hosting

Author	SHA1	Message	Date
Noah van der Aa	769a05b682	Added CSRF protection to file manager.	2019-01-23 17:48:54 +01:00
Daniel Winzen	e537e06118	Enable exec() related functions since we now have resource control in place	2019-01-22 21:15:32 +01:00
Noah van der Aa	7f7b228df6	Fixed a small typo "Here a list of 588 public hosted sites (172 sites hidden):" -> "Here is a list of 588 public hosted sites (172 sites hidden):"	2019-01-18 18:54:46 +01:00
Daniel Winzen	5eab397200	Randomise DB (user)names to reduce attack surface + allow multiple DBs per user	2019-01-07 22:26:33 +01:00
Daniel Winzen	c46a2584fa	Add shell access and scp support	2019-01-06 18:20:02 +01:00
NoahvdAa	c306ea2518	Check-All checkmark fix Check-All checkmark now only appears when javascript is enabled.	2019-01-04 14:19:04 +01:00
NoahvdAa	cdd2b5b9be	Added the "select all" option to the file manager. #13	2019-01-04 14:16:51 +01:00
NoahvdAa	ae2aa16f76	Fixed a typo	2019-01-04 09:57:00 +01:00
Daniel Winzen	e536a5c544	Minor nginx config fix	2019-01-01 20:43:21 +01:00
Daniel Winzen	cff617379d	tmp is created by setup_chroot script already	2019-01-01 14:34:06 +01:00
Daniel Winzen	6b6efc2fc6	Logs are stored outside chroot - don't check existence and let nginx handle it	2019-01-01 13:54:36 +01:00
Daniel Winzen	55bc8cd757	Introduce mysqld socket stream forwarding with nginx for chroot jails	2019-01-01 13:47:30 +01:00
Daniel Winzen	0f38bd2449	Improved privilege separation	2019-01-01 02:24:22 +01:00
Daniel Winzen	a5b0de4b07	Added setup_chroot.sh script	2018-12-27 22:32:37 +01:00
Daniel Winzen	08cc492b86	New imap.enable_insecure_rsh php.ini option protects against imap_open exploit http://php.net/manual/en/imap.configuration.php	2018-12-08 11:01:06 +01:00
Daniel Winzen	756e16b533	Fixed potential race condition pointed out in issue #31	2018-12-06 16:54:35 +01:00
Daniel Winzen	5cd13e9269	Introduced selection between v2, v3 and custom hidden service	2018-12-06 16:24:35 +01:00
Daniel Winzen	305c8bc0c3	Fix mariadb 10.3 compatibility by adding default values	2018-12-05 22:19:46 +01:00
Daniel Winzen	fd95a4e2e3	v3 hidden service export to disk + hostname file is auto generated by tor	2018-12-04 21:48:45 +01:00
Daniel Winzen	c9cddc9f86	Username should be a prepared variable	2018-12-04 21:27:35 +01:00
Daniel Winzen	0fc4412404	Revert " Disabling emulated parameters"	2018-12-04 21:10:36 +01:00
Daniel Winzen	ba71455ca5	Introduce DEFAULT_PHP_VERSION	2018-12-04 20:48:08 +01:00
Daniel Winzen	4e163a7e2d	Fixed syntax error	2018-12-04 15:26:24 +01:00
Daniel Winzen	363d1b31ad	Debian sid dropped php7.2 support - move to 7.3 only	2018-12-02 21:17:11 +01:00
Daniel Winzen	2149bc9fd8	update paragonie/sodium_compat dependency	2018-12-02 10:45:51 +01:00
teikakki	cf8a6cde80	emulated params	2018-11-28 14:30:36 +00:00
teikakki	1fc180752f	emulated params	2018-11-28 14:30:22 +00:00
teikakki	4475e3b277	emulated params	2018-11-28 14:30:05 +00:00
teikakki	6ffd291f12	emulated params	2018-11-28 14:29:46 +00:00
teikakki	79774b5a1d	emualted params	2018-11-28 14:29:27 +00:00
teikakki	b46d0c7ab0	emulated params	2018-11-28 14:29:13 +00:00
teikakki	01af3c367d	emulated params	2018-11-28 14:28:49 +00:00
teikakki	7ab640ea4b	emulated params	2018-11-28 14:28:36 +00:00
teikakki	5753ca2cee	Disabling emulated parameters Emulated parameters can be vulnerable to SQL injection. Take also a look here: https://stackoverflow.com/questions/134099/are-pdo-prepared-statements-sufficient-to-prevent-sql-injection	2018-11-28 14:26:55 +00:00
Daniel Winzen	36fc7103cb	Add hidden service v3 keygen and parser for base64 encoded secret keys	2018-11-25 14:36:28 +01:00
Daniel Winzen	f0afbe14c9	Add sodium_compat composer dependency for v3 hidden_services	2018-11-24 14:56:24 +01:00
Daniel Winzen	9de11a9722	Dropped PHP7.1 support and install composer	2018-11-24 10:38:59 +01:00
Daniel Winzen	41b33f2c51	Drop PHP7.0 support	2018-11-18 20:50:35 +01:00
Daniel Winzen	db626a54a4	disable imap_open because of https://github.com/Bo0oM/PHP_imap_open_exploit	2018-11-17 10:15:15 +01:00
Daniel Winzen	bb21f9f10b	Reload disabled php versions since accounts can still be deleted	2018-10-28 09:31:00 +01:00
Daniel Winzen	b69293ab6d	Dynamic supported versions on frontpage	2018-10-28 09:01:31 +01:00
Daniel Winzen	58b5efb96c	Added suspend hidden service feature + disabled php7.0 for new accounts	2018-10-28 08:48:30 +01:00
Daniel Winzen	1884f4b08b	php is .ini not .conf	2018-10-26 19:14:29 +02:00
Daniel Winzen	9985ba4864	Add PHP7.3 support and let setup.php write initial config files	2018-10-24 19:59:02 +02:00
Daniel Winzen	d5d7078776	Allow editing hidden service options	2018-10-22 21:45:08 +02:00
Daniel Winzen	cfb19915b5	Optimized find query to only search within each users tmp directory	2018-10-20 21:08:44 +02:00
Daniel Winzen	d9e496930d	Add HiddenServiceMaxStreams option and service_instances table	2018-10-20 20:44:10 +02:00
Daniel Winzen	2cee59dc6f	Structure changes for future features	2018-10-20 18:20:27 +02:00
Daniel Winzen	96efd92ab1	bump dbversion	2018-10-17 21:51:20 +02:00
Daniel Winzen	1f2ff2176b	Save DB information in separate table	2018-10-17 21:50:20 +02:00

1 2

89 Commits