tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-07-27 15:54:03 +02:00
Code Issues Packages Projects Releases Wiki Activity
13,711 Commits 126 Branches 76 Tags
Commit Graph

13711 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Johannes Meyer
a821cdc40f Don't mention Twitter anymore, it's gone now for good 
(cherry picked from commit db851bbe332d4c074401ab4231e06bd52b947d3d)
 2025-03-25 14:41:58 +01:00
Johannes Meyer
4a104e3a1b Fix case sensitive authentication with postgres (#5338) 
fixes #5223

(cherry picked from commit d86ede517fa9ca04cc9679aa66a429b4d6170f54)
 2025-03-25 14:41:48 +01:00
Johannes Meyer
244adf61b2 Fix unescaped error messages (#5329) 
In both cases the input, which wasn't escaped before, comes from a form
element that doesn't allow any user to change its content. An ordinary
user would need to access the DOM in order to do that.

Both forms are protected by CSRF, so this mitigates any potential
exploit as well.

(cherry picked from commit acfad5ae5290d349c0ca4fe10b329e56c23201a0)
 2025-03-25 14:41:39 +01:00
Sukhwinder Dhillon
64dcc33f6d RolesConfig: Add missing column name for quick search 
(cherry picked from commit c6c1e283502b734db98c1c9130742193a80a6c39)
 2025-03-25 14:41:31 +01:00
Johannes Meyer
4cd948e500 RoleForm: Force a suffix for all element names 
fixes #4973

(cherry picked from commit c40cfb41a8cef2848e52137dbffedbf108028a0f)
 2023-11-28 09:58:32 +01:00
Johannes Meyer
11453bfa92 Release version 2.11.4 
(cherry picked from commit 4b6df1bef9658984e83827d796b53fecfc3cf247)
v2.11.4 		2023-01-26 12:54:15 +01:00
Alexander A. Klimov
95511a1a88 setup: welcome page: on Docker remove redundant instructions 
(cherry picked from commit 73dcf2bc89b2d149ecc73111a4866ea6ee0e1747)
 2023-01-26 09:39:32 +01:00
Alexander A. Klimov
fff795c6ab LoggingConfigForm: on Docker default to webserver log 
(cherry picked from commit 3784fe80b77f52cf20b1e49c324cfa6ecb8fec33)
 2023-01-26 09:39:32 +01:00
Alexander A. Klimov
59415e117f icingacli setup config webserver apache: add trailing / to Alias dir 
if the Alias URI (e.g. /) has a trailing /. Otherwise Apache says 403.

(cherry picked from commit 0031108160ad440d6d2f172dba07c04e6f5af4a8)
 2023-01-26 09:39:32 +01:00
Yonas Habteab
1bcf2627a8 TemporaryLocalFileStorage: Fix unexpected crash in destructor 
(cherry picked from commit 6d2a585de92c4cfa053df0d3b600448eef5423c2)
 2023-01-16 14:17:05 +01:00
Johannes Meyer
9a4a11861a Fix some reflected XSS bugs 
fixes #4979

(cherry picked from commit e542982de06be6b7bcab07be4f3a4423e84b8d7a)
 2023-01-12 11:19:52 +01:00
Johannes Meyer
4efefc1877 Libraries: Only attempt a partial match if the library name contains a slash 
fixes #4971

(cherry picked from commit 8837fea7a40f7b8395b72e4a76303eed2e794bf3)
 2023-01-12 11:19:52 +01:00
Johannes Meyer
3a28e42046 js: Transmit X-Icinga-AutoSubmittedBy upon autosubmits 
This header contains the name or id of the element responsible
for triggering the automatic form submission.

(cherry picked from commit cbf8cfc738120bb96f848cf0dd63887ff68f39b8)
 2023-01-12 11:19:52 +01:00
Johannes Meyer
f5b6ef39df Merge pull request #4976 from Icinga/do-not-disable-all-inputs-on-form-submit 
js: Only disable submit buttons on form submit
(cherry picked from commit 96179182e413b5285ad8be00e7124fd278e300c3)
 2023-01-12 11:19:40 +01:00
Valentina Da Rold
1c90eaf6b5 Check if url is external in validation function 
refs: #4970
(cherry picked from commit 963c3168b16039dc012d8ae1d100163bb808b193)
 2023-01-12 11:19:25 +01:00
Eric Lippmann
8c52f68fd6 Merge pull request #4964 from Icinga/packaging 
Packaging Adjustments

(cherry picked from commit 57c52cadfa82e0a3cb06ac2f8a14ea3bb3060f74)
 2023-01-12 11:19:11 +01:00
Johannes Meyer
f917436a89 Release version 2.11.3 v2.11.3 2022-12-14 13:28:22 +01:00
Johannes Meyer
7eaca7e519 Release version 2.11.3 2022-12-14 13:27:53 +01:00
Johannes Meyer
41985bf7e8 Update CHANGELOG.md 2022-12-14 13:27:52 +01:00
Johannes Meyer
00afe2f884 Update AUTHORS 2022-12-14 13:27:52 +01:00
Johannes Meyer
0cfe86698a css: Support fieldsets wrapped by .control-group 
(cherry picked from commit 12af81d4c3962e5234a626a51a532971aab19d9a)
 2022-12-14 13:20:38 +01:00
Alexander A. Klimov
60647eb038 icingacli test php unit: pass through phpunit exit code 
so that GHA knows if something failed.

(cherry picked from commit 522d041505ecb92ee66395a3d7c647c3926f8e06)
 2022-12-08 11:36:16 +01:00
Johannes Meyer
933a9c80d4 Merge pull request #4962 from Icinga/upgrade-dompdf 
Upgrade dompdf

(cherry picked from commit b3332c751c0ea1563891aa434fa3f58d38d3c239)
 2022-12-08 11:36:04 +01:00
Johannes Meyer
c4780ae5a0 Merge pull request #4963 from Icinga/upgrade-htmlpurifier 
Upgrade HTMLPurifier

(cherry picked from commit a6af6900407a75204e7ebc69ae5e49520e339554)
 2022-12-08 11:35:57 +01:00
Johannes Meyer
45c91dfff6 Merge pull request #4958 from Icinga/fix/browser-print-dialog-result-4957 
Fix browser print dialog result

(cherry picked from commit 0096f43e0d5f06b503aeb2f93927effa22049fcb)
 2022-12-08 11:35:50 +01:00
Johannes Meyer
d983852f82 ConfigMenu: Fix incorrect shared navigation url 
fixes #4953

(cherry picked from commit b1574e4bee0e4c597099dbd0436ed137b3d6bb8a)
 2022-12-08 11:35:41 +01:00
Johannes Meyer
0ea550ed21 form.js: Don't ignore autosubmit elements 
A while ago this already has changed so that autosubmit
responses are guaranteed to be applied. Thus this
exception is now obsolete.

fixes #4942

(cherry picked from commit 8cd892359d1770260e10486554764bcd8c0be797)
 2022-12-08 11:35:41 +01:00
Johannes Meyer
c6a05031b8 InternalUrlValidator: Also check the scheme 
(cherry picked from commit 3187a4e549af978d428ddd9b05ccee7b5766e39e)
 2022-12-08 11:35:41 +01:00
Johannes Meyer
a82a88a34b RoleController: Always perform a permission check 
(cherry picked from commit 965aac11efc6c0ecd6ce3a080451ae1a100b292c)
 2022-12-08 11:35:41 +01:00
Johannes Meyer
ee43f4a002 login: Don't redirect to external resources 
fixes #4945

(cherry picked from commit ec7fb82a94729cd541761509985fb9ffc03b9faa)
 2022-12-08 11:35:41 +01:00
Alexander A. Klimov
d00b3bf19c SshResourceForm: fix XSS by escaping user-defined resource name 
in the tooltip of the message shown instead of the private key.

(cherry picked from commit a3100d378b125bbc4c5587e0bddd55b1f0300a83)
 2022-12-08 11:35:41 +01:00
Johannes Meyer
9b6349e4a0 Release version 2.11.2 v2.11.2 2022-11-04 12:00:58 +01:00
Johannes Meyer
b654344552 Raise version to v2.11.2 2022-11-04 12:00:40 +01:00
Johannes Meyer
43d87e7914 Update CHANGELOG.md 2022-11-04 12:00:40 +01:00
Johannes Meyer
7e7b592af7 collapsible.js: Fix invalid default selectors 
refs #4884

(cherry picked from commit 9b3e6165ead294c6b5ee863f1b6096ded1fe3dec)
 2022-11-04 11:56:51 +01:00
Johannes Meyer
817380470a ConfigForm: Remove empty sections 
fixes #4939

(cherry picked from commit 4d0e42787a4fed81fd0ace1337ffca6ca42dcf96)
 2022-11-04 11:56:51 +01:00
Yonas Habteab
aa7767e0f5 CommentParser: Wrap descriptions after the available screen columns 
Well, what should I say, the PHP code sniffer allows us up to 120 characters
line length and when you code/format based on these rules, e.g the description
of a cli command, it will mess everything up when you run `icingacli module --help`.
So, we can just wrap the output after the available screen columns.

(cherry picked from commit 8cb0976c5b910578d14510dcabf59db6fb146c3e)
 2022-11-04 11:56:51 +01:00
Johannes Meyer
12aace9af0 css: Optimize performance 
I don't quite understand why exactly this rule exposes
such an issue. We have several other rules that are
similar. But they don't reference form elements on the
left. I suspect a different issue somewhere else, this
only exaggerated it.

fixes #4929

(cherry picked from commit bb4b53e90cc28ec345ecb32fa16fbb086a96f3b5)
 2022-11-04 11:56:51 +01:00
Johannes Meyer
baef98cd4f collapsible.js: Add support for external controls 
(cherry picked from commit aef6e99cf83c11a0fdbc01d41c12c6d0835d3a49)
 2022-11-04 11:56:47 +01:00
Florian Strohmaier
dfb263e7a4 collapsible.js: Enhance markup flexibility 
(cherry picked from commit f13161b69d7a5d610754b52d03e803fa437dd946)
 2022-11-04 11:56:47 +01:00
Johannes Meyer
7d79a490aa PrivilegeAudit: Expand defined privileges when exporting to PDF 
refs #4862

(cherry picked from commit 314545f3a7c594580b46b84c2d15d5f1a8fba6cb)
 2022-11-04 11:56:47 +01:00
Johannes Meyer
5eaecbb00e utils.js: Optimize performance of getCSSPath() 
(cherry picked from commit 22cb1f2143a7249f3f0c022448337f0625cd58d1)
 2022-11-04 11:56:47 +01:00
Johannes Meyer
74b49744d5 css: Apply box-sizing:border-box to all <details> children 
We have this everywhere else, so it should not be different here.

(cherry picked from commit 3c2c79b669555519faa3c4efb208723a7e825f97)
 2022-11-04 11:56:47 +01:00
Johannes Meyer
80c35f8571 PrivilegeAudit: Use the <details> tag 
(cherry picked from commit 503f9b731602731455c77459216a5e9143af5c39)
 2022-11-04 11:56:47 +01:00
Johannes Meyer
93bb9b69f3 RoleForm: Use the <details> tag 
(cherry picked from commit 5059a782a879ba27635581b2a50c0d55f594f5ee)
 2022-11-04 11:56:47 +01:00
Johannes Meyer
677b5715a0 collapsible.js: Use ES6's class syntax 
(cherry picked from commit c4ce98159c829bca6302939929ace75b385d6c9f)
 2022-11-04 11:56:47 +01:00
Johannes Meyer
6e671e651c collapsible.js: Don't use jQuery, but some ES6 features 
(cherry picked from commit b0622dcde221b1307d86880849cb80b27924e91c)
 2022-11-04 11:56:47 +01:00
Johannes Meyer
db6864170c collapsible.js: Minor performance improvements 
(cherry picked from commit 917e68d68d3865c6972992c622a1ce229d5176ac)
 2022-11-04 11:56:47 +01:00
Johannes Meyer
0cd2887fca collapsible.js: Use a data-attr to identify collapsible collapsibles 
(cherry picked from commit 17bd3ce14f26248a6830068cf0e5e742c57c59b6)
 2022-11-04 11:56:47 +01:00
Johannes Meyer
3623c8b53a css: Only apply .collapsible-control styles to outer buttons 
Inner buttons usually have their own style

(cherry picked from commit 181b18cfecbed5e73d1a7140f6f38c64eab3c926)
 2022-11-04 11:56:47 +01:00