aef4f58e8a
[wip] fixing errors brought by the big security changes... update browser preferences fix + some post/get/request messup + zip not working properly
2016-05-23 16:08:23 +02:00
b205d6bf8a
[wip] CSRF check should work better now...
2016-05-23 13:59:16 +02:00
23a438de99
[wip] csrf check: moving the check to the right place: before authentication
2016-05-23 08:33:32 +02:00
a956b38c00
[wip] adding missing ehe() and eue() for htmlentities or urlencode in form fields
2016-05-22 20:14:26 +02:00
de5837750e
same random system everywhere : mt_rand()
2016-05-22 17:40:57 +02:00
6043e9c3d7
[wip] securing *all* forms through CSRF management (requires a new table)
2016-05-20 14:21:47 +02:00
d9bdfaf1ac
[wip] adding csrf form management, to be added everywhere
2016-05-19 17:04:49 +02:00
7b1e5bba94
[wip] m_mail LIMIT shall not be quoted
2016-05-18 18:41:27 +02:00
424b2a9ce7
[wip] more PDO fixes
2016-05-18 18:24:40 +02:00
b1ca1d88ae
fixing PDO for MySQL class and spoolsize (adding exec() for direct queries, manage properly query() call without arguments (no prepare, allow show database)
2016-05-18 18:00:04 +02:00
8392c1d84f
fixing quote + doms + roundcube & squirrelmail's quoting using PDO
2016-05-18 15:39:41 +02:00
b6eb1e668c
fixing get_remote_ip() quoting
2016-05-18 15:12:49 +02:00
06076b6fe0
moving https check down to AFTER hook/err initialization
2016-05-18 15:04:19 +02:00
4e558e5e7c
[wip] Passing mysql request params into array arguments for the query method (part 4)
2016-05-18 12:51:03 +02:00
61b07a257d
[wip] Passing mysql request params into array arguments for the query method (part 3)
2016-05-18 11:19:20 +02:00
3665aabc96
[wip] Passing mysql request params into array arguments for the query method (part 2)
2016-05-17 18:57:01 +02:00
262336aadb
[wip] Passing mysql request params into array arguments for the query method (part 1)
2016-05-17 17:21:08 +02:00
bc5c8f7e34
Merge branch 'pdo_migration' into 20160515-secu
...
Conflicts:
bureau/class/config.php
bureau/class/db_mysql.php
bureau/class/m_action.php
bureau/class/m_variables.php
2016-05-17 15:10:37 +02:00
28f09e31e1
More explicit message for sql names length limit
2016-04-28 12:54:53 +02:00
b28b73e913
issue #75 : defines length of sql user and database names depending of the local configuration.
2016-04-27 19:04:49 +02:00
c8353f3f21
initialize , Fixes #56
2016-03-13 13:23:11 +01:00
6388489d4f
bug fix: Quota use was different when switching language
...
use of str_pad inside get_size_unit() was removing decimal part due to localization issues (coma separator instead of dot)
2016-03-09 10:58:19 +01:00
06fdadbcd0
bug fix: rediction to https was called inside shell call
2016-03-03 16:20:41 +01:00
d041bcbeca
fix test if variables is set
2016-03-03 16:06:38 +01:00
2bf3f45466
bug fix #40 : force_https variable was disabled by commit bbd913e6e6
...
now redirects peacefully a client when connecting to non SSL panel.
2016-03-03 15:08:27 +01:00
c18e3ca9f3
fixes #37 #68
2016-03-03 13:47:08 +01:00
9ec0668da5
bug fix: mailman wrappers were not added if mail quota was over
2016-03-03 11:28:26 +01:00
1fe966f5d8
bug fixes: spf and dmarc record weren't updated for every domain due to loss in mysql result query buffer
2016-03-02 14:17:32 +01:00
a9e057cbd1
bug fix: installed domain list was too slow due to DNS request on self managed records (gesdns=1)
...
bug fix: do not allow DNS modification of created domains under hosting_tld
2016-02-25 16:13:08 +01:00
7eb64f08a5
Merge branch 'stable-3.1' of github.com:AlternC/AlternC into stable-3.1
2016-02-25 14:17:43 +01:00
6cb248aec5
Some spanish translations. Replace dutch (nederlands) with spanish in default languages (more translated strings, and larger public)
2016-02-25 14:12:41 +01:00
b867d5a4dd
Merge pull request #24 from GuillaumeFromage/stable-3.1
...
Added support for .co, which has the same layout as .cc (need another patch to add it to TLD table)
2016-02-24 16:12:02 +01:00
9f8c2a8e1e
Merge pull request #58 from asso-infini/patch-1
...
Update m_bro.php to manager bz2
2016-02-24 16:11:03 +01:00
1c049f6bc6
bug fix: quota summary was inserted directly on main page without calling the appropriate hook.
2016-02-24 14:49:33 +01:00
767044fcb5
bug fixes in file editor (bad encoded file names were blank, can_edit was not called on 2 or 3 columns, also fixes a bug in date display)
2016-02-23 13:35:21 +01:00
76895cf5fe
Update m_bro.php
...
Gestion des archives dont l'extension est .bz, .bz2, .Z, .tgz, tbz ou tbz2
Si on a réussi à traiter l'archive, on n'essaye pas de la traiter une nouvelle fois.
Dans le cas de l'utilisation de la commande tar, on utilise plutôt les id proprietaire et groupe des fichiers plutot que le nom des proprietaires et groupes des fichiers avec l'option --numeric-owner
2016-02-15 21:16:22 +01:00
02ec16253b
Better fix for cname message, Fixes #25
2016-01-18 17:05:35 +01:00
1b61e78a11
fixing display of DB Size in MySQL. Fixes #31
2016-01-18 17:02:46 +01:00
6c6013e147
spit out a Warning when editing a mailbox without POP OR RECIPIENTS. Fixes #18
2016-01-15 15:13:12 +01:00
9a6cba4ebb
Fix cname error not sent to user interface. Fixes #25
2016-01-14 18:15:25 +01:00
5f4b6ebb7b
fixing #26 : not allowing underscore in domain names (except at the beginning of a domain member, like _tcp)
2016-01-13 17:26:47 +01:00
9a4594fd82
Added support for .co, which has the same layout as .cc
2015-12-07 13:24:32 -05:00
fbce91bb39
put comment on the sleep()
2015-11-16 08:27:56 +01:00
fa5ca54555
We know SHOW the 'protected' files in the browser, so that you understand why you can't edit them
2015-11-11 09:43:57 +01:00
edf639d048
fixing a visual bug when uncompressing a .tar.gz file
2015-11-05 18:31:16 +01:00
bcf093ffa7
fixing a visual bug when uncompressing a .tar.gz file
2015-11-05 18:25:27 +01:00
4cfa74401c
fixing missing value2 affectation
2015-11-05 18:07:38 +01:00
eba60af8b9
fixing #12 eu domain warning from php
2015-11-05 17:40:17 +01:00
d3ab589e56
REFACTORING: code formatting of the panel + braces on if/while/for + fixe some missing or too many Globals in functions
2015-09-25 17:42:00 +02:00
3e42567048
REFACTORING: code formatting of the panel + braces on if/while/for + fixe some missing or too many Globals in functions
2015-09-25 00:01:04 +02:00
d4be9fddbf
fixing s in hooks
2015-09-02 12:09:55 +02:00
b71619c6f5
fixing some missing GLOBAL + issue with variables_set
2015-09-02 11:30:40 +02:00
179f4dd580
fixing password policy issue with levensthein
2015-08-03 15:55:05 +02:00
5a108d67b9
fixing dmarc subdomain
2015-07-31 11:57:29 +02:00
b0b0fa408e
adding experimental DMARC (relax) and SPF (relax) default support
2015-06-17 19:56:51 +02:00
ed914773d7
fixing sql injection in variables + detecting effective update (hook step 1)
2015-06-17 16:50:37 +02:00
2eadec4ae0
separating in a second table the advanced dns entries
2015-06-17 16:33:09 +02:00
0c70a3337f
CNAME is now checked properly (including . at the end)
2015-06-16 16:09:26 +02:00
f135d17e20
adding CHMOD to actions + fixing Permission bits not properly set
2015-06-16 15:35:14 +02:00
06f77b057f
fixing HTTP AUTH (was in test, now in production)
2015-06-16 14:38:00 +02:00
df31733d28
ftp access security translation
2015-06-16 14:37:22 +02:00
b2d1540693
adding levenshtein computation in password policy (deny >40% similarity with login) + deny login in password or the other way around
2015-06-16 14:09:11 +02:00
d6980d7664
proper spaces in admin
2015-06-08 19:21:34 +02:00
350750fe32
fixing m_bro not knowing how to delete files names 0
2015-06-08 14:41:23 +02:00
9e6b687572
adding url-ssl redirect + fixing bro translation + fixing other translations
2015-05-11 17:33:32 +02:00
058d6e9acd
Fix for [1639] given by anonymous in CopyOneFile
2015-04-29 12:53:45 +02:00
45094e2a5d
fixing alias change not working in some case (no endline)
2015-04-28 16:49:59 +02:00
cea0c42c2b
translation to french, almost done
2015-04-26 23:52:31 +02:00
f01accd4c2
fix catchall crappy & with bugguy error messages
2015-04-22 17:32:40 +02:00
f8c5872c99
fixing unzip/untar/ungzip from panel
2015-04-22 16:09:07 +02:00
616306ecc6
adding tail log view + order by DATE last files before in logs
2015-02-11 11:28:15 +01:00
d8868ba541
[fix] ;;; END ALTERNC zones bug
2014-12-05 12:19:20 +01:00
6b7b5ee2ba
[fix] replacing %%FQDN%% in variables by , if not some things will not work (like shell scripts using mailname_bounce)
2014-11-27 16:15:18 +01:00
2014abb1e5
[ROLLBACK] rolling back the old way of working on variables. new using 'strata' is undocumented and not working
2014-11-27 15:30:49 +01:00
baabda2369
setting a function called statically to be static
2014-11-27 15:19:21 +01:00
b2dca9d915
[fix] some exec() didn't have escapeshellarg() as needed
2014-11-27 14:51:51 +01:00
508efe961f
fixing more in cron sending mail (was not working) or using http basic auth (not working either: don't use urlencode)
2014-11-25 15:10:09 +01:00
c2d8b317d0
fixing entirely the cron execution shell. This may fix a potential privilege escalation problem.
2014-11-25 14:36:20 +01:00
0301409dbf
adding changelog, fixing srand() not properly called by php itself
2014-11-25 11:38:55 +01:00
ad47f857cd
[fix] chmod action
2014-09-29 17:06:56 +02:00
7c597daa73
[fix] Missing chmod action
2014-09-09 14:52:56 +02:00
c96f928056
fixing alternc_shutdown bug
2014-08-27 11:20:54 +02:00
81aae4c2f4
back to our normal code syntax, fixing 'R = ' bug in urls
2014-08-22 11:04:05 +02:00
0dc8c4c71a
fix typo Error
2014-07-08 17:30:59 +02:00
e4ce562920
added last_error()
2014-07-08 14:39:37 +02:00
18e1058aa5
simplified m_action (imported from master)
2014-07-05 22:51:16 +02:00
824151f216
restored the DB_System for compatibility issues
2014-07-04 23:39:50 +02:00
14a642ab78
fixed "type" error for errno, and potential error on lastid()
2014-07-01 15:18:49 +02:00
3c4438895f
changing default attributes in order to avoid scrutinizer complains
2014-07-01 14:46:16 +02:00
0e088579c5
no $err->log but $this->halt
2014-06-26 10:29:45 +00:00
0c88edaf0f
restored the db_system extends db_sql for backward compatibility, $db remains a db_sql()
2014-06-26 09:48:22 +00:00
3b656f15dc
next_record takes no parameters
2014-06-26 09:43:11 +00:00
3352babbf3
toward PDO and beyond!
2014-06-26 09:40:04 +00:00
9c2090ff8b
ignore redundant entries when not OK on web_action
2014-06-25 16:38:00 +02:00
8113d2b866
disable help texts if empty, partly (missing IMAP/POP)
2014-06-18 18:55:00 +00:00
73606b8e26
add get_login_by_uid API
2014-06-18 15:26:53 +00:00
dd6ace0c0c
don't create piwik accounts with random gmail addresses, properly prefix the accounts so they're unique
2014-06-18 15:24:38 +00:00
fb9d6d8457
piwik: properly record the site id after creation
2014-06-18 15:05:34 +00:00
1c627d243f
Test unitaires de demo
2014-04-07 16:28:48 +00:00
91f8745d84
[fix] m_variables multidimensinal values parsing and better documentation
2014-03-28 17:46:38 +01:00
ac9e50ac33
Doc + cosmetics
2014-03-28 16:14:32 +00:00
1f64a75743
adding \n after END AUTOMATIC FILE
2014-03-28 16:28:44 +01:00
cde8eb71e8
Mini modif
2014-03-28 15:18:23 +00:00
dfdd41655d
fixing 'undefined index' error
2014-03-28 16:08:21 +01:00
5409257c77
Commentaires sur m_dom
2014-03-28 16:01:18 +01:00
56fdcb8f9f
Quelques modifs sur la classe variables
2014-03-28 14:28:25 +00:00
d2e69b4975
Corrige des variables
2014-03-28 11:37:36 +00:00
c78437221d
Revert "Commence a passer en mysqli"
...
This reverts commit faaf268d68
2014-03-28 10:49:11 +01:00
41cee2ee5a
Revert "Mysql to mysqli"
...
This reverts commit ae216fee31
2014-03-28 10:48:58 +01:00
ae216fee31
Mysql to mysqli
2014-03-28 09:42:06 +00:00
faaf268d68
Commence a passer en mysqli
2014-03-28 09:26:49 +00:00
62981ecfa5
Some cosmetics
2014-03-28 09:14:53 +00:00
aa9acaa165
[fix] serveurList on m_dom.php
2014-03-27 19:08:33 +01:00
6fc53c040d
[fix] tabulations on m_dom.php
2014-03-27 19:03:59 +01:00
c63a814dbd
Cosmetics
2014-03-27 17:02:55 +00:00
8dbec8e243
Enleve les derniere declaration de var de mysql.sql et les range dans config.
2014-03-27 16:40:30 +00:00
0f48d94c04
[fix] cosmetic changes
2014-03-27 16:07:01 +01:00
0729df438e
Cosmetics
2014-03-27 14:17:02 +00:00
8e93341cd3
Some cosmetics
2014-03-27 13:50:44 +00:00
6e7fc67900
Corrige un bug d'affichage du tableau de variables
2014-03-27 09:57:34 +00:00
93a4123489
Fix #1580
2014-03-27 09:23:39 +00:00
34594c884f
Suggested patchs
2014-03-26 18:30:01 +01:00
3e635703c6
[fix] Code documentation and eventual cosmetic changes
2014-03-26 18:00:36 +01:00
b04eb3ef73
Cosmetic in debug_alternc
2014-03-26 15:57:46 +00:00
4b7890ea64
Cosmetic, as usual
2014-03-26 15:40:43 +00:00
0bcc31be45
Suggested cosmetic
2014-03-26 16:05:05 +01:00
62dde928c5
Cosmetic
2014-03-26 15:04:12 +00:00
02f735ecdf
Some cosmetic
2014-03-26 14:36:36 +00:00
92bee77f40
Suggested changes
2014-03-26 15:09:43 +01:00
7cd158c45c
Suggested comments
2014-03-26 14:59:41 +01:00
0d307bd6d6
[fix] Rewrites code to be 5.3 compliant by removing func()[key] notations
2014-03-26 14:47:36 +01:00
0bf6596466
Cosmetic, again
2014-03-26 13:31:06 +00:00
6adef177c9
[fix] code documentation, comments and cosmetic changes
2014-03-26 14:29:08 +01:00
ed3ab589dd
Coding style
2014-03-26 11:22:32 +00:00
0349fef05a
Coding style
2014-03-26 11:01:02 +00:00
eb45d87d75
[fix] class documentation missing type
2014-03-26 11:59:59 +01:00
6dd6094b71
[fix] Documents and tweaks m_action
2014-03-23 15:15:49 +01:00
ee71a5a001
[enh] adds documentation and partially rewrites m_variables for testing
...
1. Does echo by default for helpers but makes it optional and returns result
2. Comments $variables = $this->variable_merge(array(),$arr_var['DEFAULT'][NULL]);
=======
as this failed to work here.
2014-03-22 15:50:04 +01:00
f17f18c476
[enh] db_mysql : adds exceptions
2014-03-22 15:50:04 +01:00
12a511f3eb
Partial fix of #1577
2014-03-20 13:28:45 +00:00
463fc2b895
Variables deviennent magiques
2014-03-20 13:27:33 +00:00
9b240ebdcb
Commentaires sur la classe hooks
2014-03-20 13:26:45 +00:00
19dbf9561f
Bugfix affichage rawhtml des variables
...
Debut de changement pour variable_get
2014-03-20 11:53:32 +00:00
5b10a1d1b7
Gére quand un domaines type n'existe pas (plus ?) pour un sous domaine
2014-03-17 13:19:02 +00:00
13bbebaca1
Du cache pour les quota de mails par domain
...
(on économise autant de requete que de domaine sur le compte)
2014-03-07 08:36:28 +00:00
4dd3a2c915
Ajout d'une alerte lors de certains cas problematiques sur la conf apache
2014-03-06 18:03:21 +00:00
1ca07f8139
Add translation
2014-03-06 08:29:22 +00:00
9c9e80e0f8
Fix #1574
2014-03-06 08:25:30 +00:00
8851af00df
Gere les problemes lors de l'upload de fichiers dans le browser
...
Fix #1541
2014-02-28 16:54:05 +00:00
822471cfa1
Simplifie la classe log
...
Fix #1553
2014-02-28 15:25:07 +00:00
df35ae1b74
Facepalm.
2014-02-27 17:12:02 +00:00
3eecc68a81
Bug de recalcul de zone dans certains cas
2014-02-27 17:03:24 +00:00
b04ea5c362
Update domain en PHP
...
NOrmalement, tout roule.
2014-02-27 16:43:11 +00:00
7af68b7979
Chemin absolu pour xhprof
2014-02-05 13:51:27 +00:00
0edf010715
BUgfix : oubliais de mettre à jour le DNS lors de l'activation/desactivation d'une entrée.
...
A backporter
2014-02-05 12:36:54 +00:00
42ec9e29b4
Gere dans l'affichage le type attendu.
2014-01-31 17:46:09 +00:00
b2d4200034
Gere les tableaux de tableaux dans les variables.
2014-01-31 15:21:36 +00:00
ee832a9386
On peux stocker et éditer des tableau dans la table des variables ! Et meme qu'on peut mettre un label ! Yepee !
2014-01-31 13:50:15 +00:00
6c8d5fa88d
Bugfix variables
2014-01-31 09:50:20 +00:00
fe9612061e
Premier jet de la regénération bind en php
2014-01-30 17:36:16 +00:00
0f4da7e62a
Gere les variable quand on est dans un script (donc sans $_SERVER)
2014-01-30 17:34:20 +00:00
f91898b537
Patch pour XHPRof
2014-01-30 17:33:52 +00:00
1140927f05
Bugfixes
2014-01-21 17:42:21 +00:00
ee88b4b77d
Deux corrections
2014-01-21 17:24:27 +00:00
f81924c72c
Bonne table variable lors de l'install
...
Corrige un bug dans variable_get
2014-01-21 16:52:39 +00:00
e61e8d49a9
Retro compatibilite
2014-01-21 16:33:52 +00:00
53eabe7596
Page pour editer les variables
2014-01-21 16:25:43 +00:00
ba77be7a0c
Corrige un bug sur l'affichage des variables
2014-01-21 13:35:50 +00:00
2b8b5e0f67
Nouvelle version pour manipulation et utilisation des variables.
...
Interface de visualiastion OK
TODO:
* php -> interface de modification
* sql -> finir migration (strata des truc presents)
* sql -> faire installation
2014-01-21 12:57:18 +00:00
2583bc73f2
Permet d'activer xhprof
2014-01-21 08:45:25 +00:00
d83474112f
Simplifie le code de log des erreurs
2014-01-21 08:35:57 +00:00
8f67797f3b
Variables deviens une classe
2014-01-20 13:44:25 +00:00
c8a8695687
Fix #1473
2014-01-20 07:59:59 +00:00
fd5c458b0a
Couine fort pour prevenir qu'on n'importe pas correctement le poid lors d'import d'MX
2014-01-17 14:24:42 +00:00
40cb4b59f1
Add security check to apacheconf generation
2014-01-15 16:01:54 +00:00
cf01241915
Permet d'editer un fichier vide nouvellement créé
2014-01-15 14:45:37 +00:00
48248cf5c9
R.I.P. semaphore 18577
2014-01-14 10:24:29 +00:00
990a2a4247
Simplifie le code d'enregistrement des fichiers de l'editeur
2014-01-10 15:54:18 +00:00
76057b5a5d
Should fix #1559
2014-01-10 14:02:54 +00:00
c318efda56
Update the database when we generate the apache conf
2014-01-09 15:00:11 +00:00
c4bae3f8ef
Php renomme spontanémement les variable POST qui ont un '.'
...
Modification de variable pour que ca n'impacte pas le fonctionnement.
2014-01-09 09:51:57 +00:00
7d50c398c7
Améliore la génération de la conf apache
...
* hooks
* retrocompatibilité
2014-01-03 09:30:35 +00:00
bb9f8b111f
Premier jet pour generation de la conf apache (update_domains -> function_hosting) en php
2014-01-02 15:17:40 +00:00
b9db60556c
Dans la page de gestion des comptes, le truc de recherche de domaine n'avait pas de filtre sur le createur (arg !)
2013-12-11 14:55:19 +00:00
265f3af83a
patch sur les imports de zone
2013-11-05 12:15:00 +00:00
7220b324f5
Mysql:
...
- ne donne plus les droits FILE mais USAGE par default
- corrige un bug de création d'utilisateurs MySQL
2013-10-30 10:14:49 +00:00
70fd2567f0
Little Bugfix on a sql grant
2013-10-24 16:01:02 +00:00
c7ba78b36c
fixing messages in VM
2013-10-18 14:14:37 +00:00
9685da0082
Fix #1535
2013-10-18 12:19:05 +00:00
fc797f6140
Removing debug
2013-10-18 10:04:59 +00:00
09cb543111
fixes #1499 chmod 777 tmp
2013-10-18 09:27:41 +00:00
e9c44fe621
Uniformizing sql action table and calls
2013-10-18 09:04:18 +00:00
53d89c5016
[fix] #1540 browser incorrectly dealing with group permissions
2013-10-18 08:44:45 +00:00
ecd99c82f8
Graphisme sur la page des VMs
2013-10-18 08:22:12 +00:00
fd2852e3b7
[fix] Quota menu item icon was broken
2013-10-18 08:03:40 +00:00
33e657d3e6
Fix #1539
2013-10-18 07:34:46 +00:00
b6f7c82cd2
Type in archive function
2013-10-18 07:28:05 +00:00
81a21a8537
Gestion ipv6 pour l'import de zone dns
2013-10-17 16:52:42 +00:00
b9d513a81e
Fix #1529
...
Force une synchro du profil de quota si celui ci change
2013-10-17 15:27:06 +00:00
d3b69205f8
No check on the f*cking tld ;)
2013-10-17 15:13:31 +00:00
Benjamin Sonntag