Mirrors/ICEcoder
2
0
Fork 0
mirror of https://github.com/icecoder/ICEcoder.git synced 2026-03-03 07:13:59 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,444 Commits 1 Branch 74 Tags
47af30e0b68acbf25b01f3fe707cfe2d0b441cf8
Commit Graph

947 Commits

Author SHA1 Message Date
Matt Pass
47af30e0b6 Include common settings and xssClean output 
inlcude_once the settings-common.php file so we have the xssClean
function
Set $req to the xssClean'd value or blank
Also xssClean other strings that are output
 2014-05-20 07:25:15 +01:00
Matt Pass
277dc67243 printCode function added 
Prints current tab, though code flows off the page horizontally, needs
tweak to something.
 2014-05-16 09:18:14 +01:00
Matt Pass
0e48b8d5a3 Only show this button text if enabled reg 2014-05-16 08:21:06 +01:00
RelaxedArcher
6a50c1ce2b Fixed an issue that caused registration to be always available while in multi-user mode 2014-05-10 02:30:22 +03:00
Matt Pass
55def4402a Version 4.0 2014-05-03 15:01:19 +01:00
Matt Pass
8133adeab8 !isset($_REQUEST["csrf"]) is extra fail cond 2014-05-03 14:19:24 +01:00
Matt Pass
a470daf9f5 No need for other chars to be replaced 
Impossible to output an XSS without < or > alone
 2014-05-03 14:13:48 +01:00
Matt Pass
1a85a1ddc3 Display a more helpful & useful error message 2014-05-03 14:09:09 +01:00
Matt Pass
ab8ad37467 strClean $_GET value first 2014-05-03 12:08:30 +01:00
Matt Pass
b811cfe92f strClean $_GET['plugin'] and use that 2014-04-28 08:00:22 +01:00
Matt Pass
fa40d9dad7 Also attempt to get over https, then http 
Supresses warnings on https attempt with @
 2014-04-26 16:55:55 +01:00
Matt Pass
d5e6fb041f Reverting to use http: instead of https: for now 
file_get_contents won't get https: data for now
Need to look at resolving this
 2014-04-26 16:14:27 +01:00
Matt Pass
f00686c679 If we have GET QS params, add &crsf=xyz to end 2014-04-26 16:12:55 +01:00
Matt Pass
45fef223ce Removed list of people, now on website 2014-04-26 14:59:53 +01:00
Matt Pass
89c811d140 Darker side text, blue links 2014-04-26 14:59:18 +01:00
Matt Pass
17ec5f517c Turn SSL verify peer off 
https over CURL Won't work locally otherwise
 2014-04-26 13:19:33 +01:00
Matt Pass
56511b66bb fileNavH not as tall anymore 2014-04-26 12:40:11 +01:00
Matt Pass
75885aecf5 strClean now replaces javascript: 
htmlentities doesn't cover : and str_replace on : is too vague
regex is case insensitive
 2014-04-26 12:25:12 +01:00
Matt Pass
fa48d0d2f0 Strip ../ so we don't have dir traversal vuln 2014-04-26 12:24:01 +01:00
Matt Pass
ec44407e25 xssClean the displayed file/folder name 
Using html filter
 2014-04-26 12:23:29 +01:00
Matt Pass
394067ff07 Need <b> and <br> after cleaning and https used 2014-04-26 12:23:04 +01:00
Matt Pass
ed800a01ce https: used 2014-04-26 12:22:31 +01:00
Matt Pass
9a2881cd7b Remove comma 2014-04-24 12:10:17 +01:00
Matt Pass
6e7612d3ec Inform user they can't delete the root 
Stops the root accidentally being deleted
 2014-04-23 08:22:44 +01:00
Matt Pass
0413ec4414 xssClean using 'html' filter 2014-04-23 07:43:17 +01:00
Matt Pass
c88d4f46e3 Rewrite of xssClean function to be neater 2014-04-23 07:41:30 +01:00
Matt Pass
1306853e1e Cannot use $_REQUEST, should be $_GET || $_POST 
$_REQUEST appears to contain other system info, need to check on the
existence of $_GET or $_POST data
 2014-04-23 07:23:02 +01:00
Matt Pass
078068e252 Don't allow directory traversal 2014-04-23 07:12:13 +01:00
Matt Pass
69d8ddce77 Need to target on top.ICEcoder.xssClean 2014-04-22 09:25:18 +01:00
Matt Pass
3926d4468c xssClean function added & used by serverMessage 
Replaces 5 x based HTML chars
 2014-04-22 08:55:09 +01:00
Matt Pass
d6a7db8f3e xssClean function added 
Had 4 different contexts, the first 2 alter parts of strings, the last 2
remove those parts
 2014-04-22 08:05:40 +01:00
Matt Pass
d6fcf5a121 Need CSRF on URL called on logout 2014-04-21 08:32:22 +01:00
Matt Pass
328a8a9808 Adjustment to value, should just be nosniff 2014-04-21 08:15:34 +01:00
Matt Pass
0daf6c3081 Redo security headers 2014-04-21 07:57:41 +01:00
Matt Pass
1d5c74e424 Add CSRF and clickjacking protection 
This header file included in all PHP files as first item.
CSRF checks happen on GET or POST instances
Security related headers also added to prevent clickjacking
 2014-04-18 18:21:17 +01:00
Matt Pass
c6bb782118 Add csrf to end of all querystrings 2014-04-18 18:19:58 +01:00
Matt Pass
b45817ec65 headers.php included and csrf POST added 2014-04-18 18:10:50 +01:00
Matt Pass
a15dfda92c headers.php included and csrf POST and GET added 2014-04-18 18:07:49 +01:00
Matt Pass
6030e9a4ca This is now set, in headers.php 2014-04-18 17:59:27 +01:00
Matt Pass
a3c0243772 Include headers lib & csrf hidden form field 
To help protect against CSRF and clickjacking
Also include hidden form field containing this for postback
top.ICEcoder.csrf also set
 2014-04-18 17:57:54 +01:00
Matt Pass
3d89af7e17 Add trailing slash to path 
Otherwise, will ignore files such as lib/plugins-display.php etc
 2014-04-18 12:44:36 +01:00
Matt Pass
03655c4c4b Find config- files and update those 
No longer using 3 hardcoded examples in array, but scanning the old dir
and updating files beginning 'config-'. That covers the .php and old
files also.
 2014-04-18 12:21:49 +01:00
Matt Pass
acfcb6bf9d $context added & sub function to transpose 
$context added as global so we don't get undefined
transposeSettings function added as sub function we can all with params
copyOverSettings is now a function which calls that sub function 3
times.
 2014-04-18 11:39:14 +01:00
Matt Pass
57593d730f Now copying over users template & settings 
Coping over system settings now won't set line if $thisKey is blank
2 more functions added to copy over users template and users settings
files. These are largely the same as copying over settings, so will make
a sub function and call will params as a next step.
 2014-04-18 10:17:48 +01:00
Matt Pass
a141a4bdf5 Remove line breaks and extra tabs 
Makes it easier to update in the updater process
 2014-04-18 10:11:10 +01:00
Matt Pass
33e751027d Get rid of line breaks, puts settings onto 1 line 
Makes it easier to update in the updater process
 2014-04-18 10:10:05 +01:00
Matt Pass
e65d2b0805 Copying over settings now completed 
Gets old and new settings info, counts through each line of new settings
and if we have a match on the old settings, copy that over if it's not
versionNo or codeMirrorDir.
Saves settings once the $content is established
 2014-04-18 08:35:21 +01:00
Matt Pass
9d7f7f8e93 Start copying settings over 
$updateDone = true moved to end of new function, copyOverSettings
Extra echo line in openNewZip and then calls this function
Get settings from old config___settings.php file
For now, for each one, get $key and $value
Need to save these info new config___settings.php file
 2014-04-16 08:48:24 +01:00
Matt Pass
91f14785b7 Don't move plugins dir 2014-04-16 08:10:45 +01:00
Matt Pass
1267a3c895 String replace on beta in filename and fopen alt 
Establish $remoteFile which replaces ' beta' with '-beta'
Add fopen method also as not everyone has cURL
Display die message if both of those fail
 2014-04-16 07:44:29 +01:00