Fix admin server manage boxes misalignment when suspending a server#5461
Merged
DaneEveritt merged 2 commits intopterodactyl:1.0-developfrom Dec 26, 2025
voidvalue-dev:1.0-develop
Merged
Fix admin server manage boxes misalignment when suspending a server#5461DaneEveritt merged 2 commits intopterodactyl:1.0-developfrom voidvalue-dev:1.0-develop
DaneEveritt merged 2 commits intopterodactyl:1.0-developfrom
voidvalue-dev:1.0-develop
Conversation
DaneEveritt
approved these changes
Dec 26, 2025
Contributor
Author
|
Thx :3 |
Someone-193
added a commit
to Twilight-Hosting/panel
that referenced
this pull request
Apr 21, 2026
* Update PHP and JS dependencies to latest versions and modernize codebase (pterodactyl#5446) * Update FUNDING.yml * Fix sponsor link in README.md * Load `IBM Plex Sans` from code and export as part of bundle (pterodactyl#5447) Removes the need to load any external resources for fonts. Resolves pterodactyl#5343 * Don't delete the initial content when using "Ctrl+Z" to undo (pterodactyl#5448) Resolves pterodactyl#5263 * Update build workflows (pterodactyl#5449) * FIX: Renamed 'batch_uuid' field to 'batch' in ActivityLogService (pterodactyl#5396) The field was renamed to match the column name in the database and to maintain consistency across the codebase. * Return correct error message when deleting self, add test coverage (pterodactyl#5456) * Ensure that a node description can be set, add additional test coverage (pterodactyl#5457) * Don't be strict about upload size, so long as it is a positive integer (pterodactyl#5458) * Support zero-byte file uploads (pterodactyl#5459) * Use local certs for webpack serve (pterodactyl#5460) * Fix admin server manage boxes misalignment when suspending a server (pterodactyl#5461) * don't endlessly poll websocket when disconnected due to suspension (pterodactyl#5464) * Fix missing `evt` parameter in websocket logic (pterodactyl#5470) * Disconnect SFTP/Websocket when a user is removed as a subuser (pterodactyl#5472) * Don't render raw HTML returned by the alert bag (pterodactyl#5475) ref: GHSA-mgr9-6c2j-jxrq * Ensure that TOTP tokens cannot be reused (pterodactyl#5481) * Update contact email for reporting vulnerabilities (pterodactyl#5489) * Cleanup issues template (pterodactyl#5490) * Cast old() returned value to an Integer (pterodactyl#5163) * Feature: Sort Users on Admin/Users by Administrators first (pterodactyl#5098) * Update Docker container for Forge installation script (pterodactyl#5424) * Update CHANGELOG.md (pterodactyl#5502) * Clear allocation notes on server deletion (pterodactyl#5157) * update release.yaml for testing * Merge commit from fork * Add throttling to resource creation endpoints * Fix middleware registration for the throttlers * Lock the server's resource models when adding new ones * Throttle subusers even more --------- Co-authored-by: DaneEveritt <dane@daneeveritt.com> * Don't include `v` in the version identifier * Cast presigned URL lifespan to integer (pterodactyl#5515) * Update node/view/servers title to be consistent (pterodactyl#5514) * Remove <strong> tags in admin area notifications (pterodactyl#5520) * feat: Auth Required modal for hytale (pterodactyl#5526) This PR add modal related to requiring auth to download or update hytale server. Egg feature to use: `hytale_oauth` Preview: https://github.com/user-attachments/assets/77bd4f16-ba5b-4652-88b1-7abfd4ab45b8 * Update i18n to resolve issues rendering unclosed div tags (pterodactyl#5547) * Added support for viewing and deleting of any Application API Keys (pterodactyl#5176) This PR closes Issue pterodactyl#5175. For context, I am aware that Application API Keys are deprecated in favour of Client API Keys however they are still operational within Pterodactyl and thus, not fully removed. Currently in Pterodactyl, as an Admin, you can only view your Application API Keys on the Admin Panel. In this PR, I made it so all Application Keys are visible and deletable. The key strings are obfuscated if the key does not belong to the user viewing.  The reason for adding this is primarily so other admin users can be aware of and delete another admin user's Application API keys from the UI. This functionality is useful in the event of a malicious user compromising an admin account, creating some API Keys to continue their attacks and the owner of the compromised admin account being unaware of Application API Keys. In this instance, even after a password reset, the attack could continue via the Application API without the admin realising it. I've tested the creation and deleting of keys along with using keys via the Application API to ensure no breakages have occurred. --------- Co-authored-by: DaneEveritt <dane@daneeveritt.com> * Scope the remote node token to limit the servers it can manage for backups/transfers (pterodactyl#5476) Improves the security posture of things more by limiting the servers that a node can even communicate about with the Panel. * Fix Unicode character width rendering using Unicode11Addon in xterm.js [TO FIX pterodactyl#2484] (pterodactyl#5524) fixes pterodactyl#2484 Co-authored-by: cesarmr-github <167689141+cesarmr-github@users.noreply.github.com> * Reset page on showOnlyAdmin change (pterodactyl#5559) closes pterodactyl#5557 * Improve SFTP session revocation to cover password changes and account deletion (pterodactyl#5568) This expands upon previous work done to better disconnect users from SFTP when different events occur within Pterodactyl. This new logic also accounts for password changes and their account being deleted entirely from the system. These events now trigger background jobs that will reach out to every node they are associated with to ensure they're disconnected if currently connected. * Improve security posture, update dependencies (pterodactyl#5569) Very minor changes, just adding some default headers in the event people don't configure this on their webserver. Also updating some packages to resolve open security alerts. * Add support for stripe-style identifiers on existing models with UUIDs (pterodactyl#5548) This is a partial implementation to begin moving towards stripe-style identifiers for resources in the system. Any models with an existing `uuid` column can easily be updated to return an identifier in the format of `prfx_xyz` where `prfx` is a four character prefix, and `xyz` is the UUID, encoded using base-32. These are quite easy to use within the API layer because we just need to do one quick transformation to extract the UUID for those models. This PR implements that logic for servers in the `SubstituteClientBindings` logic. A future PR will need to come through and handle identifiers for models that _don't_ currently use UUIDs for reference that we want to expose to clients. In those cases it is easier to just generate base-32 encoded UUID7s that get stored in the database and indexed. They follow the same base approach, but you don't need to do any transformations in the code (other than stripping the prefix, unless we decide to store the prefix). There is also now a `PTERODACTYL_USE_SERVER_IDENTIFIERS` environment variable, that when set to true, updates the front-end and API response to use this new identifier in place of the `uuidShort` value. * Remove deprecated version in compose file (pterodactyl#5498) This minor change removes the deprecated `version` property from the Docker Compose file to avoid the warning when running it, aligning it with current best practices and recommendations. * Replace an old reference to quay.io (pterodactyl#5210) * bump rate limits until we can improve some bad endpoint calls * Update CHANGELOG.md * Fix: Revert changes to RunTaskJob traits to fix scheduled tasks (pterodactyl#5607) This change reverts changes that were made to the traits (direct and inherited) to RunTaskJob in https://github.com/pterodactyl/panel/pull/5568/changes#diff-772e8e2cf1167529b09210b934e9c0ec4fe12d99c35317f293d504aaee5cb95c Closes pterodactyl#5600 * Fix: Enable Select2 dropdowns inside modals on Transfer Server (Search functionality now working) (pterodactyl#5590) closes pterodactyl#5588 * Fix: Compare to correct variable in startup variable activity log (pterodactyl#5605) - Fixes issue where the panel would create activity logs even when the value didn't change - Log an empty string instead of displaying "null" when the variable is empty Closes pterodactyl#5604 * Fix log permissions, HASHIDS env var generation, and the two errors that have been showing up since the v1.12.0 update (pterodactyl#5324) * Fix transfer status permission checks (pterodactyl#5573) * Update CHANGELOG.md * Egg: (Paper) Update install script and add Java 25 (pterodactyl#5606) Update paper egg to use new fill API and add Java 25 * RAHHHHHHHH * Revert "RAHHHHHHHH" This reverts commit f9e3b5c. * RAHHHHHH v2 * fix routing * fix view * Update composer.lock * I might be cooked guys 💀 --------- Co-authored-by: Dane Everitt <dane@daneeveritt.com> Co-authored-by: Anthony <anthony@physgun.com> Co-authored-by: Sergey Serpichenko <fongolcs@gmail.com> Co-authored-by: cesarmr-github <167689141+cesarmr-github@users.noreply.github.com> Co-authored-by: Mackenzie Molloy <48184419+MackenzieMolloy@users.noreply.github.com> Co-authored-by: Alan Escarcha <alanescarcha11@gmail.com> Co-authored-by: Gio <34938366+giomxx@users.noreply.github.com> Co-authored-by: Всеволод Мельник <89664351+vsevolodmelnyk@users.noreply.github.com> Co-authored-by: Sam Schumacher <38103916+HerrSammyDE@users.noreply.github.com> Co-authored-by: AndyIsHereBoi <69745145+AndyIsHereBoi@users.noreply.github.com> Co-authored-by: Dawid Jaworski <contact@minerpl.xyz> Co-authored-by: VoidValue <167689141+voidvalue-dev@users.noreply.github.com> Co-authored-by: _KroZen_ <109613115+KroZen-Dev@users.noreply.github.com> Co-authored-by: lajczi <lajczi@disroot.org> Co-authored-by: Daniel Barton <danielb@purpleflaghosting.com> Co-authored-by: Loki <59907407+Loki-101@users.noreply.github.com> Co-authored-by: Carlton <28676680+MrSoulPenguin@users.noreply.github.com>
2000Arion
added a commit
to 2000Arion/gsc-panel
that referenced
this pull request
Apr 25, 2026
* Update CHANGELOG.md
Signed-off-by: Matthew Penner <me@matthewp.io>
* chore: update laravel 11.28.1 -> 11.31.0
Signed-off-by: Matthew Penner <me@matthewp.io>
* Update CHANGELOG.md
Signed-off-by: Matthew Penner <me@matthewp.io>
* nix: update flake.lock
Flake lock file updates:
• Updated input 'flake-parts':
'github:hercules-ci/flake-parts/bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a?narHash=sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U%3D' (2024-09-12)
→ 'github:hercules-ci/flake-parts/b905f6fc23a9051a6e1b741e1438dbfc0634c6de?narHash=sha256-%2Bhu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU%3D' (2025-01-06)
• Updated input 'nixpkgs':
'github:NixOS/nixpkgs/99dc8785f6a0adac95f5e2ab05cc2e1bf666d172?narHash=sha256-gI9kkaH0ZjakJOKrdjaI/VbaMEo9qBbSUl93DnU7f4c%3D' (2024-09-16)
→ 'github:NixOS/nixpkgs/130595eba61081acde9001f43de3248d8888ac4a?narHash=sha256-Xb8mke6UCYjge9kPR9o4P1nVrhk7QBbKv3xQ9cj7h2s%3D' (2025-01-10)
* fix: db schema dump not importing on older MariaDB versions
Signed-off-by: Matthew Penner <me@matthewp.io>
* nix: update flake.lock
Flake lock file updates:
• Updated input 'flake-parts':
'github:hercules-ci/flake-parts/b905f6fc23a9051a6e1b741e1438dbfc0634c6de?narHash=sha256-%2Bhu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU%3D' (2025-01-06)
→ 'github:hercules-ci/flake-parts/32ea77a06711b758da0ad9bd6a844c5740a87abd?narHash=sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm%2BzmZ7vxbJdo%3D' (2025-02-01)
• Updated input 'nixpkgs':
'github:NixOS/nixpkgs/130595eba61081acde9001f43de3248d8888ac4a?narHash=sha256-Xb8mke6UCYjge9kPR9o4P1nVrhk7QBbKv3xQ9cj7h2s%3D' (2025-01-10)
→ 'github:NixOS/nixpkgs/2ff53fe64443980e139eaa286017f53f88336dd0?narHash=sha256-%2B/bYK3DbPxMIvSL4zArkMX0LQvS7rzBKXnDXLfKyRVc%3D' (2025-02-13)
* fix: EnvironmentWriterTrait not allowing null values
Fixes pterodactyl#5108
Signed-off-by: Matthew Penner <me@matthewp.io>
* nix: add `yarn` to devShell
Signed-off-by: Matthew Penner <me@matthewp.io>
* chore: allow overriding Laravel storage path using `$APP_STORAGE_PATH`
Signed-off-by: Matthew Penner <me@matthewp.io>
* chore: update link to additional eggs in README (pterodactyl#5316)
* eggs: update Ark Survival Evolved (pterodactyl#5361)
* ci: switch to `ubuntu-24.04` runner
Signed-off-by: Matthew Penner <me@matthewp.io>
* docker: switch to PHP 8.3 (pterodactyl#5173)
* fix: add additional input validation
Signed-off-by: Matthew Penner <me@matthewp.io>
* fix: timezone issue in `Schedule::getNextRunDate` (pterodactyl#5381)
* Update PHP and JS dependencies to latest versions and modernize codebase (pterodactyl#5446)
* Update FUNDING.yml
* Fix sponsor link in README.md
* Load `IBM Plex Sans` from code and export as part of bundle (pterodactyl#5447)
Removes the need to load any external resources for fonts. Resolves pterodactyl#5343
* Don't delete the initial content when using "Ctrl+Z" to undo (pterodactyl#5448)
Resolves pterodactyl#5263
* Update build workflows (pterodactyl#5449)
* FIX: Renamed 'batch_uuid' field to 'batch' in ActivityLogService (pterodactyl#5396)
The field was renamed to match the column name in the database and to maintain consistency across the codebase.
* Return correct error message when deleting self, add test coverage (pterodactyl#5456)
* Ensure that a node description can be set, add additional test coverage (pterodactyl#5457)
* Don't be strict about upload size, so long as it is a positive integer (pterodactyl#5458)
* Support zero-byte file uploads (pterodactyl#5459)
* Use local certs for webpack serve (pterodactyl#5460)
* Fix admin server manage boxes misalignment when suspending a server (pterodactyl#5461)
* don't endlessly poll websocket when disconnected due to suspension (pterodactyl#5464)
* Fix missing `evt` parameter in websocket logic (pterodactyl#5470)
* Disconnect SFTP/Websocket when a user is removed as a subuser (pterodactyl#5472)
* Don't render raw HTML returned by the alert bag (pterodactyl#5475)
ref: GHSA-mgr9-6c2j-jxrq
* Ensure that TOTP tokens cannot be reused (pterodactyl#5481)
* Update contact email for reporting vulnerabilities (pterodactyl#5489)
* Cleanup issues template (pterodactyl#5490)
* Cast old() returned value to an Integer (pterodactyl#5163)
* Feature: Sort Users on Admin/Users by Administrators first (pterodactyl#5098)
* Update Docker container for Forge installation script (pterodactyl#5424)
* Update CHANGELOG.md (pterodactyl#5502)
* Clear allocation notes on server deletion (pterodactyl#5157)
* update release.yaml for testing
* Merge commit from fork
* Add throttling to resource creation endpoints
* Fix middleware registration for the throttlers
* Lock the server's resource models when adding new ones
* Throttle subusers even more
---------
Co-authored-by: DaneEveritt <dane@daneeveritt.com>
* Don't include `v` in the version identifier
* Cast presigned URL lifespan to integer (pterodactyl#5515)
* Update node/view/servers title to be consistent (pterodactyl#5514)
* Remove <strong> tags in admin area notifications (pterodactyl#5520)
* feat: Auth Required modal for hytale (pterodactyl#5526)
This PR add modal related to requiring auth to download or update hytale
server.
Egg feature to use: `hytale_oauth`
Preview:
https://github.com/user-attachments/assets/77bd4f16-ba5b-4652-88b1-7abfd4ab45b8
* [🫸] Sync gh with prod
New version branch: panel-1.12.0
created after panel update
* Update i18n to resolve issues rendering unclosed div tags (pterodactyl#5547)
* Added support for viewing and deleting of any Application API Keys (pterodactyl#5176)
This PR closes Issue pterodactyl#5175.
For context, I am aware that Application API Keys are deprecated in
favour of Client API Keys however they are still operational within
Pterodactyl and thus, not fully removed.
Currently in Pterodactyl, as an Admin, you can only view your
Application API Keys on the Admin Panel. In this PR, I made it so all
Application Keys are visible and deletable. The key strings are
obfuscated if the key does not belong to the user viewing.
The reason for adding this is primarily so other admin users can be
aware of and delete another admin user's Application API keys from the
UI. This functionality is useful in the event of a malicious user
compromising an admin account, creating some API Keys to continue their
attacks and the owner of the compromised admin account being unaware of
Application API Keys. In this instance, even after a password reset, the
attack could continue via the Application API without the admin
realising it.
I've tested the creation and deleting of keys along with using keys via
the Application API to ensure no breakages have occurred.
---------
Co-authored-by: DaneEveritt <dane@daneeveritt.com>
* Scope the remote node token to limit the servers it can manage for backups/transfers (pterodactyl#5476)
Improves the security posture of things more by limiting the servers
that a node can even communicate about with the Panel.
* Fix Unicode character width rendering using Unicode11Addon in xterm.js [TO FIX pterodactyl#2484] (pterodactyl#5524)
fixes pterodactyl#2484
Co-authored-by: cesarmr-github <167689141+cesarmr-github@users.noreply.github.com>
* Reset page on showOnlyAdmin change (pterodactyl#5559)
closes pterodactyl#5557
* Improve SFTP session revocation to cover password changes and account deletion (pterodactyl#5568)
This expands upon previous work done to better disconnect users from
SFTP when different events occur within Pterodactyl. This new logic also
accounts for password changes and their account being deleted entirely
from the system.
These events now trigger background jobs that will reach out to every
node they are associated with to ensure they're disconnected if
currently connected.
* Improve security posture, update dependencies (pterodactyl#5569)
Very minor changes, just adding some default headers in the event people
don't configure this on their webserver. Also updating some packages to
resolve open security alerts.
* Add support for stripe-style identifiers on existing models with UUIDs (pterodactyl#5548)
This is a partial implementation to begin moving towards stripe-style
identifiers for resources in the system. Any models with an existing
`uuid` column can easily be updated to return an identifier in the
format of `prfx_xyz` where `prfx` is a four character prefix, and `xyz`
is the UUID, encoded using base-32.
These are quite easy to use within the API layer because we just need to
do one quick transformation to extract the UUID for those models. This
PR implements that logic for servers in the `SubstituteClientBindings`
logic.
A future PR will need to come through and handle identifiers for models
that _don't_ currently use UUIDs for reference that we want to expose to
clients. In those cases it is easier to just generate base-32 encoded
UUID7s that get stored in the database and indexed. They follow the same
base approach, but you don't need to do any transformations in the code
(other than stripping the prefix, unless we decide to store the prefix).
There is also now a `PTERODACTYL_USE_SERVER_IDENTIFIERS` environment
variable, that when set to true, updates the front-end and API response
to use this new identifier in place of the `uuidShort` value.
* Remove deprecated version in compose file (pterodactyl#5498)
This minor change removes the deprecated `version` property from the
Docker Compose file to avoid the warning when running it, aligning it
with current best practices and recommendations.
* Replace an old reference to quay.io (pterodactyl#5210)
* bump rate limits until we can improve some bad endpoint calls
* Update CHANGELOG.md
* Sync gh with prod
* Sync gh with prod
Updated panel to 1.12.1
* Fix: Revert changes to RunTaskJob traits to fix scheduled tasks (pterodactyl#5607)
This change reverts changes that were made to the traits (direct and
inherited) to RunTaskJob in
https://github.com/pterodactyl/panel/pull/5568/changes#diff-772e8e2cf1167529b09210b934e9c0ec4fe12d99c35317f293d504aaee5cb95c
Closes pterodactyl#5600
* Fix: Enable Select2 dropdowns inside modals on Transfer Server (Search functionality now working) (pterodactyl#5590)
closes pterodactyl#5588
* Fix: Compare to correct variable in startup variable activity log (pterodactyl#5605)
- Fixes issue where the panel would create activity logs even when the
value didn't change
- Log an empty string instead of displaying "null" when the variable is
empty
Closes pterodactyl#5604
* Fix log permissions, HASHIDS env var generation, and the two errors that have been showing up since the v1.12.0 update (pterodactyl#5324)
* Fix transfer status permission checks (pterodactyl#5573)
* Update CHANGELOG.md
* Sync gh with prod
Create new panel-1.12.1 branch for upcoming update
* Sync gh with prod
* Do not include issue templates
* Update app version
---------
Signed-off-by: Matthew Penner <me@matthewp.io>
Co-authored-by: Matthew Penner <me@matthewp.io>
Co-authored-by: Daniel Barton <danielb@purpleflaghosting.com>
Co-authored-by: Red Banana <108609991+Red-Banana-Official@users.noreply.github.com>
Co-authored-by: Fallen_Breath <nellaforax@outlook.com>
Co-authored-by: Dane Everitt <dane@daneeveritt.com>
Co-authored-by: Anthony <anthony@physgun.com>
Co-authored-by: Sergey Serpichenko <fongolcs@gmail.com>
Co-authored-by: cesarmr-github <167689141+cesarmr-github@users.noreply.github.com>
Co-authored-by: Mackenzie Molloy <48184419+MackenzieMolloy@users.noreply.github.com>
Co-authored-by: Alan Escarcha <alanescarcha11@gmail.com>
Co-authored-by: Gio <34938366+giomxx@users.noreply.github.com>
Co-authored-by: Всеволод Мельник <89664351+vsevolodmelnyk@users.noreply.github.com>
Co-authored-by: Sam Schumacher <38103916+HerrSammyDE@users.noreply.github.com>
Co-authored-by: AndyIsHereBoi <69745145+AndyIsHereBoi@users.noreply.github.com>
Co-authored-by: Dawid Jaworski <contact@minerpl.xyz>
Co-authored-by: VoidValue <167689141+voidvalue-dev@users.noreply.github.com>
Co-authored-by: _KroZen_ <109613115+KroZen-Dev@users.noreply.github.com>
Co-authored-by: lajczi <lajczi@disroot.org>
Co-authored-by: Loki <59907407+Loki-101@users.noreply.github.com>
Co-authored-by: Carlton <28676680+MrSoulPenguin@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The PR is a bit basic, but the interface problem will be fixed. And it doesn't have any problems with other screens.
old:
new:
