><p>\n";
-		print ui_link("edit_user.cgi", $text{'index_create'}) . "\n";
+		print &ui_links_row([
+			&ui_link("edit_user.cgi", $text{'index_create'}),
+			&ui_link("edit_user.cgi?ssfe=1", $text{'index_screate'})
+			]);
 		$shown_users = 1;
 		}
 	}
@@ -64,7 +67,8 @@ elsif ($config{'display'}) {
 	print &ui_form_start("delete_users.cgi", "post");
 	&show_name_table(\@canulist, "edit_user.cgi",
 			 $access{'create'} ? $text{'index_create'} : undef,
-			 $text{'index_users'}, "user");
+			 $text{'index_users'}, "user",
+			 $access{'create'} ? $text{'index_screate'} : undef);
 	print &ui_form_end([ [ "delete", $text{'index_delete'} ],
 			     @gbut ]);
 	$shown_users = 1;
@@ -77,7 +81,8 @@ else {
 	print &ui_form_start("delete_users.cgi", "post");
 	push(@rowlinks, &select_all_link("d", $form),
 		     &select_invert_link("d", $form));
-	push(@rowlinks, ui_link("edit_user.cgi", $text{'index_create'}))
+	push(@rowlinks, ui_link("edit_user.cgi", $text{'index_create'}),
+			ui_link("edit_user.cgi?safe=1", $text{'index_screate'}))
 		if ($access{'create'});
 	print &ui_links_row(\@rowlinks);
 
@@ -251,20 +256,24 @@ $rv .= &ui_grid_table(\@grid, 3, 100,
 return $rv;
 }
 
-# show_name_table(&users|&groups, cgi, create-text, header-text, param)
+# show_name_table(&users|&groups, cgi, create-text, header-text, param,
+# 		  safe-text)
 sub show_name_table
 {
+my ($users, $cgi, $ctext, $htext, $param, $stext) = @_;
+
 # Show table of users, and maybe create links
 my @rowlinks = ( &select_all_link("d", $form),
 		 &select_invert_link("d", $form) );
-push(@rowlinks, ui_link("$_[1]", $_[2])) if ($_[2]);
+push(@rowlinks, ui_link($cgi, $ctext)) if ($ctext);
+push(@rowlinks, ui_link($cgi."?safe=1", $stext)) if ($stext);
 print &ui_links_row(\@rowlinks);
 my @links;
-for(my $i=0; $i<@{$_[0]}; $i++) {
-	push(@links, &user_link($_[0]->[$i], $_[1], $_[4]));
+for(my $i=0; $i<@$users; $i++) {
+	push(@links, &user_link($users->[$i], $cgi, $param));
 	}
 print &ui_grid_table(\@links, 4, 100,
-	[ "width=25%", "width=25%", "width=25%", "width=25%" ], undef, $_[3]);
+	[ "width=25%", "width=25%", "width=25%", "width=25%" ], undef, $htext);
 print &ui_links_row(\@rowlinks);
 }
 

acl/lang/de

@@ -466,3 +466,10 @@ unix_to=Als Webminbenutzer
 unix_user=Unixbenutzer ..
 unix_utable=Erlaubte Unix Benutzer
 unix_who=Benutzer oder Gruppe
+index_screate=Erzeuge neuen sicheren Benutzer.
+edit_title3=Erzeuge sicheren Webmin Benutzer
+edit_safe=Privileg Stufe
+edit_safe0=Unbeschränkt
+edit_safe1=Nur Sichere Module
+edit_unsafe=Zurücksetzen auf unbeschränkt
+save_eunixname='$1' ist kein System Benuter und kann daher nicht im sicheren Modus genutzt werden

acl/lang/en

@@ -1,8 +1,8 @@
 index_title=Webmin Users
 index_user=User
 index_modules=Modules
-index_create=Create a new Webmin user.
-index_rcreate=Create a new risk-level user.
+index_create=Create a new privileged user.
+index_screate=Create a new safe user.
 index_convert=Convert Unix To Webmin Users
 index_cert=Request an SSL Certificate
 index_twofactor=Two-Factor Authentication
@@ -30,6 +30,7 @@ index_eglist=Failed to list groups : $1
 
 edit_title=Edit Webmin User
 edit_title2=Create Webmin User
+edit_title3=Create Safe Webmin User
 edit_readonly=This Webmin user should not be edited as it is managed by the $1 module. <a href='$2'>Click here</a> to bypass this warning and edit the user anyway - but beware that any manual changes may be over-written!
 edit_rights=Webmin user access rights
 edit_user=Username
@@ -111,9 +112,14 @@ edit_proto_mysql=MySQL database
 edit_proto_postgresql=PostgreSQL database
 edit_proto_ldap=LDAP server
 edit_proto_=Local files
+edit_safe=Privilege level
+edit_safe0=Unrestricted
+edit_safe1=Safe modules only
+edit_unsafe=Reset to unrestricted
 
 save_err=Failed to save user
 save_ename='$1' is not a valid username
+save_eunixname=The username '$1' is not a Unix user, and so cannot be used in safe mode
 save_enamewebmin=The username 'webmin' is reserved for internal use
 save_edup=The username '$1' is already in use
 save_eoverlay=A theme overlay cannot be selected unless a theme is

acl/module.info

@@ -1,4 +1,3 @@
-risk=high
 name=AdminUsers
 category=webmin
 desc=Webmin Users

acl/save_acl.cgi

@@ -49,7 +49,9 @@ else {
 	# Validate and store ACL settings
 	&error_setup($text{'acl_err'});
 	my %maccess;
-	$maccess{'noconfig'} = $in{'noconfig'};
+	if (defined($in{'noconfig'})) {
+		$maccess{'noconfig'} = $in{'noconfig'};
+		}
 	if ($in{'rbac'}) {
 		# RBAC overrides everything
 		$maccess{'rbac'} = 1;

acl/save_user.cgi

@@ -62,6 +62,10 @@ if (!$in{'old'} || $in{'old'} ne $in{'name'}) {
 	$in{'logouttime'} =~ /^\d+$/ || &error($text{'save_elogouttime'});
 !$access{'minsize'} || $in{'minsize_def'} ||
 	$in{'minsize'} =~ /^\d+$/ || &error($text{'save_eminsize'});
+if ($in{'safe'} && !$in{'unsafe'}) {
+	getpwnam($in{'name'}) ||
+		&error(&text('save_eunixname', &html_escape($in{'name'})));
+	}
 
 # Validate password
 if ($in{'pass_def'} == 0) {
@@ -359,18 +363,41 @@ else {
 		}
 	}
 
-if ($in{'old'} && $in{'acl_security_form'} && !$newgroup) {
+my $aclfile = "$config_directory/$in{'name'}.acl";
+if ($in{'old'} && $in{'acl_security_form'} && !$newgroup && !$in{'safe'}) {
 	# Update user's global ACL
 	&foreign_require("", "acl_security.pl");
 	my %uaccess;
 	&foreign_call("", "acl_security_save", \%uaccess, \%in);
-	my $aclfile = "$config_directory/$in{'name'}.acl";
 	&lock_file($aclfile);
 	&save_module_acl(\%uaccess, $in{'name'}, "", 1);
 	&set_ownership_permissions(undef, undef, 0640, $aclfile);
 	&unlock_file($aclfile);
 	}
 
+# Clear safe setting
+if ($in{'unsafe'}) {
+	&lock_file($aclfile);
+	my %uaccess = &get_module_acl($in{'name'}, "", 1, 1);
+	delete($uaccess{'_safe'});
+	&save_module_acl(\%uaccess, $in{'name'}, "", 1);
+	&unlock_file($aclfile);
+	}
+
+# If the user is in safe mode, set ACLs on all new modules
+if ($in{'safe'}) {
+	foreach my $m ("", @mods) {
+		my %macl = &get_module_acl($in{'name'}, $m, 0, 1);
+		my $safe = &get_safe_acl($m);
+		if (!%macl && $safe) {
+			%macl = %$safe;
+			$macl{'_safe'} = 1;
+			$macl{'noconfig'} = 1;
+			&save_module_acl(\%macl, $in{'name'}, $m);
+			}
+		}
+	}
+
 # Log the event
 delete($in{'pass'});
 delete($in{'oldpass'});

acl/system_info.pl

@@ -46,6 +46,7 @@ if (@logins) {
 				$state = "<font color=orange>$state</font>";
 				}
 			}
+		$main::theme_allow_make_date = 1;
 		$html .= &ui_columns_row([ $l->[2],
 					   &make_date($l->[1]),
 					   $state ]);

apache/apache-lib.pl

@@ -942,6 +942,7 @@ sub parse_opt
 {
 local($i, $re);
 local $v = $in{$_[0]};
+$v =~ /\r|\n|\0/ && &error($text{'enewline'});
 if ($in{"$_[0]_def"}) { return ( [ ] ); }
 for($i=1; $i<@_; $i+=2) {
 	$re = $_[$i];
@@ -979,8 +980,13 @@ return $rv;
 # parse_choice(name, default)
 sub parse_choice
 {
-if (lc($in{$_[0]}) eq lc($_[1])) { return ( [ ] ); }
-else { return ( [ $in{$_[0]} ] ); }
+if (lc($in{$_[0]}) eq lc($_[1])) {
+	return ( [ ] );
+	}
+else {
+	$in{$_[0]} =~ /\r|\n|\0/ && &error($text{'enewline'});
+	return ( [ $in{$_[0]} ] );
+	}
 }
 
 # select_input(value, name, default, [choice]+)
@@ -1027,8 +1033,13 @@ return &ui_select($_[1], undef, \@sel, 1);
 # parse_handler(name)
 sub parse_handler
 {
-if ($in{$_[0]} eq "") { return ( [ ] ); }
-else { return ( [ $in{$_[0]} ] ); }
+if ($in{$_[0]} eq "") {
+	return ( [ ] );
+	}
+else {
+	$in{$_[0]} =~ /\r|\n|\0/ && &error($text{'enewline'});
+	return ( [ $in{$_[0]} ] );
+	}
 }
 
 # filters_input(&values, name)
@@ -1054,6 +1065,7 @@ return $rv;
 # parse_filters(name)
 sub parse_filters
 {
+$in{$_[0]} =~ /\r|\n|\0/ && &error($text{'enewline'});
 local @f = split(/\0/, $in{$_[0]});
 return @f ? ( [ join(";", @f) ] ) : ( [ ] );
 }

apache/lang/de

@@ -1068,3 +1068,4 @@ worker_ethreads=Anzahl der Threads pro Kindprozess muss eine Ganzzahl sein
 worker_maxspare=Maximale spare Threads
 worker_minspare=Minimale spare Threads
 worker_threads=Threads pro Kindprozess
+enewline=Ungueltiges Zeichen in der Eingabe

apache/lang/en

@@ -81,6 +81,7 @@ auth_return=access control
 default_serv=default server
 bytes=bytes
 eafter=Configuration verification failed : $1 Changes have not been saved.
+enewline=Invalid character in value
 
 global_ecannot=You are not allowed to edit global options
 global_mime=Global MIME types list

apache/mod_ssl.pl

@@ -40,6 +40,9 @@ my @sslprotos = ("SSLv2", "SSLv3", "TLSv1" );
 if ($httpd_modules{'core'} >= 2.215) {
 	push(@sslprotos, "TLSv1.1", "TLSv1.2");
 	}
+if ($httpd_modules{'core'} >= 2.437) {
+	push(@sslprotos, "TLSv1.3");
+	}
 return @sslprotos;
 }
 

apache/module.info

@@ -1,4 +1,3 @@
-risk=low medium high
 name=Apache
 category=servers
 os_support=solaris *-linux aix hpux freebsd osf1 irix unixware openserver macos openbsd netbsd windows 

apache/show_virt.cgi

@@ -5,6 +5,7 @@
 require './apache-lib.pl';
 &ReadParse();
 ($conf, $v) = &get_virtual_config($in{'virt'});
+&can_edit_virt($v) || &error($text{'virt_ecannot'});
 $desc = &text('virt_header', &virtual_name($v));
 &ui_print_header($desc, $text{'show_title'}, "");
 

bind8/CHANGELOG

@@ -152,3 +152,5 @@ Added support for editing TLSA (SSL Certificate) records.
 Added support for editing SSHFP (SSH Public Key) records.
 ---- Changes since 1.880 ----
 Before a zone is updated, BIND will be told to freeze it and thaw afterwards. This ensures that dynamic updates are preserved.
+---- Changes since 1.930 ----
+Added support for CAA records.

bind8/bind8-lib.pl

@@ -1047,11 +1047,13 @@ if ($config{'short_names'} && defined($_[5])) {
 	}
 
 # TTL field
-if ($rec{'ttl'} =~ /^(\d+)([SMHDW]?)$/i) {
-	$ttl = $1; $ttlunit = $2;
+if ($rec{'ttl'} && $rec{'ttl'} =~ /^(\d+)([SMHDW]?)$/i) {
+	$ttl = $1;
+	$ttlunit = $2;
 	}
 else {
-	$ttl = $rec{'ttl'}; $ttlunit = "";
+	$ttl = $rec{'ttl'} || '';
+	$ttlunit = "";
 	}
 print &ui_table_row($text{'edit_ttl'},
 	&ui_opt_textbox("ttl", $ttl, 8, $text{'default'})." ".
@@ -1063,7 +1065,7 @@ if ($rec{'values'}) {
 	@v = @{$rec{'values'}};
 	}
 else {
-	@v = undef;
+	@v = ( );
 	}
 if ($type eq "A" || $type eq "AAAA") {
 	print &ui_table_row($text{'value_A1'},
@@ -1292,10 +1294,24 @@ elsif ($type eq "NSEC3PARAM") {
 	print &ui_table_row($text{'value_NSEC3PARAM3'},
 		&ui_textbox("value2", $v[2], 4));
 
-	print &ui_table_row($text{'value_NSEC3PARAM5'},
-		&ui_textbox("value4", $v[4], 20));
+	print &ui_table_row($text{'value_NSEC3PARAM4'},
+		&ui_textbox("value3", $v[3], 20));
 
 	}
+elsif ($type eq "CAA") {
+	# CAA records have a flag, tag and issuer domain
+	print &ui_table_row($text{'value_CAA0'},
+		&ui_yesno_radio("value0", $v[0] || 0));
+
+	print &ui_table_row($text{'value_CAA1'},
+		&ui_select("value1", $v[1],
+			   [ [ "issue", $text{'value_caa_issue'} ],
+			     [ "issuewild", $text{'value_caa_issuewild'} ],
+			     [ "iodef", $text{'value_caa_iodef'} ] ]));
+
+	print &ui_table_row($text{'value_CAA2'},
+		&ui_textbox("value2", $v[2], 40));
+	}
 else {
 	# All other types just have a text box
 	print &ui_table_row($text{'value_other'},
@@ -2147,7 +2163,7 @@ my ($zone) = @_;
 if (!$freeze_zone_count{$zone->{'name'}}) {
 	my ($out, $ok) = &try_cmd(
 		"freeze ".quotemeta($zone->{'name'})." IN ".
-		quotemeta($zone->{'view'} || "")." 2>&1 </dev/null");
+		quotemeta($zone->{'view'} || ""));
 	if ($ok) {
 		$freeze_zone_count{$zone->{'name'}}++;
 		&register_error_handler(\&after_editing, $zone);
@@ -2162,9 +2178,8 @@ sub after_editing
 my ($zone) = @_;
 if ($freeze_zone_count{$zone->{'name'}}) {
 	$freeze_zone_count{$zone->{'name'}}--;
-	&try_cmd(
-		"thaw ".quotemeta($zone->{'name'})." IN ".
-		quotemeta($zone->{'view'} || "")." 2>&1 </dev/null");
+	&try_cmd("thaw ".quotemeta($zone->{'name'})." IN ".
+		 quotemeta($zone->{'view'} || ""));
 	}
 }
 
@@ -2177,20 +2192,17 @@ my ($dom, $view) = @_;
 my ($out, $ex);
 if ($view) {
 	# Reload a zone in a view
-	&try_cmd("freeze ".quotemeta($dom)." IN ".quotemeta($view).
-		 " 2>&1 </dev/null");
-	$out = &try_cmd("reload ".quotemeta($dom)." IN ".quotemeta($view).
-			" 2>&1 </dev/null");
+	&try_cmd("freeze ".quotemeta($dom)." IN ".quotemeta($view));
+	$out = &try_cmd("reload ".quotemeta($dom)." IN ".quotemeta($view));
 	$ex = $?;
-	&try_cmd("thaw ".quotemeta($dom)." IN ".quotemeta($view).
-		 " 2>&1 </dev/null");
+	&try_cmd("thaw ".quotemeta($dom)." IN ".quotemeta($view));
 	}
 else {
 	# Just reload one top-level zone
-	&try_cmd("freeze ".quotemeta($dom)." 2>&1 </dev/null");
-	$out = &try_cmd("reload ".quotemeta($dom)." 2>&1 </dev/null");
+	&try_cmd("freeze ".quotemeta($dom));
+	$out = &try_cmd("reload ".quotemeta($dom));
 	$ex = $?;
-	&try_cmd("thaw ".quotemeta($dom)." 2>&1 </dev/null");
+	&try_cmd("thaw ".quotemeta($dom));
 	}
 if ($out =~ /not found/i) {
 	# Zone is not known to BIND yet - do a total reload
@@ -2389,7 +2401,7 @@ foreach my $k (keys %znc) {
 		$filecount++;
 		$donefile{$1}++;
 		my @fst = stat($1);
-		if ($fst[9] > $st[9]) {
+		if (!@st || !@fst || $fst[9] > $st[9]) {
 			$changed = 1;
 			}
 		}
@@ -2966,7 +2978,7 @@ $slave_error = $_[0];
 
 sub get_forward_record_types
 {
-return ("A", "NS", "CNAME", "MX", "HINFO", "TXT", "SPF", "DMARC", "WKS", "RP", "PTR", "LOC", "SRV", "KEY", "TLSA", "SSHFP", "NSEC3PARAM", $config{'support_aaaa'} ? ( "AAAA" ) : ( ), @extra_forward);
+return ("A", "NS", "CNAME", "MX", "HINFO", "TXT", "SPF", "DMARC", "WKS", "RP", "PTR", "LOC", "SRV", "KEY", "TLSA", "SSHFP", "CAA", "NSEC3PARAM", $config{'support_aaaa'} ? ( "AAAA" ) : ( ), @extra_forward);
 }
 
 sub get_reverse_record_types
@@ -2978,15 +2990,16 @@ return ("PTR", "NS", "CNAME", @extra_reverse);
 # Try calling rndc and ndc with the same args, to see which one works
 sub try_cmd
 {
-my $args = $_[0];
-my $rndc_args = $_[1] || $_[0];
+my ($args, $rndc_args) = @_;
+$rndc_args ||= $args;
 my $out = "";
 my $ex;
 if (&has_ndc() == 2) {
 	# Try with rndc
+	my $conf = $config{'rndc_conf'} && -r $config{'rndc_conf'} ?
+			" -c $config{'rndc_conf'}" : "";
 	$out = &backquote_logged(
-		$config{'rndc_cmd'}.
-		($config{'rndc_conf'} ? " -c $config{'rndc_conf'}" : "").
+		$config{'rndc_cmd'}.$conf.
 		" ".$rndc_args." 2>&1 </dev/null");
 	$ex = $?;
 	}
@@ -3046,12 +3059,13 @@ my ($file) = @_;
 $file ||= &make_chroot($config{'named_conf'});
 my $chroot = &get_chroot();
 my $out = &backquote_command("$config{'checkconf'} -h 2>&1 </dev/null");
-my $zflag = $out =~ /\[-z\]/ ? "-z" : "";
+my $zflag = $out =~ /\[-z\]|\[-\S*z\S*\]/ ? "-z" : "";
 $out = &backquote_command(
         $config{'checkconf'}.
 	($chroot && $chroot ne "/" ? " -t ".quotemeta($chroot) : "").
 	" $zflag 2>&1 </dev/null");
-return $? ? grep { !/loaded\s+serial/ } split(/\r?\n/, $out) : ( );
+return $? ? &unique(grep { !/loaded\s+serial|already\s+exists/ }
+		         split(/\r?\n/, $out)) : ( );
 }
 
 # delete_records_file(file)
@@ -3086,6 +3100,7 @@ sub move_zone_button
 {
 my ($conf, $view, $zonename) = @_;
 my @views = grep { &can_edit_view($_) } &find("view", $conf);
+$view = '' if (!defined($view));
 if ($view eq '' && @views || $view ne '' && @views > 1) {
 	return &ui_buttons_row("move_zone.cgi",
                 $text{'master_move'},
@@ -3150,9 +3165,9 @@ if (!$access{'ro'} && $access{'apply'}) {
 	if (&is_bind_running()) {
 		if ($zone && ($access{'apply'} == 1 || $access{'apply'} == 2)) {
 			# Apply this zone
-            my $link = "restart_zone.cgi?return=$r&".
-                        "view=$zone->{'viewindex'}&".
-                        "zone=$zone->{'name'}";
+		        my $link = "restart_zone.cgi?return=$r&".
+				   "view=$zone->{'viewindex'}&".
+				   "zone=$zone->{'name'}";
 			push(@rv, &ui_link($link, $text{'links_apply'}) );
 			}
 		# Apply whole config
@@ -3464,6 +3479,10 @@ while($tries++ < 10) {
 		" -f ".quotemeta($signed)." ".
 		quotemeta($chrootfn)." 2>&1");
 	last if (!$?);
+	if ($out =~ /out\s+of\s+range/i) {
+		# Journal files are out of sync
+		&try_cmd("sync -clean");
+		}
 	}
 return $out if ($tries >= 10);
 
@@ -3782,7 +3801,7 @@ sub schedule_dnssec_cronjob
 			'active' => 1,
 			'command' => $dnssec_cron_cmd,
 			'mins' => int(rand()*60),
-			'hours' => int(rand()*24),
+			'hours' => '*',
 			'days' => '*',
 			'months' => '*',
 			'weekdays' => '*' };

bind8/edit_master.cgi

@@ -8,7 +8,7 @@ our (%access, %text, %in, %config, %is_extra);
 require './bind8-lib.pl';
 &ReadParse();
 our $ipv6revzone;
-$in{'view'} = 'any' if ($in{'view'} eq '');
+$in{'view'} = 'any' if (!$in{'view'} || $in{'view'} eq '');
 my $zone = &get_zone_name_or_error($in{'zone'}, $in{'view'});
 my $dom = $zone->{'name'};
 &can_edit_zone($zone) || &error($text{'master_ecannot'});

bind8/edit_recs.cgi

@@ -89,7 +89,7 @@ else {
 my %hmap;
 if (@recs) {
 	@recs = &sort_records(@recs);
-	foreach my $v (keys %text) {
+	foreach my $v (sort { $a cmp $b } keys %text) {
 		if ($v =~ /^value_([A-Z0-9]+)(\d+)/) {
 			$hmap{$1}->[$2-1] = $text{$v};
 			}
@@ -180,7 +180,7 @@ for(my $i=0; $i<@_; $i++) {
 	if ($in{'type'} eq 'ALL') {
 		push(@cols, $r->{'type'});
 		}
-	if ($r->{'ttl'} =~ /(\d+)([SMHDW]?)/i) {
+	if ($r->{'ttl'} && $r->{'ttl'} =~ /(\d+)([SMHDW]?)/i) {
 		$r->{'ttl'} =~ s/S//i;
 		if ($r->{'ttl'} =~ s/M//i) { $r->{'ttl'} *= 60; }
 		if ($r->{'ttl'} =~ s/H//i) { $r->{'ttl'} *= 3600; }
@@ -238,6 +238,14 @@ for(my $i=0; $i<@_; $i++) {
 				$v = $v ? $v." (".$r->{'values'}->[$j].")"
 					: $r->{'values'}->[$j];
 				}
+			elsif ($in{'type'} eq "CAA") {
+				if ($j == 0) {
+					$v = $v ? $text{'yes'} : $text{'no'};
+					}
+				elsif ($j == 1) {
+					$v = $text{'value_caa_'.$v} || $v;
+					}
+				}
 			}
 		if (length($v) > 80) {
 			$v = substr($v, 0, 80)." ...";

bind8/lang/de

@@ -1191,3 +1191,42 @@ zonekey_size=Schlüssel-Größe
 zonekey_strong=Stärkste erlaubt
 zonekey_title=Setup DNSSEC-Schlüssel
 zonekey_webmin=Webmin wird die Zone automatisch neu signieren, wenn Änderungen vorgenommen werden.
+index_eexpired=Warning : The following zones have expired DNSSEC signatures : $1
+index_eexpired_conf=Automatic signing should be re-enabled on the $1 page.
+index_eexpired_mod=Use the $1 module to either disable DNSSEC for these domains, or check why signing is failing.
+edit_eselector='$1' is not a valid TLSA selector number
+edit_esshfp=Missing or invalid base-64 encoded public key data
+edit_ensec3value3=Missing or non-base64 salt
+edit_ecaavalue2=Missing or invalid-looking domain name
+type_CAA=Certificate Authority
+edit_CAA=Certificate Authority
+recs_CAA=Certificate Authority
+value_TLSA2=Certificate selector
+value_TLSA3=Certificate match
+value_TLSA4=Certificate data
+value_dmarcadkim=Require strict DKIM alignment
+value_CAA1=Require enforcement?
+value_CAA2=Authorization type
+value_CAA3=CA domain name
+value_caa_issue=Single domain cert
+value_caa_issuewild=Wildcard cert
+value_caa_iodef=Policy violation URL
+tlsa_usage1=End entity
+tlsa_usage2=Trust anchor
+tlsa_usage3=Domain issued
+acl_inviews=Views this user can edit domains in
+acl_toplevel=Outside any view
+zonedef_dne=Authenticated Denial of Existence Using
+dt_zone_erollctl=Could not notify the rollover manager of rollover event
+dt_zone_resign=Re-Sign Zone
+dt_zone_zskrolldesc=Force rollover of the zone's zone signing key
+dt_zone_kskrolldesc=Force rollover of the zone's key signing key
+dt_zone_rrf_updating=Updating rollrec entry for zone $1 ...
+zonekey_eprivate=The private key associated with this zone could not be read : $1
+zonekey_signdesc=Immediately re-sign this zone, so that any changes to records made manually will be included in the signing records.
+zonekey_resign=Re-Sign Zone
+resign_err=Failed to re-sign zone
+trusted_dlvs=Additional trust anchors
+trusted_anchor=Anchor zone
+trusted_eanchor=Missing or invalid anchor zone in row $1
+trusted_setup=For DNSSEC to be useful to verify the majority of signed zones on the Internet, BIND must be configured to use a DLV server. Webmin can set this up for you, using the ICS DLV server at $1.

bind8/lang/en

@@ -310,6 +310,7 @@ edit_ensec3value3=Missing or non-base64 salt
 edit_edmarcpct=Percentage of messages must be an integer between 0 and 100
 edit_edmarcrua=Missing aggregate feedback address
 edit_edmarcruf=Missing forensic information address
+edit_ecaavalue2=Missing or invalid-looking domain name
 
 text_title=Edit Records File
 text_title2=View Records File
@@ -399,6 +400,7 @@ type_LOC=Location
 type_SRV=Service Address
 type_ALL=All Record Types
 type_KEY=Public Key
+type_CAA=Certificate Authority
 
 edit_A=Address
 edit_AAAA=IPv6 Address
@@ -418,6 +420,7 @@ edit_KEY=Public Key
 edit_NSEC3PARAM=DNSSEC Parameters
 edit_TLSA=SSL Certificate
 edit_SSHFP=SSH Public Key
+edit_CAA=Certificate Authority
 
 recs_defttl=Default TTL
 recs_A=Address
@@ -439,6 +442,7 @@ recs_KEY=Public Key
 recs_NSEC3PARAM=DNSSEC Parameters
 recs_TLSA=SSL Certificate
 recs_SSHFP=SSH Public Key
+recs_CAA=Certificate Authority
 recs_delete=Delete Selected
 
 value_A1=Address
@@ -477,8 +481,7 @@ value_DMARC1=DMARC specification
 value_NSEC3PARAM1=Hash algorithm
 value_NSEC3PARAM2=NSEC3 flags
 value_NSEC3PARAM3=Number of hash iterations
-value_NSEC3PARAM4=Length of salt
-value_NSEC3PARAM5=Salt string
+value_NSEC3PARAM4=Salt string
 value_delegated=Delegated zone
 value_notdelegated=Other zone
 value_other=Values (one per line)
@@ -512,6 +515,12 @@ value_dmarcnop=Same as this domain
 value_dmarcaspf=Require strict SPF alignment
 value_dmarcadkim=Require strict DKIM alignment
 value_dmarcnor=Don't send
+value_CAA1=Require enforcement? 
+value_CAA2=Authorization type
+value_CAA3=CA domain name
+value_caa_issue=Single domain cert
+value_caa_issuewild=Wildcard cert
+value_caa_iodef=Policy violation URL
 
 tlsa_usage0=Certificate authority
 tlsa_usage1=End entity
@@ -1224,7 +1233,6 @@ zonekey_other=Other size (in bits)
 zonekey_enable=Create and Add Key
 zonekey_err=Failed to create DNSSEC key
 zonekey_esize=Key size must be a number of bits between $1 and $2
-zonekey_efactor=Key size must be a multiple of $1
 zonekey_creating=Creating DNSSEC key for $1 ..
 zonekey_ecreate=.. creation failed : $1
 zonekey_done=.. done

bind8/list_gen.cgi

@@ -36,7 +36,7 @@ else {
 	}
 my $i = 0;
 foreach my $g (@gens, { }) {
-	my @gv = $g->{'generate'};
+	my @gv = @{$g->{'generate'}};
 	my @cols = ( );
 	my @r = $gv[0] =~ /^(\d+)-(\d+)(\/(\d+))?$/ ? ( $1, $2, $4 ) : ( );
 	push(@cols, &ui_select("type_$i", uc($gv[2]),

bind8/module.info

@@ -1,4 +1,3 @@
-risk=low medium high
 name=BIND
 category=servers
 os_support=*-linux solaris hpux freebsd osf1 irix unixware openserver macos openbsd aix netbsd windows 
@@ -7,5 +6,3 @@ depends=servers
 longdesc=Create and edit domains, DNS records, BIND options and views.
 readonly=1
 syslog=1
-desc_bg=BIND DNS Server
-longdesc_bg=Ñúçäàâàíå è ðåäàêòèðàíå íà äîìåéíè, DNS çàïèñè, îïöèè íà BIND è èçãëåäè.

bind8/records-lib.pl

@@ -824,7 +824,7 @@ sub join_dmarc
 {
 my ($dmarc) = @_;
 my @rv = ( "v=DMARC1" );
-foreach my $s ("pct", "ruf", "rua", "p", "sp", "adkim", "aspf") {
+foreach my $s ("p", "pct", "ruf", "rua", "sp", "adkim", "aspf") {
 	if ($dmarc->{$s} && $dmarc->{$s} ne '') {
 		push(@rv, $s."=".$dmarc->{$s});
 		}

bind8/save_record.cgi

@@ -421,11 +421,17 @@ else {
 		# Save DNSSEC parameters
 		$in{'value2'} =~ /^\d+$/ ||
 			&error($text{'edit_ensec3value2'});
-		$in{'value4'} =~ /^[a-zA-Z0-9\+\/]+$/ ||
+		$in{'value3'} =~ /^[a-zA-Z0-9\+\/]+$/ ||
 			&error($text{'edit_ensec3value2'});
 		$vals = join(" ", "(", $in{'value0'}, $in{'value1'},
-                                       $in{'value2'}, length($in{'value4'}),
-				       $in{'value4'}, ")");
+                                       $in{'value2'},
+				       $in{'value3'}, ")");
+		}
+	elsif ($in{'type'} eq 'CAA') {
+		$in{'value2'} =~ /^\S+$/ ||
+			&error($text{'edit_ecaavalue2'});
+		$vals = join(" ", $in{'value0'}, $in{'value1'},
+				  "\"$in{'value2'}\"");
 		}
 	else {
 		# For other record types, just save the lines

bind8/xfer.cgi

@@ -24,7 +24,7 @@ my $src = &find("transfer-source", $options->{'members'});
 my $masters = &find("masters", $zconf);
 my @ips;
 foreach my $av (@{$masters->{'members'}}) {
-	push(@ips, join(" ", @{$av->{'values'}}));
+	push(@ips, join(" ", $av->{'name'}, @{$av->{'values'}}));
 	}
 print &text('xfer_doing', join(" ", @ips)),"<br>\n";
 my $temp = &transname();

bsdexports/module.info

@@ -1,4 +1,3 @@
-risk=low medium high
 name=BSDexports
 category=net
 os_support=freebsd openbsd macos netbsd openserver

cfengine/lang/de

@@ -359,3 +359,29 @@ this_server=dieser Server
 type_classes=$type_group
 type_disks=$type_required
 type_grant=$type_admit
+index_details=Action summary for classes
+edit_controlskip=Skip reverse IP address lookup for
+edit_filesinclude=Only check files matching
+edit_filesexclude=Don't check files matching
+save_econtrolskip=No addresses to skip reverse lookups on entered
+run_desc=This page can be used to run the Configuration Engine on this host. When run, all the actions that you have configured will be carried out where necessary.
+push_pushdesc=Click this button to run the Configuration Engine on each of the hosts listed above, using the command $1. The local configuration from each host will be used for processing, unless you have arranged for the master configuration to be distributed to each host.
+type_control_0=The field below lists the actions that are executed when the configuration engine runs, in the order that they will be executed. Actions which are not listed will not be processed, even if they are listed on the main page.
+type_control_1=The options below control the global behaviour of the background process that accepts requests to execute the configuration on this host when requested by a remote host, or on a fixed schedule.
+type_directories=The directories listed below will be created with the given ownership and permissions when they do not exist. The owner, group and permissions fields are optional.
+type_links=The symbolic links listed below will be created where they do not currently exist. If a link already exists but points to a different destination, it will not normally be changed.
+type_admit=The configuration engine daemon will only grant access to directory listed below by the hosts listed next to each directory. Hosts can be entered as an IP address, hostname or host pattern (like <tt>*.foo.com</tt>).
+type_deny=Directories listed below will be denied access to by the hosts listed next to each directory, even if they are listed in an Allowed directories action. Hosts can be entered as an IP address, hostname or host pattern (like <tt>*.foo.com</tt>).
+type_groups=Use the table below to define additional groups of hosts that can be used elsewhere in the configuration as class names. Groups can also contain shell commands in quotes that are executed to determine if the group evaluates to true or false.
+type_copy=Each of the files or directories (and their contents) listed below will be copied to the chosen destination, when necessary. You can also choose to copy from a remote host, as long as that host is running the configuration engine daemon and allows this host to copy files.
+type_disable=The files listed below will be checked to see if it exists and meets the selected size and type criteria, and if so disabled by either renaming or truncation.
+type_editfiles=The text area below can be used to enter a script that edits the selected file, adding, deleting or updating lines where necessary. For the syntax of this script language, see the full CFengine documentation.
+type_ignore=Any files or directories entered below will be ignored by all 'Copy files', 'Set permissions' and 'Tidy up directories' actions. Each entry can be a full path, a shell-style regular expression or a filename.
+type_processes=Use the field below to search for processes matching the given pattern, and optionally send them a signal to kill them. When a process is killed, you can also specify a command to be run to restart it.
+type_shellcommands=The commands listed below will be executed every time the configuration engine is run. The user and group fields are optional - if nothing is entered, the command will be executed as root. The timeout field is also optional - if no timeout is given, CFengine will wait forever until the command is complete.
+type_tidy=The directories listed below will be scanned for files matching the selected name, age and time criteria each time CFengine is run. Any files found will be deleted, with no backup made.
+type_miscmounts=NFS filesystem mounts listed below will be checked and mounted if necessary when CFengine is run. The NFS server and path field must be entered in the standard form of <tt>servername:/path/name</tt>. The mount options must be in the same format as used in the <tt>/etc/fstab</tt> file, and are optional.
+type_resolve=The DNS server IP addresses that you enter below will be used to update the <tt>/etc/resolv.conf</tt> file when this action is run, by adding lines for any listed nameservers that are not yet in the file.
+type_defaultroute=When this action is run, the configuration engine will check the current default route against the gateway specified below.
+type_required=The filesystems listed below will be checked when this action is run to verify that they are mounted, and if not a warning message will be displayed. Each filesystem will also be checked to see if its free space has fallen below the set minimum, if any.
+hosts_copydesc=Click this button to have the CFengine configuration from this server copied to all the servers above, and immediately executed.

change-user/safeacl

@@ -0,0 +1,3 @@
+lang=1
+theme=1
+pass=1

chinese-to-utf8.pl

@@ -1,10 +1,8 @@
 #!/usr/local/bin/perl
-# Create zh_TW.UTF-8 files from zh_TW.Big5 files, and zh_CN.UTF-8 files from
-# zh_CN files, ja_JP.UTF-8 from ja_JP.euc, and ko_KR.UTF-8 from ko_KR.euc
-#
-# Also creates ru.UTF-8 from ru_SU files
+# Creates UTF-8 encoded language files from their native encodings
 
-chdir($ARGV[0] || "/usr/local/webadmin");
+@ARGV == 1 || die "Usage: $0 <directory>";
+chdir($ARGV[0]) || die "Failed to chdir to $ARGV[0] : $!";
 @modules = ( "." );
 opendir(DIR, ".");
 foreach $d (readdir(DIR)) {
@@ -41,41 +39,76 @@ close(LANG);
 foreach $m (@modules) {
 	# Translate the lang/* files
 	if (-r "$m/lang/zh_TW.Big5") {
-		system("iconv -f Big5 -t UTF-8 - <$m/lang/zh_TW.Big5 >$m/lang/zh_TW.UTF-8");
+		system("iconv -c -f Big5 -t UTF-8 - <$m/lang/zh_TW.Big5 >$m/lang/zh_TW.UTF-8");
 		}
 	if (-r "$m/lang/zh_CN") {
-		system("iconv -f GB2312 -t UTF-8 - <$m/lang/zh_CN >$m/lang/zh_CN.UTF-8");
+		system("iconv -c -f GB2312 -t UTF-8 - <$m/lang/zh_CN >$m/lang/zh_CN.UTF-8");
 		}
 	if (-r "$m/lang/ja_JP.euc") {
-		system("iconv -f EUC-JP -t UTF-8 - <$m/lang/ja_JP.euc >$m/lang/ja_JP.UTF-8");
+		system("iconv -c -f EUC-JP -t UTF-8 - <$m/lang/ja_JP.euc >$m/lang/ja_JP.UTF-8");
 		}
 	if (-r "$m/lang/ko_KR.euc") {
-		system("iconv -f EUC-KR -t UTF-8 - <$m/lang/ko_KR.euc >$m/lang/ko_KR.UTF-8");
+		system("iconv -c -f EUC-KR -t UTF-8 - <$m/lang/ko_KR.euc >$m/lang/ko_KR.UTF-8");
 		}
 	if (-r "$m/lang/ru_SU") {
-		system("iconv -f KOI8-R -t UTF-8 - <$m/lang/ru_SU >$m/lang/ru.UTF-8");
+		system("iconv -c -f KOI8-R -t UTF-8 - <$m/lang/ru_SU >$m/lang/ru.UTF-8");
 		}
 	foreach $l (@fiveone_langs) {
 		if (-r "$m/lang/$l") {
-			system("iconv -f windows-1251 -t UTF-8 - <$m/lang/$l >$m/lang/$l.UTF-8");
+			system("iconv -c -f windows-1251 -t UTF-8 - <$m/lang/$l >$m/lang/$l.UTF-8");
 			}
 		}
 	foreach $l (@fivenine_langs) {
 		if (-r "$m/lang/$l") {
-			system("iconv -f iso-8859-2 -t UTF-8 - <$m/lang/$l >$m/lang/$l.UTF-8");
+			system("iconv -c -f iso-8859-2 -t UTF-8 - <$m/lang/$l >$m/lang/$l.UTF-8");
 			}
 		}
 	foreach $l (@fifteen_langs) {
 		if (-r "$m/lang/$l") {
-			system("iconv -f iso-8859-15 -t UTF-8 - <$m/lang/$l >$m/lang/$l.UTF-8");
+			system("iconv -c -f iso-8859-15 -t UTF-8 - <$m/lang/$l >$m/lang/$l.UTF-8");
 			}
 		}
 	foreach $l (@default_langs) {
 		if (-r "$m/lang/$l") {
-			system("iconv -f iso-8859-1 -t UTF-8 - <$m/lang/$l >$m/lang/$l.UTF-8");
+			system("iconv -c -f iso-8859-1 -t UTF-8 - <$m/lang/$l >$m/lang/$l.UTF-8");
+			}
+		}
+        # Translate the ulang/* files
+	if (-r "$m/ulang/zh_TW.Big5") {
+		system("iconv -c -f Big5 -t UTF-8 - <$m/ulang/zh_TW.Big5 >$m/ulang/zh_TW.UTF-8");
+		}
+	if (-r "$m/ulang/zh_CN") {
+		system("iconv -c -f GB2312 -t UTF-8 - <$m/ulang/zh_CN >$m/ulang/zh_CN.UTF-8");
+		}
+	if (-r "$m/ulang/ja_JP.euc") {
+		system("iconv -c -f EUC-JP -t UTF-8 - <$m/ulang/ja_JP.euc >$m/ulang/ja_JP.UTF-8");
+		}
+	if (-r "$m/ulang/ko_KR.euc") {
+		system("iconv -c -f EUC-KR -t UTF-8 - <$m/ulang/ko_KR.euc >$m/ulang/ko_KR.UTF-8");
+		}
+	if (-r "$m/ulang/ru_SU") {
+		system("iconv -c -f KOI8-R -t UTF-8 - <$m/ulang/ru_SU >$m/ulang/ru.UTF-8");
+		}
+	foreach $l (@fiveone_langs) {
+		if (-r "$m/ulang/$l") {
+			system("iconv -c -f windows-1251 -t UTF-8 - <$m/ulang/$l >$m/ulang/$l.UTF-8");
+			}
+		}
+	foreach $l (@fivenine_langs) {
+		if (-r "$m/ulang/$l") {
+			system("iconv -c -f iso-8859-2 -t UTF-8 - <$m/ulang/$l >$m/ulang/$l.UTF-8");
+			}
+		}
+	foreach $l (@fifteen_langs) {
+		if (-r "$m/ulang/$l") {
+			system("iconv -c -f iso-8859-15 -t UTF-8 - <$m/ulang/$l >$m/ulang/$l.UTF-8");
+			}
+		}
+	foreach $l (@default_langs) {
+		if (-r "$m/ulang/$l") {
+			system("iconv -c -f iso-8859-1 -t UTF-8 - <$m/ulang/$l >$m/ulang/$l.UTF-8");
 			}
 		}
-
 	# Translate the module.info.LANG files
 	local %minfo;
 	if (&read_file("$m/module.info.zh_TW.Big5", \%minfo)) {
@@ -354,7 +387,7 @@ local $temp = "/tmp/$$.big5";
 open(TEMP, ">$temp");
 print TEMP $str;
 close(TEMP);
-local $out = `iconv -f Big5 -t UTF-8 - <$temp`;
+local $out = `iconv -c -f Big5 -t UTF-8 - <$temp`;
 unlink($temp);
 return $out;
 }
@@ -366,7 +399,7 @@ local $temp = "/tmp/$$.cn";
 open(TEMP, ">$temp");
 print TEMP $str;
 close(TEMP);
-local $out = `iconv -f GB2312 -t UTF-8 - <$temp`;
+local $out = `iconv -c -f GB2312 -t UTF-8 - <$temp`;
 unlink($temp);
 return $out;
 }
@@ -378,7 +411,7 @@ local $temp = "/tmp/$$.cn";
 open(TEMP, ">$temp");
 print TEMP $str;
 close(TEMP);
-local $out = `iconv -f EUC-JP -t UTF-8 - <$temp`;
+local $out = `iconv -c -f EUC-JP -t UTF-8 - <$temp`;
 unlink($temp);
 return $out;
 }
@@ -390,7 +423,7 @@ local $temp = "/tmp/$$.cn";
 open(TEMP, ">$temp");
 print TEMP $str;
 close(TEMP);
-local $out = `iconv -f EUC-KR -t UTF-8 - <$temp`;
+local $out = `iconv -c -f EUC-KR -t UTF-8 - <$temp`;
 unlink($temp);
 return $out;
 }
@@ -402,7 +435,7 @@ local $temp = "/tmp/$$.cn";
 open(TEMP, ">$temp");
 print TEMP $str;
 close(TEMP);
-local $out = `iconv -f KOI8-R -t UTF-8 - <$temp`;
+local $out = `iconv -c -f KOI8-R -t UTF-8 - <$temp`;
 unlink($temp);
 return $out;
 }
@@ -414,7 +447,7 @@ local $temp = "/tmp/$$.cn";
 open(TEMP, ">$temp");
 print TEMP $str;
 close(TEMP);
-local $out = `iconv -f windows-1251 -t UTF-8 - <$temp`;
+local $out = `iconv -c -f windows-1251 -t UTF-8 - <$temp`;
 unlink($temp);
 return $out;
 }
@@ -426,7 +459,7 @@ local $temp = "/tmp/$$.cn";
 open(TEMP, ">$temp");
 print TEMP $str;
 close(TEMP);
-local $out = `iconv -f iso-8859-2 -t UTF-8 - <$temp`;
+local $out = `iconv -c -f iso-8859-2 -t UTF-8 - <$temp`;
 unlink($temp);
 return $out;
 }
@@ -438,7 +471,7 @@ local $temp = "/tmp/$$.cn";
 open(TEMP, ">$temp");
 print TEMP $str;
 close(TEMP);
-local $out = `iconv -f iso-8859-15 -t UTF-8 - <$temp`;
+local $out = `iconv -c -f iso-8859-15 -t UTF-8 - <$temp`;
 unlink($temp);
 return $out;
 }
@@ -450,7 +483,7 @@ local $temp = "/tmp/$$.cn";
 open(TEMP, ">$temp");
 print TEMP $str;
 close(TEMP);
-local $out = `iconv -f iso-8859-1 -t UTF-8 - <$temp`;
+local $out = `iconv -c -f iso-8859-1 -t UTF-8 - <$temp`;
 unlink($temp);
 return $out;
 }

chooser.cgi

@@ -46,6 +46,9 @@ if (&supports_users()) {
 		# ACL determines
 		$fileunix = $access{'fileunix'} || $remote_user;
 		@uinfo = getpwnam($fileunix);
+		if (!@uinfo && !$access{'fileunix'}) {
+			@uinfo = getpwnam("nobody");
+			}
 		if (@uinfo) {
 			&switch_to_unix_user(\@uinfo);
 			}

cluster-copy/chooser.cgi

@@ -1 +0,0 @@
-../chooser.cgi

cluster-passwd/edit_passwd.cgi

@@ -43,11 +43,8 @@ if ($access{'others'} == 2) {
 	    &ui_checkbox("others", 1, $passwd::text{'passwd_others'}, 1), 2);
 	}
 
-print &ui_table_row(undef,
-		    &ui_submit($passwd::text{'passwd_change'})."\n".
-		    &ui_reset($passwd::text{'passwd_reset'}), 2);
 print &ui_table_end();
-print &ui_form_end();
+print &ui_form_end([ [ undef, $passwd::text{'passwd_change'} ] ]);
 
 &ui_print_footer($in{'one'} ? ( "/", $text{'index'} )
 			    : ( "", $passwd::text{'index_return'} ));

cluster-software/delete_packs.cgi

@@ -27,7 +27,7 @@ foreach $p (@packs) {
 	}
 $found || &error($text{'deletes_enone'});
 
-&ui_print_header(undef, $text{'deletes_title'}, "", "delete");
+&ui_print_header(undef, $text{'deletes_title'}, "", undef);
 
 if ($in{'sure'}) {
 	# do the deletion

cluster-software/edit_host.cgi

@@ -20,7 +20,7 @@ print "<tr $cb> <td><table width=100%>\n";
 print "<tr> <td><b>$text{'host_name'}</b></td>\n";
 if ($server->{'id'}) {
 	$h = $server->{'realhost'} || $server->{'host'};
-	printf &ui_link("/servers/link.cgi/%s/","%s")."</td>\n",
+	printf "<td>". &ui_link("/servers/link.cgi/%s/","%s")."</td>\n",
 		$server->{'id'}, $server->{'desc'} ? "$server->{'desc'} ($h:$server->{'port'})" : "$h:$server->{'port'}";
 	}
 else {
@@ -44,14 +44,14 @@ print "<td>$host->{'real_os_type'} $host->{'real_os_version'}</td> </tr>\n";
 
 print "<tr> <td><b>$text{'host_system'}</b></td>\n";
 $system = $host->{'package_system'} || $software::config{'package_system'};
-print "<td>",uc($system),"</td>\n";
+print "<td colspan=3>",uc($system),"</td>\n";
 
 print "</tr>\n";
 
 print "</table></td></tr></table>\n";
 
 # Show delete and refresh buttons
-print "<table width=100%><tr>\n";
+print "<p></p><table width=100%><tr>\n";
 
 print "<td><form action=delete_host.cgi>\n";
 print "<input type=hidden name=id value=$in{'id'}>\n";
@@ -91,6 +91,7 @@ print "<table width=100%>\n";
 &traverse("", 0);
 print "</table>\n";
 if ($hasclasses) {
+	print "<p></p>";
 	print &ui_link("closeall.cgi?id=$in{'id'}",$text{'host_close'}),"\n";
 	print &ui_link("openall.cgi?id=$in{'id'}",$text{'host_open'}),"<p>\n";
 	}
@@ -100,7 +101,7 @@ if ($hasclasses) {
 sub traverse
 {
 local($s, $act, $i);
-print "<tr> <td>", $spacer x $_[1];
+print "<tr style='border-top: 1px solid #aaaaaa28'> <td>", $spacer x $_[1];
 if ($_[0]) {
 	print "<a name=\"$_[0]\"></a>\n";
 	$act = $heiropen{$_[0]} ? "close" : "open";
@@ -114,7 +115,7 @@ if ($heiropen{$_[0]}) {
 	# print sub-folders followed by packages
 	foreach $i (@packages) {
 		if ($i->{'class'} eq $_[0]) {
-			print "<tr> <td>", $spacer x ($_[1]+1);
+			print "<tr style='border-top: 1px solid #aaaaaa28'> <td>", $spacer x ($_[1]+1);
 			print "<img border=0 src=images/pack.gif></a>&nbsp;\n";
 			print "<a href=\"edit_pack.cgi?package=",
 			     &urlize($i->{'name'}),"\">$i->{'name'}</a></td>\n";

cluster-software/edit_pack.cgi

@@ -36,9 +36,9 @@ print "<tr $cb> <td><table width=100%>\n";
 # Description, if we have one
 if ($pinfo[2]) {
 	print "<tr> <td valign=top width=20%><b>$text{'edit_desc'}</b></td>\n";
-	print "<td colspan=3><pre>",
+	print "<td colspan=3>",
 	      &html_escape(&entities_to_ascii($pinfo[2])),
-	      "</pre></td> </tr>\n";
+	      "</td> </tr>\n";
 	}
 
 print "<tr> <td width=20%><b>$text{'edit_pack'}</b></td> <td>$pinfo[0]</td>\n";
@@ -91,6 +91,7 @@ print &ui_subheading($text{'edit_hosts'});
 			      "$_->{'host'}:$_->{'port'}").
 		($version{$_} ? "<br>$text{'edit_ver'} $version{$_}" : "") } @got;
 &icons_table(\@links, \@titles, \@icons);
+print "<br>";
 
 &remote_finished();
 if ($in{'search'}) {

cluster-software/index.cgi

@@ -69,7 +69,7 @@ $formno++;
 print "<table width=100%><tr>\n";
 @addservers = grep { !$gothost{$_->{'id'}} } @servers;
 if (@addservers && $access{'add'}) {
-	print "<td width=33%><form action=add.cgi>\n";
+	print "<td><form action=add.cgi>\n";
 	print "<input type=submit name=add value='$text{'index_add'}'>\n";
 	print "<select name=server>\n";
 	foreach $s (sort { $a->{'host'} cmp $b->{'host'} } @addservers) {
@@ -82,7 +82,7 @@ if (@addservers && $access{'add'}) {
 
 # Show button for compare form
 if (@hosts) {
-	print "<td align=center width=33%>\n";
+	print "<td align=right>\n";
 	print "<form action=compare_form.cgi>\n";
 	print "<input type=submit value='$text{'index_compare'}'>\n";
 	print "</form>\n";

cluster-software/list_pack.cgi

@@ -12,20 +12,20 @@ require './cluster-software-lib.pl';
 
 print &ui_subheading(&text('list_files', "<tt>$in{'package'}</tt>",
 		   $s->{'desc'} ? $s->{'desc'} : $s->{'host'}));
-print "<table border width=100%>\n";
-print "<tr $tb> <td><b>$text{'list_path'}</b></td> ",
-      "<td><b>$text{'list_owner'}</b></td> ",
-      "<td><b>$text{'list_group'}</b></td> ",
-      "<td><b>$text{'list_type'}</b></td> ",
-      "<td><b>$text{'list_size'}</b></td> ",
-      "<td><b>$text{'list_status'}</b></td> </tr>\n";
+print "<table class='table table-striped table-hover table-condensed' width=100%>\n";
+print "<thead><tr><th>$text{'list_path'}</th> ",
+      "<th>$text{'list_owner'}</th> ",
+      "<th>$text{'list_group'}</th> ",
+      "<th>$text{'list_type'}</th> ",
+      "<th>$text{'list_size'}</th> ",
+      "<th>$text{'list_status'}</th> </tr></thead><tbody>\n";
 $n = &remote_foreign_call($s->{'host'}, "software",
 			  "check_files", $in{'package'});
 $files = &remote_eval($s->{'host'}, "software", "\\%files");
 for($i=0; $i<$n; $i++) {
 	$sz = $files->{$i,'size'};
 	$ty = $files->{$i,'type'};
-	print "<tr $cb>\n";
+	print "<tr>\n";
 	if ($ty == 3 || $ty == 4) {
 		print "<td valign=top>$files->{$i,'path'} -> ",
 		      "$files->{$i,'link'}</td>\n";
@@ -59,7 +59,7 @@ for($i=0; $i<$n; $i++) {
 	else { print "<td valign=top>$text{'list_ok'}</td>\n"; }
 	print "</tr>\n";
 	}
-print "</table><p>\n";
+print "</tbody></table><p>\n";
 
 &remote_finished();
 &ui_print_footer("edit_pack.cgi?package=".&urlize($in{'package'})."&search=".&urlize($in{'search'}), $text{'edit_return'});

cluster-useradmin/edit_group.cgi

@@ -35,7 +35,7 @@ print "<tr $tb> <td><b>$text{'gedit_details'}</b></td> </tr>\n";
 print "<tr $cb> <td><table width=100%>\n";
 
 print "<tr> <td valign=top><b>$text{'gedit_group'}</b></td>\n";
-print "<td valign=top><font size=+1><i>$ginfo{'group'}</i></font></td>\n";
+print "<td valign=top><font size=3><i>$ginfo{'group'}</i></font></td>\n";
 
 print "<td valign=top><b>$text{'gedit_gid'}</b></td>\n";
 printf "<td><input type=radio name=gid_def value=1 checked> %s (%s)\n",
@@ -77,11 +77,11 @@ print "<td><input type=radio name=chgid value=2> $text{'gedit_allfiles'}</td> </
 
 print "<tr> <td><b>$text{'uedit_servs'}</b></td>\n";
 print "<td><input type=radio name=servs value=1> $text{'uedit_mall'}</td>\n";
-print "<td><input type=radio name=servs value=0 checked> $text{'uedit_mthis'}</td> </tr>\n";
+print "<td colspan=2><input type=radio name=servs value=0 checked> $text{'uedit_mthis'}</td> </tr>\n";
 
 print "<tr> <td><b>$text{'gedit_mothers'}</b></td>\n";
 print "<td><input type=radio name=others value=1 checked> $text{'yes'}</td>\n";
-print "<td><input type=radio name=others value=0> $text{'no'}</td> </tr>\n";
+print "<td colspan=2><input type=radio name=others value=0> $text{'no'}</td> </tr>\n";
 
 print "</table></td> </tr></table><p>\n";
 
@@ -142,6 +142,7 @@ if ($config{'table_mode'}) {
 else {
 	# Show as icons
 	&icons_table(\@links, \@titles, \@icons);
+	print "<br>";
 	}
 
 &ui_print_footer("", $text{'index_return'});

cluster-useradmin/edit_host.cgi

@@ -27,7 +27,7 @@ if ($server->{'id'}) {
 	print "</td>";
 	}
 else {
-	print "<td><a href=/>$text{'this_server'}</a></td>\n";
+	print "<td colspan=3><a href=/>$text{'this_server'}</a></td>\n";
 	}
 
 if ($server->{'id'}) {
@@ -48,7 +48,7 @@ printf "<td>%d</td> </tr>\n", scalar(@{$host->{'groups'}});
 print "</table></td></tr></table>\n";
 
 # Show delete and refresh buttons
-print "<table width=100%><tr>\n";
+print "<p><table width=100%><tr>\n";
 
 print "<td><form action=delete_host.cgi>\n";
 print "<input type=hidden name=id value=$in{'id'}>\n";

cluster-useradmin/edit_user.cgi

@@ -202,7 +202,7 @@ elsif ($pft == 2) {
 		}
 	else { print "$text{'uedit_unknown'}\n"; }
 	if ($uinfo{'max'}) {
-		print "<input type=checkbox name=forcechange value=1> ",
+		print "&nbsp; <input type=checkbox name=forcechange value=1> ",
 		      "$text{'uedit_forcechange'}\n";
 		}
 	print "</td> </tr>\n";
@@ -374,7 +374,7 @@ print "<tr $cb> <td><table>\n";
 
 print "<tr> <td><b>$text{'uedit_movehome'}</b></td>\n";
 print "<td><input type=radio name=movehome value=1 checked> $text{'yes'}</td>\n";
-print "<td><input type=radio name=movehome value=0> $text{'no'}</td> </tr>\n";
+print "<td colspan=2><input type=radio name=movehome value=0> $text{'no'}</td> </tr>\n";
 
 print "<tr> <td><b>$text{'uedit_chuid'}</b></td>\n";
 print "<td><input type=radio name=chuid value=0> $text{'no'}</td>\n";
@@ -392,11 +392,11 @@ print "<td><input type=radio name=chgid value=2> ",
 
 print "<tr> <td><b>$text{'uedit_servs'}</b></td>\n";
 print "<td><input type=radio name=servs value=1> $text{'uedit_mall'}</td>\n";
-print "<td><input type=radio name=servs value=0 checked> $text{'uedit_mthis'}</td> </tr>\n";
+print "<td colspan=2><input type=radio name=servs value=0 checked> $text{'uedit_mthis'}</td> </tr>\n";
 
 print "<tr> <td><b>$text{'uedit_mothers'}</b></td>\n";
 print "<td><input type=radio name=others value=1 checked> $text{'yes'}</td>\n";
-print "<td><input type=radio name=others value=0> $text{'no'}</td> </tr>\n";
+print "<td colspan=2><input type=radio name=others value=0> $text{'no'}</td> </tr>\n";
 
 print "</table></td> </tr></table><p>\n";
 
@@ -461,6 +461,7 @@ if ($config{'table_mode'}) {
 else {
 	# Show as icons
 	&icons_table(\@links, \@titles, \@icons);
+	print "<br>";
 	}
 
 &ui_print_footer("", $text{'index_return'});

cluster-useradmin/group_form.cgi

@@ -4,7 +4,7 @@
 
 require './cluster-useradmin-lib.pl';
 &ReadParse();
-&ui_print_header(undef, $text{'gedit_title2'}, "", "create_group");
+&ui_print_header(undef, $text{'gedit_title2'}, "", undef);
 @hosts = &list_useradmin_hosts();
 @servers = &list_servers();
 
@@ -37,9 +37,8 @@ print "<input type=radio name=passmode value=2> $text{'clear'}\n";
 print "<input name=pass size=15></td>\n";
 
 print "<td valign=top><b>$text{'gedit_members'}</b></td>\n";
-print "<td><table><tr><td><textarea wrap=auto name=members rows=5 cols=10>",
-      "</textarea></td>\n";
-print "<td valign=top><input type=button onClick='ifield = document.forms[0].members; chooser = window.open(\"/useradmin/my_user_chooser.cgi?multi=1&user=\"+escape(ifield.value), \"chooser\", \"toolbar=no,menubar=no,scrollbars=yes,width=500,height=200\"); chooser.ifield = ifield' value=\"...\"></td></tr></table></td> </tr>\n";
+print "<td valign=top><input name=members size=14>",
+	"<input type=button onClick='ifield = document.forms[0].members; chooser = window.open(\"/useradmin/my_user_chooser.cgi?multi=1&user=\"+escape(ifield.value), \"chooser\", \"toolbar=no,menubar=no,scrollbars=yes,width=500,height=200\"); chooser.ifield = ifield' value=\"...\"></td> </tr>\n";
 print "</table></td></tr></table><p>\n";
 
 print "<table border width=100%>\n";
@@ -53,9 +52,8 @@ print "<td><input type=radio name=others value=0> $text{'no'}</td> </tr>\n";
 # Show server selection input
 &create_on_input($text{'uedit_servers'});
 
-print "</table></td> </tr></table><p>\n";
+print "</table></td> </tr></table><p></p><p></p>\n";
 
 print "<input type=submit value=\"$text{'create'}\"></form><p>\n";
 
 &ui_print_footer("", $text{'index_return'});
-

cluster-useradmin/index.cgi

@@ -68,7 +68,7 @@ else {
 	print "<b>$text{'index_nohosts'}</b><p>\n";
 	}
 $formno++;
-print "<br><br><form action=add.cgi>\n";
+print "<form data-post-icon-row-submit action=add.cgi>\n";
 print "<table width=100%><tr>\n";
 @addservers = grep { !$gothost{$_->{'id'}} } @servers;
 if (@addservers) {

cluster-useradmin/sync_form.cgi

@@ -8,7 +8,7 @@ require './cluster-useradmin-lib.pl';
 
 print "$text{'sync_desc'}<p>\n";
 print "<form action=sync.cgi>\n";
-print "<table>\n";
+print "<table width='100%'>\n";
 
 print "<tr> <td valign=top><b>$text{'sync_hosts'}</b></td> <td>\n";
 &create_on_input(undef, 1, 1);
@@ -67,7 +67,7 @@ print "<tr> <td><b>$text{'sync_others'}</b></td>\n";
 print "<td><input type=radio name=others value=1 checked> $text{'yes'}\n";
 print "<input type=radio name=others value=0> $text{'no'}</td> </tr>\n";
 
-print "</table>\n";
+print "</table><p></p><p></p>\n";
 print "<input type=submit value='$text{'sync_ok'}'></form>\n";
 
 &ui_print_footer("", $text{'index_return'});

cluster-useradmin/user_form.cgi

@@ -96,8 +96,8 @@ foreach (1 .. 15) {
 	$random_password .= $random_password_chars[
 				rand(scalar(@random_password_chars))];
 	}
-print "<td valign=top rowspan=4><b>$text{'pass'}</b>",
-      "</td> <td rowspan=4 valign=top>\n";
+print "<td valign=top rowspan=3><b>$text{'pass'}</b>",
+      "</td> <td rowspan=3 valign=top>\n";
 printf "<input type=radio name=passmode value=0> %s<br>\n",
 	$uconfig{'empty_mode'} ? $text{'none1'} : $text{'none2'};
 printf "<input type=radio name=passmode value=1 checked> %s<br>\n",
@@ -129,8 +129,8 @@ if ($pft == 1 || $pft == 6) {
 	print " &nbsp; <input name=changeh size=3>";
 	print ":<input name=changemi size=3></td>\n";
 
-	print "<td><b>$text{'expire2'}</b></td>\n";
-	print "<td>";
+	print "<td colspan=1><b>$text{'expire2'}</b></td>\n";
+	print "<td colspan=3>";
 	&date_input("", "", "", 'expire');
 	print " &nbsp; <input name=expireh size=3>";
 	print ":<input name=expiremi size=3></td> </tr>\n";
@@ -147,8 +147,8 @@ elsif ($pft == 2) {
 	print "<tr $tb> <td><b>$text{'uedit_passopts'}</b></td> </tr>\n";
 	print "<tr $cb> <td><table width=100%>\n";
 
-	print "<td><b>$text{'expire'}</b></td>\n";
-	print "<td>";
+	print "<td colspan=1><b>$text{'expire'}</b></td>\n";
+	print "<td colspan=3>";
 	&date_input($eday, $emon, $eyear, 'expire');
 	print "</td> </tr>\n";
 
@@ -204,7 +204,7 @@ print "<table border width=100%>\n";
 print "<tr $tb> <td><b>$text{'uedit_gmem'}</b></td> </tr>\n";
 print "<tr $cb> <td><table width=100%>\n";
 print "<tr> <td valign=top><b>$text{'group'}</b></td> <td valign=top>\n";
-printf "<input name=gid size=8 value=\"%s\">\n",
+printf "<input name=gid size=15 value=\"%s\">\n",
 	$uconfig{'default_group'};
 print "<input type=button onClick='ifield = document.forms[0].gid; chooser = window.open(\"/useradmin/my_group_chooser.cgi?multi=0&group=\"+escape(ifield.value), \"chooser\", \"toolbar=no,menubar=no,scrollbars=yes,width=300,height=200\"); chooser.ifield = ifield' value=\"...\"></td>\n";
 
@@ -248,9 +248,9 @@ print "<td><input type=radio name=others value=0> $text{'no'}</td> </tr>\n";
 # Show selector for hosts to create on
 &create_on_input($text{'uedit_servers'});
 
-print "</table></td> </tr></table><p>\n";
+print "</table></td> </tr></table><p></p><p></p>\n";
 
-print "<input type=submit value=\"$text{'create'}\"></form><p>\n";
+print "<input type=submit value=\"$text{'create'}\"></form>\n";
 
 &ui_print_footer("", $text{'index_return'});
 

cluster-usermin/edit_host.cgi

@@ -53,27 +53,36 @@ printf "<td>%s</td> </tr>\n", $host->{'version'};
 print "</table></td></tr></table>\n";
 
 # Show delete and refresh buttons
-print "<table width=100%><tr>\n";
-print "<form action=delete_host.cgi>\n";
+print "<p></p><table width=100%><tr>\n";
+print "<td><form action=delete_host.cgi>\n";
 print "<input type=hidden name=id value=$in{'id'}>\n";
-print "<td><input type=submit value='$text{'host_delete'}'></td>\n";
-print "</form>\n";
+print "<input type=submit value='$text{'host_delete'}'>\n";
+print "</form></td>\n";
 
-print "<form action=refresh.cgi>\n";
+print "<td align=right><form action=refresh.cgi>\n";
 print "<input type=hidden name=id value=$in{'id'}>\n";
-print "<td align=right><input type=submit value='$text{'host_refresh'}'></td>\n";
-print "</form>\n";
+print "<input type=submit value='$text{'host_refresh'}'>\n";
+print "</form></td>\n";
 print "</tr></table>\n";
 
 # Show table of modules and themes
-print "<table border width=100%>\n";
+print "<p></p><table border width=100%>\n";
 print "<tr $tb> <td><b>$text{'host_header_m'}</b></td> </tr>\n";
 print "<tr $cb> <td><table width=100%>\n";
 
 $i = 0;
+my $total_cells = scalar(@modules);
 foreach $m (sort { $a->{'desc'} cmp $b->{'desc'} } @modules) {
+	my $colspan = '';
+	if ($total_cells == $i + 1 && $total_cells%$i == 1) {
+		if ($i%3 == 0) {
+			$colspan = " colspan=3 ";
+		} elsif($i%3 == 1) {
+			$colspan = " colspan=2 ";
+		}
+	}
 	print "<tr>\n" if ($i%3 == 0);
-	print "<td width=33%><a href='edit_mod.cgi?mod=$m->{'dir'}&host=$in{'id'}'>",$m->{'desc'},"</td>\n";
+	print "<td $colspan width=33%><a href='edit_mod.cgi?mod=$m->{'dir'}&host=$in{'id'}'>",$m->{'desc'},"</td>\n";
 	print "</tr>\n" if ($i%3 == 2);
 	$i++;
 	}
@@ -82,9 +91,18 @@ if (@themes) {
 	print "</table></td></tr>\n";
 	print "<tr $tb> <td><b>$text{'host_header_t'}</b></td> </tr>\n";
 	print "<tr $cb> <td><table width=100%>\n";
+	my $total_cells_themes = scalar(@themes);
 	foreach $t (sort { $a->{'desc'} cmp $b->{'desc'} } @themes) {
+		my $colspan = '';
+		if ($total_cells_themes == $i + 1 && $total_cells_themes%$i == 1) {
+			if ($i%3 == 0) {
+				$colspan = " colspan=3 ";
+			} elsif($i%3 == 1) {
+				$colspan = " colspan=2 ";
+			}
+		}
 		print "<tr>\n" if ($i%3 == 0);
-		print "<td width=33%><a href='edit_mod.cgi?theme=$t->{'dir'}$in{'id'}'>",$t->{'desc'},"</td>\n";
+		print "<td $colspan width=33%><a href='edit_mod.cgi?theme=$t->{'dir'}$in{'id'}'>",$t->{'desc'},"</td>\n";
 		print "</tr>\n" if ($i%3 == 2);
 		$i++;
 		}

cluster-usermin/edit_mod.cgi

@@ -170,16 +170,16 @@ else {
 print "</table></td></tr></table><p>\n";
 
 print "<table width=100%><tr>\n";
-print "<form action=delete_mod.cgi>\n";
+print "<td><form action=delete_mod.cgi>\n";
 print "<input type=hidden name=type value=\"$type\">\n";
 print "<input type=hidden name=mod value=\"$name\">\n";
-print "<td><input type=submit value='",$text{"edit_uninst_$type"},"'>\n";
+print "<input type=submit value='",$text{"edit_uninst_$type"},"'>\n";
 print "<select name=server>\n";
 print "<option value=-1>$text{'edit_all'}</option>\n";
 foreach $s (@got) {
 	print "<option value='$s->{'id'}'>",&server_name($s),"</option>\n";
 	}
-print "</select></td></form>\n";
+print "</select></form></td>\n";
 
 print "</tr></table>\n";
 
@@ -191,6 +191,7 @@ print &ui_subheading($text{'edit_hosts'});
 @titles = map { &server_name($_).
 	        ($_->{'module'}->{'version'} ? " ($text{'host_version2'} $_->{'module'}->{'version'})" : "") } @got;
 &icons_table(\@links, \@titles, \@icons);
+print "<br>";
 
 &remote_finished();
 &ui_print_footer("", $text{'index_return'});

cluster-usermin/index.cgi

@@ -75,10 +75,10 @@ foreach $t (&all_themes(\@hosts)) {
 $themesel .= "</select>\n";
 
 # Show button for adding server
-print "<table width=100%><tr>\n";
+print "<table data-post-icon-row-submit width=100%><tr>\n";
 @addservers = grep { !$gothost{$_->{'id'}} } @servers;
 if (@addservers) {
-	print "<td><form action=add.cgi><td>\n";
+	print "<td><form action=add.cgi>\n";
 	print "<input type=submit name=add value='$text{'index_add'}'>\n";
 	print "<select name=server>\n";
 	foreach $s (@addservers) {

cluster-webmin/cluster-webmin-lib.pl

@@ -169,14 +169,15 @@ return sort { $a->{'name'} cmp $b->{'name'} }
 	 map { @{$_->{'users'}} } @{$_[0]};
 }
 
-# create_on_input(desc, [no-donthave], [no-have], [multiple])
+# create_on_input(desc, [no-donthave], [no-have], [multiple], [colspan])
 sub create_on_input
 {
 local @hosts = &list_webmin_hosts();
 local @servers = &list_servers();
 if ($_[0]) {
 	print "<tr> <td><b>$_[0]</b></td>\n";
-	print "<td>\n";
+	my $colspan = "colspan=$_[4]" if ($_[4]);
+	print "<td $colspan>\n";
 	}
 if ($_[3]) {
 	print "<select name=server size=5 multiple>\n";

cluster-webmin/edit_host.cgi

@@ -53,7 +53,7 @@ printf "<td>%s</td> </tr>\n", $host->{'version'};
 print "</table></td></tr></table>\n";
 
 # Show delete and refresh buttons
-print "<table width=100%><tr>\n";
+print "<p></p><table width=100%><tr>\n";
 
 print "<td><form action=delete_host.cgi>\n";
 print "<input type=hidden name=id value=$in{'id'}>\n";
@@ -68,14 +68,23 @@ print "</form></td>\n";
 print "</tr></table>\n";
 
 # Show table of modules and themes
-print "<table border width=100%>\n";
+print "<p></p><table border width=100%>\n";
 print "<tr $tb> <td><b>$text{'host_header_m'}</b></td> </tr>\n";
 print "<tr $cb> <td><table width=100%>\n";
 
 $i = 0;
+my $total_cells = scalar(@modules);
 foreach $m (sort { $a->{'desc'} cmp $b->{'desc'} } @modules) {
+	my $colspan = '';
+	if ($total_cells == $i + 1 && $total_cells%$i == 1) {
+		if ($i%3 == 0) {
+			$colspan = " colspan=3 ";
+		} elsif($i%3 == 1) {
+			$colspan = " colspan=2 ";
+		}
+	}
 	print "<tr>\n" if ($i%3 == 0);
-	print "<td width=33%><a href='edit_mod.cgi?mod=$m->{'dir'}&host=$in{'id'}'>",$m->{'desc'},"</td>\n";
+	print "<td $colspan width=33%><a href='edit_mod.cgi?mod=$m->{'dir'}&host=$in{'id'}'>",$m->{'desc'},"</td>\n";
 	print "</tr>\n" if ($i%3 == 2);
 	$i++;
 	}
@@ -84,9 +93,18 @@ if (@themes) {
 	print "</table></td></tr>\n";
 	print "<tr $tb> <td><b>$text{'host_header_t'}</b></td> </tr>\n";
 	print "<tr $cb> <td><table width=100%>\n";
+	my $total_cells_themes = scalar(@themes);
 	foreach $t (sort { $a->{'desc'} cmp $b->{'desc'} } @themes) {
+		my $colspan = '';
+		if ($total_cells_themes == $i + 1 && $total_cells_themes%$i == 1) {
+			if ($i%3 == 0) {
+				$colspan = " colspan=3 ";
+			} elsif($i%3 == 1) {
+				$colspan = " colspan=2 ";
+			}
+		}
 		print "<tr>\n" if ($i%3 == 0);
-		print "<td width=33%><a href='edit_mod.cgi?theme=$t->{'dir'}$in{'id'}'>",$t->{'desc'},"</td>\n";
+		print "<td $colspan width=33%><a href='edit_mod.cgi?theme=$t->{'dir'}$in{'id'}'>",$t->{'desc'},"</td>\n";
 		print "</tr>\n" if ($i%3 == 2);
 		$i++;
 		}
@@ -94,7 +112,7 @@ if (@themes) {
 print "</table></td></tr></table><br>\n";
 
 # Show table of users and groups
-print "<table border width=100%>\n";
+print "<p></p><table border width=100%>\n";
 print "<tr $tb> <td><b>$text{'host_header_u'}</b></td> </tr>\n";
 print "<tr $cb> <td><table width=100%>\n";
 $i = 0;

cluster-webmin/edit_mod.cgi

@@ -177,33 +177,33 @@ print "</table></td></tr></table><p>\n";
 print "<table width=100%><tr>\n";
 
 # Show button to delete module
-print "<form action=delete_mod.cgi>\n";
+print "<td><form action=delete_mod.cgi>\n";
 print "<input type=hidden name=type value=\"$type\">\n";
 print "<input type=hidden name=mod value=\"$name\">\n";
-print "<td><input type=submit value='",$text{"edit_uninst_$type"},"'>\n";
+print "<input type=submit value='",$text{"edit_uninst_$type"},"'>\n";
 print "<select name=server>\n";
 print "<option value=-1>$text{'edit_all'}</option>\n";
 foreach $s (@got) {
 	print "<option value='$s->{'id'}'>",&server_name($s),"</option>\n";
 	}
-print "</select></td></form>\n";
+print "</select></form></td>\n";
 
 if ($type eq 'mod') {
 	# Show button to edit config
-	print "<form action=edit_config.cgi>\n";
+	print "<td><form action=edit_config.cgi>\n";
 	print "<input type=hidden name=type value=\"$type\">\n";
 	print "<input type=hidden name=mod value=\"$name\">\n";
-	print "<td><input type=submit value='$text{'edit_config'}'>\n";
+	print "<input type=submit value='$text{'edit_config'}'>\n";
 	&create_on_input(undef, 1, 0, 0);
-	print "</td></form>\n";
+	print "</form></td>\n";
 	}
 
 if ($type eq 'mod') {
 	# Show user/group ACL selector
-	print "<form action=edit_acl.cgi>\n";
+	print "<td align=right><form action=edit_acl.cgi>\n";
 	print "<input type=hidden name=mod value=\"$name\">\n";
 	print "<input type=hidden name=host value=\"$checkonh->{'id'}\">\n";
-	print "<td align=right><input type=submit value='$text{'edit_acl'}'>\n";
+	print "<input type=submit value='$text{'edit_acl'}'>\n";
 	print "<select name=whohost>\n";
 	for($i=0; $i<@goth; $i++) {
 		$h = $goth[$i];
@@ -227,7 +227,7 @@ if ($type eq 'mod') {
 				if (&indexof($name, @m) >= 0);
 			}
 		}
-	print "</select></td></form>\n";
+	print "</select></form></td>\n";
 	}
 
 print "</tr></table>\n";
@@ -240,6 +240,7 @@ print &ui_subheading($text{'edit_hosts'});
 @titles = map { &server_name($_).
 	        ($_->{'module'}->{'version'} ? " ($text{'host_version2'} $_->{'module'}->{'version'})" : "") } @got;
 &icons_table(\@links, \@titles, \@icons);
+print "<br>";
 
 &remote_finished();
 &ui_print_footer("", $text{'index_return'});

cluster-webmin/group_form.cgi

@@ -45,15 +45,15 @@ for($i=$mp*2; $i<@mods; $i++) {
 print "</select>\n";
 
 print "<br>\n";
-print "<a href='' onClick='for(i=0; i<document.forms[0].mods1.options.length; i++) { document.forms[0].mods1.options[i].selected = true; } for(i=0; i<document.forms[0].mods2.options.length; i++) { document.forms[0].mods2.options[i].selected = true; } for(i=0; i<document.forms[0].mods3.options.length; i++) { document.forms[0].mods3.options[i].selected = true; } return false'>$text{'user_sall'}</a>&nbsp;\n";
-print "<a href='' onClick='for(i=0; i<document.forms[0].mods1.options.length; i++) { document.forms[0].mods1.options[i].selected = false; } for(i=0; i<document.forms[0].mods2.options.length; i++) { document.forms[0].mods2.options[i].selected = false; } for(i=0; i<document.forms[0].mods3.options.length; i++) { document.forms[0].mods3.options[i].selected = false; } return false'>$text{'user_snone'}</a>&nbsp;\n";
-print "<a href='' onClick='for(i=0; i<document.forms[0].mods1.options.length; i++) { document.forms[0].mods1.options[i].selected = !document.forms[0].mods1.options[i].selected; } for(i=0; i<document.forms[0].mods2.options.length; i++) { document.forms[0].mods2.options[i].selected = !document.forms[0].mods2.options[i].selected; } for(i=0; i<document.forms[0].mods3.options.length; i++) { document.forms[0].mods3.options[i].selected = !document.forms[0].mods3.options[i].selected; } return false'>$text{'user_sinvert'}</a><br>\n";
+print "<button class='btn btn-tiny' type='button' onClick='for(i=0; i<this.form.mods1.options.length; i++) { this.form.mods1.options[i].selected = true; } for(i=0; i<this.form.mods2.options.length; i++) { this.form.mods2.options[i].selected = true; } for(i=0; i<this.form.mods3.options.length; i++) { this.form.mods3.options[i].selected = true; } return false'>$text{'user_sall'}</button>\n";
+print "<button class='btn btn-tiny' type='button' onClick='for(i=0; i<this.form.mods1.options.length; i++) { this.form.mods1.options[i].selected = false; } for(i=0; i<this.form.mods2.options.length; i++) { this.form.mods2.options[i].selected = false; } for(i=0; i<this.form.mods3.options.length; i++) { this.form.mods3.options[i].selected = false; } return false'>$text{'user_snone'}</button>\n";
+print "<button class='btn btn-tiny' type='button' onClick='for(i=0; i<this.form.mods1.options.length; i++) { this.form.mods1.options[i].selected = !this.form.mods1.options[i].selected; } for(i=0; i<this.form.mods2.options.length; i++) { this.form.mods2.options[i].selected = !this.form.mods2.options[i].selected; } for(i=0; i<this.form.mods3.options.length; i++) { this.form.mods3.options[i].selected = !this.form.mods3.options[i].selected; } return false'>$text{'user_sinvert'}</a><br>\n";
 
 print "</td> </tr>\n";
 
-&create_on_input($text{'group_servers'}, 0, 1);
+&create_on_input($text{'group_servers'}, 0, 1, undef, 3);
 
-print "</table></td></tr></table><br>\n";
+print "</table></td></tr></table><p></p><p></p>\n";
 print "<input type=submit value='$text{'create'}'></form>\n";
 
 &ui_print_footer("", $text{'index_return'});

cluster-webmin/index.cgi

@@ -87,7 +87,7 @@ foreach $u (@wgroups) {
 	}
 $groupsel .= "</select>\n";
 
-print "<table width=100%><tr>\n";
+print "<table data-post-icon-row-submit width=100%><tr>\n";
 @addservers = grep { !$gothost{$_->{'id'}} } @servers;
 if (@addservers) {
 	print "<td><form action=add.cgi>\n";

cluster-webmin/sync_form.cgi

@@ -8,7 +8,7 @@ require './cluster-webmin-lib.pl';
 
 print "$text{'sync_desc'}<p>\n";
 print "<form action=sync.cgi>\n";
-print "<table>\n";
+print "<table width='100%'>\n";
 
 print "<tr> <td valign=top><b>$text{'sync_hosts'}</b></td> <td>\n";
 &create_on_input(undef, 1, 1, 1);
@@ -44,7 +44,7 @@ print "<tr> <td><b>$text{'sync_test'}</b></td>\n";
 print "<td><input type=radio name=test value=1> $text{'yes'}\n";
 print "<input type=radio name=test value=0 checked> $text{'no'}</td> </tr>\n";
 
-print "</table>\n";
+print "</table><p></p><p></p>\n";
 print "<input type=submit value='$text{'sync_ok'}'></form>\n";
 
 &ui_print_footer("", $text{'index_return'});

cluster-webmin/user_form.cgi

@@ -27,12 +27,12 @@ foreach $g (@wgroups) {
 print "</select></td> </tr>\n";
 
 print "<tr> <td><b>$text{'user_pass'}</b></td> <td colspan=3>\n";
-print "<select name=pass_def>\n";
+print "<select class='ui_select margined-bottom-1' name=pass_def>\n";
 print "<option value=0 selected>$text{'user_set'} ..</option>\n";
 print "<option value=3>$text{'user_unix'}</option>\n";
 print "<option value=4>$text{'user_lock'}</option>\n";
 print "<option value=5>$text{'user_extauth'}</option>\n";
-print "</select><input type=password name=pass size=25></td> </tr>\n";
+print "</select>&nbsp;<input type=password name=pass size=25></td> </tr>\n";
 
 print "<tr> <td><b>$text{'user_lang'}</b></td> <td>\n";
 print "<select name=lang>\n";
@@ -81,15 +81,15 @@ for($i=$mp*2; $i<@mods; $i++) {
 print "</select>\n";
 
 print "<br>\n";
-print "<a href='' onClick='for(i=0; i<document.forms[0].mods1.options.length; i++) { document.forms[0].mods1.options[i].selected = true; } for(i=0; i<document.forms[0].mods2.options.length; i++) { document.forms[0].mods2.options[i].selected = true; } for(i=0; i<document.forms[0].mods3.options.length; i++) { document.forms[0].mods3.options[i].selected = true; } return false'>$text{'user_sall'}</a>&nbsp;\n";
-print "<a href='' onClick='for(i=0; i<document.forms[0].mods1.options.length; i++) { document.forms[0].mods1.options[i].selected = false; } for(i=0; i<document.forms[0].mods2.options.length; i++) { document.forms[0].mods2.options[i].selected = false; } for(i=0; i<document.forms[0].mods3.options.length; i++) { document.forms[0].mods3.options[i].selected = false; } return false'>$text{'user_snone'}</a>&nbsp;\n";
-print "<a href='' onClick='for(i=0; i<document.forms[0].mods1.options.length; i++) { document.forms[0].mods1.options[i].selected = !document.forms[0].mods1.options[i].selected; } for(i=0; i<document.forms[0].mods2.options.length; i++) { document.forms[0].mods2.options[i].selected = !document.forms[0].mods2.options[i].selected; } for(i=0; i<document.forms[0].mods3.options.length; i++) { document.forms[0].mods3.options[i].selected = !document.forms[0].mods3.options[i].selected; } return false'>$text{'user_sinvert'}</a><br>\n";
+print "<button class='btn btn-tiny' type='button' onClick='for(i=0; i<this.form.mods1.options.length; i++) { this.form.mods1.options[i].selected = true; } for(i=0; i<this.form.mods2.options.length; i++) { this.form.mods2.options[i].selected = true; } for(i=0; i<this.form.mods3.options.length; i++) { this.form.mods3.options[i].selected = true; } return false'>$text{'user_sall'}</button>\n";
+print "<button class='btn btn-tiny' type='button' onClick='for(i=0; i<this.form.mods1.options.length; i++) { this.form.mods1.options[i].selected = false; } for(i=0; i<this.form.mods2.options.length; i++) { this.form.mods2.options[i].selected = false; } for(i=0; i<this.form.mods3.options.length; i++) { this.form.mods3.options[i].selected = false; } return false'>$text{'user_snone'}</button>\n";
+print "<button class='btn btn-tiny' type='button' onClick='for(i=0; i<this.form.mods1.options.length; i++) { this.form.mods1.options[i].selected = !this.form.mods1.options[i].selected; } for(i=0; i<this.form.mods2.options.length; i++) { this.form.mods2.options[i].selected = !this.form.mods2.options[i].selected; } for(i=0; i<this.form.mods3.options.length; i++) { this.form.mods3.options[i].selected = !this.form.mods3.options[i].selected; } return false'>$text{'user_sinvert'}</button><br>\n";
 
 print "</td> </tr>\n";
 
-&create_on_input($text{'user_servers'}, 0, 1);
+&create_on_input($text{'user_servers'}, 0, 1, undef, 3);
 
-print "</table></td></tr></table><br>\n";
+print "</table></td></tr></table><p></p><p></p>\n";
 print "<input type=submit value='$text{'create'}'></form>\n";
 
 &ui_print_footer("", $text{'index_return'});

compare_lang.sh

@@ -0,0 +1,47 @@
+#!/bin/bash
+#
+# compare_lang.sh
+# quick and dirty script to find missing lang strings in webmin lang files
+#
+# (c) https://github.com/gnadelwartz, 2020
+#
+# DISPLAY mising strings from one langfile:
+#
+# ./compare_lang.sh module/lang/xx 
+#
+# UPDATE one langfile of a module with missing strings:
+#
+# ./compare_lang.sh module/lang/xx >>module/lang/xx
+#
+# UPDATE one langfile in ALL modules with missing strings:
+#
+# for FILE in webmin/*/lang/xx; do
+#	./compare_lang.sh $FILE >>$FILE
+# done
+
+
+
+# $1 = lang file to check for missing strings against en
+
+ENGLISH="$(dirname "$1")/en"
+
+if [ "$1" == "" -o ! -f "$1" ]
+then
+	echo "file does not exist or no file given ..."
+	echo "usage: $0 file"
+	exit 1
+fi
+
+while read message
+do
+	# skip empty lines
+	[ "$message" == "" ] && continue
+	# skip comments, __noref and log_* messsages
+	if [[ "$message" == "#"* ]] || [[ "$message" == "__norefs"* ]] || [[ "$message" == "log_"* ]]; then
+		echo "skip $message" 1>&2
+		continue
+	fi
+	# output missing lines
+	key="${message%%=*}"; [ "$key" == "$message" ] && continue
+	grep -e "^${key}=" "$1" >/dev/null || echo "${message}"
+done < "${ENGLISH}"

config.cgi

@@ -8,11 +8,12 @@ require './config-lib.pl';
 &init_config();
 &ReadParse();
 $m = $in{'module'} || $ARGV[0];
+%module_info = &get_module_info($m);
+%module_info || &error($text{'config_emodule'});
 &foreign_available($m) || &error($text{'config_eaccess'});
 %access = &get_module_acl(undef, $m);
 $access{'noconfig'} &&
 	&error($text{'config_ecannot'});
-%module_info = &get_module_info($m);
 if (-r &help_file($m, "config_intro")) {
 	$help = [ "config_intro", $m ];
 	}

config_save.cgi

@@ -9,6 +9,8 @@ require './config-lib.pl';
 &ReadParse();
 $m = $in{'module'};
 &error_setup($text{'config_err'});
+%module_info = &get_module_info($m);
+%module_info || &error($text{'config_emodule'});
 &foreign_available($m) || &error($text{'config_eaccess'});
 %access = &get_module_acl(undef, $m);
 $access{'noconfig'} && &error($text{'config_ecannot'});

cpan/module.info

@@ -1,4 +1,3 @@
-risk=high
 desc=Perl Modules
 name=CPAN
 longdesc=Install new Perl modules on your system, and view those already installed.

cron/config.info

@@ -2,7 +2,7 @@ line1=Configurable options,11
 max_len=Maximum command length to display,3,Unlimited
 max_jobs=Maximum Cron jobs to show,3,Unlimited
 show_time=Show job schedules?,1,1-Yes,0-No
-show_comment=Show job comments?,1,1-Yes,0-No
+show_comment=Show job description?,1,1-Yes,0-No
 show_run=Display running status of jobs?,1,2-Yes, and allow starting and stopping,1-Yes,0-No
 show_next=Show next time each job will run?,1,1-Yes,0-No
 match_mode=Find job processes by,1,1-Command only,0-Command and arguments

cron/lang/de

@@ -175,3 +175,8 @@ when_interval=jede $1 Sekunde
 when_min=jede Minute
 when_month=jeden $3. eines jeden Monates um $2:$1
 when_weekday=jeden $3 um $2:$1
+index_next=Nächte Ausfürung
+index_nunknown=Unbekannt
+edit_next=Zeit der nächten Ausfürung
+when_boot=beim Systemstart
+ucwhen_boot=Beim Systemstart

cron/module.info

@@ -3,6 +3,5 @@ category=system
 os_support=solaris *-linux hpux freebsd osf1 irix unixware openserver macos openbsd aix netbsd windows 
 depends=proc
 readonly=1
-risk=low medium high
 desc=Scheduled Cron Jobs
 longdesc=Create, edit and delete Cron jobs.

cron/safeacl

@@ -0,0 +1,8 @@
+mode=3
+allow=0
+command=1
+create=1
+delete=1
+move=1
+kill=1
+hourly=0

custom/lang/de

@@ -164,3 +164,4 @@ view_efile=Schreiben von $1 fehlgeschlagen : $2
 view_err=Fehler beim Bearbeiten der Datei
 view_header=Editiere Datei $1
 view_title=Datei bearbeiten
+run_failed=Befehl mit Fehercode $1 fehlgeschlagen

custom/module.info

@@ -1,4 +1,3 @@
-risk=medium high
 name=Custom
 desc=Custom Commands
 depends=proc

dfsadmin/low.risk

@@ -1 +0,0 @@
-noconfig=1

dfsadmin/medium.risk

@@ -1 +0,0 @@
-noconfig=1

dfsadmin/module.info

@@ -1,4 +1,3 @@
-risk=low medium high
 name=DFSadmin
 category=net
 os_support=solaris unixware

dhcpd/edit_iface.cgi

@@ -95,7 +95,7 @@ my $val;
 if (&foreign_check("net")) {
 	%got = map { $_, 1 } split(/\s+/, $iface);
 	&foreign_require("net", "net-lib.pl");
-	@ifaces = grep { $_->{'virtual'} eq '' } &net::active_interfaces();
+	@ifaces = &net::active_interfaces();
 	$sz = scalar(@ifaces);
     my @iface_sel;
 	foreach $i (@ifaces) {

dhcpd/module.info

@@ -1,4 +1,3 @@
-risk=low medium high
 name=DHCPD
 category=servers
 os_support=debian-linux freebsd osf1 redhat-linux mandrake-linux slackware-linux solaris suse-linux united-linux unixware openserver open-linux turbo-linux openbsd corel-linux cobalt-linux irix netbsd msc-linux generic-linux gentoo-linux hpux trustix-linux macos sol-linux coherent-linux openmamba-linux pardus-linux

dnsadmin/module.info

@@ -1,4 +1,3 @@
-risk=low medium high
 name=DNSadmin
 category=servers
 os_support=slackware-linux{-r "/etc/named.boot"} coherent-linux{-r "/etc/named.boot"} redhat-linux{-r "/etc/named.boot"} mandrake-linux{-r "/etc/named.boot"} solaris{-r "/etc/named.boot"} debian-linux{-r "/etc/named.boot" || -r "/etc/bind/named.boot"} suse-linux{-r "/etc/named.boot"} united-linux{-r "/etc/named.boot"} hpux{-r "/etc/named.boot" || -x "/usr/sbin/named"} freebsd{-r "/etc/named.boot" || -r "/etc/namedb/named.boot"} osf1{-r "/etc/named.boot" || -r "/etc/namedb/named.boot"} irix unixware{-r "/etc/named.boot"} openserver{-r "/etc/named.boot"} turbo-linux{-r "/etc/named.boot"} openbsd{-r "/etc/named.boot" || -r "/var/named/named.boot"} aix{-r "/etc/named.boot"} cobalt-linux/2.2{-r "/etc/named.boot"} cobalt-linux/4.0{-r "/etc/named.boot"} aix{-r "/etc/named.boot"} msc-linux{-r "/etc/named.boot"} openmamba-linux{-r "/etc/named.boot"}

exports-nfs4/low.risk

@@ -1 +0,0 @@
-noconfig=1

exports-nfs4/medium.risk

@@ -1 +0,0 @@
-noconfig=1

exports-nfs4/module.info

@@ -1,4 +1,3 @@
-risk=low medium high
 longdesc=Edit NFS v4 file shares defined in /etc/exports.
 name=Export Manager
 category=net

exports/low.risk

@@ -1 +0,0 @@
-noconfig=1

exports/medium.risk

@@ -1 +0,0 @@
-noconfig=1

exports/module.info

@@ -1,4 +1,3 @@
-risk=low medium high
 longdesc=Edit NFS file shares defined in /etc/exports.
 name=Export Manager
 category=net

fail2ban/lang/de

@@ -159,3 +159,4 @@ restart_err=Fehlgeschlagen Server neu zu starten
 start_err=Fehlgeschlagen Server zu starten
 stop_err=Fehlgeschlagen Server zu stoppen
 syslog_logtarget=Fail2Ban Aktion Log
+index_ver=Version $1

fail2ban/save_jail.cgi

@@ -88,7 +88,7 @@ else {
 
 	# Validate various counters
 	foreach my $f ("maxretry", "findtime", "bantime") {
-		$in{$f.'_def'} || $in{$f} =~ /^\-?\d+$/ ||
+		$in{$f.'_def'} || $in{$f} =~ /^\-?\d+(\.\d+)?[mhdwy]?$/ ||
 			&error($text{'jail_e'.$f});
 		}
 

fail2ban/save_jaildef.cgi

@@ -15,7 +15,7 @@ $jail || &error($text{'jaildef_egone'});
 
 # Validate inputs
 foreach my $f ("maxretry", "findtime", "bantime") {
-	$in{$f.'_def'} || $in{$f} =~ /^\-?\d+$/ ||
+	$in{$f.'_def'} || $in{$f} =~ /^\-?\d+(\.\d+)?[mhdwy]?$/ ||
 		&error($text{'jail_e'.$f});
 	}
 $in{'destemail_def'} || $in{'destemail'} =~ /^\S+(\@\S+)?$/ ||

fdisk/fdisk-lib.pl

@@ -249,7 +249,8 @@ else {
 	open(FDISK, "fdisk -l -u=cylinders $devs 2>/dev/null || fdisk -l $devs 2>/dev/null |");
 	}
 while(<FDISK>) {
-	if (/Disk\s+([^ :]+):\s+(\d+)\s+\S+\s+(\d+)\s+\S+\s+(\d+)/ ||
+	if (($m4 = ($_ =~ /Disk\s+([^ :]+):\s+(\d+)\s+(\S+),\s+(\d+)\s+bytes,\s+(\d+)\s+sectors/)) ||
+	    ($m1 = ($_ =~ /Disk\s+([^ :]+):\s+(\d+)\s+\S+\s+(\d+)\s+\S+\s+(\d+)/)) ||
 	    ($m2 = ($_ =~ /Disk\s+([^ :]+):\s+(.*)\s+bytes/)) ||
 	    ($m3 = ($_ =~ /Disk\s+([^ :]+):\s+([0-9\.]+)cyl/))) {
 		# New disk section
@@ -261,6 +262,7 @@ while(<FDISK>) {
 			}
 		elsif ($m2) {
 			# New style fdisk
+			# Disk /dev/sda: 85.8 GB, 85899345920 bytes
 			$disk = { 'device' => $1,
 				  'prefix' => $1,
 				  'table' => 'msdos', };
@@ -269,6 +271,14 @@ while(<FDISK>) {
 			$disk->{'sectors'} = $2;
 			$disk->{'cylinders'} = $3;
 			}
+		elsif ($m4) {
+			# Even newer disk (sectors/etc come later)
+			# Disk /dev/sda: 10 GiB, 10737418240 bytes, 20971520 sectors
+			$disk = { 'device' => $1,
+				  'prefix' => $1,
+				  'size' => $4,
+				  'table' => 'msdos', };
+			}
 		else {
 			# Old style fdisk
 			$disk = { 'device' => $1,
@@ -432,7 +442,14 @@ while(<FDISK>) {
 
 		push(@disks, $disk);
 		}
-	elsif (/^Units\s+=\s+cylinders\s+of\s+(\d+)\s+\*\s+(\d+)/) {
+	elsif (/Geometry:\s+(\d+)\s+heads,\s+(\d+)\s+sectors\/track,\s+(\d+)\s+cylinders/) {
+		# Separate geometry line
+		# Geometry: 255 heads, 63 sectors/track, 1305 cylinders
+		$disk->{'heads'} = $1;
+		$disk->{'sectors'} = $2;
+		$disk->{'cylinders'} = $3;
+		}
+	elsif (/^Units\s*[=:]\s+cylinders\s+of\s+(\d+)\s+\*\s+(\d+)/) {
 		# Unit size for disk from fdisk
 		$disk->{'bytes'} = $2;
 		$disk->{'cylsize'} = $disk->{'heads'} * $disk->{'sectors'} *
@@ -450,8 +467,25 @@ while(<FDISK>) {
 						        $disk->{'sectors'};
 		$disk->{'size'} = $disk->{'cylinders'} * $disk->{'cylsize'};
 		}
+	elsif (/(\/dev\/\S+?(\d+))[ \t*]+(\d+)\s+(\d+)\s+(\d+)\s+(\S+)\s+(\S{1,2})\s+(.*)/) {
+		# Partition within the current disk from fdisk (msdos format)
+		# /dev/sda1 * 1 1306 1306 10G 83 Linux
+		local $part = { 'number' => $2,
+				'device' => $1,
+				'type' => $7,
+				'start' => $3,
+				'end' => $4,
+				'extended' => $7 eq '5' || $6 eq 'f' ? 1 : 0,
+				'index' => scalar(@{$disk->{'parts'}}),
+			 	'edittype' => 1, };
+		$part->{'desc'} = &partition_description($part->{'device'});
+		$part->{'size'} = ($part->{'end'} - $part->{'start'} + 1) *
+				  $disk->{'cylsize'};
+		push(@{$disk->{'parts'}}, $part);
+		}
 	elsif (/(\/dev\/\S+?(\d+))[ \t*]+\d+\s+(\d+)\s+(\d+)\s+(\S+)\s+(\S{1,2})\s+(.*)/ || /(\/dev\/\S+?(\d+))[ \t*]+(\d+)\s+(\d+)\s+(\S+)\s+(\S{1,2})\s+(.*)/) {
 		# Partition within the current disk from fdisk (msdos format)
+		# /dev/sda1 * 1 9327 74919096 83 Linux
 		local $part = { 'number' => $2,
 				'device' => $1,
 				'type' => $6,

fdisk/lang/de

@@ -277,3 +277,4 @@ tunefs_u=Reservierter Benutzer
 tunefs_weeks=Wochen
 xfs_b=Blockgröße
 xfs_force=Erzwinge Dateisystemerzeugung (XFS)
+index_relabeldesc2=Erzeugt eine neue leere Partitionstabelle auf der Festplatte, damit Patritionen angelegt werden können.

fdisk/module.info

@@ -1,4 +1,3 @@
-risk=high
 name=Partition Manager
 category=hardware
 os_support=*-linux

file/getattrs.cgi

@@ -10,7 +10,7 @@ if (!&can_access($in{'file'})) {
 	print $text{'facl_eaccess'},"\n";
 	}
 else {
-	$out = `attr -l '$in{'file'}' 2>&1`;
+	$out = &backquote_command("attr -l ".quotemeta($in{'file'})." 2>&1");
 	if ($?) {
 		print $out,"\n";
 		}
@@ -19,7 +19,9 @@ else {
 			if ($l =~ /Attribute\s+"(.*)"/i) {
 				# Get the valid for this attribute
 				local $name = $1;
-				$got = `attr -g '$name' '$in{'file'}' 2>&1`;
+				$got = &backquote_command(
+					"attr -g ".quotemeta($name)." ".
+					quotemeta($in{'file'})." 2>&1");
 				if ($? || $got !~ /^(.*)\n([\0-\377]*)\n$/) {
 					print $got,"\n";
 					exit;

file/getext.cgi

@@ -10,7 +10,7 @@ if (!&can_access($in{'file'})) {
 	print $text{'facl_eaccess'},"\n";
 	}
 else {
-	$out = `lsattr -d '$in{'file'}' 2>&1`;
+	$out = &backquote_command("lsattr -d ".quotemeta($in{'file'})." 2>&1");
 	$out =~ s/^lsattr.*\n//;
 	if ($? || $out !~ /^(\S+)\s/) {
 		print $out,"\n";

file/module.info

@@ -1,4 +1,3 @@
-risk=high
 name=FileManager
 desc=Java File Manager
 longdesc=View, edit and change permissions on files and directories on your system with a Windows-like file manager.

filemin/acl_security.pl

@@ -60,3 +60,7 @@ sub acl_security_save {
     }
     $access->{'max'} = $in->{'max_def'} ? undef : $in{'max'};
 }
+
+sub acl_security_noconfig {
+    return 1;
+}

filemin/filemin-lib.pl

@@ -75,8 +75,12 @@ sub get_paths {
         }
     }
     @allowed_paths = map { &simplify_path($_) } &unique(@allowed_paths);
-    $path = $in{'path'} || '';
-    $html_escaped_path = html_escape($path);
+    if ($in{'path'} =~ /^%2F/) {
+        $path = un_urlize($in{'path'}, 1) || '';
+    } else {
+        $path = $in{'path'} || '';
+    }
+    $quote_escaped_path = quote_escape($path);
     $urlized_path = urlize($path);
     
     $cwd = &simplify_path($base.$path);
@@ -224,7 +228,7 @@ sub print_interface {
         for(my $i = 1; $i <= scalar(@breadcr)-1; $i++) {
             chomp($breadcr[$i]);
             $cp = $cp.'/'.$breadcr[$i];
-            print "<a href='index.cgi?path=$cp'>".
+            print "<a href='index.cgi?path=".&urlize($cp)."'>".
                   &html_escape($breadcr[$i])."</a> / ";
         }
         print "<br />";
@@ -299,7 +303,7 @@ sub print_interface {
         $vlink = html_escape($link);
         $vlink = quote_escape($vlink);
         $vlink = decode('UTF-8', $vlink, Encode::FB_DEFAULT);
-	my $hlink = html_escape($vlink);
+        my $hlink = html_escape($vlink);
         $vpath = quote_escape($vpath);
         $vpath = decode('UTF-8', $vpath, Encode::FB_DEFAULT);
 
@@ -381,7 +385,7 @@ sub print_interface {
         print &ui_checked_columns_row(\@row_data, "", "name", $vlink);
     }
     print ui_columns_end();
-    print &ui_hidden("path", $urlized_path),"\n";
+    print &ui_hidden("path", $path),"\n";
     print &ui_form_end();
 }
 

filemin/lang/de

@@ -154,3 +154,9 @@ upload_files=Dateien hochladen
 uploading=Hochladen, bitte warten ...
 user_name=Benutzername
 warning_title=Warnung!!!
+chcon_selected=Chcon ausgewählt
+chattr_selected=Chattr ausgewählt
+selinux=Sicherheits Kontext
+context_label=Kontext anwenden
+context_label_error=Sicherheitskontext darf nicht leer sein
+context_label_error_proc=änderung des Sicherheitskontexts fehlgeschlagen

filemin/safeacl

@@ -0,0 +1,3 @@
+allowed_paths=$HOME
+work_as_root=0
+work_as_user=0

filemin/save_file.cgi

@@ -16,7 +16,8 @@ $data =~ s/\r\n/\n/g;
 if ( $in{'encoding'} && lc( $in{'encoding'} ) ne "utf-8" ) {
     eval { $data = Encode::encode( $in{'encoding'}, Encode::decode( 'utf-8', $data ) ) };
 }
-&open_tempfile(SAVE, ">$file") || &error("$text{'error_saving_file'} : $!");
+&open_tempfile(SAVE, ">$file") ||
+	&error($text{'error_saving_file'}." : ".&html_escape("$!"));
 &print_tempfile(SAVE, $data);
 &close_tempfile(SAVE);
 

filemin/unauthenticated/css/style.css

@@ -6,7 +6,6 @@ body
   clear: both;
 }
 #listing {
-  //border: solid 1px;
   border-collapse: collapse;
   width: 100%;
 }
@@ -17,9 +16,7 @@ body
   font-weight: bold;
   background: #ddd;
 }
-#list_form tr:hover {
-//  background: #bbb;
-}
+
 #list_form tr.checked {
   background: #bfb;
 }
@@ -137,8 +134,8 @@ a:hover {
  cursor:pointer;
 }
 /* by https://github.com/rostovtsev */
-#list_form tbody tr.checked:hover,
-#list_form tbody tr:hover {
+#list_form tbody tr.checked:not(.m-active-o):not(.m-not-active):hover,
+#list_form tbody tr:hover:not(.m-active-o):not(.m-not-active) {
     background: #d3e4f4 !important;
 }