Ilia Ross
0d4c65ec04
Fix to create custom temp dirs after validation
2026-06-08 18:53:57 +02:00
Ilia Ross
9577737aeb
Fix to harden Webmin temp directory validation
...
https://github.com/webmin/webmin/pull/2749#discussion_r3368028469
2026-06-06 22:40:52 +02:00
Ilia Ross
80da8d1915
Fix Webmin temp directory setup in Advanced Options
...
This fixes saving a custom Webmin temp directory from Webmin Configuration → Advanced Options.
Previously, setting a path like /var/webmin/tmp failed if the directory did not already exist. Users had to create it manually, and it was easy to end up with a bad parent directory such as /var/webmin with 0700, which made the saved temp path unusable.
This change makes Webmin handle the safe parts automatically:
- Creates missing temp directories and parents as 0755
- Validates existing parent directories are traversable by group/other
- Requires the final Webmin temp directory to be root-owned with mode 0755
- Allows shared temp dirs like /var/tmp when root-owned and 1777
- Shows a clear error when existing permissions must be fixed manually
2026-06-04 01:44:32 +02:00
Jamie Cameron
73821b72b0
Merge pull request #2729 from swelljoe/web-lib-funcs-test-data-transforms
...
Tests / prove (push) Has been cancelled
Build / build (push) Has been cancelled
Close inactive / close-inactive (push) Has been cancelled
Add web-lib-funcs data transform tests
2026-05-23 19:25:00 -07:00
Ilia Ross
87db158afc
Fix to avoid large diffs when pretty
2026-05-22 15:06:37 +02:00
Joe Cooper
2c4467a82e
Handle lowercase 2FA secret
2026-05-21 18:01:25 -05:00
Joe Cooper
65c2a0da50
Fix warnings for undef in compare
2026-05-21 17:47:38 -05:00
Joe Cooper
da2090bad7
Add web-lib-funcs data transform tests
2026-05-21 17:21:44 -05:00
Jamie Cameron
16c16f4fd4
Merge pull request #2724 from swelljoe/test-web-lib-funcs-strings
...
Add ip, paths, string tests for web-lib-funcs
2026-05-20 15:50:13 -07:00
Joe Cooper
100253bec3
Fix quirks in trunc and split_quoted_string
2026-05-20 15:55:07 -05:00
Joe Cooper
d2ba0d910b
Fix check_ip6address in web-lib-funcs
2026-05-20 14:04:37 -05:00
Ilia Ross
cbc9595649
Add relaxed flag support
Tests / prove (push) Has been cancelled
webmin.dev: webmin/webmin / build (push) Has been cancelled
2026-05-20 13:54:24 +02:00
Ilia Ross
2d01675139
Fix reflected XSS in Webmin status messages
...
* Note: Escape the /webmin/ message parameter, strip restart redirect HTML to plain text, and harden filter_javascript().
2026-05-17 14:32:10 +02:00
Ilia Ross
e60d005ab0
Fix to enforce RPC-only users before module ACL check
...
webmin.dev: webmin/webmin / build (push) Has been cancelled
* Note: Block `rpc=3` users from normal Webmin UI before `init_config` marks module ACLs checked, while explicitly allowing RPC endpoints.
https://github.com/webmin/webmin/actions/runs/25971500591/job/76344191751
45292ea815
2026-05-17 00:55:15 +02:00
Jamie Cameron
45292ea815
Respect the RPC-only setting for users
2026-05-16 12:59:58 -07:00
Jamie Cameron
af175ce12c
Drop ancient support for RBAC-controller Webmin ACLs
2026-05-16 09:49:36 -07:00
Jamie Cameron
1a86501e88
Delete code and languages related to email feedback feature that is no longer linked to, or useful
webmin.dev: webmin/webmin / build (push) Has been cancelled
2026-05-15 16:51:34 -07:00
Jamie Cameron
dd4e3e22ef
Allow global permissions to be set for new users
2026-05-15 16:43:29 -07:00
Ilia Ross
b53cce9084
Add logging option to execute command sub
...
webmin.dev: webmin/webmin / build (push) Has been cancelled
299b10a0e8 (r184647207)
2026-05-08 12:31:16 +02:00
Jamie Cameron
25afc8aa02
Make functions for setting and getting back headers more consistent
2026-04-23 21:28:14 -07:00
Jamie Cameron
cef294dc5a
Code readability cleanup
webmin.dev: webmin/webmin / build (push) Has been cancelled
2026-04-22 17:04:51 -07:00
Ilia Ross
da18a16c84
Fix to require 2FA for RPC basic auth
...
webmin.dev: webmin/webmin / build (push) Has been cancelled
+ improve remote auth errors
2026-04-15 22:36:40 +02:00
Ilia Ross
87d8969efb
Fix to gate forwarded proxy URL for consistency
...
webmin.dev: webmin/webmin / build (push) Has been cancelled
https://github.com/webmin/webmin/pull/2666#issuecomment-4241962133
2026-04-14 14:44:57 +02:00
Ilia Ross
97774b829d
Fix to trust forwarded URL headers if proxy headers are trusted
...
webmin.dev: webmin/webmin / build (push) Has been cancelled
https://github.com/webmin/webmin/pull/2666
2026-04-13 15:55:31 +02:00
Ilia Ross
33e03595cf
Merge pull request #2666 from swelljoe/proxy-friendly-get_webmin_browser_url
...
Make get_webmin_browser_url proxy-aware
2026-04-13 15:31:08 +02:00
Ilia Ross
49b8f1a2fa
Fix to improve proxied connection handling
...
X260412
2026-04-12 14:56:51 +02:00
Joe Cooper
3a1df9d797
Make get_webmin_browser_url proxy-aware
2026-04-11 15:41:40 -05:00
Ilia Ross
ac8cbf57f9
Fix to handle HTTPS update sources with outbound SSL fallback
2026-04-10 18:56:41 +02:00
Jamie Cameron
e44a25191f
Add support for headers with multiple values
webmin.dev: webmin/webmin / build (push) Has been cancelled
2026-04-02 07:31:51 -07:00
Ilia Ross
b8481cc1e5
Add check for non public IP API
2026-03-10 13:49:03 +02:00
Ilia Ross
c0900ffaf8
Add quote literal escape API
2026-03-10 13:38:13 +02:00
Ilia Ross
2a7806be31
Fix to use proper params in parse_http_url sub
...
webmin.dev: webmin/webmin / build (push) Has been cancelled
*Note: Additionally support ability not to normalize default ports
2026-02-25 12:34:24 +02:00
Jamie Cameron
92ac52893e
Revert back to using /tmp/.webmin
webmin.dev: webmin/webmin / build (push) Has been cancelled
2026-02-21 15:34:24 -08:00
Ilia Ross
209a2cbbc3
Fix to use /var/tmpas default temp dir instead of /var/cache (not rw by user)
webmin.dev: webmin/webmin / build (push) Has been cancelled
2026-02-20 16:09:30 +02:00
Ilia Ross
29c2c6f59d
Fix to prefer /var/cache or /var/tmp over /tmp for default temp directory
2026-02-20 15:35:47 +02:00
Ilia Ross
c89dc4996f
Fix to de-hardcode default temp directory path
webmin.dev: webmin/webmin / build (push) Has been cancelled
2026-02-20 15:16:01 +02:00
Jamie Cameron
38352f5c01
Deprecate the unused template params support in hlink.cgi
webmin.dev: webmin/webmin / build (push) Has been cancelled
2026-02-11 16:16:33 -08:00
Ilia Ross
e6184a0036
Fix to only check for uniqueness
2026-01-26 22:55:18 +02:00
Ilia Ross
bfb496ca29
Fix temporary file upload directory
...
e8e804ddca (r175609008)
2026-01-26 21:59:39 +02:00
Jamie Cameron
534c529705
Revert "Fix to use universal upload tracking directory"
...
webmin.dev: webmin/webmin / build (push) Has been cancelled
This reverts commit e8e804ddca
2026-01-25 21:17:14 -08:00
Ilia Ross
4d05e8a2d0
Merge branch 'master' of github.com:webmin/webmin
2026-01-24 00:38:18 +02:00
Ilia Ross
e8e804ddca
Fix to use universal upload tracking directory
...
https://forum.virtualmin.com/t/upload-progress-bar-not-showing/136374?u=ilia
2026-01-24 00:37:52 +02:00
Ilia Ross
202a1b0b78
Add API to pick a writable system-wide temp directory
2026-01-24 00:34:06 +02:00
Jamie Cameron
2d7900d550
Fix comment
2026-01-23 13:42:41 -08:00
Ilia Ross
4dacdc31f6
Fix to prevents NAT from dropping idle connections
...
https://forum.virtualmin.com/t/problem-with-backup-of-large-virtual-servers-to-a-remote-webmin-server/136186/46
2026-01-09 18:14:45 +02:00
Ilia Ross
5f1bbc4ac2
Fix to mention if user is missing in error message
2026-01-09 01:06:47 +02:00
Ilia Ross
45521e9c30
Fix inessential semicolon
2026-01-07 23:13:08 +02:00
Jamie Cameron
db96a9fd09
Don't read output one byte at a time, especially when not needed
2026-01-06 21:58:25 -08:00
Jamie Cameron
198cc1c4d8
Clearing a hash while iterating over it seems unreliable
2026-01-05 21:35:47 -08:00
Ilia Ross
ab46ec806f
Fix action log clearing not to purge the previous logs on each save if the time option is not set
2026-01-05 19:29:54 +02:00
