e806446945
[wip] fixing most found bug during big test at https://pad.lqdn.fr/p/alternc-tests-secu201605
2016-05-26 18:32:17 +02:00
93ce8ffd0f
htmlentities in sql_getparams + check if db not found
2016-05-23 16:37:32 +02:00
aef4f58e8a
[wip] fixing errors brought by the big security changes... update browser preferences fix + some post/get/request messup + zip not working properly
2016-05-23 16:08:23 +02:00
b205d6bf8a
[wip] CSRF check should work better now...
2016-05-23 13:59:16 +02:00
23a438de99
[wip] csrf check: moving the check to the right place: before authentication
2016-05-23 08:33:32 +02:00
a956b38c00
[wip] adding missing ehe() and eue() for htmlentities or urlencode in form fields
2016-05-22 20:14:26 +02:00
de5837750e
same random system everywhere : mt_rand()
2016-05-22 17:40:57 +02:00
6043e9c3d7
[wip] securing *all* forms through CSRF management (requires a new table)
2016-05-20 14:21:47 +02:00
d9bdfaf1ac
[wip] adding csrf form management, to be added everywhere
2016-05-19 17:04:49 +02:00
7b1e5bba94
[wip] m_mail LIMIT shall not be quoted
2016-05-18 18:41:27 +02:00
424b2a9ce7
[wip] more PDO fixes
2016-05-18 18:24:40 +02:00
b1ca1d88ae
fixing PDO for MySQL class and spoolsize (adding exec() for direct queries, manage properly query() call without arguments (no prepare, allow show database)
2016-05-18 18:00:04 +02:00
8392c1d84f
fixing quote + doms + roundcube & squirrelmail's quoting using PDO
2016-05-18 15:39:41 +02:00
b6eb1e668c
fixing get_remote_ip() quoting
2016-05-18 15:12:49 +02:00
06076b6fe0
moving https check down to AFTER hook/err initialization
2016-05-18 15:04:19 +02:00
4e558e5e7c
[wip] Passing mysql request params into array arguments for the query method (part 4)
2016-05-18 12:51:03 +02:00
61b07a257d
[wip] Passing mysql request params into array arguments for the query method (part 3)
2016-05-18 11:19:20 +02:00
3665aabc96
[wip] Passing mysql request params into array arguments for the query method (part 2)
2016-05-17 18:57:01 +02:00
262336aadb
[wip] Passing mysql request params into array arguments for the query method (part 1)
2016-05-17 17:21:08 +02:00
bc5c8f7e34
Merge branch 'pdo_migration' into 20160515-secu
...
Conflicts:
bureau/class/config.php
bureau/class/db_mysql.php
bureau/class/m_action.php
bureau/class/m_variables.php
2016-05-17 15:10:37 +02:00
28f09e31e1
More explicit message for sql names length limit
2016-04-28 12:54:53 +02:00
b28b73e913
issue #75 : defines length of sql user and database names depending of the local configuration.
2016-04-27 19:04:49 +02:00
c8353f3f21
initialize , Fixes #56
2016-03-13 13:23:11 +01:00
6388489d4f
bug fix: Quota use was different when switching language
...
use of str_pad inside get_size_unit() was removing decimal part due to localization issues (coma separator instead of dot)
2016-03-09 10:58:19 +01:00
06fdadbcd0
bug fix: rediction to https was called inside shell call
2016-03-03 16:20:41 +01:00
d041bcbeca
fix test if variables is set
2016-03-03 16:06:38 +01:00
2bf3f45466
bug fix #40 : force_https variable was disabled by commit bbd913e6e6
...
now redirects peacefully a client when connecting to non SSL panel.
2016-03-03 15:08:27 +01:00
c18e3ca9f3
fixes #37 #68
2016-03-03 13:47:08 +01:00
9ec0668da5
bug fix: mailman wrappers were not added if mail quota was over
2016-03-03 11:28:26 +01:00
1fe966f5d8
bug fixes: spf and dmarc record weren't updated for every domain due to loss in mysql result query buffer
2016-03-02 14:17:32 +01:00
a9e057cbd1
bug fix: installed domain list was too slow due to DNS request on self managed records (gesdns=1)
...
bug fix: do not allow DNS modification of created domains under hosting_tld
2016-02-25 16:13:08 +01:00
7eb64f08a5
Merge branch 'stable-3.1' of github.com:AlternC/AlternC into stable-3.1
2016-02-25 14:17:43 +01:00
6cb248aec5
Some spanish translations. Replace dutch (nederlands) with spanish in default languages (more translated strings, and larger public)
2016-02-25 14:12:41 +01:00
b867d5a4dd
Merge pull request #24 from GuillaumeFromage/stable-3.1
...
Added support for .co, which has the same layout as .cc (need another patch to add it to TLD table)
2016-02-24 16:12:02 +01:00
9f8c2a8e1e
Merge pull request #58 from asso-infini/patch-1
...
Update m_bro.php to manager bz2
2016-02-24 16:11:03 +01:00
1c049f6bc6
bug fix: quota summary was inserted directly on main page without calling the appropriate hook.
2016-02-24 14:49:33 +01:00
767044fcb5
bug fixes in file editor (bad encoded file names were blank, can_edit was not called on 2 or 3 columns, also fixes a bug in date display)
2016-02-23 13:35:21 +01:00
76895cf5fe
Update m_bro.php
...
Gestion des archives dont l'extension est .bz, .bz2, .Z, .tgz, tbz ou tbz2
Si on a réussi à traiter l'archive, on n'essaye pas de la traiter une nouvelle fois.
Dans le cas de l'utilisation de la commande tar, on utilise plutôt les id proprietaire et groupe des fichiers plutot que le nom des proprietaires et groupes des fichiers avec l'option --numeric-owner
2016-02-15 21:16:22 +01:00
02ec16253b
Better fix for cname message, Fixes #25
2016-01-18 17:05:35 +01:00
1b61e78a11
fixing display of DB Size in MySQL. Fixes #31
2016-01-18 17:02:46 +01:00
6c6013e147
spit out a Warning when editing a mailbox without POP OR RECIPIENTS. Fixes #18
2016-01-15 15:13:12 +01:00
9a6cba4ebb
Fix cname error not sent to user interface. Fixes #25
2016-01-14 18:15:25 +01:00
5f4b6ebb7b
fixing #26 : not allowing underscore in domain names (except at the beginning of a domain member, like _tcp)
2016-01-13 17:26:47 +01:00
9a4594fd82
Added support for .co, which has the same layout as .cc
2015-12-07 13:24:32 -05:00
fbce91bb39
put comment on the sleep()
2015-11-16 08:27:56 +01:00
fa5ca54555
We know SHOW the 'protected' files in the browser, so that you understand why you can't edit them
2015-11-11 09:43:57 +01:00
edf639d048
fixing a visual bug when uncompressing a .tar.gz file
2015-11-05 18:31:16 +01:00
bcf093ffa7
fixing a visual bug when uncompressing a .tar.gz file
2015-11-05 18:25:27 +01:00
4cfa74401c
fixing missing value2 affectation
2015-11-05 18:07:38 +01:00
eba60af8b9
fixing #12 eu domain warning from php
2015-11-05 17:40:17 +01:00
Benjamin Sonntag