Miraty
7f7bcadb58
Fix important vulnerability in reg/ds.php + exescape
...
In page reg/ds.php, POST parameter 'key' was directly sent to shell, allowing for remote arbitrary commands execution.
This commit fixes this vulnerability, and uses a new function to automatically escape every shell command arguments as an additional generic protection.
2023-06-19 02:15:43 +02:00
Miraty
e4ae765486
init.php + jobs + job to delete old testing accounts
2023-06-08 17:36:44 +02:00
Miraty
ed05d4aab9
reg/register: add "Check availability" feature
2023-03-19 22:22:34 +01:00
Miraty
ad98060f9e
Fix deprecation notices
2023-02-07 22:25:16 +01:00
Miraty
b2bfbb7bf8
Niver > ServNest
2023-01-29 21:09:00 +01:00
Miraty
3b97b3cc2f
Describe config.ini in DOCS/configuration.md
2023-01-26 16:22:03 +01:00
Miraty
335b826559
Gettext internationalization and english translation
2023-01-21 01:27:52 +01:00
Miraty
4f84025baf
Encrypt display username, with key in cookie
2023-01-07 23:11:44 +01:00
Miraty
57dfb02a40
Store secret key in DB + autorotate it
2022-12-21 00:14:55 +01:00
Miraty
73c137aaba
Split pages/ between pg-act/ and pg-view/
2022-12-20 21:17:03 +01:00
Miraty
ffd7e283a1
Simplify PDO use
2022-12-13 17:38:54 +01:00
Miraty
7a018e5a88
Trusted > approved, add approval.php, DB_PATH > DB
2022-12-10 18:19:37 +01:00
Miraty
9173336714
Check that account still exists when doing something
2022-11-30 23:38:02 +01:00
Miraty
f15681999b
Internal ID, Argon2 for usernames, username changes
2022-11-30 23:12:42 +01:00
Miraty
567034b8fe
Fix regDeleteDomain security flaw + D regex modifier
...
regDeleteDomain() in fn/reg.php used too loose pattern matching for data deletion, that also deleted other domains that included the deleted domain
2022-11-20 18:17:03 +01:00
Miraty
18d976217b
Use single quotes instead of double quotes
2022-11-20 15:11:54 +01:00
Miraty
e3f358a62c
Direct zone file edition through <textarea>
2022-11-20 01:05:03 +01:00
Miraty
f372bbbce7
Log Certbot error messages
2022-10-07 13:29:47 +02:00
Miraty
ba18c13747
Use a token to link account to external resource
2022-10-06 13:12:04 +02:00
Miraty
c65dedf9de
Merge TITLES and DESCRIPTIONS into PAGES
2022-09-15 21:23:49 +02:00
Miraty
763762f08b
fn success/userError/serverError > output($code)
2022-09-15 19:18:48 +02:00
Miraty
5885f7a416
Factorize "INSERT INTO" SQL queries with insert()
2022-09-14 17:19:17 +02:00
Miraty
5561393403
Use more PAGE_URL
2022-09-13 01:09:40 +02:00
Miraty
3f46159f1e
Display page even if errors, recursive executePage()
2022-09-07 18:44:49 +02:00
Miraty
ea0ffab14a
Use kdig for zone-add dns check + add equalArrays()
2022-09-03 18:12:49 +02:00
Miraty
e3af4c946d
router.php + process form before display
...
The webservers now need to send every request to router.php, which will call appropriate files.
Forms will be treated before being displayed.
2022-09-01 04:21:17 +02:00
Miraty
7d1537e3eb
Use <nav> for indexes
2022-08-11 16:39:31 +02:00
Miraty
a63cf55c72
Add linkToDocs()
2022-07-20 20:03:45 +02:00
Miraty
bd5497fe2f
Use <output>
2022-06-29 00:30:14 +02:00
Miraty
9fa902f768
Store Tor config and keys in $username/$dir
2022-06-22 00:37:06 +02:00
Miraty
4cafad3310
redir()
2022-06-17 15:45:52 +02:00
Miraty
40cb0729ad
redirUrl() and warning when not logged in on a form
2022-06-15 12:42:30 +02:00
Miraty
90d8e2fce7
More emojis, displayIndex, descriptions in pages.php
2022-06-14 18:21:09 +02:00
Miraty
6c7cc99abd
Add options to disable each service
2022-06-12 00:04:18 +02:00
Miraty
d9440231ac
del-http-onion.php + query()
2022-06-11 23:42:48 +02:00
Miraty
fac61531dd
Create fn/ directory
2022-05-31 19:12:14 +02:00