Pi-Hole/web
1
0
Fork 0
mirror of https://github.com/pi-hole/web.git synced 2025-12-24 04:38:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,083 Commits 19 Branches 112 Tags
f0469d1954143fd8b02442b51bfbf879112ec800
Commit Graph

522 Commits

Author SHA1 Message Date
DL6ER
406a946b24 Add new file scripts/pi-hole/php/database.php 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2019-04-26 18:32:33 +02:00
DL6ER
8b0ee8f4fa Reduce code duplication 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2019-04-26 18:29:05 +02:00
DL6ER
506644b671 Rewrite web interface to allow interaction with database-based lists 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2019-04-25 15:02:39 +02:00
Mcat12
24a22bcb55 Fix security issue when using list functionality via api.php 
Remote code execution could have been triggered by activating some list
functionality (add and remove) via api.php.

Thanks to Kacper Szurek for finding this bug.

Signed-off-by: Mcat12 <newtoncat12@yahoo.com>
 2019-03-02 13:51:29 -08:00
Mcat12
2ba8787261 Merge branch 'release/v4.2' into devel 
# Conflicts:
#	scripts/pi-hole/js/db_graph.js
 2019-02-03 11:24:19 -08:00
Mark Drobnak
991be959d3 Update scripts/pi-hole/php/savesettings.php 
Co-Authored-By: DL6ER <DL6ER@users.noreply.github.com>
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2019-01-19 22:35:12 +01:00
Michael Epstein
6447879562 Fix a PHP error generated by "Query Lists". 
Example:
2019/01/18 00:56:46 [error] 19780#19780: *20783 FastCGI sent in stderr: "PHP message: PHP Notice:  ob_end_flush(): failed to delete and flush buffer. No buffer to delete or flush in /var/www/html/admin/scripts/pi-hole/php/queryads.php on line 9" while reading response header from upstream, client: xxx.xxx.xx.xx, server: some.server.lan, request: "GET /admin/scripts/pi-hole/php/queryads.php?domain=windows& HTTP/1.1", upstream: "fastcgi://unix:/run/php/pihole.sock:", host: "some.server.lan", referrer: "https://some.server.lan/admin/queryads.php"

Signed-off-by: Michael Epstein <mepstein@mediabox.cl>
 2019-01-18 01:25:59 -03:00
Michael Epstein
84f6f3dae6 - Fix the delete of blacklist/whitelist records under NGINX + PHP-FPM 
- Fix multiple php warning/error messages when this scripts are executed from AJAX requests

Example errors/warnings:

2019/01/15 13:22:22 [error] 1408#1408: *2535 FastCGI sent in stderr: "PHP message: PHP Notice:  Undefined variable: api in /var/www/html/admin/scripts/pi-hole/php/sub.php on line 16
PHP message: PHP Warning:  Cannot modify header information - headers already sent by (output started at /var/www/html/admin/scripts/pi-hole/php/sub.php:8) in /var/www/html/admin/scripts/pi-hole/php/auth.php on line 81
PHP message: PHP Warning:  session_start(): Cannot start session when headers already sent in /var/www/html/admin/scripts/pi-hole/php/auth.php on line 93

Signed-off-by: Michael Epstein <mepstein@mediabox.cl>
 2019-01-16 01:51:54 -03:00
DL6ER
a10f23b79a Prevent multiple static DHCP entries for the same IP address to get added. Fixes #889 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2019-01-15 17:17:34 +01:00
Sylvia van Os
525901e552 Read DNS server list from file 
Signed-off-by: Sylvia van Os <sylvia@hackerchick.me>
 2019-01-13 19:49:49 +01:00
DL6ER
39d163d5b7 Only use class "fa" instead of using two classes "fa fas" 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2019-01-08 21:19:27 +01:00
DL6ER
e44c635807 Properly align Paypal icon. Unfortunately, fas and fab use different alignments so we need to install a special CSS rule here. 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2019-01-07 18:59:29 +01:00
DL6ER
d07eafc964 Review comments 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2019-01-07 18:56:56 +01:00
DL6ER
3305982c32 Merge branch 'devel' into new/network-details 2018-12-29 20:21:32 +01:00
DL6ER
78b4397a66 Update FontAwesome from version 4.5.0 to 5.6.3 to have a network icon for the new network details page. Added a navigation bar item for the new page. 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2018-12-28 19:43:27 +01:00
Dan Schaper
798486b7a3 Merge pull request #879 from pi-hole/hotfix/v4.1.1 
Merge hotfix v4.1.1 into dev
 2018-12-21 09:07:21 -08:00
Dan Schaper
0cf5585d2b Merge pull request #878 from pi-hole/fix/CF_ECS 
Cloudflare does not support ECS
 2018-12-19 09:41:14 -08:00
Dan Schaper
a0961f9e21 Cloudflare does not support ECS 
>EDNS Client Subnet
1.1.1.1 is a privacy centric resolver so it does not send any client IP information and does not send the EDNS Client Subnet Header to authoritative servers.

https://developers.cloudflare.com/1.1.1.1/nitty-gritty-details/
 2018-12-18 18:16:58 -08:00
Mcat12
c382bb67e6 Keep a trailing newline in the regex list when deleting an item 
Fixes #874

Signed-off-by: Mcat12 <newtoncat12@yahoo.com>
 2018-12-15 20:50:36 -05:00
Mark Drobnak
193e43c186 Merge pull request #865 from pi-hole/fix/script-outside-html 
Move script tags inside html tag body
 2018-12-10 16:48:00 -05:00
Mark Drobnak
9fa4cc62cb Merge pull request #872 from pi-hole/release/v4.1 
Update development with final v4.1 changes
 2018-12-09 22:14:30 -05:00
Mark Drobnak
e8b0e97d31 Merge branch 'release/v4.1' into fix/duplicated_list_entries 2018-12-06 23:13:03 -05:00
Mark Drobnak
064e652344 Merge branch 'release/v4.1' into fix/admin-email-security 2018-12-06 12:18:39 -05:00
Mark Drobnak
1850f7e108 Merge branch 'release/v4.1' into fix/privacy_maximum_no_regex 2018-12-05 23:12:48 -05:00
DL6ER
99b0535f8e Remove empty line at beginning of output of add.php 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2018-11-29 18:41:30 +01:00
DL6ER
21ab29dedc Use shell_exec() instead of exec() to obtain the full script output (and not only the last line!) 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2018-11-29 18:39:23 +01:00
DL6ER
1709631949 Don't use --quiet flag for adding hosts to white- and blacklist 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2018-11-29 18:02:44 +01:00
DL6ER
18f9ed4532 Update savesettings.php 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2018-11-26 19:12:08 +01:00
Mark Drobnak
9d4e545593 Use simpler check for dash in is_valid_domain_name 
Signed-off-by: Mark Drobnak <mark.drobnak@gmail.com>
 2018-11-24 11:21:54 -05:00
Mcat12
e7f4ef8a09 Prevent domains sent to queryAds acting as command line options 
Signed-off-by: Mcat12 <newtoncat12@yahoo.com>
 2018-11-23 14:43:08 -05:00
Mcat12
13c29336b2 Prevent possible attacks via admin email setting 
The admin email is now treated as a single string (surrounded by single
quotes), and it is not allowed to contain its own single quotes.

Signed-off-by: Mcat12 <newtoncat12@yahoo.com>
 2018-11-23 14:35:43 -05:00
Mcat12
79c7c893ac Move footer script back to footer 
Signed-off-by: Mcat12 <newtoncat12@yahoo.com>
 2018-11-10 13:55:37 -05:00
Mcat12
500b3b774c Move dependency scripts to header 
Signed-off-by: Mcat12 <newtoncat12@yahoo.com>
 2018-11-10 13:54:33 -05:00
DL6ER
ba11c7b394 Disply that the privacy level wasn't changed when this is the case. 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2018-11-10 08:40:05 +01:00
DL6ER
8c08ec2a10 Automatically restart DNS resolver when privacy level is lowered 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2018-11-10 08:38:55 +01:00
Mark Drobnak
f612e51f15 Merge pull request #852 from bitcynth/patch-1 
Error handling in savesettings.php
 2018-11-07 18:03:38 -05:00
Cynthia
34bbb9a70e Error handling in savesettings.php 
This is to address https://github.com/pi-hole/pi-hole/issues/2444

Signed-off-by: Cynthia Revstrom <me@cynthia.re>
 2018-10-03 02:28:27 +02:00
Mark Drobnak
02cc5fad15 Write newline after wildcard 
This makes the web interface add wildcards in the same way as the CLI.

Signed-off-by: Mark Drobnak <mark.drobnak@gmail.com>
 2018-09-01 19:34:25 -04:00
Mark Drobnak
4a63500d10 Merge pull request #834 from MikeSouza/new/list-api 
Add API support for list actions
 2018-09-01 19:29:01 -04:00
DL6ER
6441a675c5 Add Quad9 secondary IPv6 IP addresses. This was a feature request on Discourse. 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2018-08-31 12:48:25 +02:00
DL6ER
9a950147c4 Add explanation what ECS is as we shouldn't use acronyms without explaining them. Further, this information may be useful for less tech-savvy users. 
Add that (at least) Google, OpenDNS, and Cloudflare use ECS (according to http://www.afasterinternet.com/participants.htm). I found no reference for the other providers in the table.

Signed-off-by: DL6ER <dl6er@dl6er.de>
 2018-08-30 17:56:11 +02:00
DL6ER
a2ade60cea Add more detailed selections for the services offered by Quad9 and improve responsive design 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2018-08-30 17:35:47 +02:00
Mike Souza
203d41103a Add API support for list actions 
Signed-off-by: Mike Souza <contact@michael-souza.com>
 2018-08-26 11:56:44 -04:00
DL6ER
d67f8c66ee Wrong token is either when users try to do it via an old session or through a script. Hence, the message should tell the user to re-login 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2018-08-24 19:09:24 +02:00
DL6ER
7a9fcc1676 The "Wrong Token." message is shown whenever the token is wrong or not available. This commit adds more details into this message to help user's in their own troubleshooting. 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2018-08-24 19:00:42 +02:00
Mcat12
78ae865d62 Add support for privacy level 4 (no stats) 
Signed-off-by: Mcat12 <newtoncat12@yahoo.com>
 2018-08-20 17:33:29 -04:00
DL6ER
78d262d7b0 Offer possibility to import auditlog.list from teleporter archive 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2018-08-10 18:25:12 +02:00
DL6ER
82f4d718aa Merge pull request #812 from pi-hole/fix/settings_page_adlists_show_everything 
Don't require adlists to start in "http"
 2018-08-08 21:32:18 +02:00
DL6ER
2df4a0d052 Improve logic 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2018-08-08 21:17:10 +02:00
DL6ER
8b1313b864 Don't require adlists to start in "http". This also displays lists that start in e.g., "ftp://" or "file://" or without a protocol. 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2018-08-08 12:06:59 +02:00