From a9923e4fbf55d7ffbccd946d0a8678605bc5c9c1 Mon Sep 17 00:00:00 2001
From: AreYouScared <sir3lit@gmail.com>
Date: Mon, 10 Feb 2020 01:37:35 -0500
Subject: [PATCH 1/6] Fix new schedule header

Fixes #1826
---
 resources/themes/pterodactyl/server/schedules/new.blade.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/resources/themes/pterodactyl/server/schedules/new.blade.php b/resources/themes/pterodactyl/server/schedules/new.blade.php
index bb925c259..3202c525f 100644
--- a/resources/themes/pterodactyl/server/schedules/new.blade.php
+++ b/resources/themes/pterodactyl/server/schedules/new.blade.php
@@ -6,7 +6,7 @@
 @extends('layouts.master')
 
 @section('title')
-    @lang('server.schedules.new.header')
+    @lang('server.schedule.new.header')
 @endsection
 
 @section('scripts')

From 1ebe376fedba4d4b4e6fd38efe10b10d460e17de Mon Sep 17 00:00:00 2001
From: AreYouScared <sir3lit@gmail.com>
Date: Sun, 15 Mar 2020 19:13:35 -0400
Subject: [PATCH 2/6] Update Admin Links (#1845)

Fixed donation link and doc's
---
 resources/themes/pterodactyl/admin/index.blade.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/resources/themes/pterodactyl/admin/index.blade.php b/resources/themes/pterodactyl/admin/index.blade.php
index 9e9690f8e..a0cb30975 100644
--- a/resources/themes/pterodactyl/admin/index.blade.php
+++ b/resources/themes/pterodactyl/admin/index.blade.php
@@ -45,14 +45,14 @@
         <a href="{{ $version->getDiscord() }}"><button class="btn btn-warning" style="width:100%;"><i class="fa fa-fw fa-support"></i> Get Help <small>(via Discord)</small></button></a>
     </div>
     <div class="col-xs-6 col-sm-3 text-center">
-        <a href="https://docs.pterodactyl.io"><button class="btn btn-primary" style="width:100%;"><i class="fa fa-fw fa-link"></i> Documentation</button></a>
+        <a href="https://pterodactyl.io/project/introduction.html"><button class="btn btn-primary" style="width:100%;"><i class="fa fa-fw fa-link"></i> Documentation</button></a>
     </div>
     <div class="clearfix visible-xs-block">&nbsp;</div>
     <div class="col-xs-6 col-sm-3 text-center">
         <a href="https://github.com/Pterodactyl/Panel"><button class="btn btn-primary" style="width:100%;"><i class="fa fa-fw fa-support"></i> Github</button></a>
     </div>
     <div class="col-xs-6 col-sm-3 text-center">
-        <a href="https://donorbox.org/pterodactyl"><button class="btn btn-success" style="width:100%;"><i class="fa fa-fw fa-money"></i> Support the Project</button></a>
+        <a href="https://www.paypal.me/PterodactylSoftware"><button class="btn btn-success" style="width:100%;"><i class="fa fa-fw fa-money"></i> Support the Project</button></a>
     </div>
 </div>
 @endsection

From 05d859c985dc529b09effa363146d0213fbebefc Mon Sep 17 00:00:00 2001
From: Dane Everitt <dane@daneeveritt.com>
Date: Sun, 15 Mar 2020 16:25:29 -0700
Subject: [PATCH 3/6] Ensure password used when creating a database is valid;
 closes #1852

---
 CHANGELOG.md                                  |  4 +++
 app/Helpers/Utilities.php                     | 35 +++++++++++++++++++
 .../Databases/DatabaseManagementService.php   |  5 ++-
 .../Databases/DatabasePasswordService.php     | 17 ++-------
 4 files changed, 45 insertions(+), 16 deletions(-)
 create mode 100644 app/Helpers/Utilities.php

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 33749dd55..37a638853 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,10 @@ This file is a running track of new features and fixes to each version of the pa
 
 This project follows [Semantic Versioning](http://semver.org) guidelines.
 
+## v0.7.17 (Derelict Dermodactylus)
+### Fixed
+* Fixes database passwords not being generated with the proper requirements for some MySQL setups.
+
 ## v0.7.16 (Derelict Dermodactylus)
 ### Fixed
 * Fixed the /api/application/servers endpoint erroring when including subusers or egg
diff --git a/app/Helpers/Utilities.php b/app/Helpers/Utilities.php
new file mode 100644
index 000000000..5de685fe9
--- /dev/null
+++ b/app/Helpers/Utilities.php
@@ -0,0 +1,35 @@
+<?php
+
+namespace Pterodactyl\Helpers;
+
+use Exception;
+use Illuminate\Support\Facades\Log;
+
+class Utilities
+{
+    /**
+     * Generates a random string and injects special characters into it, in addition to
+     * the randomness of the alpha-numeric default response.
+     *
+     * @param int $length
+     * @return string
+     */
+    public static function randomStringWithSpecialCharacters(int $length = 16): string
+    {
+        $string = str_random($length);
+        // Given a random string of characters, randomly loop through the characters and replace some
+        // with special characters to avoid issues with MySQL password requirements on some servers.
+        try {
+            for ($i = 0; $i < random_int(2, 6); $i++) {
+                $character = ['!', '@', '=', '.', '+', '^'][random_int(0, 5)];
+
+                $string = substr_replace($string, $character, random_int(0, $length - 1), 1);
+            }
+        } catch (Exception $exception) {
+            // Just log the error and hope for the best at this point.
+            Log::error($exception);
+        }
+
+        return $string;
+    }
+}
diff --git a/app/Services/Databases/DatabaseManagementService.php b/app/Services/Databases/DatabaseManagementService.php
index d7c942cba..103befa55 100644
--- a/app/Services/Databases/DatabaseManagementService.php
+++ b/app/Services/Databases/DatabaseManagementService.php
@@ -3,6 +3,7 @@
 namespace Pterodactyl\Services\Databases;
 
 use Pterodactyl\Models\Database;
+use Pterodactyl\Helpers\Utilities;
 use Illuminate\Database\DatabaseManager;
 use Illuminate\Contracts\Encryption\Encrypter;
 use Pterodactyl\Extensions\DynamicDatabaseConnection;
@@ -69,7 +70,9 @@ class DatabaseManagementService
         $data['server_id'] = $server;
         $data['database'] = sprintf('s%d_%s', $server, $data['database']);
         $data['username'] = sprintf('u%d_%s', $server, str_random(10));
-        $data['password'] = $this->encrypter->encrypt(str_random(24));
+        $data['password'] = $this->encrypter->encrypt(
+            Utilities::randomStringWithSpecialCharacters(24)
+        );
 
         $this->database->beginTransaction();
         try {
diff --git a/app/Services/Databases/DatabasePasswordService.php b/app/Services/Databases/DatabasePasswordService.php
index ed60bad4a..ad5882c49 100644
--- a/app/Services/Databases/DatabasePasswordService.php
+++ b/app/Services/Databases/DatabasePasswordService.php
@@ -2,9 +2,8 @@
 
 namespace Pterodactyl\Services\Databases;
 
-use Exception;
 use Pterodactyl\Models\Database;
-use Illuminate\Support\Facades\Log;
+use Pterodactyl\Helpers\Utilities;
 use Illuminate\Database\ConnectionInterface;
 use Illuminate\Contracts\Encryption\Encrypter;
 use Pterodactyl\Extensions\DynamicDatabaseConnection;
@@ -62,19 +61,7 @@ class DatabasePasswordService
      */
     public function handle(Database $database): string
     {
-        $password = str_random(24);
-        // Given a random string of characters, randomly loop through the characters and replace some
-        // with special characters to avoid issues with MySQL password requirements on some servers.
-        try {
-            for ($i = 0; $i < random_int(2, 6); $i++) {
-                $character = ['!', '@', '=', '.', '+', '^'][random_int(0, 5)];
-
-                $password = substr_replace($password, $character, random_int(0, 23), 1);
-            }
-        } catch (Exception $exception) {
-            // Just log the error and hope for the best at this point.
-            Log::error($exception);
-        }
+        $password = Utilities::randomStringWithSpecialCharacters(24);
 
         $this->connection->transaction(function () use ($database, $password) {
             $this->dynamic->set('dynamic', $database->database_host_id);

From 41cbdb8d5902ea0bb6cfbf5f26c173bc4106eb19 Mon Sep 17 00:00:00 2001
From: Dane Everitt <dane@daneeveritt.com>
Date: Sun, 15 Mar 2020 16:29:05 -0700
Subject: [PATCH 4/6] Dont require an IP address for hostnames; closes #1728

---
 CHANGELOG.md                | 1 +
 app/Models/DatabaseHost.php | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 37a638853..89ef72690 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,7 @@ This project follows [Semantic Versioning](http://semver.org) guidelines.
 ## v0.7.17 (Derelict Dermodactylus)
 ### Fixed
 * Fixes database passwords not being generated with the proper requirements for some MySQL setups.
+* Hostnames that are not FQDNs/IP addresses can now be used for connecting to a MySQL host.
 
 ## v0.7.16 (Derelict Dermodactylus)
 ### Fixed
diff --git a/app/Models/DatabaseHost.php b/app/Models/DatabaseHost.php
index c564f725b..f48977b1b 100644
--- a/app/Models/DatabaseHost.php
+++ b/app/Models/DatabaseHost.php
@@ -72,7 +72,7 @@ class DatabaseHost extends Model implements CleansAttributes, ValidableContract
      */
     protected static $dataIntegrityRules = [
         'name' => 'string|max:255',
-        'host' => 'ip|unique:database_hosts,host',
+        'host' => 'unique:database_hosts,host',
         'port' => 'numeric|between:1,65535',
         'username' => 'string|max:32',
         'password' => 'nullable|string',

From 8eba1da532b7b3216112c79aeb61cfeec3ccbc7f Mon Sep 17 00:00:00 2001
From: Dane Everitt <dane@daneeveritt.com>
Date: Sun, 15 Mar 2020 16:55:29 -0700
Subject: [PATCH 5/6] Update LICENSE.md

---
 LICENSE.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/LICENSE.md b/LICENSE.md
index 929536020..11eabac9f 100644
--- a/LICENSE.md
+++ b/LICENSE.md
@@ -1,7 +1,7 @@
 # The MIT License (MIT)
 
 ```
-Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>
+Copyright (c) 2015 - 2020 Dane Everitt <dane@daneeveritt.com>
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

From 468d426ebd1b276bcba7839fc52516dcf72e5f04 Mon Sep 17 00:00:00 2001
From: Dane Everitt <dane@daneeveritt.com>
Date: Sun, 15 Mar 2020 17:05:53 -0700
Subject: [PATCH 6/6] Limit to 5 API keys at a time.

Ref advisory #GHSA-pjmh-7xfm-r4x9
---
 CHANGELOG.md                                       | 1 +
 app/Http/Controllers/Base/AccountKeyController.php | 8 ++++++++
 2 files changed, 9 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 89ef72690..36586d886 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,7 @@ This project follows [Semantic Versioning](http://semver.org) guidelines.
 
 ## v0.7.17 (Derelict Dermodactylus)
 ### Fixed
+* Limited accounts to 5 API keys at a time.
 * Fixes database passwords not being generated with the proper requirements for some MySQL setups.
 * Hostnames that are not FQDNs/IP addresses can now be used for connecting to a MySQL host.
 
diff --git a/app/Http/Controllers/Base/AccountKeyController.php b/app/Http/Controllers/Base/AccountKeyController.php
index 04563ca8a..7161b4abf 100644
--- a/app/Http/Controllers/Base/AccountKeyController.php
+++ b/app/Http/Controllers/Base/AccountKeyController.php
@@ -7,6 +7,7 @@ use Illuminate\Http\Request;
 use Illuminate\Http\Response;
 use Pterodactyl\Models\ApiKey;
 use Prologue\Alerts\AlertsMessageBag;
+use Pterodactyl\Exceptions\DisplayException;
 use Pterodactyl\Http\Controllers\Controller;
 use Pterodactyl\Services\Api\KeyCreationService;
 use Pterodactyl\Http\Requests\Base\StoreAccountKeyRequest;
@@ -76,10 +77,17 @@ class AccountKeyController extends Controller
      * @param \Pterodactyl\Http\Requests\Base\StoreAccountKeyRequest $request
      * @return \Illuminate\Http\RedirectResponse
      *
+     * @throws \Pterodactyl\Exceptions\DisplayException
      * @throws \Pterodactyl\Exceptions\Model\DataValidationException
      */
     public function store(StoreAccountKeyRequest $request)
     {
+        if ($this->repository->findCountWhere(['user_id' => $request->user()->id]) >= 5) {
+            throw new DisplayException(
+                'Cannot assign more than 5 API keys to an account.'
+            );
+        }
+
         $this->keyService->setKeyType(ApiKey::TYPE_ACCOUNT)->handle([
             'user_id' => $request->user()->id,
             'allowed_ips' => $request->input('allowed_ips'),