webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
a8d93e014d11aeb4d25f09938f1ae73cd2c9fba7
bpfire/html
History
Vincent Li a8d93e014d proxy.cgi: sync bug 12755 13893 fixes from ipfire 
commit f7c4f7d2968be6c9b786b7f7e46fdb8ac96c8104
Author: Michael Tremer <michael.tremer@ipfire.org>
Date:   Thu Sep 25 17:32:51 2025 +0200

    proxy.cgi: Escape parameters in the right place

    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit e22ecef885c34462565ae20020a32a27d0585dc3
Author: Adolf Belka <adolf.belka@ipfire.org>
Date:   Thu Sep 25 13:12:52 2025 +0200

    proxy.cgi: Further fix for bug 13893

    - Previous patch for proxy.cgi was related to the mitigation provided by the bug reporter
       for the parameter VISIBLE_HOSTNAME. This parameter however was not mentioned in the
       description for that bug.
    - bug 13893 description mentions TLS_HOSTNAME, UPSTREAM_USER, UPSTREAM_PASSWORD,
       ADMIN_MAIL_ADDRESS, and ADMIN_PASSWORD but it mentions them as being from dns.cgi
       which is incorrect except for TLS_HOSTNAME.
    - The other parameters are from proxy.cgi but no mitigation was shown for those in the
       bug report.
    - This patch adds fixes for the parameters UPSTREAM_USER, UPSTREAM_PASSWORD,
       ADMIN_MAIL_ADDRESS, and ADMIN_PASSWORD

    Fixes: bug 13893 - proxy.cgi Multiple Parameters Stored Cross-Site Scripting
    Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit 4cf0694e55305e368c4ca28da2db7481c8f08c5a
Author: Adolf Belka <adolf.belka@ipfire.org>
Date:   Thu Sep 25 13:12:51 2025 +0200

    proxy.cgi: Fixes bug 13893

    Fixes: bug 13893 - proxy.cgi Multiple Parameters Stored Cross-Site Scripting
    Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit a63c51da8ea03896c3340960821fbacece58f861
Author: Adolf Belka <adolf.belka@ipfire.org>
Date:   Tue May 6 16:10:10 2025 +0200

    proxy.cgi: Fixes bug12755 - proxy auth problem with password longer than 8 chars

    - This makes the proxy local password management the same between chpasswd.cgi and
       proxy.cgi
    - Tested out on my vm testbed and was able to create and modify users and their passwords
       in the proxy.cgi page or modify a password for a specified user on the chpasswd.cgi
       page. This all happened successfully and was confirmed by testing out the local
       authentication.

    Fixes: bug12755
    Tested-by: Adolf Belka <adolf.belka@ipfire.org>
    Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
2025-10-03 21:56:05 +00:00
..
cgi-bin
proxy.cgi: sync bug 12755 13893 fixes from ipfire
2025-10-03 21:56:05 +00:00
html
wireguard.cgi: add css color style for VPN peer status
2025-07-07 21:10:23 +00:00