Pi-Hole/web
1
0
Fork 0
mirror of https://github.com/pi-hole/web.git synced 2025-12-23 20:28:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,911 Commits 19 Branches 112 Tags
c5b25f23e51a48e6e76b8599bb41a65dfd29285d
Commit Graph

440 Commits

Author SHA1 Message Date
Mcat12
c5b25f23e5 Add missing break 
Signed-off-by: Mcat12 <newtoncat12@yahoo.com>
 2019-07-09 20:37:05 -07:00
Mcat12
bc85bcda7b Prevent static DHCP leases from having duplicate hostnames 
Fixes #979

Signed-off-by: Mcat12 <newtoncat12@yahoo.com>
 2019-07-09 20:35:15 -07:00
Mark Drobnak
77845474d8 Merge pull request #968 from pi-hole/new/domain_groups_enabled_status 
Lists: Highlight if domains are disabled
 2019-07-07 17:18:42 -04:00
DL6ER
eeb4598925 Fix hardcoded table name. 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2019-07-07 22:40:34 +02:00
DL6ER
8698ce1b9c Do not return query string in get.php. 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2019-07-07 10:19:20 +02:00
Mark Drobnak
7470119396 Merge pull request #978 from pi-hole/fix/audit_log 
Audit log: Should use $domains
 2019-07-06 19:46:29 -04:00
DL6ER
dab155c2bf We need to use \$domains instead of \$domain when addin domains to the audit log. 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2019-07-05 17:14:24 +02:00
DL6ER
e3f76a46d2 Use GROUP BY instead of DISTINCT as we pairs or(domain,1) and (domain,0) are distinct as well where we actually want to only GROUP BY domain. 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2019-07-05 11:49:44 +02:00
DL6ER
4cc54ee407 Group assignment has changed in the database. Adapt the code accordignly. 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2019-07-05 11:24:22 +02:00
DL6ER
7d9206c2cd Merge pull request #975 from pi-hole/fix/settings-page-adlists 
Use the renamed adlist table when getting adlists
 2019-07-04 22:13:20 +02:00
Mcat12
8819825dc8 Upgrade the exporter/importer (teleporter) to use the gravity database 
Also fixed the content type of the tar.gz archive from zip to gzip.

Signed-off-by: Mcat12 <newtoncat12@yahoo.com>
 2019-07-04 12:31:02 -07:00
Mcat12
86ba703ef5 Use the renamed adlist table when getting adlists 
This fixes an error shown on the settings page.

Signed-off-by: Mcat12 <newtoncat12@yahoo.com>
 2019-07-04 11:28:01 -07:00
Mark Drobnak
4e1df1664c Merge pull request #951 from pi-hole/new/arp-flush 
Add button for pihole arpflush on Pi-hole settings page
 2019-07-04 14:10:29 -04:00
Mcat12
f7905167c0 Prevent command injection via admin email 
Signed-off-by: Mcat12 <newtoncat12@yahoo.com>
 2019-07-01 20:17:10 -07:00
DL6ER
5f28a3816d Pass group_enabled boolean to web interface and show if entry was disabled due to group setting. Although the current web interface does not support group-based management, this may aid in debugging if users interact the database directly. 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2019-06-16 20:08:24 +02:00
DL6ER
43fa24fbea Glue needs to be the first argument of implode 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2019-05-30 22:11:13 +02:00
DL6ER
72abc5dad4 Add button for pihole arpflush on Pi-hole settings page 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2019-05-30 22:05:13 +02:00
DL6ER
ced7174c37 Modify adlists subpage of the settings page to sources the lists from the gravity database. 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2019-04-28 20:42:50 +02:00
DL6ER
406a946b24 Add new file scripts/pi-hole/php/database.php 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2019-04-26 18:32:33 +02:00
DL6ER
8b0ee8f4fa Reduce code duplication 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2019-04-26 18:29:05 +02:00
DL6ER
506644b671 Rewrite web interface to allow interaction with database-based lists 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2019-04-25 15:02:39 +02:00
Mcat12
24a22bcb55 Fix security issue when using list functionality via api.php 
Remote code execution could have been triggered by activating some list
functionality (add and remove) via api.php.

Thanks to Kacper Szurek for finding this bug.

Signed-off-by: Mcat12 <newtoncat12@yahoo.com>
 2019-03-02 13:51:29 -08:00
Mcat12
2ba8787261 Merge branch 'release/v4.2' into devel 
# Conflicts:
#	scripts/pi-hole/js/db_graph.js
 2019-02-03 11:24:19 -08:00
Mark Drobnak
991be959d3 Update scripts/pi-hole/php/savesettings.php 
Co-Authored-By: DL6ER <DL6ER@users.noreply.github.com>
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2019-01-19 22:35:12 +01:00
Michael Epstein
6447879562 Fix a PHP error generated by "Query Lists". 
Example:
2019/01/18 00:56:46 [error] 19780#19780: *20783 FastCGI sent in stderr: "PHP message: PHP Notice:  ob_end_flush(): failed to delete and flush buffer. No buffer to delete or flush in /var/www/html/admin/scripts/pi-hole/php/queryads.php on line 9" while reading response header from upstream, client: xxx.xxx.xx.xx, server: some.server.lan, request: "GET /admin/scripts/pi-hole/php/queryads.php?domain=windows& HTTP/1.1", upstream: "fastcgi://unix:/run/php/pihole.sock:", host: "some.server.lan", referrer: "https://some.server.lan/admin/queryads.php"

Signed-off-by: Michael Epstein <mepstein@mediabox.cl>
 2019-01-18 01:25:59 -03:00
Michael Epstein
84f6f3dae6 - Fix the delete of blacklist/whitelist records under NGINX + PHP-FPM 
- Fix multiple php warning/error messages when this scripts are executed from AJAX requests

Example errors/warnings:

2019/01/15 13:22:22 [error] 1408#1408: *2535 FastCGI sent in stderr: "PHP message: PHP Notice:  Undefined variable: api in /var/www/html/admin/scripts/pi-hole/php/sub.php on line 16
PHP message: PHP Warning:  Cannot modify header information - headers already sent by (output started at /var/www/html/admin/scripts/pi-hole/php/sub.php:8) in /var/www/html/admin/scripts/pi-hole/php/auth.php on line 81
PHP message: PHP Warning:  session_start(): Cannot start session when headers already sent in /var/www/html/admin/scripts/pi-hole/php/auth.php on line 93

Signed-off-by: Michael Epstein <mepstein@mediabox.cl>
 2019-01-16 01:51:54 -03:00
DL6ER
a10f23b79a Prevent multiple static DHCP entries for the same IP address to get added. Fixes #889 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2019-01-15 17:17:34 +01:00
Sylvia van Os
525901e552 Read DNS server list from file 
Signed-off-by: Sylvia van Os <sylvia@hackerchick.me>
 2019-01-13 19:49:49 +01:00
DL6ER
39d163d5b7 Only use class "fa" instead of using two classes "fa fas" 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2019-01-08 21:19:27 +01:00
DL6ER
e44c635807 Properly align Paypal icon. Unfortunately, fas and fab use different alignments so we need to install a special CSS rule here. 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2019-01-07 18:59:29 +01:00
DL6ER
d07eafc964 Review comments 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2019-01-07 18:56:56 +01:00
DL6ER
3305982c32 Merge branch 'devel' into new/network-details 2018-12-29 20:21:32 +01:00
DL6ER
78b4397a66 Update FontAwesome from version 4.5.0 to 5.6.3 to have a network icon for the new network details page. Added a navigation bar item for the new page. 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2018-12-28 19:43:27 +01:00
Dan Schaper
798486b7a3 Merge pull request #879 from pi-hole/hotfix/v4.1.1 
Merge hotfix v4.1.1 into dev
 2018-12-21 09:07:21 -08:00
Dan Schaper
0cf5585d2b Merge pull request #878 from pi-hole/fix/CF_ECS 
Cloudflare does not support ECS
 2018-12-19 09:41:14 -08:00
Dan Schaper
a0961f9e21 Cloudflare does not support ECS 
>EDNS Client Subnet
1.1.1.1 is a privacy centric resolver so it does not send any client IP information and does not send the EDNS Client Subnet Header to authoritative servers.

https://developers.cloudflare.com/1.1.1.1/nitty-gritty-details/
 2018-12-18 18:16:58 -08:00
Mcat12
c382bb67e6 Keep a trailing newline in the regex list when deleting an item 
Fixes #874

Signed-off-by: Mcat12 <newtoncat12@yahoo.com>
 2018-12-15 20:50:36 -05:00
Mark Drobnak
193e43c186 Merge pull request #865 from pi-hole/fix/script-outside-html 
Move script tags inside html tag body
 2018-12-10 16:48:00 -05:00
Mark Drobnak
9fa4cc62cb Merge pull request #872 from pi-hole/release/v4.1 
Update development with final v4.1 changes
 2018-12-09 22:14:30 -05:00
Mark Drobnak
e8b0e97d31 Merge branch 'release/v4.1' into fix/duplicated_list_entries 2018-12-06 23:13:03 -05:00
Mark Drobnak
064e652344 Merge branch 'release/v4.1' into fix/admin-email-security 2018-12-06 12:18:39 -05:00
Mark Drobnak
1850f7e108 Merge branch 'release/v4.1' into fix/privacy_maximum_no_regex 2018-12-05 23:12:48 -05:00
DL6ER
99b0535f8e Remove empty line at beginning of output of add.php 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2018-11-29 18:41:30 +01:00
DL6ER
21ab29dedc Use shell_exec() instead of exec() to obtain the full script output (and not only the last line!) 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2018-11-29 18:39:23 +01:00
DL6ER
1709631949 Don't use --quiet flag for adding hosts to white- and blacklist 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2018-11-29 18:02:44 +01:00
DL6ER
18f9ed4532 Update savesettings.php 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2018-11-26 19:12:08 +01:00
Mark Drobnak
9d4e545593 Use simpler check for dash in is_valid_domain_name 
Signed-off-by: Mark Drobnak <mark.drobnak@gmail.com>
 2018-11-24 11:21:54 -05:00
Mcat12
e7f4ef8a09 Prevent domains sent to queryAds acting as command line options 
Signed-off-by: Mcat12 <newtoncat12@yahoo.com>
 2018-11-23 14:43:08 -05:00
Mcat12
13c29336b2 Prevent possible attacks via admin email setting 
The admin email is now treated as a single string (surrounded by single
quotes), and it is not allowed to contain its own single quotes.

Signed-off-by: Mcat12 <newtoncat12@yahoo.com>
 2018-11-23 14:35:43 -05:00
Mcat12
79c7c893ac Move footer script back to footer 
Signed-off-by: Mcat12 <newtoncat12@yahoo.com>
 2018-11-10 13:55:37 -05:00