Skip to content

sync#6934

Merged
neilpang merged 2 commits intomasterfrom
dev
Apr 28, 2026
Merged

sync#6934
neilpang merged 2 commits intomasterfrom
dev

Conversation

@neilpang
Copy link
Copy Markdown
Member

@neilpang neilpang commented Apr 28, 2026

sync

Copilot AI review requested due to automatic review settings April 28, 2026 20:22
@neilpang neilpang merged commit 76d1377 into master Apr 28, 2026
5 of 6 checks passed
Copilot AI reviewed Apr 28, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a new DNS API hook for managing ACME DNS-01 TXT records via the cPanel UAPI, and updates the container base image used by the project’s Docker build.

Changes:

  • Introduce dnsapi/dns_cpanel_uapi.sh implementing dns_cpanel_uapi_add / dns_cpanel_uapi_rm using cPanel UAPI endpoints.
  • Add support for an optional cPanel_TTL setting (defaulting to 120 seconds) for created TXT records.
  • Bump Docker base image from Alpine 3.22 to 3.23.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File Description
dnsapi/dns_cpanel_uapi.sh New DNS hook to add/remove TXT records via cPanel UAPI (mass_edit_zone/parse_zone).
Dockerfile Updates Alpine base image version used for the Docker build.

Comment thread dnsapi/dns_cpanel_uapi.sh
Comment on lines +209 to +224
if ! _cpanel_uapi_request "execute/DNS/parse_zone?zone=${_zone}"; then
_err "Request to parse zone failed for $_zone"
return 1
fi

# Split JSON records onto separate lines using a POSIX-portable sed literal newline
# (\\n in sed replacement is a GNU/BusyBox extension; a backslash-newline works everywhere)
_soa_line=$(echo "$_result" | sed 's/},{/},\
{/g' | grep '"record_type":"SOA"' | _head_n 1)
_debug "SOA line: $_soa_line"

if [ -z "$_soa_line" ]; then
_err "SOA record not found for zone $_zone"
_debug "parse_zone response: $_result"
return 1
fi
Copy link

Copilot AI Apr 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

After execute/DNS/parse_zone, the code proceeds to parse records without validating the UAPI response status. If the API returns a JSON error with "status":0, this will surface as “SOA record not found” instead of the real failure reason. Check for "status":1 (and log the error message/response) before attempting to extract the SOA serial.

Copilot uses AI. Check for mistakes.
Comment thread dnsapi/dns_cpanel_uapi.sh
Comment on lines +249 to +252
if ! _cpanel_uapi_request "execute/DNS/parse_zone?zone=${_domain}"; then
_err "Request to parse zone failed for $_domain"
return 1
fi
Copy link

Copilot AI Apr 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

_cpanel_uapi_findentry treats any parse_zone response as valid and returns “entry doesn't exist” when no match is found. If parse_zone actually failed (e.g., "status":0), this silently turns an API error into a no-op delete. Validate "status":1 after the request and return an error when the API indicates failure.

Copilot uses AI. Check for mistakes.
Comment thread dnsapi/dns_cpanel_uapi.sh
Comment on lines +153 to +155
export _H1="Authorization: cpanel $cPanel_Username:$cPanel_Apitoken"
_result=$(_get "$cPanel_Hostname/$1")
return $?
Copy link

Copilot AI Apr 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

_cpanel_uapi_request sets export _H1=... but never restores/unsets it. Since acme.sh always passes $_H1..$_H5 on every subsequent _get/_post call, this can leak the cPanel Authorization header to unrelated HTTP requests later in the run. Save the previous header values (at least _H1, ideally _H1.._H5) before setting them and restore/unset them after the request (even on failure).

Suggested change
export _H1="Authorization: cpanel $cPanel_Username:$cPanel_Apitoken"
_result=$(_get "$cPanel_Hostname/$1")
return $?
_cpanel_uapi_old_H1=$_H1
_cpanel_uapi_old_H2=$_H2
_cpanel_uapi_old_H3=$_H3
_cpanel_uapi_old_H4=$_H4
_cpanel_uapi_old_H5=$_H5
if [ "${_H1+set}" = "set" ]; then
_cpanel_uapi_had_H1=1
else
_cpanel_uapi_had_H1=
fi
if [ "${_H2+set}" = "set" ]; then
_cpanel_uapi_had_H2=1
else
_cpanel_uapi_had_H2=
fi
if [ "${_H3+set}" = "set" ]; then
_cpanel_uapi_had_H3=1
else
_cpanel_uapi_had_H3=
fi
if [ "${_H4+set}" = "set" ]; then
_cpanel_uapi_had_H4=1
else
_cpanel_uapi_had_H4=
fi
if [ "${_H5+set}" = "set" ]; then
_cpanel_uapi_had_H5=1
else
_cpanel_uapi_had_H5=
fi
export _H1="Authorization: cpanel $cPanel_Username:$cPanel_Apitoken"
_result=$(_get "$cPanel_Hostname/$1")
_cpanel_uapi_status=$?
if [ -n "$_cpanel_uapi_had_H1" ]; then
_H1=$_cpanel_uapi_old_H1
else
unset _H1
fi
if [ -n "$_cpanel_uapi_had_H2" ]; then
_H2=$_cpanel_uapi_old_H2
else
unset _H2
fi
if [ -n "$_cpanel_uapi_had_H3" ]; then
_H3=$_cpanel_uapi_old_H3
else
unset _H3
fi
if [ -n "$_cpanel_uapi_had_H4" ]; then
_H4=$_cpanel_uapi_old_H4
else
unset _H4
fi
if [ -n "$_cpanel_uapi_had_H5" ]; then
_H5=$_cpanel_uapi_old_H5
else
unset _H5
fi
unset _cpanel_uapi_old_H1 _cpanel_uapi_old_H2 _cpanel_uapi_old_H3 _cpanel_uapi_old_H4 _cpanel_uapi_old_H5
unset _cpanel_uapi_had_H1 _cpanel_uapi_had_H2 _cpanel_uapi_had_H3 _cpanel_uapi_had_H4 _cpanel_uapi_had_H5
return "$_cpanel_uapi_status"

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@neilpang @abodnar