1
1
mirror of https://github.com/pterodactyl/panel.git synced 2024-11-21 16:42:29 +01:00

Merge branch '1.0-develop' into develop

This commit is contained in:
Matthew Penner 2024-06-02 14:04:12 -06:00
commit 48eb35e291
No known key found for this signature in database
11 changed files with 73 additions and 26 deletions

View File

@ -3,6 +3,32 @@ This file is a running track of new features and fixes to each version of the pa
This project follows [Semantic Versioning](http://semver.org) guidelines. This project follows [Semantic Versioning](http://semver.org) guidelines.
## v1.11.7
### Added
* Java 21 to Minecraft eggs
### Changed
* Updated Minecraft EULA link
### Fixed
* Fixed backups not ever being marked as completed (#5088)
* Fixed `.7z` files not being detected as a compressed file (#5016)
## v1.11.6
### Changed
* Better node ownership checks for internal backup endpoints
* Improved validation rules on `docker_image` fields to prevent invalid inputs
### Fixed
* Multiple XSS vulnerabilities in the admin area ([GHSA-384w-wffr-x63q](https://github.com/pterodactyl/panel/security/advisories/GHSA-384w-wffr-x63q))
## v1.11.5 ## v1.11.5
### Fixed ### Fixed
* Rust egg using the wrong Docker image, breaking Rust modding frameworks. * Rust egg using the wrong Docker image, breaking Rust modding frameworks.

View File

@ -27,14 +27,14 @@ Stop settling for less. Make game servers a first class citizen on your platform
I would like to extend my sincere thanks to the following sponsors for helping fund Pterodactyl's development. I would like to extend my sincere thanks to the following sponsors for helping fund Pterodactyl's development.
[Interested in becoming a sponsor?](https://github.com/sponsors/matthewpi) [Interested in becoming a sponsor?](https://github.com/sponsors/matthewpi)
| Company | About | | Company | About |
|-----------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |--------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| [**Aussie Server Hosts**](https://aussieserverhosts.com/) | No frills Australian Owned and operated High Performance Server hosting for some of the most demanding games serving Australia and New Zealand. | | [**Aussie Server Hosts**](https://aussieserverhosts.com/) | No frills Australian Owned and operated High Performance Server hosting for some of the most demanding games serving Australia and New Zealand. |
| [**BisectHosting**](https://www.bisecthosting.com/) | BisectHosting provides Minecraft, Valheim and other server hosting services with the highest reliability and lightning fast support since 2012. | | [**BisectHosting**](https://www.bisecthosting.com/) | BisectHosting provides Minecraft, Valheim and other server hosting services with the highest reliability and lightning fast support since 2012. |
| [**MineStrator**](https://minestrator.com/) | Looking for the most highend French hosting company for your minecraft server? More than 24,000 members on our discord trust us. Give us a try! | | [**MineStrator**](https://minestrator.com/) | Looking for the most highend French hosting company for your minecraft server? More than 24,000 members on our discord trust us. Give us a try! |
| [**VibeGAMES**](https://vibegames.net/) | VibeGAMES is a game server provider that specializes in DDOS protection for the games we offer. We have multiple locations in the US, Brazil, France, Germany, Singapore, Australia and South Africa. | | [**HostEZ**](https://hostez.io) | US & EU Rust & Minecraft Hosting. DDoS Protected bare metal, VPS and colocation with low latency, high uptime and maximum availability. EZ! |
| [**HostEZ**](https://hostez.io) | US & EU Rust & Minecraft Hosting. DDoS Protected bare metal, VPS and colocation with low latency, high uptime and maximum availability. EZ! | | [**Blueprint**](https://blueprint.zip/?pterodactyl=true) | Create and install Pterodactyl addons and themes with the growing Blueprint framework - the package-manager for Pterodactyl. Use multiple modifications at once without worrying about conflicts and make use of the large extension ecosystem. |
| [**Blueprint**](https://blueprint.zip/?pterodactyl=true) | Create and install Pterodactyl addons and themes with the growing Blueprint framework - the package-manager for Pterodactyl. Use multiple modifications at once without worrying about conflicts and make use of the large extension ecosystem. | | [**indifferent broccoli**](https://indifferentbroccoli.com/) | indifferent broccoli is a game server hosting and rental company. With us, you get top-notch computer power for your gaming sessions. We destroy lag, latency, and complexity--letting you focus on the fun stuff. |
### Supported Games ### Supported Games

View File

@ -42,15 +42,22 @@ class BackupRemoteUploadController extends Controller
throw new BadRequestHttpException('A non-empty "size" query parameter must be provided.'); throw new BadRequestHttpException('A non-empty "size" query parameter must be provided.');
} }
/** @var \Pterodactyl\Models\Backup $backup */ /** @var \Pterodactyl\Models\Backup $model */
$backup = Backup::query() $model = Backup::query()
->where('node_id', $node->id)
->where('uuid', $backup) ->where('uuid', $backup)
->firstOrFail(); ->firstOrFail();
// Check that the backup is "owned" by the node making the request. This avoids other nodes
// from messing with backups that they don't own.
/** @var \Pterodactyl\Models\Server $server */
$server = $model->server;
if ($server->node_id !== $node->id) {
throw new HttpForbiddenException('You do not have permission to access that backup.');
}
// Prevent backups that have already been completed from trying to // Prevent backups that have already been completed from trying to
// be uploaded again. // be uploaded again.
if (!is_null($backup->completed_at)) { if (!is_null($model->completed_at)) {
throw new ConflictHttpException('This backup is already in a completed state.'); throw new ConflictHttpException('This backup is already in a completed state.');
} }
@ -61,7 +68,7 @@ class BackupRemoteUploadController extends Controller
} }
// The path where backup will be uploaded to // The path where backup will be uploaded to
$path = sprintf('%s/%s.tar.gz', $backup->server->uuid, $backup->uuid); $path = sprintf('%s/%s.tar.gz', $model->server->uuid, $model->uuid);
// Get the S3 client // Get the S3 client
$client = $adapter->getClient(); $client = $adapter->getClient();
@ -99,7 +106,7 @@ class BackupRemoteUploadController extends Controller
} }
// Set the upload_id on the backup in the database. // Set the upload_id on the backup in the database.
$backup->update(['upload_id' => $params['UploadId']]); $model->update(['upload_id' => $params['UploadId']]);
return new JsonResponse([ return new JsonResponse([
'parts' => $parts, 'parts' => $parts,

View File

@ -11,6 +11,7 @@ use Pterodactyl\Exceptions\DisplayException;
use Pterodactyl\Http\Controllers\Controller; use Pterodactyl\Http\Controllers\Controller;
use Pterodactyl\Extensions\Backups\BackupManager; use Pterodactyl\Extensions\Backups\BackupManager;
use Pterodactyl\Extensions\Filesystem\S3Filesystem; use Pterodactyl\Extensions\Filesystem\S3Filesystem;
use Pterodactyl\Exceptions\Http\HttpForbiddenException;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException; use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
use Pterodactyl\Http\Requests\Api\Remote\ReportBackupCompleteRequest; use Pterodactyl\Http\Requests\Api\Remote\ReportBackupCompleteRequest;
@ -36,10 +37,17 @@ class BackupStatusController extends Controller
/** @var \Pterodactyl\Models\Backup $model */ /** @var \Pterodactyl\Models\Backup $model */
$model = Backup::query() $model = Backup::query()
->where('node_id', $node->id)
->where('uuid', $backup) ->where('uuid', $backup)
->firstOrFail(); ->firstOrFail();
// Check that the backup is "owned" by the node making the request. This avoids other nodes
// from messing with backups that they don't own.
/** @var \Pterodactyl\Models\Server $server */
$server = $model->server;
if ($server->node_id !== $node->id) {
throw new HttpForbiddenException('You do not have permission to access that backup.');
}
if ($model->is_successful) { if ($model->is_successful) {
throw new BadRequestHttpException('Cannot update the status of a backup that is already marked as completed.'); throw new BadRequestHttpException('Cannot update the status of a backup that is already marked as completed.');
} }

View File

@ -4,7 +4,7 @@
"version": "PTDL_v2", "version": "PTDL_v2",
"update_url": null "update_url": null
}, },
"exported_at": "2022-06-17T08:10:44+03:00", "exported_at": "2024-05-07T12:55:57+00:00",
"name": "Bungeecord", "name": "Bungeecord",
"author": "support@pterodactyl.io", "author": "support@pterodactyl.io",
"description": "For a long time, Minecraft server owners have had a dream that encompasses a free, easy, and reliable way to connect multiple Minecraft servers together. BungeeCord is the answer to said dream. Whether you are a small server wishing to string multiple game-modes together, or the owner of the ShotBow Network, BungeeCord is the ideal solution for you. With the help of BungeeCord, you will be able to unlock your community's full potential.", "description": "For a long time, Minecraft server owners have had a dream that encompasses a free, easy, and reliable way to connect multiple Minecraft servers together. BungeeCord is the answer to said dream. Whether you are a small server wishing to string multiple game-modes together, or the owner of the ShotBow Network, BungeeCord is the ideal solution for you. With the help of BungeeCord, you will be able to unlock your community's full potential.",
@ -14,6 +14,7 @@
"pid_limit" "pid_limit"
], ],
"docker_images": { "docker_images": {
"Java 21": "ghcr.io\/pterodactyl\/yolks:java_21",
"Java 17": "ghcr.io\/pterodactyl\/yolks:java_17", "Java 17": "ghcr.io\/pterodactyl\/yolks:java_17",
"Java 16": "ghcr.io\/pterodactyl\/yolks:java_16", "Java 16": "ghcr.io\/pterodactyl\/yolks:java_16",
"Java 11": "ghcr.io\/pterodactyl\/yolks:java_11", "Java 11": "ghcr.io\/pterodactyl\/yolks:java_11",
@ -56,4 +57,4 @@
"field_type": "text" "field_type": "text"
} }
] ]
} }

View File

@ -4,7 +4,7 @@
"version": "PTDL_v2", "version": "PTDL_v2",
"update_url": null "update_url": null
}, },
"exported_at": "2022-11-06T06:33:01-05:00", "exported_at": "2024-05-07T12:55:56+00:00",
"name": "Forge Minecraft", "name": "Forge Minecraft",
"author": "support@pterodactyl.io", "author": "support@pterodactyl.io",
"description": "Minecraft Forge Server. Minecraft Forge is a modding API (Application Programming Interface), which makes it easier to create mods, and also make sure mods are compatible with each other.", "description": "Minecraft Forge Server. Minecraft Forge is a modding API (Application Programming Interface), which makes it easier to create mods, and also make sure mods are compatible with each other.",
@ -14,6 +14,7 @@
"pid_limit" "pid_limit"
], ],
"docker_images": { "docker_images": {
"Java 21": "ghcr.io\/pterodactyl\/yolks:java_21",
"Java 17": "ghcr.io\/pterodactyl\/yolks:java_17", "Java 17": "ghcr.io\/pterodactyl\/yolks:java_17",
"Java 16": "ghcr.io\/pterodactyl\/yolks:java_16", "Java 16": "ghcr.io\/pterodactyl\/yolks:java_16",
"Java 11": "ghcr.io\/pterodactyl\/yolks:java_11", "Java 11": "ghcr.io\/pterodactyl\/yolks:java_11",
@ -76,4 +77,4 @@
"field_type": "text" "field_type": "text"
} }
] ]
} }

View File

@ -4,7 +4,7 @@
"version": "PTDL_v2", "version": "PTDL_v2",
"update_url": null "update_url": null
}, },
"exported_at": "2022-06-17T08:11:30+03:00", "exported_at": "2024-05-07T12:55:55+00:00",
"name": "Paper", "name": "Paper",
"author": "parker@pterodactyl.io", "author": "parker@pterodactyl.io",
"description": "High performance Spigot fork that aims to fix gameplay and mechanics inconsistencies.", "description": "High performance Spigot fork that aims to fix gameplay and mechanics inconsistencies.",
@ -14,6 +14,7 @@
"pid_limit" "pid_limit"
], ],
"docker_images": { "docker_images": {
"Java 21": "ghcr.io\/pterodactyl\/yolks:java_21",
"Java 17": "ghcr.io\/pterodactyl\/yolks:java_17", "Java 17": "ghcr.io\/pterodactyl\/yolks:java_17",
"Java 16": "ghcr.io\/pterodactyl\/yolks:java_16", "Java 16": "ghcr.io\/pterodactyl\/yolks:java_16",
"Java 11": "ghcr.io\/pterodactyl\/yolks:java_11", "Java 11": "ghcr.io\/pterodactyl\/yolks:java_11",
@ -76,4 +77,4 @@
"field_type": "text" "field_type": "text"
} }
] ]
} }

View File

@ -4,7 +4,7 @@
"version": "PTDL_v2", "version": "PTDL_v2",
"update_url": null "update_url": null
}, },
"exported_at": "2022-06-17T08:11:42+03:00", "exported_at": "2024-05-07T12:55:54+00:00",
"name": "Sponge (SpongeVanilla)", "name": "Sponge (SpongeVanilla)",
"author": "support@pterodactyl.io", "author": "support@pterodactyl.io",
"description": "SpongeVanilla is the SpongeAPI implementation for Vanilla Minecraft.", "description": "SpongeVanilla is the SpongeAPI implementation for Vanilla Minecraft.",
@ -14,6 +14,7 @@
"pid_limit" "pid_limit"
], ],
"docker_images": { "docker_images": {
"Java 21": "ghcr.io\/pterodactyl\/yolks:java_21",
"Java 16": "ghcr.io\/pterodactyl\/yolks:java_16", "Java 16": "ghcr.io\/pterodactyl\/yolks:java_16",
"Java 11": "ghcr.io\/pterodactyl\/yolks:java_11", "Java 11": "ghcr.io\/pterodactyl\/yolks:java_11",
"Java 8": "ghcr.io\/pterodactyl\/yolks:java_8" "Java 8": "ghcr.io\/pterodactyl\/yolks:java_8"
@ -55,4 +56,4 @@
"field_type": "text" "field_type": "text"
} }
] ]
} }

View File

@ -4,7 +4,7 @@
"version": "PTDL_v2", "version": "PTDL_v2",
"update_url": null "update_url": null
}, },
"exported_at": "2022-06-17T08:11:58+03:00", "exported_at": "2024-05-07T12:55:58+00:00",
"name": "Vanilla Minecraft", "name": "Vanilla Minecraft",
"author": "support@pterodactyl.io", "author": "support@pterodactyl.io",
"description": "Minecraft is a game about placing blocks and going on adventures. Explore randomly generated worlds and build amazing things from the simplest of homes to the grandest of castles. Play in Creative Mode with unlimited resources or mine deep in Survival Mode, crafting weapons and armor to fend off dangerous mobs. Do all this alone or with friends.", "description": "Minecraft is a game about placing blocks and going on adventures. Explore randomly generated worlds and build amazing things from the simplest of homes to the grandest of castles. Play in Creative Mode with unlimited resources or mine deep in Survival Mode, crafting weapons and armor to fend off dangerous mobs. Do all this alone or with friends.",
@ -14,6 +14,7 @@
"pid_limit" "pid_limit"
], ],
"docker_images": { "docker_images": {
"Java 21": "ghcr.io\/pterodactyl\/yolks:java_21",
"Java 17": "ghcr.io\/pterodactyl\/yolks:java_17", "Java 17": "ghcr.io\/pterodactyl\/yolks:java_17",
"Java 16": "ghcr.io\/pterodactyl\/yolks:java_16", "Java 16": "ghcr.io\/pterodactyl\/yolks:java_16",
"Java 11": "ghcr.io\/pterodactyl\/yolks:java_11", "Java 11": "ghcr.io\/pterodactyl\/yolks:java_11",
@ -56,4 +57,4 @@
"field_type": "text" "field_type": "text"
} }
] ]
} }

View File

@ -40,6 +40,7 @@ export const rawDataToFileObject = (data: FractalResponseData): FileObject => ({
'application/x-xz', // .tar.xz, .xz 'application/x-xz', // .tar.xz, .xz
'application/zstd', // .tar.zst, .zst 'application/zstd', // .tar.zst, .zst
'application/zip', // .zip 'application/zip', // .zip
'application/x-7z-compressed', // .7z
].indexOf(this.mimetype) >= 0 ].indexOf(this.mimetype) >= 0
); );
}, },

View File

@ -72,7 +72,7 @@ const EulaModalFeature = () => {
target={'_blank'} target={'_blank'}
css={tw`text-primary-300 underline transition-colors duration-150 hover:text-primary-400`} css={tw`text-primary-300 underline transition-colors duration-150 hover:text-primary-400`}
rel={'noreferrer noopener'} rel={'noreferrer noopener'}
href="https://account.mojang.com/documents/minecraft_eula" href='https://www.minecraft.net/eula'
> >
Minecraft® EULA Minecraft® EULA
</a> </a>