3065 Commits

All Branches

Search

Author	SHA1	Message	Date
Benjamin Sonntag	ade5c51f0f	Merge branch 'stable-3.1' of github.com:AlternC/AlternC into stable-3.1	2016-07-12 15:54:30 +02:00
Benjamin Sonntag	3ffa78aa5f	[fix] fixing db issue when creating a DB + post/request for SQLRESTORE	2016-07-12 15:54:21 +02:00
Remi	d0a9f6ceac	every 20 minutes is */20 not 00,20	2016-07-09 20:51:06 +02:00
Remi	1b73dff3a5	bug fix: sub admin were proposed to install hosting_tld for new user, but the domain creation silently failed	2016-07-07 12:59:56 +02:00
Remi	5d3dfb2a11	Bug fix: Error in function get_variable_from_db	2016-07-06 22:21:34 +02:00
Benjamin Sonntag	9aa3f43160	preparing 3.x.11, fixing most wheezy patch	2016-05-31 12:14:08 +02:00
Benjamin Sonntag	e381692cbd	[fix] deleting a domain didn't work (post/request check)	2016-05-31 12:13:57 +02:00
Benjamin Sonntag	9057254059	[i18n] updating translations	2016-05-26 18:38:16 +02:00
Benjamin Sonntag	e806446945	[wip] fixing most found bug during big test at https://pad.lqdn.fr/p/alternc-tests-secu201605	2016-05-26 18:32:17 +02:00
Benjamin Sonntag	93ce8ffd0f	htmlentities in sql_getparams + check if db not found	2016-05-23 16:37:32 +02:00
Benjamin Sonntag	aef4f58e8a	[wip] fixing errors brought by the big security changes... update browser preferences fix + some post/get/request messup + zip not working properly	2016-05-23 16:08:23 +02:00
Benjamin Sonntag	b4cd0d2a95	[wip] adding zip dependency : browser requires it for zip download feature	2016-05-23 16:02:03 +02:00
Benjamin Sonntag	d9d73d204c	fixing most GET/REQUEST to POST if needed	2016-05-23 15:03:13 +02:00
Benjamin Sonntag	b205d6bf8a	[wip] CSRF check should work better now...	2016-05-23 13:59:16 +02:00
Benjamin Sonntag	23a438de99	[wip] csrf check: moving the check to the right place: before authentication	2016-05-23 08:33:32 +02:00
Benjamin Sonntag	aaa3d68697	[wip] adding missing ehe() and eue() for htmlentities or urlencode in form fields	2016-05-23 08:27:58 +02:00
Benjamin Sonntag	a956b38c00	[wip] adding missing ehe() and eue() for htmlentities or urlencode in form fields	2016-05-22 20:14:26 +02:00
Benjamin Sonntag	de5837750e	same random system everywhere : mt_rand()	2016-05-22 17:40:57 +02:00
Benjamin Sonntag	396f8c2598	[wip] securing more forms through CSRF management	2016-05-20 14:25:46 +02:00
Benjamin Sonntag	6043e9c3d7	[wip] securing *all* forms through CSRF management (requires a new table)	2016-05-20 14:21:47 +02:00
Benjamin Sonntag	d9bdfaf1ac	[wip] adding csrf form management, to be added everywhere	2016-05-19 17:04:49 +02:00
Benjamin Sonntag	7b1e5bba94	[wip] m_mail LIMIT shall not be quoted	2016-05-18 18:41:27 +02:00
Benjamin Sonntag	424b2a9ce7	[wip] more PDO fixes	2016-05-18 18:24:40 +02:00
Benjamin Sonntag	b1ca1d88ae	fixing PDO for MySQL class and spoolsize (adding exec() for direct queries, manage properly query() call without arguments (no prepare, allow show database)	2016-05-18 18:00:04 +02:00
Benjamin Sonntag	8392c1d84f	fixing quote + doms + roundcube & squirrelmail's quoting using PDO	2016-05-18 15:39:41 +02:00
Benjamin Sonntag	b6eb1e668c	fixing get_remote_ip() quoting	2016-05-18 15:12:49 +02:00
Benjamin Sonntag	06076b6fe0	moving https check down to AFTER hook/err initialization	2016-05-18 15:04:19 +02:00
Benjamin Sonntag	bb7d78a48b	fixing rules + removing chown to alterncpanel	2016-05-18 14:56:35 +02:00
Emmanuel Monbroussou	4e558e5e7c	[wip] Passing mysql request params into array arguments for the query method (part 4)	2016-05-18 12:51:03 +02:00
Emmanuel Monbroussou	61b07a257d	[wip] Passing mysql request params into array arguments for the query method (part 3)	2016-05-18 11:19:20 +02:00
Emmanuel Monbroussou	86e7bfb6b8	Merge branch '20160515-secu' of github.com:AlternC/AlternC into 20160515-secu	2016-05-17 18:58:25 +02:00
Emmanuel Monbroussou	3665aabc96	[wip] Passing mysql request params into array arguments for the query method (part 2)	2016-05-17 18:57:01 +02:00
Benjamin Sonntag	9315fbdbac	API too is using PDO, including DB_System	2016-05-17 18:49:34 +02:00
Benjamin Sonntag	0c505e8b6c	[security] using prepared query in the panel	2016-05-17 18:47:09 +02:00
Benjamin Sonntag	369ab3bf34	[security] using prepared query for scripts too	2016-05-17 18:44:21 +02:00
Benjamin Sonntag	10e006bdbe	[security] fixing DO_ACTIONS.PHP for REALPATH.	2016-05-17 18:12:57 +02:00
Emmanuel Monbroussou	13ee5ce1dc	Merge branch '20160515-secu' of github.com:AlternC/AlternC into 20160515-secu	2016-05-17 17:22:25 +02:00
Emmanuel Monbroussou	262336aadb	[wip] Passing mysql request params into array arguments for the query method (part 1)	2016-05-17 17:21:08 +02:00
Benjamin Sonntag	d79f83502b	[security] fix of most ownership/accessmode issues, fixes possible root escalation	2016-05-17 15:51:33 +02:00
Benjamin Sonntag	82e81b255b	removing all reference to .svn / svn in makefile	2016-05-17 15:28:18 +02:00
Benjamin Sonntag	6e12c8902a	removing all reference to .svn / svn in makefile	2016-05-17 15:26:52 +02:00
Benjamin Sonntag	a817f30f38	removing all reference to .svn / svn in makefile	2016-05-17 15:25:59 +02:00
Emmanuel Monbroussou	bc5c8f7e34	Merge branch 'pdo_migration' into 20160515-secu ... Conflicts: bureau/class/config.php bureau/class/db_mysql.php bureau/class/m_action.php bureau/class/m_variables.php	2016-05-17 15:10:37 +02:00
Remi	28f09e31e1	More explicit message for sql names length limit	2016-04-28 12:54:53 +02:00
root	b28b73e913	issue #75: defines length of sql user and database names depending of the local configuration.	2016-04-27 19:04:49 +02:00
Remi	170114cdf8	forgotten file to fix #48 (fixperms_mail.sh)	2016-04-27 17:58:27 +02:00
Remi	d897037ad3	add fixperms_mail.sh to correct mail permissions (fixes #48)	2016-04-27 17:55:46 +02:00
Benjamin Sonntag	c8353f3f21	initialize , Fixes #56	2016-03-13 13:23:11 +01:00
Benjamin Sonntag	0509d2915d	telling in 96_ssl.conf that this file is overwriten by alternc.install. Fixes #33	2016-03-13 13:16:25 +01:00
Remi	27af9078a8	fixes in postfix configuration to prevent some high load issues	2016-03-12 10:06:54 +01:00