beenull/servnest
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
265 commits 2 branches 0 tags 878 KiB
Commit graph

78 commits

Author SHA1 Message Date
Miraty
973a129079 Add type in functions signatures 2023-06-20 00:36:58 +02:00
Miraty
7f7bcadb58 Fix important vulnerability in reg/ds.php + exescape 
In page reg/ds.php, POST parameter 'key' was directly sent to shell, allowing for remote arbitrary commands execution.

This commit fixes this vulnerability, and uses a new function to automatically escape every shell command arguments as an additional generic protection.
 2023-06-19 02:15:43 +02:00
Miraty
067e1ccf42 Allow SSH keys authentication for SFTP(Go) 2023-06-15 03:35:42 +02:00
Miraty
e4ae765486 init.php + jobs + job to delete old testing accounts 2023-06-08 17:36:44 +02:00
Miraty
f05a55a7fa Display string rules, reg: allow "-" for subdomains 2023-06-05 00:18:10 +02:00
Miraty
a83ae30ce7 Fix zone deletion process (again) 2023-05-06 02:39:19 +02:00
Miraty
c05c16a516 --blocking for knotc everywhere 2023-05-03 01:38:50 +02:00
Miraty
864f868890 Split accounts capabilities; Info about rate limit 2023-05-02 19:30:53 +02:00
Miraty
81229a5e33 nsDeleteZone: Fix zone deletion process 2023-04-27 22:18:03 +02:00
Miraty
5af557f630 Better return code checking, --force for zone-purge 2023-04-27 03:24:34 +02:00
Miraty
3749aa9b4a Fix exec()'s $output 2023-04-23 16:36:41 +02:00
Miraty
b5b2f95bf5 rm --recursive > rm -r for BusyBox compatibility 2023-04-23 03:19:10 +02:00
Miraty
813927e03e Ensure domains are not too long 2023-04-21 19:01:46 +02:00
Miraty
d51f9dfac3 Set umask to 0077 everywhere 2023-04-19 14:59:07 +02:00
Miraty
bd06fc7fbf Use Apache 
- Allows customization through .htaccess
- No need to configure or reload a server when adding a site
- Content negotiation
 2023-04-10 00:50:42 +02:00
Miraty
b9af7fee09 reg: Delay at unregistration; Display domain history 2023-03-25 16:26:05 +01:00
Miraty
ed05d4aab9 reg/register: add "Check availability" feature 2023-03-19 22:22:34 +01:00
Miraty
abb9aabf5b Advanced services status management 2023-03-09 01:35:30 +01:00
Miraty
ad98060f9e Fix deprecation notices 2023-02-07 22:25:16 +01:00
Miraty
b2bfbb7bf8 Niver > ServNest 2023-01-29 21:09:00 +01:00
Miraty
3b97b3cc2f Describe config.ini in DOCS/configuration.md 2023-01-26 16:22:03 +01:00
Miraty
23b2afe03e fix: Also delete apex domain in regDeleteDomain() 2023-01-23 01:42:18 +01:00
Miraty
312292d06a feature: reg: allow multiple suffixes 2023-01-23 01:14:59 +01:00
Miraty
335b826559 Gettext internationalization and english translation 2023-01-21 01:27:52 +01:00
Miraty
6b1b3547c3 OpenSSL > libsodium, authenticate username, PHP 8.2+ 2023-01-18 16:00:17 +01:00
Miraty
4f84025baf Encrypt display username, with key in cookie 2023-01-07 23:11:44 +01:00
Miraty
a3da268ead ht: subdomain and subpath on shared domain 2022-12-22 01:44:57 +01:00
Miraty
57dfb02a40 Store secret key in DB + autorotate it 2022-12-21 00:14:55 +01:00
Miraty
73c137aaba Split pages/ between pg-act/ and pg-view/ 2022-12-20 21:17:03 +01:00
Miraty
ffd7e283a1 Simplify PDO use 2022-12-13 17:38:54 +01:00
Miraty
1c193cd59d Add reg/transfer.php 2022-12-13 16:52:10 +01:00
Miraty
7a018e5a88 Trusted > approved, add approval.php, DB_PATH > DB 2022-12-10 18:19:37 +01:00
Miraty
9173336714 Check that account still exists when doing something 2022-11-30 23:38:02 +01:00
Miraty
f15681999b Internal ID, Argon2 for usernames, username changes 2022-11-30 23:12:42 +01:00
Miraty
05db184fa6 ht: More restrictive directory names 2022-11-28 17:16:30 +01:00
Miraty
922f649a08 Use a hash as internal username 2022-11-26 21:45:48 +01:00
Miraty
dc3c976d37 Make services reloading systemd-agnostic 2022-11-23 22:21:34 +01:00
Miraty
567034b8fe Fix regDeleteDomain security flaw + D regex modifier 
regDeleteDomain() in fn/reg.php used too loose pattern matching for data deletion, that also deleted other domains that included the deleted domain
 2022-11-20 18:17:03 +01:00
Miraty
18d976217b Use single quotes instead of double quotes 2022-11-20 15:11:54 +01:00
Miraty
e3f358a62c Direct zone file edition through <textarea> 2022-11-20 01:05:03 +01:00
Miraty
14506ab9e2 Lower time_cost Argon2 param 2022-11-01 00:28:50 +01:00
Miraty
54c4f8ab68 Minor changes 2022-10-09 23:36:35 +02:00
Miraty
938dbe4040 ht: limit directory size to 64 chars 2022-10-09 23:32:04 +02:00
Miraty
f372bbbce7 Log Certbot error messages 2022-10-07 13:29:47 +02:00
Miraty
ba18c13747 Use a token to link account to external resource 2022-10-06 13:12:04 +02:00
Miraty
77f6dfaada Token bucket rate limiting 2022-09-17 00:49:07 +02:00
Miraty
c65dedf9de Merge TITLES and DESCRIPTIONS into PAGES 2022-09-15 21:23:49 +02:00
Miraty
763762f08b fn success/userError/serverError > output($code) 2022-09-15 19:18:48 +02:00
Miraty
3571c456fd Delete unused le_enabled in "sites" table 2022-09-14 18:34:44 +02:00
Miraty
5885f7a416 Factorize "INSERT INTO" SQL queries with insert() 2022-09-14 17:19:17 +02:00