bpfire

mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-10 11:05:54 +02:00

Author	SHA1	Message	Date
Alexander Marx	c96146d01e	BUG11505: Captive Portal: no way to remove an uploaded logo added a delete button Signed-off-by: Alexander Marx <alexander.marx@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-17 23:36:32 +01:00
Michael Tremer	462bc3d159	captive: Fix potential authenticated XSS in title processing An authenticated Stored XSS (Cross-site Scripting) exists in the (https://localhost:444/cgi-bin/captive.cgi) Captive Portal via the "Title of Login Page" text box or "TITLE" parameter. This is due to a lack of user input validation in "Title of Login Page" text box or "TITLE" parameter. It allows an authenticated WebGUI user with privileges for the affected page to execute Stored Cross-site Scripting in the Captive Portal page (/cgi-bin/captive.cgi), which helps attacker to redirect the victim to a attacker's page. The Stored XSS get prompted on the victims page whenever victim tries to access the Captive Portal page. An attacker get access to the victim's session by performing the CSRF and gather the cookie and session id's or possibly can change the victims configuration using this Stored XSS. This attack can possibly spoof the victim's informations. Fixes: #12071 Reported-by: Dharmesh Baskaran <dharmesh201093@gmail.com> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-09 13:16:52 +01:00
Matthias Fischer	bf1db4b28f	Forgot to change language strings in captive.cgi Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-01-10 16:44:04 +00:00
Michael Tremer	0545cba708	captive: Escape any special characters in title on PDF vouchers Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-11-29 11:57:55 +00:00
Michael Tremer	ad1204e4eb	captive: One month is only 30 days instead of 210 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-11-06 19:07:10 +00:00
Michael Tremer	af6c5929b0	captive: Simplify coupon time selection Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-17 15:05:53 +02:00
Michael Tremer	f32174956e	captive: Reindent code for better readability Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-17 12:43:42 +01:00
Michael Tremer	3a62dca68e	captive: Localise GREEN/BLUE Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-17 12:41:17 +01:00
Michael Tremer	a54350cdb9	captive: Allow PDF export of coupons Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-16 16:36:24 +02:00
Michael Tremer	ebfb899693	captive: Add headline to T&C box Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-16 15:03:39 +02:00
Michael Tremer	e2bd5a6eb9	captive: Allow editing terms in coupon mode Since the terms are always shown when set, we need a way to edit them in coupon mode as well. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-11 14:52:03 +01:00
Michael Tremer	bef7ad5bbe	captive: Fix saving empty terms Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-09 14:34:21 +01:00
Michael Tremer	bbc69f228d	captive portal: Correctly initialise an array for 8h timeout Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-05 11:11:32 +01:00
Michael Tremer	0a219160ac	captive portal: Allow sessions to expire after 8 hours Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-04 14:21:12 +01:00
Michael Tremer	792f1a3bdf	captive: Drop duplicate function to list active clients There was a function with different name but essentially same functionality which is already existant in &show_clients(). Therefore this patch drops the old function without any functional changes. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-09-22 18:56:04 +01:00
Michael Tremer	41964aba09	captive: Redesign clients list box Mostly code cleanup Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-09-22 18:56:04 +01:00
Michael Tremer	a0b271e474	captive: Redesign generated coupons table Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-09-22 18:56:04 +01:00
Michael Tremer	733932de74	captive: Correctly set coupon lifetime Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-09-22 18:56:04 +01:00
Michael Tremer	9cba29f119	captive: Remember selected coupon expiry time Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-09-22 18:56:04 +01:00
Michael Tremer	5cd9e28bc4	captive: Allow creating multiple coupons in bulk Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-09-22 18:56:04 +01:00
Michael Tremer	4f75fbfe12	captive: Cleanup coupon generation block No functional changes Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-09-22 18:56:04 +01:00
Michael Tremer	810198110e	captive: Cleanup logo upload Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-09-22 18:56:04 +01:00
Michael Tremer	e7d16ea553	captive: Cleanup authentication selection Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-09-22 18:56:04 +01:00
Michael Tremer	a41fe924ae	captive: Code cleanup No functional changes Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-09-22 18:56:04 +01:00
Michael Tremer	b7a126d9c8	captive: Allow uploading JPEG images, too Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-09-22 18:56:04 +01:00
Michael Tremer	e2752bfe71	captive: Save logo in /var/ipfire/captive Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-09-22 18:56:04 +01:00
Michael Tremer	278309b9ef	captive: Allow selecting the session expiry time for terms Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-09-22 18:56:04 +01:00
Michael Tremer	297ebdd47b	captive: Group settings together and create branding section Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-09-22 18:55:27 +01:00
Michael Tremer	827d3f61da	captive: Some more CGI cleanup Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-09-22 18:55:27 +01:00
Michael Tremer	97b91e8a94	captive: Rename "Voucher" mode to "Coupon" Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-09-22 18:55:27 +01:00
Michael Tremer	9735e1670a	captive: Rename "License" mode to "Terms & Conditions" Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-09-22 18:55:27 +01:00
Michael Tremer	f8d35875d8	captive: Allow selecting highlight colour in web interface To be able to customise the access page, we now allow the user to select a brand colour. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-09-22 18:55:27 +01:00
Alexander Marx	59a2d9c2d5	Captive-portal: Design changes When choosing voucher as authentication type there is no need to display the license agreement textbox Signed-off-by: Alexander Marx <alexander.marx@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-09-22 18:54:45 +01:00
Alexander Marx	0806170370	BUG11141: Redesign of configuration website To improve the user experience, the configuration part of generating new vouchers has been reworked. Signed-off-by: Alexander Marx <alexander.marx@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-09-22 18:54:45 +01:00
Alexander Marx	213335372d	BUG11140: Captive logo dimensions Now the min and max logo dimensions are shown in webinterface. Signed-off-by: Alexander Marx <alexander.marx@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-09-22 18:54:45 +01:00
Alexander Marx	6945954c44	BUG11137: Captive save action messes up the form When configuring the captiveportal for the first time the form will be empty after clicking on save button if not all relevant fields are set. Now the settings are stored even if there is an error. Signed-off-by: Alexander Marx <alexander.marx@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-09-22 18:54:45 +01:00
Alexander Marx	1d77d1262a	BUG11139: Captive voucher table too wide Set table to 100% and the remark textfield to 96% (cellwidth) Signed-off-by: Alexander Marx <alexander.marx@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-09-22 18:54:45 +01:00
Alexander Marx	45129439bc	Captive-Portal: fix fontsize of generated voucher Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>	2017-09-22 18:54:45 +01:00
Alexander Marx	52383f583e	Captive-Portal: fix some typos and missing dir Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>	2017-09-22 18:54:45 +01:00
Alexander Marx	b32d9e92be	Captive-Portal: Add logo upload feature Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>	2017-09-22 18:54:45 +01:00
Alexander Marx	f3802750ac	Captive-Portal: fix wrong expiretime of unused vouchers Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>	2017-09-22 18:54:45 +01:00
Alexander Marx	e14adf759a	Captive-Portal: SHow always licencebox in config Also fix index.cgi to show individual title Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>	2017-09-22 18:54:03 +01:00
Alexander Marx	c7e78cc62e	Captive-Portal: several design changes Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>	2017-09-22 18:54:03 +01:00
Alexander Marx	e01c5ab71a	Captive-Portal: redesign Webinterface Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>	2017-09-22 18:54:03 +01:00
Alexander Marx	8b92078917	Captive-Portal: add web-part Introduce new Captive-Portal. Here we add the menu, apache configuration (vhost), IPFire configuration website and Captive-Portal Access site. Also the languagefiles are updated. Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>	2017-09-22 18:54:03 +01:00

45 Commits