Harden updater layout preflight patching and apache path repair

Agent-Logs-Url: https://github.com/GameServerPanel/GSP/sessions/3f33f14d-259b-49a4-9fe6-5167a07102e0

Co-authored-by: iaretechnician <2749183+iaretechnician@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot] 2026-05-18 14:56:41 +00:00 committed by GitHub
parent ced5c54d3f
commit 97971eeafb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 883 additions and 106 deletions

View file

@ -3,6 +3,7 @@
## 2026-05-18
- **Billing runtime relocation + portable path bootstrap:** Re-homed storefront runtime to `Panel/modules/billing`, added portable runtime helpers (`billing_bootstrap.php`, `site_config.php`, `site_config.example.php`) with env/local override support for base path and panel path, normalized critical storefront redirects/links to computed billing URLs, and added `Website` compatibility wrappers for key billing entrypoints.
- **Panel updater panel-subtree safety:** Hardened updater logic to treat repository `/panel` as the update source when present (ZIP + git flows) so root-level docs/examples/scripts are no longer candidates for panel file overwrite during updates.
- **Updater root-layout hardening + pre-update patch workflow:** Reworked the admin updater to treat `/var/www/html/GSP` as repo root (with explicit `Panel/` + `Website/` handling), added mandatory preflight + required patch execution (`Panel/modules/update/patches` + persisted patch-state file), implemented updater self-refresh detection/resume, expanded backups/rollback to include Panel+Website+`version.json` with retention, and added Apache stale-path scan/repair tooling with backups + `apache2ctl configtest` safeguards.
- **Panel registration stability + captcha fallback hardening:** Fixed a fatal syntax error in `modules/register/register-exec.php`, removed hardcoded/legacy registration redirects, added structured registration logging to `modules/register/logs/register.log` (auto-creates missing log dir), added duplicate username checks, added optional `users_pass_hash` write for PHP 8.3-compatible auth upgrades, and implemented graceful reCAPTCHA fallback when keys are missing/legacy-invalid or the widget reports an error so the themed registration flow no longer crashes with raw PHP errors.
## 2026-05-13

View file

@ -16,3 +16,4 @@
- Add an admin/serverlist UI badge that shows detected service OS variant (Windows/Linux/Any) from XML metadata next to each purchasable service row.
- Add a panel settings health check that validates reCAPTCHA site/secret keys against active panel/storefront domains and warns admins before registration users see widget errors.
- Add an automated deployment check that fails when `Website/timestamp.txt` and `modules/billing/timestamp.txt` diverge after storefront/content changes.
- Add an integration smoke test that exercises updater preflight, required patch state persistence, Apache path scan output, and rollback restore of Panel/Website/version.json artifacts.

File diff suppressed because it is too large Load diff

View file

@ -0,0 +1,43 @@
<?php
if (!function_exists('gsp_patch_20260518_layout_safety')) {
function gsp_patch_20260518_layout_safety($context)
{
$required_dirs = [
GSP_ROOT_DIR,
GSP_PANEL_DIR,
GSP_WEBSITE_DIR,
GSP_ROOT_DIR . '/examples',
GSP_ROOT_DIR . '/backups',
GSP_ROOT_DIR . '/logs',
GSP_ROOT_DIR . '/includes',
];
foreach ($required_dirs as $dir) {
if (!is_dir($dir) && !@mkdir($dir, 0755, true)) {
return [
'success' => false,
'message' => 'Failed to create required layout directory: ' . $dir,
];
}
if (!is_writable($dir)) {
return [
'success' => false,
'message' => 'Required layout directory is not writable: ' . $dir,
];
}
}
return [
'success' => true,
'message' => 'Canonical GSP layout directories verified.',
];
}
}
return [
'id' => '20260518_layout_safety',
'title' => 'Ensure canonical GSP layout directories are present and writable',
'required' => true,
'handler' => 'gsp_patch_20260518_layout_safety',
];