Miraty
973a129079
Add type in functions signatures
2023-06-20 00:36:58 +02:00
Miraty
7f7bcadb58
Fix important vulnerability in reg/ds.php + exescape
...
In page reg/ds.php, POST parameter 'key' was directly sent to shell, allowing for remote arbitrary commands execution.
This commit fixes this vulnerability, and uses a new function to automatically escape every shell command arguments as an additional generic protection.
2023-06-19 02:15:43 +02:00
Miraty
067e1ccf42
Allow SSH keys authentication for SFTP(Go)
2023-06-15 03:35:42 +02:00
Miraty
e4ae765486
init.php + jobs + job to delete old testing accounts
2023-06-08 17:36:44 +02:00
Miraty
f05a55a7fa
Display string rules, reg: allow "-" for subdomains
2023-06-05 00:18:10 +02:00
Miraty
3749aa9b4a
Fix exec()'s $output
2023-04-23 16:36:41 +02:00
Miraty
b5b2f95bf5
rm --recursive > rm -r for BusyBox compatibility
2023-04-23 03:19:10 +02:00
Miraty
813927e03e
Ensure domains are not too long
2023-04-21 19:01:46 +02:00
Miraty
d51f9dfac3
Set umask to 0077 everywhere
2023-04-19 14:59:07 +02:00
Miraty
bd06fc7fbf
Use Apache
...
- Allows customization through .htaccess
- No need to configure or reload a server when adding a site
- Content negotiation
2023-04-10 00:50:42 +02:00
Miraty
abb9aabf5b
Advanced services status management
2023-03-09 01:35:30 +01:00
Miraty
335b826559
Gettext internationalization and english translation
2023-01-21 01:27:52 +01:00
Miraty
a3da268ead
ht: subdomain and subpath on shared domain
2022-12-22 01:44:57 +01:00
Miraty
f15681999b
Internal ID, Argon2 for usernames, username changes
2022-11-30 23:12:42 +01:00
Miraty
05db184fa6
ht: More restrictive directory names
2022-11-28 17:16:30 +01:00
Miraty
dc3c976d37
Make services reloading systemd-agnostic
2022-11-23 22:21:34 +01:00
Miraty
567034b8fe
Fix regDeleteDomain security flaw + D regex modifier
...
regDeleteDomain() in fn/reg.php used too loose pattern matching for data deletion, that also deleted other domains that included the deleted domain
2022-11-20 18:17:03 +01:00
Miraty
18d976217b
Use single quotes instead of double quotes
2022-11-20 15:11:54 +01:00
Miraty
938dbe4040
ht: limit directory size to 64 chars
2022-10-09 23:32:04 +02:00
Miraty
763762f08b
fn success/userError/serverError > output($code)
2022-09-15 19:18:48 +02:00
Miraty
3571c456fd
Delete unused le_enabled in "sites" table
2022-09-14 18:34:44 +02:00
Miraty
5885f7a416
Factorize "INSERT INTO" SQL queries with insert()
2022-09-14 17:19:17 +02:00
Miraty
f06e42645a
ht: Allow domains ending with a dot
2022-09-14 13:49:15 +02:00
Miraty
674dd1f699
Integrate Let's Encrypt into (add|del)-http-dns.php
2022-09-06 02:40:18 +02:00
Miraty
17f6f486fc
Allow any unicode letter and number in user's values
2022-06-25 16:43:58 +02:00
Miraty
9fa902f768
Store Tor config and keys in $username/$dir
2022-06-22 00:37:06 +02:00
Miraty
6dbc63a36a
Add form to delete account
...
Move service-specific deletion code to functions
2022-06-18 04:22:05 +02:00
Miraty
d9440231ac
del-http-onion.php + query()
2022-06-11 23:42:48 +02:00
Miraty
5e6da92d01
Cleaner ht.php
2022-06-10 16:42:55 +02:00
Miraty
ab09c84514
Remove niver.log
2022-06-10 03:14:58 +02:00
Miraty
fac61531dd
Create fn/ directory
2022-05-31 19:12:14 +02:00