Forums Bug Reports Thread

Remove sudo command references from transient flash messages

Patrick Bass · Jun 6 · 12 · 1 Locked

[Minor] [Normal Priority] [Bug Fixed] [Always Reproduces]

Patrick Bass 🚀 OP Jun 6, 2026 4:38pm

Summary. The admin UI surfaces raw sudo commands inside transient/flash messages, effectively advertising the underlying shell command to the operator. We should run the command server-side and show a clean, action-oriented message instead.

What to do. Walk the codebase for flash / transient / toast messages that echo a sudo command (and any "run this: …" style strings) and remove the command text. Keep a plain confirmation (e.g. "Tenant suspended") and let the server execute silently.

Why. Exposing shell/sudo invocations in the UI is noise at best and an information leak at worst; the operator never needs to see or copy the command.

Status: verified. Open — not yet actioned.

Patrick Bass
@mobieus

Patrick Bass 🚀 Jun 7, 2026 10:01am

Resolved and deployed to production. Commit 0753b320f6.

AdminAIController: removed the 'sudo systemctl reload php8.3-fpm' instruction from both the AI master-switch and API-key save flash messages. The controller already calls reloadFpm() automatically; admins no longer see shell commands in the UI.

Status: fixed. Thread closed.

Patrick Bass
@mobieus

Remove sudo command references from transient flash messages

Related Discussions