kienan
/
AlternC
mirror of https://github.com/kienanstewart/AlternC.git
1
0
Fork 0
Code Issues Releases Wiki Activity
2,705 Commits 25 Branches 26 Tags 14 MiB
Commit Graph

1456 Commits

Author SHA1 Message Date
Benjamin Sonntag 46ab94707a adding mandatory fields to the account creation form, Fixes #132 2017-06-18 18:51:11 +02:00
Benjamin Sonntag cd310b355a adding mandatory fields to the account creation form, Fixes #132 2017-06-18 18:45:57 +02:00
Benjamin Sonntag 957098327c Merge pull request #146 from soul9/fix_pma_sso 
latest security update of phpmyadmin (on wheezy) seems to have disabled the index.php, forcing the browser to go there directly
 2017-06-07 15:15:07 +02:00
Benjamin Sonntag 43bb39105b Merge pull request #153 from fser/fser/uniform-log-entries 
log entries for error and log both log IP address
 2017-06-07 15:14:03 +02:00
Benjamin Sonntag ea4eea6145 adding a variable to ignore IP in sessions, currently broken it seems 2017-06-07 15:13:25 +02:00
Benjamin Sonntag 6d72cc522b adding x-forwarded-proto = https management to detet https too 2017-06-07 14:31:30 +02:00
François (fser) e452219136 log entries for error and log both log IP address 2017-06-03 11:22:35 +02:00
Remi 611e41a31b bug fix: set success class to alert-success insted of alert-error after successful mailbox parameters update 2017-02-07 10:20:33 +01:00
Remi 4a2d1dcbdf bug fix undelete mail 2017-01-24 18:29:13 +01:00
Remi 20dab5677a bug fixes variable $dom_id et non $domain_id 2017-01-24 17:52:29 +01:00
John Soros bec836f87b latest security update of phpmyadmin seems to have disabled the indexes so we need to explicitely redirect to .../index.php 2017-01-20 17:41:52 +01:00
thms cb56e77093 m_dom now refuses cname on its apex 2016-11-04 12:00:24 +01:00
Benjamin Sonntag 1dc41d5530 [fix] missing csrf on mail_manage_catchall.php 2016-10-27 16:32:49 +02:00
Benjamin Sonntag fc068bc938 [fix] invalid token at login time 2016-08-29 16:55:05 +02:00
Benjamin Sonntag 4f3604e717 [FIX] #83 issue with FTP file with wrong rights. 2016-08-26 16:31:19 +02:00
Benjamin Sonntag 1d9e478f2e [FIX] Undefined variable: res at upgrade time 2016-08-26 15:51:01 +02:00
Benjamin Sonntag 5ef516e0ba Merge branch 'stable-3.1' of github.com:AlternC/AlternC into stable-3.1 2016-08-09 16:44:34 +02:00
Benjamin Sonntag 16bd8278a4 [fix] allow HTTPS on any panel (you'd better use letsencrypt then, but that's a valid choice. Fixes #106 2016-08-09 16:44:30 +02:00
Benjamin Sonntag 42eac1173d Merge pull request #107 from AlternC/albancrommer-patch-1 
Update config.php to allow HTTPS on other VHOSTS
 2016-08-09 16:43:37 +02:00
Benjamin Sonntag a35288b91e [fix] the file editor allows an invalid token. Tell the user and give a new one to re-submit. Fixes #111 2016-08-09 16:40:11 +02:00
Remi 0c840f9f2e bug fix: remove old references to unknown 'bw_web' quota values linking to not existing stats_show_per_month.php page and menu gadget 
(anyone aiming to display custom menu gadget or size based quota could return in_menu=1 and type=size array values in hook_quota_get() function)
 2016-07-15 18:40:29 +02:00
Alban Crommer 04c36baa77 Update config.php 
See Issue #106

AlternC should allow HTTPS panel access for different host names
 2016-07-13 12:19:33 +02:00
Benjamin Sonntag ade5c51f0f Merge branch 'stable-3.1' of github.com:AlternC/AlternC into stable-3.1 2016-07-12 15:54:30 +02:00
Benjamin Sonntag 3ffa78aa5f [fix] fixing db issue when creating a DB + post/request for SQLRESTORE 2016-07-12 15:54:21 +02:00
Remi 1b73dff3a5 bug fix: sub admin were proposed to install hosting_tld for new user, but the domain creation silently failed 2016-07-07 12:59:56 +02:00
Benjamin Sonntag e381692cbd [fix] deleting a domain didn't work (post/request check) 2016-05-31 12:13:57 +02:00
Benjamin Sonntag 9057254059 [i18n] updating translations 2016-05-26 18:38:16 +02:00
Benjamin Sonntag e806446945 [wip] fixing most found bug during big test at https://pad.lqdn.fr/p/alternc-tests-secu201605 2016-05-26 18:32:17 +02:00
Benjamin Sonntag 93ce8ffd0f htmlentities in sql_getparams + check if db not found 2016-05-23 16:37:32 +02:00
Benjamin Sonntag aef4f58e8a [wip] fixing errors brought by the big security changes... update browser preferences fix + some post/get/request messup + zip not working properly 2016-05-23 16:08:23 +02:00
Benjamin Sonntag d9d73d204c fixing most GET/REQUEST to POST if needed 2016-05-23 15:03:13 +02:00
Benjamin Sonntag b205d6bf8a [wip] CSRF check should work better now... 2016-05-23 13:59:16 +02:00
Benjamin Sonntag 23a438de99 [wip] csrf check: moving the check to the right place: before authentication 2016-05-23 08:33:32 +02:00
Benjamin Sonntag aaa3d68697 [wip] adding missing ehe() and eue() for htmlentities or urlencode in form fields 2016-05-23 08:27:58 +02:00
Benjamin Sonntag a956b38c00 [wip] adding missing ehe() and eue() for htmlentities or urlencode in form fields 2016-05-22 20:14:26 +02:00
Benjamin Sonntag de5837750e same random system everywhere : mt_rand() 2016-05-22 17:40:57 +02:00
Benjamin Sonntag 6043e9c3d7 [wip] securing *all* forms through CSRF management (requires a new table) 2016-05-20 14:21:47 +02:00
Benjamin Sonntag d9bdfaf1ac [wip] adding csrf form management, to be added everywhere 2016-05-19 17:04:49 +02:00
Benjamin Sonntag 7b1e5bba94 [wip] m_mail LIMIT shall not be quoted 2016-05-18 18:41:27 +02:00
Benjamin Sonntag 424b2a9ce7 [wip] more PDO fixes 2016-05-18 18:24:40 +02:00
Benjamin Sonntag b1ca1d88ae fixing PDO for MySQL class and spoolsize (adding exec() for direct queries, manage properly query() call without arguments (no prepare, allow show database) 2016-05-18 18:00:04 +02:00
Benjamin Sonntag 8392c1d84f fixing quote + doms + roundcube & squirrelmail's quoting using PDO 2016-05-18 15:39:41 +02:00
Benjamin Sonntag b6eb1e668c fixing get_remote_ip() quoting 2016-05-18 15:12:49 +02:00
Benjamin Sonntag 06076b6fe0 moving https check down to AFTER hook/err initialization 2016-05-18 15:04:19 +02:00
Emmanuel Monbroussou 4e558e5e7c [wip] Passing mysql request params into array arguments for the query method (part 4) 2016-05-18 12:51:03 +02:00
Emmanuel Monbroussou 61b07a257d [wip] Passing mysql request params into array arguments for the query method (part 3) 2016-05-18 11:19:20 +02:00
Emmanuel Monbroussou 86e7bfb6b8 Merge branch '20160515-secu' of github.com:AlternC/AlternC into 20160515-secu 2016-05-17 18:58:25 +02:00
Emmanuel Monbroussou 3665aabc96 [wip] Passing mysql request params into array arguments for the query method (part 2) 2016-05-17 18:57:01 +02:00
Benjamin Sonntag 0c505e8b6c [security] using prepared query in the panel 2016-05-17 18:47:09 +02:00
Emmanuel Monbroussou 262336aadb [wip] Passing mysql request params into array arguments for the query method (part 1) 2016-05-17 17:21:08 +02:00