Miraty
7f7bcadb58
Fix important vulnerability in reg/ds.php + exescape
...
In page reg/ds.php, POST parameter 'key' was directly sent to shell, allowing for remote arbitrary commands execution.
This commit fixes this vulnerability, and uses a new function to automatically escape every shell command arguments as an additional generic protection.
2023-06-19 02:15:43 +02:00
Miraty
067e1ccf42
Allow SSH keys authentication for SFTP(Go)
2023-06-15 03:35:42 +02:00
Miraty
256bd51e0f
Fix display username decryption error handling
2023-06-14 22:23:15 +02:00
Miraty
e4ae765486
init.php + jobs + job to delete old testing accounts
2023-06-08 17:36:44 +02:00
Miraty
f05a55a7fa
Display string rules, reg: allow "-" for subdomains
2023-06-05 00:18:10 +02:00
Miraty
4c9e5a5580
Add debug message when denying SFTP login
2023-06-03 18:44:48 +02:00
Miraty
0e64d6e2b8
Don't require visiting /ht/ to enable SFTP access
2023-06-02 23:12:59 +02:00
Miraty
a07baa7f62
Warn testing accounts users on every page
2023-06-02 22:45:27 +02:00
Miraty
5d0d7b0f38
Set a default error/exception handler
2023-06-01 15:14:42 +02:00
Miraty
e18c8d353c
locales/update.sh: Use bash from env
2023-05-19 23:52:06 +02:00
Miraty
316c428e7e
Typo
2023-05-19 23:51:38 +02:00
Miraty
d7faf3ac29
Rename config.ini to config.template.ini
2023-05-19 00:54:04 +02:00
Miraty
69a8673fd6
Add link to the "about" page
2023-05-18 23:18:43 +02:00
Miraty
337e7ab27e
Add setting to disable registrations
...
A new services['auth'] setting is available.
2023-05-10 01:34:45 +02:00
Miraty
cbf49408d1
Code formatting
2023-05-09 20:23:52 +02:00
Miraty
f026b8b02d
ht/index: list Header directive
2023-05-07 03:21:51 +02:00
Miraty
2e238f629d
Don't allow double quotes in ns/caa.php actually
2023-05-06 20:31:13 +02:00
Miraty
2d4915a73a
Allow double quotes in ns/caa.php
2023-05-06 20:21:40 +02:00
Miraty
25b1d30cbe
installation: set permissions for /etc/letsencrypt/
2023-05-06 17:26:17 +02:00
Miraty
a83ae30ce7
Fix zone deletion process (again)
2023-05-06 02:39:19 +02:00
Miraty
23d7e7fc5b
installation.md: setcap on SFTPGo
2023-05-05 19:42:59 +02:00
Miraty
54c64906f7
ht/dns-add: display recommended CAA record
2023-05-05 19:41:55 +02:00
Miraty
f3752163af
Call Certbot before adding to DB
2023-05-04 02:20:29 +02:00
Miraty
13bfd8e9be
Fix locale selection on Alpine Linux
2023-05-04 01:49:54 +02:00
Miraty
70024c0565
Fix locale selection on Alpine Linux
2023-05-04 00:41:37 +02:00
Miraty
c05c16a516
--blocking for knotc everywhere
2023-05-03 01:38:50 +02:00
Miraty
864f868890
Split accounts capabilities; Info about rate limit
2023-05-02 19:30:53 +02:00
Miraty
f8aced3894
Add script to update translations
2023-05-02 19:14:16 +02:00
Miraty
9f5f8958c5
Rate-limit most form processings
2023-05-02 18:02:08 +02:00
Miraty
2ecc520dae
Add a software architecture documentation page
2023-05-02 17:51:56 +02:00
Miraty
ff7e770654
Add installation instructions
2023-05-02 17:34:40 +02:00
Miraty
81229a5e33
nsDeleteZone: Fix zone deletion process
2023-04-27 22:18:03 +02:00
Miraty
5af557f630
Better return code checking, --force for zone-purge
2023-04-27 03:24:34 +02:00
Miraty
03e61fad26
Autoconfigure certbot using cli.ini
2023-04-26 14:08:47 +02:00
Miraty
5adb07c7c8
Update add-dns.php for newer db schema
2023-04-24 00:53:54 +02:00
Miraty
bf4eedbe71
Add 10ms delay after reloading Tor
2023-04-23 17:08:42 +02:00
Miraty
3749aa9b4a
Fix exec()'s $output
2023-04-23 16:36:41 +02:00
Miraty
b5b2f95bf5
rm --recursive > rm -r for BusyBox compatibility
2023-04-23 03:19:10 +02:00
Miraty
813927e03e
Ensure domains are not too long
2023-04-21 19:01:46 +02:00
Miraty
d51f9dfac3
Set umask to 0077 everywhere
2023-04-19 14:59:07 +02:00
Miraty
a2ea572439
Fix operator precedence
2023-04-15 21:16:04 +02:00
Miraty
9f7c93e66d
Add debug option in SFTPGo authenticator
2023-04-15 18:01:19 +02:00
Miraty
b93ff0c26f
More exhaustive check.php
2023-04-15 16:39:41 +02:00
Miraty
088fe9ee53
Fix check.php for new domain registration form
2023-04-11 02:43:16 +02:00
Miraty
bd06fc7fbf
Use Apache
...
- Allows customization through .htaccess
- No need to configure or reload a server when adding a site
- Content negotiation
2023-04-10 00:50:42 +02:00
Miraty
2d6f2745a6
Fix syntax and error
2023-03-28 00:18:37 +02:00
Miraty
b9af7fee09
reg: Delay at unregistration; Display domain history
2023-03-25 16:26:05 +01:00
Miraty
ed05d4aab9
reg/register: add "Check availability" feature
2023-03-19 22:22:34 +01:00
Miraty
15ddd77bc4
Add script to check that services work as expected
2023-03-18 18:40:04 +01:00
Miraty
80bef2ca8c
Minor fixes
2023-03-18 18:38:27 +01:00