github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-07-05 20:41:53 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions
6769 commits 2 branches 41 tags 24 MiB
Commit graph

35 commits

Author SHA1 Message Date
myvesta
e65af22a54
hash_equals() in /reset/mail/ 
Thanks to @divinity76
 2022-07-12 18:10:31 +02:00
myvesta
547d5f0c5b
Preventing brute-force reseting password 2022-04-25 21:13:46 +02:00
myvesta
1e577e3000
Merge pull request #54 from serghey-rodin/master 
Adding port to reset password link
 2020-03-29 18:44:47 +02:00
dpeca
58807feb80
Adding port to reset password link 2020-03-29 18:13:22 +02:00
myvesta
9256193b0e
Merge pull request #52 from serghey-rodin/master 
Preventing manipulation with $_SERVER['HTTP_HOST']
 2020-03-23 17:38:43 +01:00
dpeca
c3c4de43d6
Preventing manipulation with $_SERVER['HTTP_HOST'] 2020-03-23 17:28:55 +01:00
Peca
db8b4ed21e Merge branch 'pr/34' 2019-08-10 17:09:42 +02:00
Serghey Rodin
b17b4b205d removed unnecessary single quotes for security reasons / thanks to Andrea Cardaci 2019-08-07 18:46:40 +03:00
myvesta
c04eda5e09
Merge pull request #20 from serghey-rodin/master 
update from official vesta
 2018-10-18 12:04:37 +02:00
Made I.T
f6f6f9cfbb
Fix bug in password reset 2018-10-18 10:01:35 +02:00
Serghey Rodin
5f68c1b634 Timing attack fix from security experts https://arcturussecurity.com 2018-10-17 23:28:37 +03:00
dpeca
a57c8b775b
NO_AUTH_REQUIRED2 fix 2018-04-12 01:34:18 +02:00
dpeca
7688706ed3
put back my modification 2018-04-12 01:33:35 +02:00
dpeca
b2f2caf3bb
equalize with master 2018-04-12 01:29:49 +02:00
dpeca
b7c19a8e63
Allow /reset/mail/ only from localhost 
Block connection from outside, that could brute force password guessing
 2018-04-12 01:08:35 +02:00
dpeca
4fa549c570
Disable direct access through frontend nginx in /reset/mail/ 2018-04-12 00:09:35 +02:00
dpeca
8e293259bf
Merge branch 'master' into master 2018-04-11 23:51:43 +02:00
dpeca
14c8e56d84
Allow /reset/mail/ only from localhost 2018-04-11 21:34:07 +02:00
dpeca
fb2cdf6fe1
Allow /reset/mail/ only from localhost 2018-04-11 21:30:55 +02:00
dpeca
334e54bf93
define NO_AUTH_REQUIRED2 in reset email 2018-04-11 12:54:27 +02:00
Serghey Rodin
39e9b6397b Revert "[SECURITY] Fix OS command injection." 2015-12-11 21:14:49 +02:00
Flat
8e951ac72e 🔒 ♻️ Implement secure exec wrapper functions. 2015-12-02 21:30:04 +09:00
Flat
2bd84f00f9 Detect user language 2015-11-23 19:46:38 +09:00
Serghey Rodin
1a7612cc66 password transmission via tmp files 2015-04-04 16:48:22 +03:00
Serghey Rodin
cc062abfc3 Connected web interface with vesta.conf 2014-10-05 14:47:55 +03:00
Serghey Rodin
b2f1c3ca4b Shamil Yakupov: no reset for logged user 2013-08-21 16:05:44 +03:00
Serghey Rodin
25c2b5c4cb changed tranlsate function name from _() to __() 2013-04-25 21:33:43 +03:00
Serghey Rodin
6e631c32a1 i18n + service manager + web updater 2013-01-29 00:18:09 +02:00
ZonD80
baad48a87d Replaced CRLF by LF again 2013-01-19 23:57:58 +04:00
ZonD Eighty
2b16d9bd83 Merge changes from upstream 
I'm a little angry
 2012-12-28 23:31:02 +04:00
ZonD Eighty
dcf849263d Backend changes & some templates' translation 2012-12-27 17:28:16 +04:00
Serghey Rodin
b6b7eacadb replaced underscore with dash in api syscalls 2012-11-09 18:26:32 +02:00
Serghey Rodin
989f8580f6 updated email footer 2012-10-26 23:36:15 +03:00
Serghey Rodin
6ae9520b57 merged headers for login and reset forms 2012-10-22 13:12:06 +03:00
Serghey Rodin
a6c992c258 password reset function 2012-08-03 12:28:34 +03:00