tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-04-08 17:15:08 +02:00
Code Issues Packages Projects Releases Wiki Activity
13,721 Commits 120 Branches 75 Tags
Commit Graph

2085 Commits

Author SHA1 Message Date
Johannes Meyer
673998bb9a Only open trusted iframe sources by default 
Trusted in this case means, it was Icinga Web that
rendered a link and the user followed it. Whether
a source is trustworthy or not is detected by use
of the user's session id to hash it combined with
the source similar to how CSRF tokens are assembled.

(cherry picked from commit ec40efe1578c3c9cb445638f78e76a940a6864cf)
 2025-03-26 10:26:57 +01:00
Johannes Meyer
a821cdc40f Don't mention Twitter anymore, it's gone now for good 
(cherry picked from commit db851bbe332d4c074401ab4231e06bd52b947d3d)
 2025-03-25 14:41:58 +01:00
Johannes Meyer
244adf61b2 Fix unescaped error messages (#5329) 
In both cases the input, which wasn't escaped before, comes from a form
element that doesn't allow any user to change its content. An ordinary
user would need to access the DOM in order to do that.

Both forms are protected by CSRF, so this mitigates any potential
exploit as well.

(cherry picked from commit acfad5ae5290d349c0ca4fe10b329e56c23201a0)
 2025-03-25 14:41:39 +01:00
Johannes Meyer
4cd948e500 RoleForm: Force a suffix for all element names 
fixes #4973

(cherry picked from commit c40cfb41a8cef2848e52137dbffedbf108028a0f)
 2023-11-28 09:58:32 +01:00
Alexander A. Klimov
fff795c6ab LoggingConfigForm: on Docker default to webserver log 
(cherry picked from commit 3784fe80b77f52cf20b1e49c324cfa6ecb8fec33)
 2023-01-26 09:39:32 +01:00
Johannes Meyer
9a4a11861a Fix some reflected XSS bugs 
fixes #4979

(cherry picked from commit e542982de06be6b7bcab07be4f3a4423e84b8d7a)
 2023-01-12 11:19:52 +01:00
Johannes Meyer
a82a88a34b RoleController: Always perform a permission check 
(cherry picked from commit 965aac11efc6c0ecd6ce3a080451ae1a100b292c)
 2022-12-08 11:35:41 +01:00
Johannes Meyer
ee43f4a002 login: Don't redirect to external resources 
fixes #4945

(cherry picked from commit ec7fb82a94729cd541761509985fb9ffc03b9faa)
 2022-12-08 11:35:41 +01:00
Alexander A. Klimov
d00b3bf19c SshResourceForm: fix XSS by escaping user-defined resource name 
in the tooltip of the message shown instead of the private key.

(cherry picked from commit a3100d378b125bbc4c5587e0bddd55b1f0300a83)
 2022-12-08 11:35:41 +01:00
Johannes Meyer
817380470a ConfigForm: Remove empty sections 
fixes #4939

(cherry picked from commit 4d0e42787a4fed81fd0ace1337ffca6ca42dcf96)
 2022-11-04 11:56:51 +01:00
Johannes Meyer
93bb9b69f3 RoleForm: Use the <details> tag 
(cherry picked from commit 5059a782a879ba27635581b2a50c0d55f594f5ee)
 2022-11-04 11:56:47 +01:00
Dirk Goetz
d5d714b1ee Fix gravatar: set content-type header and size 
Fixes #2254
 2022-06-15 09:03:12 +02:00
Johannes Meyer
d25854ebce Drop class Icinga\Web\Hook\TicketHook 2022-06-14 14:24:30 +02:00
Johannes Meyer
a29159a0a1 Remove remaining IE adjustments 2022-06-13 16:41:15 +02:00
Sukhwinder Dhillon
a38d5ccac6 Revert "Form: Process request parameter _frameUpload" 
This reverts commit fc481e527bc021144205e9fea88397bdf5ce60bc.
 2022-06-13 15:50:52 +02:00
Johannes Meyer
e050ea53ee RoleController: Include domain of a domain-aware backend.. 
..when suggesting user names of it
 2022-06-13 15:09:42 +02:00
Sukhwinder Dhillon
09d378ab65 ApplicationConfigForm: Remove loop and simplify the code 2022-05-27 14:02:11 +02:00
Sukhwinder Dhillon
a250202fa3 ApplicationConfigForm: Remove not required Form elements 2022-05-27 14:02:11 +02:00
Sukhwinder Dhillon
aad2419545 Remove obsolete config_backend option and not required code 
The user preferences backend is now always a `db`.
 2022-05-27 14:02:11 +02:00
Sukhwinder Dhillon
8ff1a22df7 Set preferences store type to Db and make it non-configurable 2022-05-27 13:55:48 +02:00
Johannes Meyer
74022ae4e0
Merge pull request #4697 from Icinga/feature/redesigned-user-menu-new 
Feature/redesigned user menu
 2022-05-16 09:04:26 +02:00
Florian Strohmaier
c536ddb5d8 menu.phtml: Use ConfigMenu 2022-05-12 11:10:59 +02:00
Sukhwinder Dhillon
67285ce262
Update dompdf to v1.2.1 (#4759) 2022-05-06 09:37:48 +02:00
Johannes Meyer
dcb83d9ab5 PreferenceForm: Always enable mode selection if user theme is compatible 
fixes #4744
 2022-04-11 13:28:36 +02:00
Johannes Meyer
1422f50fad RoleForm: Don't pass null to preg_match 2022-03-29 16:35:23 +02:00
moreamazingnick
ba677de0c6
Fix missing global theme check refs #4723 (#4724) 2022-03-29 16:34:35 +02:00
Johannes Meyer
d63f645bd8 Update requirements for PHP 8.1 2022-03-24 15:46:26 +01:00
Johannes Meyer
3dc384fb58 Avoid passing null to non-nullable arguments 2022-03-24 12:29:06 +01:00
Johannes Meyer
01f67a78c6 Increase required version of the icinga-php-library 2022-03-23 11:49:06 +01:00
Johannes Meyer
05a18dcdb5 Adjust calls to CompatController::setTitle() 
refs https://github.com/Icinga/ipl-web/pull/72
 2022-03-16 16:35:59 +01:00
Johannes Meyer
0d032989e6 Fix style issues in recent security fixes 2022-03-08 15:20:16 +01:00
Johannes Meyer
067ec0f6de
Merge pull request from GHSA-v9mv-h52f-7g63 
Fix/ghsa-v9mv-h52f-7g63
 2022-03-08 12:02:40 +01:00
Johannes Meyer
85c42f8400 Enhance page layout when exporting to PDF using dompdf 
It's still not perfect. But better than previously.
Using the pdfexport module is still recommended though.
 2022-03-01 17:04:38 +01:00
Johannes Meyer
3c48d693ff about: Fix documentation link and use a version dependent one 2022-02-25 12:27:08 +01:00
Florian Strohmaier
c1d0c132f3 about/index: Adjust markup 
refs #4328
 2022-02-25 11:06:22 +01:00
Johannes Meyer
9883c36841 SshResourceForm: Don't accept file://... as private key 2022-02-23 16:41:40 +01:00
Johannes Meyer
74971359a3 css: Change mode detection to look for @light-mode 2022-02-10 11:11:06 +01:00
Johannes Meyer
c42653a9b0 Drop core locales 2022-02-04 15:58:06 +01:00
Johannes Meyer
e2a51e75e5 RoleForm: Really only show that everything is allowed if * is granted 
fixes #4622
 2021-12-14 10:22:18 +01:00
Sukhwinder Dhillon
2c01f38dec Add icingadb as OR dependecy 
Add only if the given module supports icingadb and has monitoring as a requirement
 2021-11-10 09:33:48 +01:00
Florian Strohmaier
80f6ab33a8 Error: Add missing </div> for .content element 
fixes #4585
 2021-11-08 15:52:36 +01:00
Johannes Meyer
a9a3288e10
Merge pull request #4567 from Icinga/bugfix/mobile-issues-4562 
Bugfix/mobile issues 4562
 2021-11-04 08:55:18 +01:00
Johannes Meyer
aa101e18c8 PreferenceForm: Don't try to load missing themes 2021-11-02 15:09:26 +01:00
Johannes Meyer
16f1f51f66 GeneralConfigForm: Fix error if there's no config.ini 2021-11-02 13:29:36 +01:00
Johannes Meyer
744fe5977f AccountController: Don't try to set a storage if there's none 2021-11-02 13:28:52 +01:00
Florian Strohmaier
bdfb75023f PreferenceForm: Add .theme-mode class to theme mode control-group 
refs #4562
 2021-10-26 16:49:15 +02:00
Johannes Meyer
24c1618793 LoginForm: Also disable stay logged in case of no encryption method 2021-08-10 10:09:15 +02:00
Sukhwinder Dhillon
8c22514758 Utilize multiple encryption ciphers for remember me 2021-08-09 16:58:58 +02:00
Johannes Meyer
0c8466fa93 RoleForm: Make sure to grant general module access... 
...if full access is granted
 2021-07-27 14:04:29 +02:00
Sukhwinder Dhillon
645c0770a2
Rememberme compatibility with php version 5.6+ (#4472) 2021-07-26 17:37:38 +02:00