Pi-Hole/web
1
0
Fork 0
mirror of https://github.com/pi-hole/web.git synced 2026-05-14 12:40:21 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,504 Commits 25 Branches 114 Tags
ea817bf508fe4c0893283d69367be48faae71dfd
Commit Graph

27 Commits

Author SHA1 Message Date
DL6ER 563cba7ec1 Removed superfluous "http://" strings 2016-12-27 17:28:57 +00:00
DL6ER 72befd7207 Only half of the work was done ;-) 2016-12-27 17:23:54 +00:00
Mcat12 2254af713b Allow custom port in CORS check 2016-12-27 11:39:47 -05:00
DL6ER 623ef322e4 Add support for port != 80 2016-12-21 20:45:02 +01:00
Mcat12 ebe310d1db Correctly parse IPV4_ADDRESS in setupVars for CORS 
Often there's a `/24` at the end of the IP, so we need to ignore
that.
 2016-12-21 12:32:36 -05:00
Mcat12 8b59998299 Use IPv4 from setupVars for CORS 2016-12-21 12:08:19 -05:00
DL6ER e188cb6fbc Revert "Merge pull request #267 from pi-hole/folderStructure" 
This reverts commit fba3d10fa4, reversing
changes made to 4ee75f4167.
 2016-12-21 17:16:52 +01:00
Mcat12 d1da1de597 Move PHP scripts to scripts folder 2016-12-19 19:44:51 -05:00
DL6ER 1068ed82b1 Add hostname to allowed domains 2016-12-16 21:36:26 +01:00
Mcat12 8cf7e262a2 Remove CORS skip log message 
It can fill up the error log really quickly, since this function is now used on all pages. Most of these pages are not able to be protected by CORS but can still be protected by the Host check.
 2016-12-10 11:47:47 -05:00
Mcat12 0dec4b8aa0 Protect Enable/Disable with a CSRF token check 
The token is now added for all pages.
 2016-12-04 13:16:45 -05:00
Mcat12 40c6ee9f5a Remove strict flag and change Host check 
Since the Host header is easily manipulated, we can only check if
it's wrong and can't use it to validate that the client is authorized,
only unauthorized. There's no need for the strict flag anymore
because of this.
 2016-12-02 16:06:43 -05:00
Mcat12 591bc2c3f5 Change another else for codacy 2016-11-20 18:23:18 -05:00
Mcat12 2989709a23 Re-arrange check_cors if statements for codacy 2016-11-20 18:11:02 -05:00
Mcat12 b2b93e90b3 Add flag for strict CORS 
Prevents enable/disable from requests without CORS info
 2016-11-17 16:47:14 -05:00
Mcat12 d2fcc36341 Require CORS check on all admin pages 
This is mainly added so that an ad can't enable/disable the Pi-hole
by simply loading a url like `http://pi.hole/admin/index.php?disable`
 2016-11-07 21:10:36 -05:00
Adam Warner b9f186befb Revert "set default time zone for date" 2016-10-18 15:52:58 +01:00
Mcat12 871bef985d Add fallback hash_equals and use old array syntax 2016-10-13 16:25:05 -04:00
Jakob Ackermann fb995872d1 run date command right before log event 2016-10-09 04:04:40 +02:00
Jakob Ackermann 9cd0f4b4fa use output of command date as datestring 
this will imply the system time zone. command date and the given format
are supported by the majority of linux distros
 2016-10-09 03:06:09 +02:00
Jakob Ackermann b73d6e0329 set default time zone for date 
this prevents basic error messages from php(-cgi) for not setting the
timezone and then using UTC as default
 2016-10-04 17:57:34 +02:00
brantje 4da38e5472 Check if a domain name is valid 2016-08-17 21:18:17 +02:00
diginc f460607bde semicolon because php 2016-07-18 21:38:48 -05:00
diginc b6e177de6c Set a default error log when empty 2016-07-18 21:04:17 -05:00
diginc 246599a0ba Don't need docker server IP in here anymore 2016-07-08 08:23:12 -05:00
diginc d1ef51a358 cleanup and tested on alpine/debian 2016-07-07 23:30:58 -05:00
diginc 657fb7badc Fixes and refactoring WL/BL files more 
* CORS was required to auth (bug) - fixed
* Logging defaults to the default lighttpd error log
* Overridable error log location to support alpine/nginx container or power users
* Put the repeated code into a include for sub/add, auth.php
* Error logs say what failed much better now
* VIRTUAL_HOST should theoretically allow custom hostnames for CORS
 2016-07-07 00:28:28 -05:00