Pi-Hole/web
1
0
Fork 0
mirror of https://github.com/pi-hole/web.git synced 2025-12-26 13:36:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,238 Commits 19 Branches 112 Tags
56ea43014ecf792f44967ea16423f2b42f7c751d
Commit Graph

18 Commits

Author SHA1 Message Date
Mcat12
8cf7e262a2 Remove CORS skip log message 
It can fill up the error log really quickly, since this function is now used on all pages. Most of these pages are not able to be protected by CORS but can still be protected by the Host check.
 2016-12-10 11:47:47 -05:00
Mcat12
0dec4b8aa0 Protect Enable/Disable with a CSRF token check 
The token is now added for all pages.
 2016-12-04 13:16:45 -05:00
Mcat12
40c6ee9f5a Remove strict flag and change Host check 
Since the Host header is easily manipulated, we can only check if
it's wrong and can't use it to validate that the client is authorized,
only unauthorized. There's no need for the strict flag anymore
because of this.
 2016-12-02 16:06:43 -05:00
Mcat12
591bc2c3f5 Change another else for codacy 2016-11-20 18:23:18 -05:00
Mcat12
2989709a23 Re-arrange check_cors if statements for codacy 2016-11-20 18:11:02 -05:00
Mcat12
b2b93e90b3 Add flag for strict CORS 
Prevents enable/disable from requests without CORS info
 2016-11-17 16:47:14 -05:00
Mcat12
d2fcc36341 Require CORS check on all admin pages 
This is mainly added so that an ad can't enable/disable the Pi-hole
by simply loading a url like `http://pi.hole/admin/index.php?disable`
 2016-11-07 21:10:36 -05:00
Adam Warner
b9f186befb Revert "set default time zone for date" 2016-10-18 15:52:58 +01:00
Mcat12
871bef985d Add fallback hash_equals and use old array syntax 2016-10-13 16:25:05 -04:00
Jakob Ackermann
fb995872d1 run date command right before log event 2016-10-09 04:04:40 +02:00
Jakob Ackermann
9cd0f4b4fa use output of command date as datestring 
this will imply the system time zone. command date and the given format
are supported by the majority of linux distros
 2016-10-09 03:06:09 +02:00
Jakob Ackermann
b73d6e0329 set default time zone for date 
this prevents basic error messages from php(-cgi) for not setting the
timezone and then using UTC as default
 2016-10-04 17:57:34 +02:00
brantje
4da38e5472 Check if a domain name is valid 2016-08-17 21:18:17 +02:00
diginc
f460607bde semicolon because php 2016-07-18 21:38:48 -05:00
diginc
b6e177de6c Set a default error log when empty 2016-07-18 21:04:17 -05:00
diginc
246599a0ba Don't need docker server IP in here anymore 2016-07-08 08:23:12 -05:00
diginc
d1ef51a358 cleanup and tested on alpine/debian 2016-07-07 23:30:58 -05:00
diginc
657fb7badc Fixes and refactoring WL/BL files more 
* CORS was required to auth (bug) - fixed
* Logging defaults to the default lighttpd error log
* Overridable error log location to support alpine/nginx container or power users
* Put the repeated code into a include for sub/add, auth.php
* Error logs say what failed much better now
* VIRTUAL_HOST should theoretically allow custom hostnames for CORS
 2016-07-07 00:28:28 -05:00