|
|
6b6efc2fc6
|
Logs are stored outside chroot - don't check existence and let nginx handle it
|
2019-01-01 13:54:36 +01:00 |
|
|
|
55bc8cd757
|
Introduce mysqld socket stream forwarding with nginx for chroot jails
|
2019-01-01 13:47:30 +01:00 |
|
|
|
0f38bd2449
|
Improved privilege separation
|
2019-01-01 02:24:22 +01:00 |
|
|
|
a5b0de4b07
|
Added setup_chroot.sh script
|
2018-12-27 22:32:37 +01:00 |
|
|
|
08cc492b86
|
New imap.enable_insecure_rsh php.ini option protects against imap_open exploit
http://php.net/manual/en/imap.configuration.php
|
2018-12-08 11:01:06 +01:00 |
|
|
|
756e16b533
|
Fixed potential race condition pointed out in issue #31
|
2018-12-06 16:54:35 +01:00 |
|
|
|
5cd13e9269
|
Introduced selection between v2, v3 and custom hidden service
|
2018-12-06 16:24:35 +01:00 |
|
|
|
305c8bc0c3
|
Fix mariadb 10.3 compatibility by adding default values
|
2018-12-05 22:19:46 +01:00 |
|
|
|
fd95a4e2e3
|
v3 hidden service export to disk + hostname file is auto generated by tor
|
2018-12-04 21:48:45 +01:00 |
|
|
|
c9cddc9f86
|
Username should be a prepared variable
|
2018-12-04 21:27:35 +01:00 |
|
|
|
0fc4412404
|
Revert " Disabling emulated parameters"
|
2018-12-04 21:10:36 +01:00 |
|
|
|
ba71455ca5
|
Introduce DEFAULT_PHP_VERSION
|
2018-12-04 20:48:08 +01:00 |
|
|
|
4e163a7e2d
|
Fixed syntax error
|
2018-12-04 15:26:24 +01:00 |
|
|
|
363d1b31ad
|
Debian sid dropped php7.2 support - move to 7.3 only
|
2018-12-02 21:17:11 +01:00 |
|
|
|
2149bc9fd8
|
update paragonie/sodium_compat dependency
|
2018-12-02 10:45:51 +01:00 |
|
|
|
cf8a6cde80
|
emulated params
|
2018-11-28 14:30:36 +00:00 |
|
|
|
1fc180752f
|
emulated params
|
2018-11-28 14:30:22 +00:00 |
|
|
|
4475e3b277
|
emulated params
|
2018-11-28 14:30:05 +00:00 |
|
|
|
6ffd291f12
|
emulated params
|
2018-11-28 14:29:46 +00:00 |
|
|
|
79774b5a1d
|
emualted params
|
2018-11-28 14:29:27 +00:00 |
|
|
|
b46d0c7ab0
|
emulated params
|
2018-11-28 14:29:13 +00:00 |
|
|
|
01af3c367d
|
emulated params
|
2018-11-28 14:28:49 +00:00 |
|
|
|
7ab640ea4b
|
emulated params
|
2018-11-28 14:28:36 +00:00 |
|
|
|
5753ca2cee
|
Disabling emulated parameters
Emulated parameters can be vulnerable to SQL injection.
Take also a look here: https://stackoverflow.com/questions/134099/are-pdo-prepared-statements-sufficient-to-prevent-sql-injection
|
2018-11-28 14:26:55 +00:00 |
|
|
|
36fc7103cb
|
Add hidden service v3 keygen and parser for base64 encoded secret keys
|
2018-11-25 14:36:28 +01:00 |
|
|
|
f0afbe14c9
|
Add sodium_compat composer dependency for v3 hidden_services
|
2018-11-24 14:56:24 +01:00 |
|
|
|
9de11a9722
|
Dropped PHP7.1 support and install composer
|
2018-11-24 10:38:59 +01:00 |
|
|
|
41b33f2c51
|
Drop PHP7.0 support
|
2018-11-18 20:50:35 +01:00 |
|
|
|
db626a54a4
|
disable imap_open because of https://github.com/Bo0oM/PHP_imap_open_exploit
|
2018-11-17 10:15:15 +01:00 |
|
|
|
bb21f9f10b
|
Reload disabled php versions since accounts can still be deleted
|
2018-10-28 09:31:00 +01:00 |
|
|
|
b69293ab6d
|
Dynamic supported versions on frontpage
|
2018-10-28 09:01:31 +01:00 |
|
|
|
58b5efb96c
|
Added suspend hidden service feature + disabled php7.0 for new accounts
|
2018-10-28 08:48:30 +01:00 |
|
|
|
1884f4b08b
|
php is .ini not .conf
|
2018-10-26 19:14:29 +02:00 |
|
|
|
9985ba4864
|
Add PHP7.3 support and let setup.php write initial config files
|
2018-10-24 19:59:02 +02:00 |
|
|
|
d5d7078776
|
Allow editing hidden service options
|
2018-10-22 21:45:08 +02:00 |
|
|
|
cfb19915b5
|
Optimized find query to only search within each users tmp directory
|
2018-10-20 21:08:44 +02:00 |
|
|
|
d9e496930d
|
Add HiddenServiceMaxStreams option and service_instances table
|
2018-10-20 20:44:10 +02:00 |
|
|
|
2cee59dc6f
|
Structure changes for future features
|
2018-10-20 18:20:27 +02:00 |
|
|
|
96efd92ab1
|
bump dbversion
|
2018-10-17 21:51:20 +02:00 |
|
|
|
1f2ff2176b
|
Save DB information in separate table
|
2018-10-17 21:50:20 +02:00 |
|
|
|
6eb068222c
|
Refactor DB foreign keys to auto_incrementing id instead of onion
Allows moving domains into separate table at a later stage
|
2018-10-16 21:09:16 +02:00 |
|
|
|
81c2364b7b
|
Better load distribution on multiple relays
|
2018-09-23 20:09:04 +02:00 |
|
|
|
acc8782043
|
Add privacy policy checkbox (required by GDPR)
|
2018-09-10 19:30:12 +02:00 |
|
|
|
1d157473e6
|
Move account folder creation into cron.php
|
2018-07-14 10:41:44 +02:00 |
|
|
|
dda49153b3
|
Buffer access log writes to reduce IO
|
2018-05-13 09:04:12 +02:00 |
|
|
|
300cd647df
|
Increase limits and add putenv to disabled functions (vulerability)
Potential security vulnerability:
<?php
putenv("LD_PRELOAD=/home/site.onion/libtest.so");
mail("test@localhost","hacked","you");
|
2018-04-22 09:11:43 +02:00 |
|
|
|
e6ac79457f
|
We have proper firewalling, fsockopen no longer needs to be disabled
|
2018-03-11 20:26:19 +01:00 |
|
|
|
7bd2e79f06
|
Separate nginx sockets for each site to make hoster identification harder
|
2018-03-08 20:57:42 +01:00 |
|
|
|
9eb5c2ae3c
|
Show error message on login when account has not yet been created
|
2018-03-03 19:22:57 +01:00 |
|
|
|
47b9b6e3a6
|
Fixed db query
|
2018-02-26 16:37:35 +01:00 |
|
