5d9fe41056
[fix] error message was incorrect when login failed, or csrf failed at login
2017-10-07 16:46:46 +02:00
941475b094
fixing an error message shown when browsing as a subadmin
2017-10-07 16:13:26 +02:00
7fcd2e359b
[fix] whois() doesn't work and prevent a legitimate install. We comment-out the 'non existing' scenario for now. See #195
2017-10-07 15:45:33 +02:00
985094a881
Merge branch 'stable-3.1' of github.com:AlternC/AlternC into stable-3.1
2017-10-07 15:12:27 +02:00
ca6b1cf4d9
[enh] removing the unmaintained upnp package
2017-10-07 15:12:18 +02:00
cf949cf245
Forgot Heredoc syntax
...
In php no more required to use heredoc and done some linter headache
2017-10-07 12:19:43 +02:00
3de55aca37
[cosm] reindent, check language of comments, ensure /** phpdoc style comments, simplify file header (license only) etc.
2017-10-06 23:42:39 +02:00
6581c7d6c4
[doc] misc doc translation fr>en
2017-10-06 22:48:22 +02:00
cc64e7745f
[fix] not using debug_backtrace, please, [doc] doc to english
2017-10-06 19:34:50 +02:00
562b7e6013
[doc] english documentation in functions.php [fix] missing parameter passed to display_div_generate_password
2017-10-06 18:54:13 +02:00
6b61eff4b1
fixing ->error = 0 remapped to ->init_msgs();
2017-10-06 18:29:30 +02:00
33f8e78885
[fix] class m_messages fixed to use 'level' instead of 'type' or 'cat' + force CAP on levels + merge OK and INFO
2017-10-06 18:04:36 +02:00
8c524bd80d
[fix] The Error class should exist, with deprecation warnings
...
Conflicts:
bureau/class/m_err.php
2017-10-06 17:54:01 +02:00
4d8ba24248
[fix] more explicit error message for CSRF
2017-10-06 16:53:50 +02:00
b777f982e5
[doc] switching comments to english for quenenni patches
2017-10-06 12:00:27 +02:00
b88b639b60
Merge branch 'feature-message' of https://github.com/AlternC/AlternC into feature-message
2017-09-12 14:50:14 +02:00
f6f5a15ded
le mdp des comptes mails étaient changés dans certains cas où il ne fallait pas
2017-09-12 14:49:33 +02:00
25379ec441
Merge branch 'stable-3.1' into feature-message
2017-09-06 18:44:38 +02:00
39947d4f1c
fixing the detection of conflicts in sub_domains
2017-09-06 18:43:40 +02:00
65f994f763
petit oubli de màj de $err -> $msg dans functions.php
2017-08-22 18:02:46 +02:00
7dce491b10
petite correction d'affichage de msgs
2017-08-21 17:50:57 +02:00
f92f92d34e
suppresion des textes 'à traduire' + corr de 2 bugs
2017-08-18 15:32:16 +02:00
5e0d4e8dc7
système de quota - quota Vs du.pl + affichage des quotas pour les utilisateurs
2017-08-17 21:32:21 +02:00
6b7d5e7d90
le reste des fichiers & style.css
2017-08-17 03:32:18 +02:00
8479d79bde
classe quota & fichiers section admin associés
2017-08-16 19:46:53 +02:00
991b4b48e3
classe hta & fichiers section admin associés
2017-08-16 19:34:32 +02:00
6f30c8bac4
classe piwik & fichiers section admin associés
2017-08-16 18:29:25 +02:00
b4588c870a
classe browser (m_bro) & fichiers section admin associés
2017-08-16 02:44:54 +02:00
31d024c5a1
classe dom & fichiers section admin associés
2017-08-16 02:23:22 +02:00
8d5953f1c4
classe ftp + fichiers section admin associés
2017-08-15 20:05:02 +02:00
6c40d19bbd
classe mysql & fichiers section admin associés
2017-08-15 19:51:04 +02:00
b16c3ac69a
classe admin / fichiers section admin associés
2017-08-15 17:03:56 +02:00
0d5caada2f
class mail & roundcube + fichiers admins associés
2017-08-15 16:11:57 +02:00
ff154144e5
fonctions + local + db
2017-08-15 03:39:37 +02:00
2f830d7e4f
Modifs dans le classe membre et la section membre d'admin
2017-08-15 03:19:52 +02:00
a9cd6dc4af
Ajout de la classe messages qui remplace la classe error
2017-08-15 02:30:38 +02:00
71980d06a8
removing IP stability check in the panel: it's unenforceable as of 2017 :/ Fixes #173
2017-08-14 10:12:47 +02:00
be63ec7192
Merge branch 'stable-3.1' of github.com:AlternC/AlternC into stable-3.1
2017-08-12 16:46:45 +02:00
8cc2007a44
not counting mailman box in quotas, fixes #170
2017-08-12 16:46:00 +02:00
798f7e7681
Merge pull request #179 from kent1D/patch-1
...
Error on isset for X_FORWARDED_PROTO
2017-08-12 16:42:40 +02:00
53eec68f08
removing defmx/defmx2 when we say 'don't host email here', fixes #175
2017-08-12 16:31:46 +02:00
c7226c9010
adding a maximum of 20 for the DEPTH of delete in the file browser (may cause havoc in unknown case found in farafina server)
2017-08-08 15:20:46 +02:00
5421c05aae
Error on isset for X_FORWARDED_PROTO
...
Should be `isset($_SERVER["HTTP_X_FORWARDED_PROTO"])` and not `!isset($_SERVER["HTTP_X_FORWARDED_PROTO"])`
Avoid a notice :
`PHP Notice: Undefined index: HTTP_X_FORWARDED_PROTO in /usr/share/alternc/panel/class/config.php on line 170`
2017-08-06 23:31:22 +02:00
cd310b355a
adding mandatory fields to the account creation form, Fixes #132
2017-06-18 18:45:57 +02:00
43bb39105b
Merge pull request #153 from fser/fser/uniform-log-entries
...
log entries for error and log both log IP address
2017-06-07 15:14:03 +02:00
ea4eea6145
adding a variable to ignore IP in sessions, currently broken it seems
2017-06-07 15:13:25 +02:00
6d72cc522b
adding x-forwarded-proto = https management to detet https too
2017-06-07 14:31:30 +02:00
e452219136
log entries for error and log both log IP address
2017-06-03 11:22:35 +02:00
4a2d1dcbdf
bug fix undelete mail
2017-01-24 18:29:13 +01:00
20dab5677a
bug fixes variable $dom_id et non $domain_id
2017-01-24 17:52:29 +01:00
cb56e77093
m_dom now refuses cname on its apex
2016-11-04 12:00:24 +01:00
fc068bc938
[fix] invalid token at login time
2016-08-29 16:55:05 +02:00
4f3604e717
[FIX] #83 issue with FTP file with wrong rights.
2016-08-26 16:31:19 +02:00
1d9e478f2e
[FIX] Undefined variable: res at upgrade time
2016-08-26 15:51:01 +02:00
5ef516e0ba
Merge branch 'stable-3.1' of github.com:AlternC/AlternC into stable-3.1
2016-08-09 16:44:34 +02:00
16bd8278a4
[fix] allow HTTPS on any panel (you'd better use letsencrypt then, but that's a valid choice. Fixes #106
2016-08-09 16:44:30 +02:00
42eac1173d
Merge pull request #107 from AlternC/albancrommer-patch-1
...
Update config.php to allow HTTPS on other VHOSTS
2016-08-09 16:43:37 +02:00
0c840f9f2e
bug fix: remove old references to unknown 'bw_web' quota values linking to not existing stats_show_per_month.php page and menu gadget
...
(anyone aiming to display custom menu gadget or size based quota could return in_menu=1 and type=size array values in hook_quota_get() function)
2016-07-15 18:40:29 +02:00
04c36baa77
Update config.php
...
See Issue #106
AlternC should allow HTTPS panel access for different host names
2016-07-13 12:19:33 +02:00
ade5c51f0f
Merge branch 'stable-3.1' of github.com:AlternC/AlternC into stable-3.1
2016-07-12 15:54:30 +02:00
3ffa78aa5f
[fix] fixing db issue when creating a DB + post/request for SQLRESTORE
2016-07-12 15:54:21 +02:00
1b73dff3a5
bug fix: sub admin were proposed to install hosting_tld for new user, but the domain creation silently failed
2016-07-07 12:59:56 +02:00
e806446945
[wip] fixing most found bug during big test at https://pad.lqdn.fr/p/alternc-tests-secu201605
2016-05-26 18:32:17 +02:00
93ce8ffd0f
htmlentities in sql_getparams + check if db not found
2016-05-23 16:37:32 +02:00
aef4f58e8a
[wip] fixing errors brought by the big security changes... update browser preferences fix + some post/get/request messup + zip not working properly
2016-05-23 16:08:23 +02:00
b205d6bf8a
[wip] CSRF check should work better now...
2016-05-23 13:59:16 +02:00
23a438de99
[wip] csrf check: moving the check to the right place: before authentication
2016-05-23 08:33:32 +02:00
a956b38c00
[wip] adding missing ehe() and eue() for htmlentities or urlencode in form fields
2016-05-22 20:14:26 +02:00
de5837750e
same random system everywhere : mt_rand()
2016-05-22 17:40:57 +02:00
6043e9c3d7
[wip] securing *all* forms through CSRF management (requires a new table)
2016-05-20 14:21:47 +02:00
d9bdfaf1ac
[wip] adding csrf form management, to be added everywhere
2016-05-19 17:04:49 +02:00
7b1e5bba94
[wip] m_mail LIMIT shall not be quoted
2016-05-18 18:41:27 +02:00
424b2a9ce7
[wip] more PDO fixes
2016-05-18 18:24:40 +02:00
b1ca1d88ae
fixing PDO for MySQL class and spoolsize (adding exec() for direct queries, manage properly query() call without arguments (no prepare, allow show database)
2016-05-18 18:00:04 +02:00
8392c1d84f
fixing quote + doms + roundcube & squirrelmail's quoting using PDO
2016-05-18 15:39:41 +02:00
b6eb1e668c
fixing get_remote_ip() quoting
2016-05-18 15:12:49 +02:00
06076b6fe0
moving https check down to AFTER hook/err initialization
2016-05-18 15:04:19 +02:00
4e558e5e7c
[wip] Passing mysql request params into array arguments for the query method (part 4)
2016-05-18 12:51:03 +02:00
61b07a257d
[wip] Passing mysql request params into array arguments for the query method (part 3)
2016-05-18 11:19:20 +02:00
3665aabc96
[wip] Passing mysql request params into array arguments for the query method (part 2)
2016-05-17 18:57:01 +02:00
262336aadb
[wip] Passing mysql request params into array arguments for the query method (part 1)
2016-05-17 17:21:08 +02:00
bc5c8f7e34
Merge branch 'pdo_migration' into 20160515-secu
...
Conflicts:
bureau/class/config.php
bureau/class/db_mysql.php
bureau/class/m_action.php
bureau/class/m_variables.php
2016-05-17 15:10:37 +02:00
28f09e31e1
More explicit message for sql names length limit
2016-04-28 12:54:53 +02:00
b28b73e913
issue #75 : defines length of sql user and database names depending of the local configuration.
2016-04-27 19:04:49 +02:00
c8353f3f21
initialize , Fixes #56
2016-03-13 13:23:11 +01:00
6388489d4f
bug fix: Quota use was different when switching language
...
use of str_pad inside get_size_unit() was removing decimal part due to localization issues (coma separator instead of dot)
2016-03-09 10:58:19 +01:00
06fdadbcd0
bug fix: rediction to https was called inside shell call
2016-03-03 16:20:41 +01:00
d041bcbeca
fix test if variables is set
2016-03-03 16:06:38 +01:00
2bf3f45466
bug fix #40 : force_https variable was disabled by commit bbd913e6e6
...
now redirects peacefully a client when connecting to non SSL panel.
2016-03-03 15:08:27 +01:00
c18e3ca9f3
fixes #37 #68
2016-03-03 13:47:08 +01:00
9ec0668da5
bug fix: mailman wrappers were not added if mail quota was over
2016-03-03 11:28:26 +01:00
1fe966f5d8
bug fixes: spf and dmarc record weren't updated for every domain due to loss in mysql result query buffer
2016-03-02 14:17:32 +01:00
a9e057cbd1
bug fix: installed domain list was too slow due to DNS request on self managed records (gesdns=1)
...
bug fix: do not allow DNS modification of created domains under hosting_tld
2016-02-25 16:13:08 +01:00
7eb64f08a5
Merge branch 'stable-3.1' of github.com:AlternC/AlternC into stable-3.1
2016-02-25 14:17:43 +01:00
6cb248aec5
Some spanish translations. Replace dutch (nederlands) with spanish in default languages (more translated strings, and larger public)
2016-02-25 14:12:41 +01:00
b867d5a4dd
Merge pull request #24 from GuillaumeFromage/stable-3.1
...
Added support for .co, which has the same layout as .cc (need another patch to add it to TLD table)
2016-02-24 16:12:02 +01:00
9f8c2a8e1e
Merge pull request #58 from asso-infini/patch-1
...
Update m_bro.php to manager bz2
2016-02-24 16:11:03 +01:00
1c049f6bc6
bug fix: quota summary was inserted directly on main page without calling the appropriate hook.
2016-02-24 14:49:33 +01:00
767044fcb5
bug fixes in file editor (bad encoded file names were blank, can_edit was not called on 2 or 3 columns, also fixes a bug in date display)
2016-02-23 13:35:21 +01:00
76895cf5fe
Update m_bro.php
...
Gestion des archives dont l'extension est .bz, .bz2, .Z, .tgz, tbz ou tbz2
Si on a réussi à traiter l'archive, on n'essaye pas de la traiter une nouvelle fois.
Dans le cas de l'utilisation de la commande tar, on utilise plutôt les id proprietaire et groupe des fichiers plutot que le nom des proprietaires et groupes des fichiers avec l'option --numeric-owner
2016-02-15 21:16:22 +01:00
02ec16253b
Better fix for cname message, Fixes #25
2016-01-18 17:05:35 +01:00
1b61e78a11
fixing display of DB Size in MySQL. Fixes #31
2016-01-18 17:02:46 +01:00
6c6013e147
spit out a Warning when editing a mailbox without POP OR RECIPIENTS. Fixes #18
2016-01-15 15:13:12 +01:00
9a6cba4ebb
Fix cname error not sent to user interface. Fixes #25
2016-01-14 18:15:25 +01:00
5f4b6ebb7b
fixing #26 : not allowing underscore in domain names (except at the beginning of a domain member, like _tcp)
2016-01-13 17:26:47 +01:00
9a4594fd82
Added support for .co, which has the same layout as .cc
2015-12-07 13:24:32 -05:00
fbce91bb39
put comment on the sleep()
2015-11-16 08:27:56 +01:00
fa5ca54555
We know SHOW the 'protected' files in the browser, so that you understand why you can't edit them
2015-11-11 09:43:57 +01:00
edf639d048
fixing a visual bug when uncompressing a .tar.gz file
2015-11-05 18:31:16 +01:00
bcf093ffa7
fixing a visual bug when uncompressing a .tar.gz file
2015-11-05 18:25:27 +01:00
4cfa74401c
fixing missing value2 affectation
2015-11-05 18:07:38 +01:00
eba60af8b9
fixing #12 eu domain warning from php
2015-11-05 17:40:17 +01:00
d3ab589e56
REFACTORING: code formatting of the panel + braces on if/while/for + fixe some missing or too many Globals in functions
2015-09-25 17:42:00 +02:00
3e42567048
REFACTORING: code formatting of the panel + braces on if/while/for + fixe some missing or too many Globals in functions
2015-09-25 00:01:04 +02:00
d4be9fddbf
fixing s in hooks
2015-09-02 12:09:55 +02:00
b71619c6f5
fixing some missing GLOBAL + issue with variables_set
2015-09-02 11:30:40 +02:00
179f4dd580
fixing password policy issue with levensthein
2015-08-03 15:55:05 +02:00
5a108d67b9
fixing dmarc subdomain
2015-07-31 11:57:29 +02:00
b0b0fa408e
adding experimental DMARC (relax) and SPF (relax) default support
2015-06-17 19:56:51 +02:00
ed914773d7
fixing sql injection in variables + detecting effective update (hook step 1)
2015-06-17 16:50:37 +02:00
2eadec4ae0
separating in a second table the advanced dns entries
2015-06-17 16:33:09 +02:00
0c70a3337f
CNAME is now checked properly (including . at the end)
2015-06-16 16:09:26 +02:00
f135d17e20
adding CHMOD to actions + fixing Permission bits not properly set
2015-06-16 15:35:14 +02:00
06f77b057f
fixing HTTP AUTH (was in test, now in production)
2015-06-16 14:38:00 +02:00
df31733d28
ftp access security translation
2015-06-16 14:37:22 +02:00
b2d1540693
adding levenshtein computation in password policy (deny >40% similarity with login) + deny login in password or the other way around
2015-06-16 14:09:11 +02:00
d6980d7664
proper spaces in admin
2015-06-08 19:21:34 +02:00
350750fe32
fixing m_bro not knowing how to delete files names 0
2015-06-08 14:41:23 +02:00
9e6b687572
adding url-ssl redirect + fixing bro translation + fixing other translations
2015-05-11 17:33:32 +02:00
058d6e9acd
Fix for [1639] given by anonymous in CopyOneFile
2015-04-29 12:53:45 +02:00
45094e2a5d
fixing alias change not working in some case (no endline)
2015-04-28 16:49:59 +02:00
cea0c42c2b
translation to french, almost done
2015-04-26 23:52:31 +02:00
f01accd4c2
fix catchall crappy & with bugguy error messages
2015-04-22 17:32:40 +02:00
f8c5872c99
fixing unzip/untar/ungzip from panel
2015-04-22 16:09:07 +02:00
616306ecc6
adding tail log view + order by DATE last files before in logs
2015-02-11 11:28:15 +01:00
d8868ba541
[fix] ;;; END ALTERNC zones bug
2014-12-05 12:19:20 +01:00
6b7b5ee2ba
[fix] replacing %%FQDN%% in variables by , if not some things will not work (like shell scripts using mailname_bounce)
2014-11-27 16:15:18 +01:00
2014abb1e5
[ROLLBACK] rolling back the old way of working on variables. new using 'strata' is undocumented and not working
2014-11-27 15:30:49 +01:00
baabda2369
setting a function called statically to be static
2014-11-27 15:19:21 +01:00
b2dca9d915
[fix] some exec() didn't have escapeshellarg() as needed
2014-11-27 14:51:51 +01:00
508efe961f
fixing more in cron sending mail (was not working) or using http basic auth (not working either: don't use urlencode)
2014-11-25 15:10:09 +01:00
c2d8b317d0
fixing entirely the cron execution shell. This may fix a potential privilege escalation problem.
2014-11-25 14:36:20 +01:00
0301409dbf
adding changelog, fixing srand() not properly called by php itself
2014-11-25 11:38:55 +01:00
ad47f857cd
[fix] chmod action
2014-09-29 17:06:56 +02:00
7c597daa73
[fix] Missing chmod action
2014-09-09 14:52:56 +02:00
c96f928056
fixing alternc_shutdown bug
2014-08-27 11:20:54 +02:00
81aae4c2f4
back to our normal code syntax, fixing 'R = ' bug in urls
2014-08-22 11:04:05 +02:00
0dc8c4c71a
fix typo Error
2014-07-08 17:30:59 +02:00
e4ce562920
added last_error()
2014-07-08 14:39:37 +02:00
18e1058aa5
simplified m_action (imported from master)
2014-07-05 22:51:16 +02:00
Benjamin Sonntag