kienan
/
AlternC
mirror of https://github.com/kienanstewart/AlternC.git
1
0
Fork 0
Code Issues Releases Wiki Activity
2,658 Commits 25 Branches 26 Tags 14 MiB
Commit Graph

2658 Commits

Author SHA1 Message Date
Benjamin Sonntag 9057254059 [i18n] updating translations 2016-05-26 18:38:16 +02:00
Benjamin Sonntag e806446945 [wip] fixing most found bug during big test at https://pad.lqdn.fr/p/alternc-tests-secu201605 2016-05-26 18:32:17 +02:00
Benjamin Sonntag 93ce8ffd0f htmlentities in sql_getparams + check if db not found 2016-05-23 16:37:32 +02:00
Benjamin Sonntag aef4f58e8a [wip] fixing errors brought by the big security changes... update browser preferences fix + some post/get/request messup + zip not working properly 2016-05-23 16:08:23 +02:00
Benjamin Sonntag b4cd0d2a95 [wip] adding zip dependency : browser requires it for zip download feature 2016-05-23 16:02:03 +02:00
Benjamin Sonntag d9d73d204c fixing most GET/REQUEST to POST if needed 2016-05-23 15:03:13 +02:00
Benjamin Sonntag b205d6bf8a [wip] CSRF check should work better now... 2016-05-23 13:59:16 +02:00
Benjamin Sonntag 23a438de99 [wip] csrf check: moving the check to the right place: before authentication 2016-05-23 08:33:32 +02:00
Benjamin Sonntag aaa3d68697 [wip] adding missing ehe() and eue() for htmlentities or urlencode in form fields 2016-05-23 08:27:58 +02:00
Benjamin Sonntag a956b38c00 [wip] adding missing ehe() and eue() for htmlentities or urlencode in form fields 2016-05-22 20:14:26 +02:00
Benjamin Sonntag de5837750e same random system everywhere : mt_rand() 2016-05-22 17:40:57 +02:00
Benjamin Sonntag 396f8c2598 [wip] securing more forms through CSRF management 2016-05-20 14:25:46 +02:00
Benjamin Sonntag 6043e9c3d7 [wip] securing *all* forms through CSRF management (requires a new table) 2016-05-20 14:21:47 +02:00
Benjamin Sonntag d9bdfaf1ac [wip] adding csrf form management, to be added everywhere 2016-05-19 17:04:49 +02:00
Benjamin Sonntag 7b1e5bba94 [wip] m_mail LIMIT shall not be quoted 2016-05-18 18:41:27 +02:00
Benjamin Sonntag 424b2a9ce7 [wip] more PDO fixes 2016-05-18 18:24:40 +02:00
Benjamin Sonntag b1ca1d88ae fixing PDO for MySQL class and spoolsize (adding exec() for direct queries, manage properly query() call without arguments (no prepare, allow show database) 2016-05-18 18:00:04 +02:00
Benjamin Sonntag 8392c1d84f fixing quote + doms + roundcube & squirrelmail's quoting using PDO 2016-05-18 15:39:41 +02:00
Benjamin Sonntag b6eb1e668c fixing get_remote_ip() quoting 2016-05-18 15:12:49 +02:00
Benjamin Sonntag 06076b6fe0 moving https check down to AFTER hook/err initialization 2016-05-18 15:04:19 +02:00
Benjamin Sonntag bb7d78a48b fixing rules + removing chown to alterncpanel 2016-05-18 14:56:35 +02:00
Emmanuel Monbroussou 4e558e5e7c [wip] Passing mysql request params into array arguments for the query method (part 4) 2016-05-18 12:51:03 +02:00
Emmanuel Monbroussou 61b07a257d [wip] Passing mysql request params into array arguments for the query method (part 3) 2016-05-18 11:19:20 +02:00
Emmanuel Monbroussou 86e7bfb6b8 Merge branch '20160515-secu' of github.com:AlternC/AlternC into 20160515-secu 2016-05-17 18:58:25 +02:00
Emmanuel Monbroussou 3665aabc96 [wip] Passing mysql request params into array arguments for the query method (part 2) 2016-05-17 18:57:01 +02:00
Benjamin Sonntag 9315fbdbac API too is using PDO, including DB_System 2016-05-17 18:49:34 +02:00
Benjamin Sonntag 0c505e8b6c [security] using prepared query in the panel 2016-05-17 18:47:09 +02:00
Benjamin Sonntag 369ab3bf34 [security] using prepared query for scripts too 2016-05-17 18:44:21 +02:00
Benjamin Sonntag 10e006bdbe [security] fixing DO_ACTIONS.PHP for REALPATH. 2016-05-17 18:12:57 +02:00
Emmanuel Monbroussou 13ee5ce1dc Merge branch '20160515-secu' of github.com:AlternC/AlternC into 20160515-secu 2016-05-17 17:22:25 +02:00
Emmanuel Monbroussou 262336aadb [wip] Passing mysql request params into array arguments for the query method (part 1) 2016-05-17 17:21:08 +02:00
Benjamin Sonntag d79f83502b [security] fix of most ownership/accessmode issues, fixes possible root escalation 2016-05-17 15:51:33 +02:00
Benjamin Sonntag 82e81b255b removing all reference to .svn / svn in makefile 2016-05-17 15:28:18 +02:00
Benjamin Sonntag 6e12c8902a removing all reference to .svn / svn in makefile 2016-05-17 15:26:52 +02:00
Benjamin Sonntag a817f30f38 removing all reference to .svn / svn in makefile 2016-05-17 15:25:59 +02:00
Emmanuel Monbroussou bc5c8f7e34 Merge branch 'pdo_migration' into 20160515-secu 
Conflicts:
	bureau/class/config.php
	bureau/class/db_mysql.php
	bureau/class/m_action.php
	bureau/class/m_variables.php
 2016-05-17 15:10:37 +02:00
Remi 28f09e31e1 More explicit message for sql names length limit 2016-04-28 12:54:53 +02:00
root b28b73e913 issue #75: defines length of sql user and database names depending of the local configuration. 2016-04-27 19:04:49 +02:00
Remi 170114cdf8 forgotten file to fix #48 (fixperms_mail.sh) 2016-04-27 17:58:27 +02:00
Remi d897037ad3 add fixperms_mail.sh to correct mail permissions (fixes #48) 2016-04-27 17:55:46 +02:00
Benjamin Sonntag c8353f3f21 initialize , Fixes #56 2016-03-13 13:23:11 +01:00
Benjamin Sonntag 0509d2915d telling in 96_ssl.conf that this file is overwriten by alternc.install. Fixes #33 2016-03-13 13:16:25 +01:00
Remi 27af9078a8 fixes in postfix configuration to prevent some high load issues 2016-03-12 10:06:54 +01:00
Remi 28318a002c bug fix: use of deprecated smtp_use_tls to replace by smtp_tls_security_level 2016-03-12 09:39:07 +01:00
Remi 6388489d4f bug fix: Quota use was different when switching language 
use of str_pad inside get_size_unit() was removing decimal part due to localization issues (coma separator instead of dot)
 2016-03-09 10:58:19 +01:00
fufroma cb381b6d63 Travis and database: try again 2016-03-07 14:58:53 +01:00
fufroma b4641b8216 Travis: create database 2016-03-07 14:47:38 +01:00
fufroma 9e393139de Attemp to fix travis <=> phpunit 2016-03-07 14:41:49 +01:00
Remi 06fdadbcd0 bug fix: rediction to https was called inside shell call 2016-03-03 16:20:41 +01:00
Remi d041bcbeca fix test if variables is set 2016-03-03 16:06:38 +01:00