tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-04-08 17:15:08 +02:00
Code Issues Packages Projects Releases Wiki Activity
13,719 Commits 120 Branches 75 Tags
Commit Graph

13719 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Johannes Meyer
a5b152f467 Release version 2.11.5 v2.11.5 2025-03-26 10:44:52 +01:00
Johannes Meyer
673998bb9a Only open trusted iframe sources by default 
Trusted in this case means, it was Icinga Web that
rendered a link and the user followed it. Whether
a source is trustworthy or not is detected by use
of the user's session id to hash it combined with
the source similar to how CSRF tokens are assembled.

(cherry picked from commit ec40efe1578c3c9cb445638f78e76a940a6864cf)
 2025-03-26 10:26:57 +01:00
Johannes Meyer
6ddf61981c js: Only load URLs prefixed by the base URL 
(cherry picked from commit aad020511f12ad5c2dfd9859a52b1c8618be198d)
 2025-03-26 10:26:50 +01:00
Johannes Meyer
8600f4fe31 Window: Only accept valid window IDs 
(cherry picked from commit 484bd26d63abef172d0354140adf9ce353c444e0)
 2025-03-26 10:26:43 +01:00
Johannes Meyer
8e5b32aef3 Url: Always compare host and port to identify external urls 
(cherry picked from commit 2b08d88edff8381f513ad7138b2204953e1c406c)
 2025-03-26 10:26:36 +01:00
Johannes Meyer
4a479e48db Pdf: Ensure dompdf can create temporary files 
This is required since dompdf seems to automatically load
our custom font and complains otherwise.

(cherry picked from commit 191444ccd9bb3ea8ef1a2502a8c981e3b66a98cd)
 2025-03-25 14:42:17 +01:00
Sukhwinder Dhillon
acb8c80d64 tabs.less: Don't let icinga-loader element overlap the dropdown nav 
(cherry picked from commit f1fe2525bd597a4a81ef84f63de947b6e0ec07a4)
 2025-03-25 14:42:09 +01:00
Markus Opolka
cb50e33409 Fix doc module markdown table rows in light mode 
- Replaced the gradient mixin with a simple color
  for odd rows. This fixes and markdown table rows
  in light mode and - since there are very gradients
  in general - it makes the overall look more uniform.

See https://github.com/Icinga/icingaweb2/issues/5320

(cherry picked from commit 6c8453062f48fa203fb2d9dc3b8b051ede2669f6)
 2025-03-25 14:42:03 +01:00
Johannes Meyer
a821cdc40f Don't mention Twitter anymore, it's gone now for good 
(cherry picked from commit db851bbe332d4c074401ab4231e06bd52b947d3d)
 2025-03-25 14:41:58 +01:00
Johannes Meyer
4a104e3a1b Fix case sensitive authentication with postgres (#5338) 
fixes #5223

(cherry picked from commit d86ede517fa9ca04cc9679aa66a429b4d6170f54)
 2025-03-25 14:41:48 +01:00
Johannes Meyer
244adf61b2 Fix unescaped error messages (#5329) 
In both cases the input, which wasn't escaped before, comes from a form
element that doesn't allow any user to change its content. An ordinary
user would need to access the DOM in order to do that.

Both forms are protected by CSRF, so this mitigates any potential
exploit as well.

(cherry picked from commit acfad5ae5290d349c0ca4fe10b329e56c23201a0)
 2025-03-25 14:41:39 +01:00
Sukhwinder Dhillon
64dcc33f6d RolesConfig: Add missing column name for quick search 
(cherry picked from commit c6c1e283502b734db98c1c9130742193a80a6c39)
 2025-03-25 14:41:31 +01:00
Johannes Meyer
4cd948e500 RoleForm: Force a suffix for all element names 
fixes #4973

(cherry picked from commit c40cfb41a8cef2848e52137dbffedbf108028a0f)
 2023-11-28 09:58:32 +01:00
Johannes Meyer
11453bfa92 Release version 2.11.4 
(cherry picked from commit 4b6df1bef9658984e83827d796b53fecfc3cf247)
v2.11.4 		2023-01-26 12:54:15 +01:00
Alexander A. Klimov
95511a1a88 setup: welcome page: on Docker remove redundant instructions 
(cherry picked from commit 73dcf2bc89b2d149ecc73111a4866ea6ee0e1747)
 2023-01-26 09:39:32 +01:00
Alexander A. Klimov
fff795c6ab LoggingConfigForm: on Docker default to webserver log 
(cherry picked from commit 3784fe80b77f52cf20b1e49c324cfa6ecb8fec33)
 2023-01-26 09:39:32 +01:00
Alexander A. Klimov
59415e117f icingacli setup config webserver apache: add trailing / to Alias dir 
if the Alias URI (e.g. /) has a trailing /. Otherwise Apache says 403.

(cherry picked from commit 0031108160ad440d6d2f172dba07c04e6f5af4a8)
 2023-01-26 09:39:32 +01:00
Yonas Habteab
1bcf2627a8 TemporaryLocalFileStorage: Fix unexpected crash in destructor 
(cherry picked from commit 6d2a585de92c4cfa053df0d3b600448eef5423c2)
 2023-01-16 14:17:05 +01:00
Johannes Meyer
9a4a11861a Fix some reflected XSS bugs 
fixes #4979

(cherry picked from commit e542982de06be6b7bcab07be4f3a4423e84b8d7a)
 2023-01-12 11:19:52 +01:00
Johannes Meyer
4efefc1877 Libraries: Only attempt a partial match if the library name contains a slash 
fixes #4971

(cherry picked from commit 8837fea7a40f7b8395b72e4a76303eed2e794bf3)
 2023-01-12 11:19:52 +01:00
Johannes Meyer
3a28e42046 js: Transmit X-Icinga-AutoSubmittedBy upon autosubmits 
This header contains the name or id of the element responsible
for triggering the automatic form submission.

(cherry picked from commit cbf8cfc738120bb96f848cf0dd63887ff68f39b8)
 2023-01-12 11:19:52 +01:00
Johannes Meyer
f5b6ef39df Merge pull request #4976 from Icinga/do-not-disable-all-inputs-on-form-submit 
js: Only disable submit buttons on form submit
(cherry picked from commit 96179182e413b5285ad8be00e7124fd278e300c3)
 2023-01-12 11:19:40 +01:00
Valentina Da Rold
1c90eaf6b5 Check if url is external in validation function 
refs: #4970
(cherry picked from commit 963c3168b16039dc012d8ae1d100163bb808b193)
 2023-01-12 11:19:25 +01:00
Eric Lippmann
8c52f68fd6 Merge pull request #4964 from Icinga/packaging 
Packaging Adjustments

(cherry picked from commit 57c52cadfa82e0a3cb06ac2f8a14ea3bb3060f74)
 2023-01-12 11:19:11 +01:00
Johannes Meyer
f917436a89 Release version 2.11.3 v2.11.3 2022-12-14 13:28:22 +01:00
Johannes Meyer
7eaca7e519 Release version 2.11.3 2022-12-14 13:27:53 +01:00
Johannes Meyer
41985bf7e8 Update CHANGELOG.md 2022-12-14 13:27:52 +01:00
Johannes Meyer
00afe2f884 Update AUTHORS 2022-12-14 13:27:52 +01:00
Johannes Meyer
0cfe86698a css: Support fieldsets wrapped by .control-group 
(cherry picked from commit 12af81d4c3962e5234a626a51a532971aab19d9a)
 2022-12-14 13:20:38 +01:00
Alexander A. Klimov
60647eb038 icingacli test php unit: pass through phpunit exit code 
so that GHA knows if something failed.

(cherry picked from commit 522d041505ecb92ee66395a3d7c647c3926f8e06)
 2022-12-08 11:36:16 +01:00
Johannes Meyer
933a9c80d4 Merge pull request #4962 from Icinga/upgrade-dompdf 
Upgrade dompdf

(cherry picked from commit b3332c751c0ea1563891aa434fa3f58d38d3c239)
 2022-12-08 11:36:04 +01:00
Johannes Meyer
c4780ae5a0 Merge pull request #4963 from Icinga/upgrade-htmlpurifier 
Upgrade HTMLPurifier

(cherry picked from commit a6af6900407a75204e7ebc69ae5e49520e339554)
 2022-12-08 11:35:57 +01:00
Johannes Meyer
45c91dfff6 Merge pull request #4958 from Icinga/fix/browser-print-dialog-result-4957 
Fix browser print dialog result

(cherry picked from commit 0096f43e0d5f06b503aeb2f93927effa22049fcb)
 2022-12-08 11:35:50 +01:00
Johannes Meyer
d983852f82 ConfigMenu: Fix incorrect shared navigation url 
fixes #4953

(cherry picked from commit b1574e4bee0e4c597099dbd0436ed137b3d6bb8a)
 2022-12-08 11:35:41 +01:00
Johannes Meyer
0ea550ed21 form.js: Don't ignore autosubmit elements 
A while ago this already has changed so that autosubmit
responses are guaranteed to be applied. Thus this
exception is now obsolete.

fixes #4942

(cherry picked from commit 8cd892359d1770260e10486554764bcd8c0be797)
 2022-12-08 11:35:41 +01:00
Johannes Meyer
c6a05031b8 InternalUrlValidator: Also check the scheme 
(cherry picked from commit 3187a4e549af978d428ddd9b05ccee7b5766e39e)
 2022-12-08 11:35:41 +01:00
Johannes Meyer
a82a88a34b RoleController: Always perform a permission check 
(cherry picked from commit 965aac11efc6c0ecd6ce3a080451ae1a100b292c)
 2022-12-08 11:35:41 +01:00
Johannes Meyer
ee43f4a002 login: Don't redirect to external resources 
fixes #4945

(cherry picked from commit ec7fb82a94729cd541761509985fb9ffc03b9faa)
 2022-12-08 11:35:41 +01:00
Alexander A. Klimov
d00b3bf19c SshResourceForm: fix XSS by escaping user-defined resource name 
in the tooltip of the message shown instead of the private key.

(cherry picked from commit a3100d378b125bbc4c5587e0bddd55b1f0300a83)
 2022-12-08 11:35:41 +01:00
Johannes Meyer
9b6349e4a0 Release version 2.11.2 v2.11.2 2022-11-04 12:00:58 +01:00
Johannes Meyer
b654344552 Raise version to v2.11.2 2022-11-04 12:00:40 +01:00
Johannes Meyer
43d87e7914 Update CHANGELOG.md 2022-11-04 12:00:40 +01:00
Johannes Meyer
7e7b592af7 collapsible.js: Fix invalid default selectors 
refs #4884

(cherry picked from commit 9b3e6165ead294c6b5ee863f1b6096ded1fe3dec)
 2022-11-04 11:56:51 +01:00
Johannes Meyer
817380470a ConfigForm: Remove empty sections 
fixes #4939

(cherry picked from commit 4d0e42787a4fed81fd0ace1337ffca6ca42dcf96)
 2022-11-04 11:56:51 +01:00
Yonas Habteab
aa7767e0f5 CommentParser: Wrap descriptions after the available screen columns 
Well, what should I say, the PHP code sniffer allows us up to 120 characters
line length and when you code/format based on these rules, e.g the description
of a cli command, it will mess everything up when you run `icingacli module --help`.
So, we can just wrap the output after the available screen columns.

(cherry picked from commit 8cb0976c5b910578d14510dcabf59db6fb146c3e)
 2022-11-04 11:56:51 +01:00
Johannes Meyer
12aace9af0 css: Optimize performance 
I don't quite understand why exactly this rule exposes
such an issue. We have several other rules that are
similar. But they don't reference form elements on the
left. I suspect a different issue somewhere else, this
only exaggerated it.

fixes #4929

(cherry picked from commit bb4b53e90cc28ec345ecb32fa16fbb086a96f3b5)
 2022-11-04 11:56:51 +01:00
Johannes Meyer
baef98cd4f collapsible.js: Add support for external controls 
(cherry picked from commit aef6e99cf83c11a0fdbc01d41c12c6d0835d3a49)
 2022-11-04 11:56:47 +01:00
Florian Strohmaier
dfb263e7a4 collapsible.js: Enhance markup flexibility 
(cherry picked from commit f13161b69d7a5d610754b52d03e803fa437dd946)
 2022-11-04 11:56:47 +01:00
Johannes Meyer
7d79a490aa PrivilegeAudit: Expand defined privileges when exporting to PDF 
refs #4862

(cherry picked from commit 314545f3a7c594580b46b84c2d15d5f1a8fba6cb)
 2022-11-04 11:56:47 +01:00
Johannes Meyer
5eaecbb00e utils.js: Optimize performance of getCSSPath() 
(cherry picked from commit 22cb1f2143a7249f3f0c022448337f0625cd58d1)
 2022-11-04 11:56:47 +01:00