Commit graph

264 commits

Author SHA1 Message Date
Miraty
f5aee06ff5 Merge pull request 'dev' (#8) from dev into main
Reviewed-on: https://code.antopie.org/servnest/servnest/pulls/8
2023-06-19 03:51:58 +02:00
Miraty
7f7bcadb58 Fix important vulnerability in reg/ds.php + exescape
In page reg/ds.php, POST parameter 'key' was directly sent to shell, allowing for remote arbitrary commands execution.

This commit fixes this vulnerability, and uses a new function to automatically escape every shell command arguments as an additional generic protection.
2023-06-19 02:15:43 +02:00
Miraty
067e1ccf42 Allow SSH keys authentication for SFTP(Go) 2023-06-15 03:35:42 +02:00
Miraty
256bd51e0f Fix display username decryption error handling 2023-06-14 22:23:15 +02:00
Miraty
e4ae765486 init.php + jobs + job to delete old testing accounts 2023-06-08 17:36:44 +02:00
Miraty
f05a55a7fa Display string rules, reg: allow "-" for subdomains 2023-06-05 00:18:10 +02:00
Miraty
4c9e5a5580 Add debug message when denying SFTP login 2023-06-03 18:44:48 +02:00
Miraty
0e64d6e2b8 Don't require visiting /ht/ to enable SFTP access 2023-06-02 23:12:59 +02:00
Miraty
a07baa7f62 Warn testing accounts users on every page 2023-06-02 22:45:27 +02:00
Miraty
5d0d7b0f38 Set a default error/exception handler 2023-06-01 15:14:42 +02:00
Miraty
e18c8d353c locales/update.sh: Use bash from env 2023-05-19 23:52:06 +02:00
Miraty
316c428e7e Typo 2023-05-19 23:51:38 +02:00
Miraty
d7faf3ac29 Rename config.ini to config.template.ini 2023-05-19 00:54:04 +02:00
Miraty
69a8673fd6 Add link to the "about" page 2023-05-18 23:18:43 +02:00
Miraty
337e7ab27e Add setting to disable registrations
A new services['auth'] setting is available.
2023-05-10 01:34:45 +02:00
Miraty
cbf49408d1 Code formatting 2023-05-09 20:23:52 +02:00
Miraty
f026b8b02d ht/index: list Header directive 2023-05-07 03:21:51 +02:00
Miraty
2e238f629d Don't allow double quotes in ns/caa.php actually 2023-05-06 20:31:13 +02:00
Miraty
2d4915a73a Allow double quotes in ns/caa.php 2023-05-06 20:21:40 +02:00
Miraty
25b1d30cbe installation: set permissions for /etc/letsencrypt/ 2023-05-06 17:26:17 +02:00
Miraty
a83ae30ce7 Fix zone deletion process (again) 2023-05-06 02:39:19 +02:00
Miraty
23d7e7fc5b installation.md: setcap on SFTPGo 2023-05-05 19:42:59 +02:00
Miraty
54c64906f7 ht/dns-add: display recommended CAA record 2023-05-05 19:41:55 +02:00
Miraty
f3752163af Call Certbot before adding to DB 2023-05-04 02:20:29 +02:00
Miraty
13bfd8e9be Fix locale selection on Alpine Linux 2023-05-04 01:49:54 +02:00
Miraty
70024c0565 Fix locale selection on Alpine Linux 2023-05-04 00:41:37 +02:00
Miraty
c05c16a516 --blocking for knotc everywhere 2023-05-03 01:38:50 +02:00
Miraty
864f868890 Split accounts capabilities; Info about rate limit 2023-05-02 19:30:53 +02:00
Miraty
f8aced3894 Add script to update translations 2023-05-02 19:14:16 +02:00
Miraty
9f5f8958c5 Rate-limit most form processings 2023-05-02 18:02:08 +02:00
Miraty
2ecc520dae Add a software architecture documentation page 2023-05-02 17:51:56 +02:00
Miraty
ff7e770654 Add installation instructions 2023-05-02 17:34:40 +02:00
Miraty
81229a5e33 nsDeleteZone: Fix zone deletion process 2023-04-27 22:18:03 +02:00
Miraty
5af557f630 Better return code checking, --force for zone-purge 2023-04-27 03:24:34 +02:00
Miraty
03e61fad26 Autoconfigure certbot using cli.ini 2023-04-26 14:08:47 +02:00
Miraty
5adb07c7c8 Update add-dns.php for newer db schema 2023-04-24 00:53:54 +02:00
Miraty
bf4eedbe71 Add 10ms delay after reloading Tor 2023-04-23 17:08:42 +02:00
Miraty
3749aa9b4a Fix exec()'s $output 2023-04-23 16:36:41 +02:00
Miraty
b5b2f95bf5 rm --recursive > rm -r for BusyBox compatibility 2023-04-23 03:19:10 +02:00
Miraty
813927e03e Ensure domains are not too long 2023-04-21 19:01:46 +02:00
Miraty
d51f9dfac3 Set umask to 0077 everywhere 2023-04-19 14:59:07 +02:00
Miraty
a2ea572439 Fix operator precedence 2023-04-15 21:16:04 +02:00
Miraty
9f7c93e66d Add debug option in SFTPGo authenticator 2023-04-15 18:01:19 +02:00
Miraty
b93ff0c26f More exhaustive check.php 2023-04-15 16:39:41 +02:00
Miraty
088fe9ee53 Fix check.php for new domain registration form 2023-04-11 02:43:16 +02:00
Miraty
bd06fc7fbf Use Apache
- Allows customization through .htaccess
- No need to configure or reload a server when adding a site
- Content negotiation
2023-04-10 00:50:42 +02:00
Miraty
2d6f2745a6 Fix syntax and error 2023-03-28 00:18:37 +02:00
Miraty
b9af7fee09 reg: Delay at unregistration; Display domain history 2023-03-25 16:26:05 +01:00
Miraty
ed05d4aab9 reg/register: add "Check availability" feature 2023-03-19 22:22:34 +01:00
Miraty
15ddd77bc4 Add script to check that services work as expected 2023-03-18 18:40:04 +01:00