Initial

web/download/backup/index.php

@@ -0,0 +1,44 @@
+<?php
+use function Hestiacp\quoteshellarg\quoteshellarg;
+
+ob_start();
+include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
+
+// Check token
+verify_csrf($_GET);
+
+$backup = $_GET["backup"];
+
+if (!file_exists("/backup/" . $backup)) {
+	$backup = quoteshellarg($_GET["backup"]);
+	exec(
+		HESTIA_CMD . "v-schedule-user-backup-download " . $user . " " . $backup,
+		$output,
+		$return_var,
+	);
+	if ($return_var == 0) {
+		$_SESSION["error_msg"] = _("Download of remote backup file has been scheduled.");
+	} else {
+		$_SESSION["error_msg"] = implode("<br>", $output);
+		if (empty($_SESSION["error_msg"])) {
+			$_SESSION["error_msg"] = _("Error: Hestia did not return any output.");
+		}
+	}
+	unset($output);
+	header("Location: /list/backup/");
+	exit();
+} else {
+	if ($_SESSION["userContext"] === "admin") {
+		header("Content-type: application/gzip");
+		header("Content-Disposition: attachment; filename=\"" . $backup . "\";");
+		header("X-Accel-Redirect: /backup/" . $backup);
+	}
+
+	if (!empty($_SESSION["user"]) && $_SESSION["userContext"] != "admin") {
+		if (strpos($backup, $_SESSION["user"] . ".") === 0) {
+			header("Content-type: application/gzip");
+			header("Content-Disposition: attachment; filename=\"" . $backup . "\";");
+			header("X-Accel-Redirect: /backup/" . $backup);
+		}
+	}
+}

web/download/database/index.php

@@ -0,0 +1,18 @@
+<?php
+use function Hestiacp\quoteshellarg\quoteshellarg;
+
+ob_start();
+include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
+
+// Check token
+verify_csrf($_GET);
+
+$database = quoteshellarg($_GET["database"]);
+
+exec(HESTIA_CMD . "v-dump-database " . $user . " " . $database . " file", $output, $return_var);
+
+if ($return_var == 0) {
+	header("Content-type: application/sql");
+	header("Content-Disposition: attachment; filename=" . $output[0]);
+	header("X-Accel-Redirect: " . $output[1]);
+}

web/download/site/index.php

@@ -0,0 +1,18 @@
+<?php
+use function Hestiacp\quoteshellarg\quoteshellarg;
+
+ob_start();
+include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
+
+// Check token
+verify_csrf($_GET);
+
+$site = quoteshellarg($_GET["site"]);
+
+exec(HESTIA_CMD . "v-dump-site " . $user . " " . $site . " full", $output, $return_var);
+
+if ($return_var == 0) {
+	header("Content-type: application/zip");
+	header("Content-Disposition: attachment; filename=" . $output[0]);
+	header("X-Accel-Redirect: " . $output[1]);
+}

web/download/web-log/index.php

@@ -0,0 +1,42 @@
+<?php
+use function Hestiacp\quoteshellarg\quoteshellarg;
+
+include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";
+
+// Check token
+verify_csrf($_GET);
+
+if ($_GET["type"] == "access") {
+	$type = "access";
+}
+if ($_GET["type"] == "error") {
+	$type = "error";
+}
+
+header("Cache-Control: public");
+header("Content-Description: File Transfer");
+header("Content-Disposition: attachment; filename=" . $_GET["domain"] . "." . $type . "-log.txt");
+header("Content-Type: application/octet-stream; ");
+header("Content-Transfer-Encoding: binary");
+
+$v_domain = $_GET["domain"];
+if ($_GET["type"] == "access") {
+	$type = "access";
+}
+if ($_GET["type"] == "error") {
+	$type = "error";
+}
+$cmd = implode(" ", [
+	"/usr/bin/sudo " . quoteshellarg(HESTIA_DIR_BIN . "v-list-web-domain-" . $type . "log"),
+	// $user is already shell-escaped
+	$user,
+	quoteshellarg($v_domain),
+	"5000",
+]);
+
+passthru($cmd, $return_var);
+if ($return_var != 0) {
+	$errstr = "Internal server error: command returned non-zero: {$return_var}: {$cmd}";
+	echo $errstr;
+	throw new Exception($errstr); // make sure it ends up in an errorlog somewhere
+}