kienan
/
AlternC
mirror of https://github.com/kienanstewart/AlternC.git
1
0
Fork 0
Code Issues Releases Wiki Activity
3,122 Commits 25 Branches 26 Tags 14 MiB
Commit Graph

3122 Commits

Author SHA1 Message Date
Benjamin Sonntag 42eac1173d Merge pull request #107 from AlternC/albancrommer-patch-1 
Update config.php to allow HTTPS on other VHOSTS
 2016-08-09 16:43:37 +02:00
Benjamin Sonntag a35288b91e [fix] the file editor allows an invalid token. Tell the user and give a new one to re-submit. Fixes #111 2016-08-09 16:40:11 +02:00
Benjamin Sonntag 3a3168c69f [fix] fixing ACL issues with NFS and ITK not being able to read .htaccess Known bug of ITK. Fixes #104 2016-08-09 16:06:17 +02:00
Remi 0c840f9f2e bug fix: remove old references to unknown 'bw_web' quota values linking to not existing stats_show_per_month.php page and menu gadget 
(anyone aiming to display custom menu gadget or size based quota could return in_menu=1 and type=size array values in hook_quota_get() function)
 2016-07-15 18:40:29 +02:00
Remi e32e8837c0 bug fix: unknown mysql expression "insert or replace" 2016-07-15 17:09:49 +02:00
Remi 900af760ff bug fix: typo in do_actions.php (return_var returned when return_val expected) fixes #109 2016-07-14 21:13:25 +02:00
Alban Crommer 04c36baa77 Update config.php 
See Issue #106

AlternC should allow HTTPS panel access for different host names
 2016-07-13 12:19:33 +02:00
Benjamin Sonntag ade5c51f0f Merge branch 'stable-3.1' of github.com:AlternC/AlternC into stable-3.1 2016-07-12 15:54:30 +02:00
Benjamin Sonntag 3ffa78aa5f [fix] fixing db issue when creating a DB + post/request for SQLRESTORE 2016-07-12 15:54:21 +02:00
Remi d0a9f6ceac every 20 minutes is */20 not 00,20 2016-07-09 20:51:06 +02:00
Remi 1b73dff3a5 bug fix: sub admin were proposed to install hosting_tld for new user, but the domain creation silently failed 2016-07-07 12:59:56 +02:00
Remi 5d3dfb2a11 Bug fix: Error in function get_variable_from_db 2016-07-06 22:21:34 +02:00
Benjamin Sonntag 9aa3f43160 preparing 3.x.11, fixing most wheezy patch 2016-05-31 12:14:08 +02:00
Benjamin Sonntag e381692cbd [fix] deleting a domain didn't work (post/request check) 2016-05-31 12:13:57 +02:00
Benjamin Sonntag 9057254059 [i18n] updating translations 2016-05-26 18:38:16 +02:00
Benjamin Sonntag e806446945 [wip] fixing most found bug during big test at https://pad.lqdn.fr/p/alternc-tests-secu201605 2016-05-26 18:32:17 +02:00
Benjamin Sonntag 93ce8ffd0f htmlentities in sql_getparams + check if db not found 2016-05-23 16:37:32 +02:00
Benjamin Sonntag aef4f58e8a [wip] fixing errors brought by the big security changes... update browser preferences fix + some post/get/request messup + zip not working properly 2016-05-23 16:08:23 +02:00
Benjamin Sonntag b4cd0d2a95 [wip] adding zip dependency : browser requires it for zip download feature 2016-05-23 16:02:03 +02:00
Benjamin Sonntag d9d73d204c fixing most GET/REQUEST to POST if needed 2016-05-23 15:03:13 +02:00
Benjamin Sonntag b205d6bf8a [wip] CSRF check should work better now... 2016-05-23 13:59:16 +02:00
Benjamin Sonntag 23a438de99 [wip] csrf check: moving the check to the right place: before authentication 2016-05-23 08:33:32 +02:00
Benjamin Sonntag aaa3d68697 [wip] adding missing ehe() and eue() for htmlentities or urlencode in form fields 2016-05-23 08:27:58 +02:00
Benjamin Sonntag a956b38c00 [wip] adding missing ehe() and eue() for htmlentities or urlencode in form fields 2016-05-22 20:14:26 +02:00
Benjamin Sonntag de5837750e same random system everywhere : mt_rand() 2016-05-22 17:40:57 +02:00
Benjamin Sonntag 396f8c2598 [wip] securing more forms through CSRF management 2016-05-20 14:25:46 +02:00
Benjamin Sonntag 6043e9c3d7 [wip] securing *all* forms through CSRF management (requires a new table) 2016-05-20 14:21:47 +02:00
Benjamin Sonntag d9bdfaf1ac [wip] adding csrf form management, to be added everywhere 2016-05-19 17:04:49 +02:00
Benjamin Sonntag 7b1e5bba94 [wip] m_mail LIMIT shall not be quoted 2016-05-18 18:41:27 +02:00
Benjamin Sonntag 424b2a9ce7 [wip] more PDO fixes 2016-05-18 18:24:40 +02:00
Benjamin Sonntag b1ca1d88ae fixing PDO for MySQL class and spoolsize (adding exec() for direct queries, manage properly query() call without arguments (no prepare, allow show database) 2016-05-18 18:00:04 +02:00
Benjamin Sonntag 8392c1d84f fixing quote + doms + roundcube & squirrelmail's quoting using PDO 2016-05-18 15:39:41 +02:00
Benjamin Sonntag b6eb1e668c fixing get_remote_ip() quoting 2016-05-18 15:12:49 +02:00
Benjamin Sonntag 06076b6fe0 moving https check down to AFTER hook/err initialization 2016-05-18 15:04:19 +02:00
Benjamin Sonntag bb7d78a48b fixing rules + removing chown to alterncpanel 2016-05-18 14:56:35 +02:00
Emmanuel Monbroussou 4e558e5e7c [wip] Passing mysql request params into array arguments for the query method (part 4) 2016-05-18 12:51:03 +02:00
Emmanuel Monbroussou 61b07a257d [wip] Passing mysql request params into array arguments for the query method (part 3) 2016-05-18 11:19:20 +02:00
Emmanuel Monbroussou 86e7bfb6b8 Merge branch '20160515-secu' of github.com:AlternC/AlternC into 20160515-secu 2016-05-17 18:58:25 +02:00
Emmanuel Monbroussou 3665aabc96 [wip] Passing mysql request params into array arguments for the query method (part 2) 2016-05-17 18:57:01 +02:00
Benjamin Sonntag 9315fbdbac API too is using PDO, including DB_System 2016-05-17 18:49:34 +02:00
Benjamin Sonntag 0c505e8b6c [security] using prepared query in the panel 2016-05-17 18:47:09 +02:00
Benjamin Sonntag 369ab3bf34 [security] using prepared query for scripts too 2016-05-17 18:44:21 +02:00
Benjamin Sonntag 10e006bdbe [security] fixing DO_ACTIONS.PHP for REALPATH. 2016-05-17 18:12:57 +02:00
Emmanuel Monbroussou 13ee5ce1dc Merge branch '20160515-secu' of github.com:AlternC/AlternC into 20160515-secu 2016-05-17 17:22:25 +02:00
Emmanuel Monbroussou 262336aadb [wip] Passing mysql request params into array arguments for the query method (part 1) 2016-05-17 17:21:08 +02:00
Benjamin Sonntag d79f83502b [security] fix of most ownership/accessmode issues, fixes possible root escalation 2016-05-17 15:51:33 +02:00
Benjamin Sonntag 82e81b255b removing all reference to .svn / svn in makefile 2016-05-17 15:28:18 +02:00
Benjamin Sonntag 6e12c8902a removing all reference to .svn / svn in makefile 2016-05-17 15:26:52 +02:00
Benjamin Sonntag a817f30f38 removing all reference to .svn / svn in makefile 2016-05-17 15:25:59 +02:00
Emmanuel Monbroussou bc5c8f7e34 Merge branch 'pdo_migration' into 20160515-secu 
Conflicts:
	bureau/class/config.php
	bureau/class/db_mysql.php
	bureau/class/m_action.php
	bureau/class/m_variables.php
 2016-05-17 15:10:37 +02:00