Pi-Hole/web
1
0
Fork 0
mirror of https://github.com/pi-hole/web.git synced 2025-12-20 10:48:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
7,152 Commits 20 Branches 112 Tags
development
Commit Graph

64 Commits

Author SHA1 Message Date
RD WebDesign
8c0f785351 Replace mg.request_info.request_uri with the variable scriptname 
The information from `mg.request_info.request_uri` depends on the URL typed
by the user. This information was used without any sanitization, allowing
an attacker to send crafted links containing anything, including javascript
code, which could be loaded and executed in a few pages.

Replacing this value with `scriptname` variable fixes the issue, since this
variable contains the name of the file currently being executed. This
information cannot be externally manipulated and it is safe to be used on
the page.

Signed-off-by: RD WebDesign <github@rdwebdesign.com.br>
 2025-10-19 18:44:52 -03:00
yubiuser
1fd924fcff Use label-primary for number of enabled list icon on sidebar 
Signed-off-by: yubiuser <github@yubiuser.dev>
 2025-07-13 16:21:18 +02:00
XhmikosR
4aaf7fe0e6 header: move unneeded unauthenticated assets to authenticated 
Signed-off-by: XhmikosR <xhmikosr@gmail.com>
 2025-06-27 16:43:32 +03:00
Dominik
a07dacab77 header_authenticated.lp: add the hostname li only if it's greater t… (#3501) 2025-06-20 20:38:59 +02:00
XhmikosR
64b4756640 Update chart.js to v4.5.0 (#3516) 
* Update chart.js to v4.5.0

Also, switch to the minified file

Signed-off-by: XhmikosR <xhmikosr@gmail.com>

* Update scripts/lua/header_authenticated.lp

Co-authored-by: yubiuser <github@yubiuser.dev>
Signed-off-by: XhmikosR <xhmikosr@gmail.com>

---------

Signed-off-by: XhmikosR <xhmikosr@gmail.com>
Co-authored-by: yubiuser <github@yubiuser.dev>
 2025-06-16 15:50:47 +02:00
yubiuser
538020ee79 header: don't hide advanced info since it's always shown (#3513) 2025-06-16 11:38:17 +02:00
XhmikosR
3d7f0d47df Lowercase doctype 
It's perfectly valid and it should result in smaller compressed size when gzip is used.

Signed-off-by: XhmikosR <xhmikosr@gmail.com>
 2025-06-15 08:18:36 +03:00
XhmikosR
293a84439d header: don't hide advanced info since it's always shown 
Signed-off-by: XhmikosR <xhmikosr@gmail.com>
 2025-06-15 08:13:20 +03:00
XhmikosR
f78257bd8e header_authenticated.lp: add the hostname li only if it's greater than zero 
Signed-off-by: XhmikosR <xhmikosr@gmail.com>
 2025-06-02 17:10:47 +03:00
Adam Warner
abd4d9d3b9 settings-level-expert: hide them by default (#3487) 2025-05-30 21:35:56 +01:00
casperklein
f3fd182d00 Add rel="noreferrer" to external hyperlinks 
Signed-off-by: casperklein <casperklein@users.noreply.github.com>
 2025-05-29 22:57:36 +02:00
XhmikosR
a18629193a settings-level-expert: hide them by default 
Matches the previous behavior before 8556b65

Signed-off-by: XhmikosR <xhmikosr@gmail.com>
 2025-05-27 20:59:05 +03:00
yubiuser
d010d1309e sidebar: move active class outside of class attribute conditional (#3492) 2025-05-27 19:52:45 +02:00
XhmikosR
b1c37c3b4b sidebar: move active class outside of class attribute conditional 
Gets rid of empty class attributes when not needed

Signed-off-by: XhmikosR <xhmikosr@gmail.com>
 2025-05-27 18:02:04 +03:00
yubiuser
24fdb48d3f Remove horizontal line in hamburger menu 
Signed-off-by: yubiuser <github@yubiuser.dev>
 2025-05-26 21:17:57 +02:00
yubiuser
d2cd688cf9 header_authenticated: change documentation icon to solid (#3488) 2025-05-26 18:05:38 +02:00
XhmikosR
89f4d0af4e header_authenticated: change documentation icon to solid 
It's now consistent with the rest of the icons

Signed-off-by: XhmikosR <xhmikosr@gmail.com>
 2025-05-26 09:03:39 +03:00
XhmikosR
8367ed2b9f footer: rename label 
Signed-off-by: XhmikosR <xhmikosr@gmail.com>
 2025-05-25 19:01:18 +03:00
Dominik
064154f0e6 Make use of the new format_path function to add the current page in body (#3390) 2025-05-19 19:09:24 +02:00
Adam Warner
db48e5e32f sidebar: increase logo size to prevent a reflow (#3407) 2025-05-15 17:19:02 +01:00
Dominik
ed09c524ff Replace invalid hostname to prevent XSS (#3401) 2025-05-14 19:37:52 +02:00
RD WebDesign
66f7e1d081 Use mg.script_name to retrieve the scriptname 
This value is independent from webhome or prefix

Signed-off-by: RD WebDesign <github@rdwebdesign.com.br>
 2025-05-09 00:05:52 -03:00
XhmikosR
66f9c38d03 Make use of the new format_path function to add the current page in body 
This will allow us to target specific pages more easily

Signed-off-by: XhmikosR <xhmikosr@gmail.com>
 2025-05-04 09:56:56 +03:00
yubiuser
d0829308db Replace hostname string if it contains invalid characters 
Signed-off-by: yubiuser <github@yubiuser.dev>
 2025-04-26 23:39:39 +02:00
XhmikosR
b6d1385531 sidebar: increase logo size to prevent a reflow 
Signed-off-by: XhmikosR <xhmikosr@gmail.com>
 2025-04-21 15:25:00 +03:00
XhmikosR
1fbbb91f51 Remove icheckbox related-code except for primary 
v6 doesn't support changing this like v5

Signed-off-by: XhmikosR <xhmikosr@gmail.com>
 2025-04-21 12:07:06 +03:00
yubiuser
1d9a079fc9 header: fix runtime error when query_string is null (#3395) 2025-04-21 10:21:43 +02:00
Dominik
380c31f4cf Revert the defer addition for now (#3382) 2025-04-21 09:09:34 +02:00
XhmikosR
27b7aaa713 header: fix runtime error when query_string is null 
Signed-off-by: XhmikosR <xhmikosr@gmail.com>
 2025-04-14 08:45:34 +03:00
yubiuser
6e4a17d8b3 Escape hostname to prevent XSS 
Signed-off-by: yubiuser <github@yubiuser.dev>
 2025-04-11 09:39:18 +02:00
yubiuser
471e53b6cf Remove x-dns-prefetch-control meta tag (#3378) 2025-04-04 22:36:22 +02:00
XhmikosR
2dd128fbfb Revert the defer addition for now 
There are still cases we are getting TypeErrors. We should try again after grouping our assets together in all pages.

Signed-off-by: XhmikosR <xhmikosr@gmail.com>
 2025-04-03 07:52:28 +03:00
DL6ER
58616bc8af Remove remaining hard-coded /admin/ paths in the webinterface 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2025-03-31 21:43:57 +02:00
XhmikosR
f343fac2ab Remove x-dns-prefetch-control meta tag 
This is now included in FTL

Signed-off-by: XhmikosR <xhmikosr@gmail.com>
 2025-03-30 15:37:00 +03:00
Dominik
fb86db5d30 Remove meta http-equiv="cache-control" (#3353) 2025-03-30 10:40:53 +02:00
XhmikosR
39846a3531 Remove meta http-equiv="cache-control" 
This is set in FTL to `no-cache, no-store, must-revalidate, private, max-age=0` so this is redundant

Signed-off-by: XhmikosR <xhmikosr@gmail.com>
 2025-03-29 10:32:44 +02:00
yubiuser
621ec801e9 Use modernized waitMe plugin 
Signed-off-by: yubiuser <github@yubiuser.dev>
 2025-03-27 22:01:58 +01:00
Dominik
071e5edb4a sidebar: switch to a real button (#3342) 2025-03-27 13:19:36 +01:00
XhmikosR
6c29d5dab8 Logout: fix redirect 
Without this, we were getting into a loop with keep alive enabled
when using Firefox.

Signed-off-by: XhmikosR <xhmikosr@gmail.com>
 2025-03-24 08:29:40 +02:00
XhmikosR
5036b1df13 Navigation: switch to a real button 
Better for accessibility

Signed-off-by: XhmikosR <xhmikosr@gmail.com>
 2025-03-23 19:19:57 +02:00
XhmikosR
1acb80536b Refactor assets loading 
* move fonts first
* move CSS and JS along with the rest
* move default auto theme media checks to the HEAD instead of imports

Also, use `script defer`. This makes the JS files non-blocking.

Signed-off-by: XhmikosR <xhmikosr@gmail.com>
 2025-03-23 07:08:37 +02:00
Dominik
877d5f8cb9 Allow path prefix multiplexing the dashboard and API (#3269) 2025-03-22 20:46:37 +01:00
XhmikosR
6a5b40f7bf Add missing rel="noopener" for external links 
Signed-off-by: XhmikosR <xhmikosr@gmail.com>
 2025-03-21 16:54:22 +02:00
Adam Warner
983dbc2244 Update fonts (#3309) 2025-03-20 17:03:49 +00:00
DL6ER
6a6a3911f0 Merge branch 'development' into new/web_prefix 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2025-03-18 06:58:10 +01:00
RD WebDesign
5de572e53f Fix the reversed numbers in Group Management menu items - LCARS theme 
Signed-off-by: RD WebDesign <github@rdwebdesign.com.br>
 2025-03-16 00:23:16 -03:00
XhmikosR
7ebf4e07df Update fonts 
Remove the .woff files since our supported browsers support .woff2

Signed-off-by: XhmikosR <xhmikosr@gmail.com>
 2025-03-12 16:38:06 +02:00
XhmikosR
bbcda8ae28 Fix stray - 
Signed-off-by: XhmikosR <xhmikosr@gmail.com>
 2025-03-12 08:13:20 +02:00
RD WebDesign
ffdffbc262 Sidebar: fix missing span end-closing tags (#3316) 2025-03-12 00:21:21 -03:00
XhmikosR
a9addd1d8c sidebar: fix missing span end-closing tags 
Signed-off-by: XhmikosR <xhmikosr@gmail.com>
 2025-03-11 10:12:22 +02:00