DL6ER
dfcfafd6d9
Implement whitelist regex support to web interface.
...
Signed-off-by: DL6ER <dl6er@dl6er.de >
2019-07-22 21:15:50 +02:00
Mcat12
24a22bcb55
Fix security issue when using list functionality via api.php
...
Remote code execution could have been triggered by activating some list
functionality (add and remove) via api.php.
Thanks to Kacper Szurek for finding this bug.
Signed-off-by: Mcat12 <newtoncat12@yahoo.com >
2019-03-02 13:51:29 -08:00
DL6ER
d67f8c66ee
Wrong token is either when users try to do it via an old session or through a script. Hence, the message should tell the user to re-login
...
Signed-off-by: DL6ER <dl6er@dl6er.de >
2018-08-24 19:09:24 +02:00
DL6ER
7a9fcc1676
The "Wrong Token." message is shown whenever the token is wrong or not available. This commit adds more details into this message to help user's in their own troubleshooting.
...
Signed-off-by: DL6ER <dl6er@dl6er.de >
2018-08-24 19:00:42 +02:00
DL6ER
ec0afceeed
Add new button to allow both regex filters and legacy wildcards (get automatically converted to regex format)
...
Signed-off-by: DL6ER <dl6er@dl6er.de >
2018-06-30 14:19:03 +02:00
DL6ER
1935544183
Directly manipulate regex.list from PHP to avoid detour over bash. This needs read/write permissions of the PHP user on "/etc/pihole/regex.list" !
...
Signed-off-by: DL6ER <dl6er@dl6er.de >
2018-06-23 15:50:19 +02:00
Mcat12
289b62abf3
Fix header.php importing func.php twice
...
Signed-off-by: Mcat12 <newtoncat12@yahoo.com >
2018-01-20 10:59:05 -05:00
Mcat12
862db2ba9e
Use hash_equals in password.php (and move it to funcs.php)
...
Signed-off-by: Mcat12 <newtoncat12@yahoo.com >
2018-01-19 17:52:06 -05:00
Mcat12
ad614a2b93
Fix list_verify XSS
...
Signed-off-by: Mcat12 <newtoncat12@yahoo.com >
2018-01-19 16:57:47 -05:00
Mark Drobnak
f2a0b622f1
Fix preg_split warning
...
Warning was:
`preg_split(): Delimiter must not be alphanumeric or backslash`
Signed-off-by: Mark Drobnak <newtoncat12@yahoo.com >
2018-01-02 12:11:22 -05:00
Mcat12
c60b703680
Appease codacy
2017-10-07 17:09:49 -04:00
Mcat12
cea17a4766
Allow whitelisting/blacklist even if there is no password set
2017-10-07 16:51:22 -04:00
J den Hartog
76891ef43d
Whitelisting withOUT password not supported
...
*White*listing with password not supported
should be:
*White*listing without password not supported
in my opinion.
2017-09-16 10:39:21 +02:00
DL6ER
fe3e8fcb08
Ensure excess whitespace is split when white/blacklisting multiple domains
2017-07-28 00:01:18 +10:00
DL6ER
f328595d6d
Remove [ ] from SERVER_NAME variable ( #405 )
2017-02-27 22:17:46 +01:00
DL6ER
d7fdaf9273
Fix whitespace caused by added license headers
2017-02-19 21:19:02 +01:00
DL6ER
4f70973cbc
EUPL license ( #402 )
...
* Move whole project to EUPL, copy MIT license to scripts/vendor/ and style/vendor/
* Added header to main PHP files
* Modified scripts in scripts/pi-hole/php
* Added header to scripts/pi-hole/js files
* Added license header to our custom style script
* Slight reformulation
2017-02-18 14:20:51 +01:00
DL6ER
940324551f
Strip https:// and http:// in CORS test
2017-01-29 11:45:38 +01:00
DL6ER
57c99cb04d
Extend CORS check to IPv6. Fixes #1109
2017-01-18 13:28:25 +01:00
DL6ER
3808f74d4d
Change function check_domain() to validate multiple domains separated by spaces
2017-01-08 10:37:20 +01:00
Mcat12
79f7d93c52
Sanitize error output
2017-01-07 14:34:30 -05:00
DL6ER
fba19e66cf
Rephrase explaination what the code is doing because it is doing more than we expected
2017-01-02 16:46:13 +01:00
DL6ER
6da6805c5c
Fix three codacy issues
2017-01-02 16:17:37 +01:00
Mcat12
ca9418a245
Merge branch 'devel' into restructureFolders
2016-12-30 14:44:26 -05:00
Promofaux
8240e2d23b
merge devel
2016-12-29 19:59:09 +00:00
Mcat12
2f65430a4d
Move PHP scripts to scripts folder
2016-12-21 21:09:58 +01:00
DL6ER
e188cb6fbc
Revert "Merge pull request #267 from pi-hole/folderStructure"
...
This reverts commit fba3d10fa44ee75f4167
2016-12-21 17:16:52 +01:00
Mcat12
d1da1de597
Move PHP scripts to scripts folder
2016-12-19 19:44:51 -05:00
