Page 4 of 12

Re: Vesta Automatic App Installer [Version 1.0.2]

Posted: Sun Aug 23, 2015 9:28 am
by mephivio
thanks : it works again !
Do you expect to release version 1.0.2 soon ?
thanks again for your great job

.J.

Re: Vesta Automatic App Installer [Version 1.0.2]

Posted: Sun Aug 23, 2015 10:07 am
by joem
mephivio wrote:thanks : it works again !
Do you expect to release version 1.0.2 soon ?
thanks again for your great job

.J.

I hope to later tonight.

Re: Vesta Automatic App Installer [Version 1.0.2]

Posted: Tue Aug 25, 2015 11:53 pm
by strato
First, I want to say thanks for the work you put into this installer. I just recently setup VestaCP and I am looking to migrate the few clients I have over from Interworx. I used simple scripts over on that CP so I was a little disappointed when I found out VestaCP did not support any major script installers. After some research I found yours and started to give it a try.

The issue I am running into is when I try to install wordpress or joomla (only 2 I have tried) I get an error saying the database is not valid "ERROR: Error: db_user cloudcan_t8cE1dl6cb is not valid" After several tries I have noticed that the _t8cE1dl6cb changes every time you try again so even if I wanted to go back and create cloudcan_t8cE1dl6cb in VestaCP the next one would fail

Any ideas?

Re: Vesta Automatic App Installer [Version 1.0.2]

Posted: Wed Aug 26, 2015 12:18 pm
by joem
strato wrote:First, I want to say thanks for the work you put into this installer. I just recently setup VestaCP and I am looking to migrate the few clients I have over from Interworx. I used simple scripts over on that CP so I was a little disappointed when I found out VestaCP did not support any major script installers. After some research I found yours and started to give it a try.

The issue I am running into is when I try to install wordpress or joomla (only 2 I have tried) I get an error saying the database is not valid "ERROR: Error: db_user cloudcan_t8cE1dl6cb is not valid" After several tries I have noticed that the _t8cE1dl6cb changes every time you try again so even if I wanted to go back and create cloudcan_t8cE1dl6cb in VestaCP the next one would fail

Any ideas?
Database name cannot be longer than 16 characters, I have fixed this issues in the new version 1.0.2. In the mean time you can shorten the username down to "cloud".

Re: Vesta Automatic App Installer [Version 1.0.2]

Posted: Wed Aug 26, 2015 2:12 pm
by strato
I believe I have 1.0.2 installed, I followed this guide viewtopic.php?f=19&t=8523

I can shorten the name, just want to make sure I am on the same page as you

Another question I have, I have noticed when I try to install an app, if there is any data in public_html I get the error public_html/ MUST BE EMPTY. As I understand this could be an issue due to someone not understanding how things work could over write a site already there, it forces people to either install at /somename or ftp to their site and delete files there.

I am testing my setup with whmcs integration sending commands to create a user and website. When it does all it installs is 2 files, a robot.txt and an home html file.

Personally it would make it alot easier if your app installer could detect basic default files and overwrite on install to / If it detects more than the default files it would fail the installation.

Re: Vesta Automatic App Installer [Version 1.0.2]

Posted: Thu Aug 27, 2015 2:12 pm
by joem
strato wrote:I believe I have 1.0.2 installed, I followed this guide viewtopic.php?f=19&t=8523

I can shorten the name, just want to make sure I am on the same page as you

Another question I have, I have noticed when I try to install an app, if there is any data in public_html I get the error public_html/ MUST BE EMPTY. As I understand this could be an issue due to someone not understanding how things work could over write a site already there, it forces people to either install at /somename or ftp to their site and delete files there.

I am testing my setup with whmcs integration sending commands to create a user and website. When it does all it installs is 2 files, a robot.txt and an home html file.

Personally it would make it alot easier if your app installer could detect basic default files and overwrite on install to / If it detects more than the default files it would fail the installation.

You cant be using 1.0.2 because I have not released it yet. Sorry to confuse you I updated the topic title to soon. I will add a feature to remove the default files in this release. As for removing all files in the folder as you stated its a huge risk to users who are not sure how the web app installer works.

Re: Vesta Automatic App Installer [Version 1.0.2]

Posted: Mon Aug 31, 2015 6:46 am
by mephivio
hi Joem,

When can we expect your new release ?
i guess that's a high work but if you can refresh this post thanks

JP

Re: Vesta Automatic App Installer [Version 1.0.2]

Posted: Mon Aug 31, 2015 7:41 am
by joem
mephivio wrote:hi Joem,

When can we expect your new release ?
i guess that's a high work but if you can refresh this post thanks

JP
Adding the last app now should be in the next few days.

Re: Vesta Automatic App Installer [Version 1.0.1]

Posted: Tue Sep 08, 2015 2:04 pm
by ykpon
By default, the script has a vulnerability that allows to install scripts in the foreign domain, knowing a user name and domain, respectively.
For fix that need in file:
/usr/local/vesta/web/app-installer/index.php
after:

Code: Select all

if(substr($_POST['cdn_instdir'],0, 1) != "/") :
      $_SESSION['error_msg'] .= "INSTALL DIRECTORY MUST START WITH /.#";
    endif;
add:

Code: Select all

if(stristr($_POST['cdn_instdir'], '..')!==FALSE) :
	  $_SESSION['error_msg'] .= "INCORRECT DIRECTORY";
	endif;

Re: Vesta Automatic App Installer [Version 1.0.1]

Posted: Wed Sep 09, 2015 2:31 am
by joem
ykpon wrote:By default, the script has a vulnerability that allows to install scripts in the foreign domain, knowing a user name and domain, respectively.
For fix that need in file:

Nice find, I will add this to the new release thanks.