Commit Graph

58 Commits

Author SHA1 Message Date
Alexey Sokolov
a4a5aeeb17 Don't let web skin name ../../../../ access files outside of usual skins directories.
Thanks for Jeriko One <jeriko.one@gmx.us> for finding and reporting this.
2018-07-14 07:09:26 +01:00
Falk Seidel
d647eaabc0 Welcome to 2018
The same procedure as last year, Miss Sophie?
The same procedure as every year, James.

[skip ci]
2018-01-19 19:38:58 +00:00
Phansa
3189ce7f8a Welcome to 2017
Welcome to 2017

temp

temp2
2017-03-12 20:34:26 -04:00
Alexey Sokolov
a1e1591ba5 Add another layer of indirection for translation
To make supporting old modules easier

Ref #1354
2016-12-25 20:31:17 +00:00
lol768
f387dc56c0 More relevant comments for CSRF behaviour 2016-10-05 09:29:40 +01:00
Latchezar Tzvetkoff
a9a7f17910 Allow modules to override CSRF protection.
Useful for Web APIs and all other kinds of things.

API changes:
	- Added public CHTTPSock::GetURI() method
	- Added public CModule::ValidateWebRequestCSRFCheck() method
	- Made CWebSock::GetCSRFCheck() method public so it can be accessed
	  from CModule
	- Added public CWebSock::ValidateCSRFCheck() method

Other changes:
	- Added a Sample Web API module (modules/samplewebapi.cpp) and a
	  simple web form with no CSRF check.

Implements feature request #1180.
2016-10-05 09:29:40 +01:00
Alexey Sokolov
8893b90e3a Modules web subpages should have translateable titles 2016-02-24 21:31:38 +00:00
Alexey Sokolov
8eeeaf71a0 Add framework for translating ZNC to different languages 2016-01-31 20:09:19 +00:00
Ondřej Nový
6881ca5b8f Fixed few misspellings 2016-01-05 20:45:08 +01:00
Falk Seidel
8f73840e74 Welcome to 2016
🎆  Happy 2016 🎆
2016-01-01 20:11:21 +01:00
Alexey Sokolov
16a8c77737 Replace virtual with override where possible.
Using clang-tidy
2015-12-08 20:51:50 +00:00
Alexey Sokolov
d185d6f22d clang-format: switch tabs to spaces
I like tabs, but I have to admit that spaces make source code more
consistent, because every editor/viewer tends to render tabs differently :(
2015-12-07 00:53:30 +00:00
Alexey Sokolov
3861b6a583 Fix several comments broken by clang-format 2015-12-07 00:53:01 +00:00
Alexey Sokolov
33b0627d75 Add clang-format configuration.
For now, it uses tabs like before, to make the diff easier to read/check.
One of following commits will switch it to spaces.
2015-12-07 00:53:01 +00:00
J-P Nurmi
2417ca68a8 Prefer Contains() over find() != npos 2015-08-14 13:55:11 +02:00
J-P Nurmi
21ed56f46a Prefer EndsWith(s) over Right(n) == s 2015-08-14 13:52:12 +02:00
J-P Nurmi
4995e7517e Prefer StartsWith(s) over Left(n) == s 2015-08-14 13:51:44 +02:00
Gustavo Zacarias
9a51195e91 Add <time.h> includes where appropiate
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
2015-08-06 11:20:54 -03:00
Alexey Sokolov
144f7984e4 Don't require CSRF token for POSTs if the request uses HTTP Basic auth.
See #946
2015-04-16 20:57:29 +01:00
Alexey Sokolov
7719213ea6 Merge branch '1.6.x' 2015-04-16 20:32:58 +01:00
Alexey Sokolov
7c64eba693 Last commit broke async auth, e.g. via imapauth. Fix it.
See #946
2015-04-16 20:31:31 +01:00
Alexey Sokolov
0b205db494 Merge branch '1.6.x' 2015-04-16 01:24:43 +01:00
Alexey Sokolov
0167a827a7 Fix compilation warning 2015-04-16 01:23:57 +01:00
Alexey Sokolov
d884ff76c0 Merge branch '1.6.x' 2015-04-06 22:42:25 +01:00
Alexey Sokolov
21834d3aba Improve breadcrumbs in webadmin.
Fix #227
2015-04-06 22:40:55 +01:00
J-P Nurmi
5aa8b0dcef Fix copy ctor/assignment oper warnings of -Weffc++ (#270) 2015-03-07 21:54:33 +01:00
J-P Nurmi
6a6bb648d1 Use member initialization lists [-Weffc++] (#270) 2015-02-28 21:59:01 +01:00
Alexey Sokolov
0794e602a7 Merge pull request #889 from jpnurmi/c++11
Replace some C++98isms with C++11isms (#816)
2015-02-25 22:00:06 -08:00
J-P Nurmi
ef9939e1ec Add override (#816)
Changes applied by 'clang-modernize -add-override [...]'
2015-02-25 09:24:00 +01:00
J-P Nurmi
70c0ffb10b Use nullptr (#816)
Changes applied by 'clang-modernize -use-nullptr [...]'
2015-02-25 09:20:20 +01:00
J-P Nurmi
21a04c3b98 CWebModules: C++11 range-based for loops 2015-02-25 07:58:37 +01:00
Falk Seidel
2e29d49a53 Welcome to 2015 2014-12-31 11:28:38 +01:00
Alexey Sokolov
a0ec20b110 Fix HTTP basic auth.
It looks like it was broken since we implemented cookies...
2014-12-30 21:35:39 +00:00
Uli Schlachter
7704bc49d7 client auth: Switch from CSmartPtr to std::shared_ptr
Signed-off-by: Uli Schlachter <psychon@znc.in>
2014-09-12 15:12:46 +02:00
Uli Schlachter
3953185b04 WebModules: Switch from CSmartPtr to std::shared_ptr
Signed-off-by: Uli Schlachter <psychon@znc.in>
2014-09-12 14:55:42 +02:00
Uli Schlachter
67d22c8e42 CTemplate: Switch from CSmartPtr to std::shared_ptr
Signed-off-by: Uli Schlachter <psychon@znc.in>
2014-09-12 14:47:47 +02:00
Alexey Sokolov
66ea539165 Show username of every http request in -D output 2014-04-20 15:20:39 +01:00
uu1101
4376b373d8 Prepend URIPrefix to web interface links
Prefix links in templates with URIPrefix and add the input field to the
Listener editor.

The URIPrefix is provided as a top-level template variable. All URIs
have been changed to have the prefix prepended.
2014-02-16 12:45:10 +01:00
uu1101
88c85b0396 Add URIPrefix listener option 2014-02-16 12:45:09 +01:00
Alexey Sokolov
e0fd211053 Merge pull request #441 from psychon/websocks-expire-oldest
WebModules: Discard sessions in LRU order
2014-01-16 15:21:27 -08:00
Falk Seidel
f19b4caa43 Welcome to 2014 - year 10 with ZNC 2013-12-31 10:10:55 +01:00
Uli Schlachter
414fa40eb5 WebModules: Discard sessions in LRU order
Currently, znc has a limit of 5 web sessions per IP address. This limit exists
to defend against some obvious DoS attacks. When this limit is hit, some session
is discarded.

Previously, we would discard the session that std::multimap::find() would give
us. The multimap used mapped from IP addresses to sessions. Thus, we would
discard the oldest session.

This commit changes this into some least-recently-used logic. Whenever a session
is used, we record the timestamp of this. Then when a session has to be picked
for discarding, the one with the oldest timestamp is used.

Signed-off-by: Uli Schlachter <psychon@znc.in>
2013-12-07 20:56:27 +01:00
Alexey Sokolov
3e56f093f2 X-Forwarded-For: verify the whole chain, from the end 2013-11-14 22:37:36 +04:00
Alexey Sokolov
ccbc469168 Merge commit 'refs/pull/349/head' of github.com:znc/znc 2013-11-14 08:27:50 +04:00
Lunatrius
4368c189f7 Fixed double forward slashes and incorrect active module highlighting. 2013-07-01 17:30:32 +02:00
Alexey Sokolov
b2dcad5fd4 Change ZNC license to Apache 2.0
The following people agreed with the change, in alphabetical order:
(people who approved in several ways are listed only once)
By email:
- Adam (from Anope)
- Austin Morton
- Brian Campbell
- Christian Walde
- Daniel Holbert
- Daniel Wallace
- Falk Seidel
- Heiko Hund
- Ingmar Runge
- Jim Hull
- Kyle Fuller
- Lee Aylward
- Martin Martimeo
- Matt Harper
- Michael J Edgar
- Michael Ziegler
- Nick Bebout
- Paul Driver
- Perry Nguyen
- Philippe (cycomate)
- Reuben Morais
- Roland Hieber
- Sebastian Ramacher
- Stefan Rado
- Stéphan Kochen
- Thomas Ward
- Toon Schoenmakers
- Veit Wahlich
- Wulf C. Krueger

By IRC:
- CNU
- Jonas Gorski
- Joshua M. Clulow
- Prozac/SHiZNO
- SilverLeo
- Uli Schlachter

At https://github.com/znc/znc/issues/311 :
- Alexey Sokolov
- Elizabeth Myers
- flakes
- Jens-Andre Koch
- Jyzee
- KindOne/ineedalifetoday
- Lee Williams
- Mantas Mikulėnas
- md-5
- Reed Loden

At the last few pull requests' comments:
- Allan Odgaard
- Jacob Baines
- Lluís Batlle i Rossell
- ravomavain
- protomouse

The following commits' authors didn't respond:
Trivial changes:
- f70f1086fd
- 4ca8b50e45

The changes which are not presented in master anymore:
- 5512ed2ea0
- 960a4498f7
- 0f739de2c0
- 7f53cc810b

Fix #311
Fix #218
2013-06-14 00:43:34 +04:00
Siyo
3d5ba6af3e Whitelisted X-Forwarded-For header support 2013-05-10 14:19:58 +02:00
Un1matr1x
3a34593359 The same procedure as last year, Miss sophie?
Same procedure as every year, James.
2012-12-31 12:44:31 +01:00
Alexey Sokolov
62c9ac1a0b using in headers is evil :( 2012-07-26 20:46:11 +07:00
Alexey Sokolov
3e458a98e4 Merge some work by Jens-Andre Koch
Only his changes to the core are presented here.
Unfortunately, the skin itself looks ugly on Opera,
and simply doesn't work on Firefox...

Merge branch 'master' into znc-ation

Conflicts:
	modules/data/lastseen/tmpl/lastseen_WebadminUser.tmpl
	modules/data/webadmin/tmpl/settings.tmpl
2012-04-10 23:19:15 +07:00