commit 0b946b848c72511922fa211b6a4db0da092d204c
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Sep 25 16:37:27 2025 +0200
ddns.cgi: Escape the variables when they are being sent back to the browser
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 67db35c8a536b54d169336269853aaa6eae85ab5
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Thu Sep 25 13:12:44 2025 +0200
ddns.cgi: Fixes bug 13884
Fixes: bug 13884 - ddns.cgi LOGIN PASSWORD SERVICE Stored Cross-Site Scripting
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
The input validation did not work in the proper way. It allways
reported "No password" when using a provider which supports token and
the token has been given.
This of course is wrong and leaded to unuseable providers.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This disables the theme support and makes it impossible to use any other
themes than the ipfire default theme.
The only intention of this patch is to hardcode the theme to ipfire.
To change any cgi we have is an ugly way, but the only way to do this
fast. The colour handling needs certainly to be improved as well, but
this will and should be done in other patches.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
If a provider supports authentication with a token, now
the username and password fileds will be swapped by some
Java Script code in favour of an input field for the token.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This is really hard to maintain when adding new or altering existing
providers.
Reference #12415.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
To keep compatiblity with the settings file of the old DDNS update script
(setddns.pl) we keept the storrage of the hostname information in
two parts (hostname and domain) and connected both with a dot to get a valid
FQDN again. OpenDNS and may some other providers do not use a dotted format
for this information, so one of these two values were empty.
We now can handle such cases in a right way.
When the "enabled" checkbox is checked a "on" will be returned,
if the box is unchecked checkboxes will return nothing.
As a result of this behaviour the ddns.conf contained entries which have been disabled in the WUI.
We now check if the checkbox returns a "on", otherwise we will set the "enabled" value to "off" to
prevent from this problem.
In the past the regfish.com auth token was stored as username similar than freedns.afraid.com. We now expected
the token key stored as password, to keep compatiblity with old installations I've added some compatible code
to prevent users from various issues.
Hinzugefügt:
* L7-Protokolle
Geändert:
* XAMPP 1.5.1 --> 1.5.3
* Sämtliche "IPCops" durch "IPFire" im Webinterface ersetzt
* Einige Fixes, wegen Errors im Webinterface. (Im Forum zu finden.)
git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@148 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
