Ilia Ross
2397653d55
Fix IPv6 hostname matching for alwaysresolve access rules
...
webmin.dev: webmin/webmin / build (push) Has been cancelled
* Note: Fix Miniserv IPv6 hostname resolution and matching used by access control when `alwaysresolve` is enabled:
1. Correct `to_ip6address()` success handling (before getaddrinfo result was interpreted backwards)
2. In `ip_match()`, resolve hostnames with `to_ip6address()` for IPv6 clients instead of IPv4-only `to_ipaddress()`
3. Canonicalize IPv6 addresses before reverse and forward verification to avoid format-based mismatches.
4. Mirror the IPv6 logic change in "webmin/webmin-lib.pl"
https://forum.virtualmin.com/t/webmin-access-control-for-domain-names-with-ipv6/136661?u=ilia
2026-02-21 13:30:08 +02:00
Ilia Ross
209a2cbbc3
Fix to use /var/tmpas default temp dir instead of /var/cache (not rw by user)
webmin.dev: webmin/webmin / build (push) Has been cancelled
2026-02-20 16:09:30 +02:00
Ilia Ross
29c2c6f59d
Fix to prefer /var/cache or /var/tmp over /tmp for default temp directory
2026-02-20 15:35:47 +02:00
Ilia Ross
c89dc4996f
Fix to de-hardcode default temp directory path
webmin.dev: webmin/webmin / build (push) Has been cancelled
2026-02-20 15:16:01 +02:00
Ilia Ross
bfc1f10b38
Fix to avoid leaking to neighboring property when size is unset
webmin.dev: webmin/webmin / build (push) Has been cancelled
2026-02-19 23:22:48 +02:00
Ilia Ross
56a1c323c8
Fix def min width
2026-02-19 23:16:41 +02:00
Jamie Cameron
f7384bbf05
Properly propogate error messages
webmin.dev: webmin/webmin / build (push) Has been cancelled
2026-02-19 11:33:20 -08:00
Ilia Ross
9cd60f4741
Fix to disable directory listing by default
webmin.dev: webmin/webmin / build (push) Has been cancelled
2026-02-18 16:24:58 +02:00
Ilia Ross
f778af84a0
Fix create_launchd_agent to support optional load parameter
...
webmin.dev: webmin/webmin / build (push) Has been cancelled
https://github.com/webmin/authentic-theme/issues/1729#issuecomment-3899950457
2026-02-16 20:15:52 +02:00
Ilia Ross
2eb2be2318
Add support for updating launchd agents with start init wrapper
...
webmin.dev: webmin/webmin / build (push) Has been cancelled
https://github.com/webmin/authentic-theme/issues/1729
2026-02-13 17:44:07 +02:00
Jamie Cameron
38352f5c01
Deprecate the unused template params support in hlink.cgi
webmin.dev: webmin/webmin / build (push) Has been cancelled
2026-02-11 16:16:33 -08:00
Ilia Ross
07a11f7de6
Fix to use quotemeta to prevent shell injection in Useradmin module
webmin.dev: webmin/webmin / build (push) Has been cancelled
2026-02-11 13:03:27 +02:00
Ilia Ross
8b76f2ffc8
Fix OS list field separations to do correctly
2026-02-11 11:49:02 +02:00
Jamie Cameron
6d014e31cb
Merge pull request #2628 from pbobbenb/macOS-detection
...
webmin.dev: webmin/webmin / build (push) Has been cancelled
Added missing macOS versions.
2026-02-10 18:12:11 -08:00
Pär Boberg
3b05ce756d
Added missing macOS versions.
2026-02-11 00:06:07 +01:00
Ilia Ross
7f322a5df6
Fix to use quotemeta to prevent shell injection in Logviewer module
webmin.dev: webmin/webmin / build (push) Has been cancelled
2026-02-11 01:05:36 +02:00
Ilia Ross
c47047953b
Fix to use quotemeta to prevent shell injection in Software module
2026-02-11 00:53:29 +02:00
Ilia Ross
f30560d61b
Fix to use quotemeta to prevent shell injection in Cron module
2026-02-10 22:09:07 +02:00
Ilia Ross
e13123bed1
Fix to use quotemeta to prevent shell injection in Proc module
2026-02-10 21:40:15 +02:00
Ilia Ross
821548354d
Fix file opening syntax
2026-02-10 20:34:51 +02:00
Jamie Cameron
3a1ea4682d
Fix merge conflict
2026-02-10 10:24:58 -08:00
Jamie Cameron
3713ee01b8
The server_root function doesn't need the global config as a parameter
2026-02-10 10:21:22 -08:00
Ilia Ross
de87e037d4
Fix to use quotemeta to prevent shell injection in FSdump module
2026-02-10 19:58:24 +02:00
Ilia Ross
e805f95b48
Fix regression
webmin.dev: webmin/webmin / build (push) Has been cancelled
2026-02-10 18:59:02 +02:00
Ilia Ross
b782a124b5
Fix to use quotemeta to prevent shell injection in Quota module
2026-02-10 18:56:37 +02:00
Ilia Ross
c85d04cc74
Fix to use proper validation before writing files
2026-02-10 16:23:58 +02:00
Ilia Ross
a6bd5c6ebc
Fix to use quotemeta to prevent shell injection in Apache module
2026-02-10 15:57:07 +02:00
Ilia Ross
9fd37b7404
Fix to use quotemeta to prevent shell injection in BIND module
2026-02-10 15:40:29 +02:00
Ilia Ross
ac9456b368
Fix to use quotemeta to prevent shell injection in fetchmail module
...
Ref.: 50a2460d-441a-4bc6 (VULN-003)
2026-02-10 14:45:20 +02:00
Ilia Ross
399d7a8651
Fix to use quotemeta to prevent shell injection in fdisk module
...
Ref.: 796677885d (VULN-001)
2026-02-10 14:05:16 +02:00
Ilia Ross
c87712ef4e
Fix to use quotemeta to prevent shell injection in usermin module
...
Ref.: a8417099-d3bc-468a (VULN-004)
2026-02-10 13:21:56 +02:00
Ilia Ross
c47b63bfcf
Fix to use quotemeta to prevent shell injection in mount module
...
Ref.: 97bf3c03-fbe3-4ee0
2026-02-10 12:57:59 +02:00
Jamie Cameron
3a86d961ce
Merge branch 'master' of github.com:webmin/webmin
webmin.dev: webmin/webmin / build (push) Has been cancelled
2026-02-09 10:57:04 -08:00
Jamie Cameron
402b21abac
Fix permissions
2026-02-09 10:56:52 -08:00
Jamie Cameron
0816c0a71e
Revert "Add extra protection against packets somehow arriving before handshake is called"
...
This reverts commit d9c651d06d
2026-02-09 10:56:23 -08:00
Ilia Ross
a38114e623
Fix to use flags unconditionally as supported by all modern distros
webmin.dev: webmin/webmin / build (push) Has been cancelled
2026-02-08 16:20:29 +02:00
Ilia Ross
a655f875cf
Fix log filtering logic to work with new regex flag correctly
2026-02-08 16:16:57 +02:00
Ilia Ross
79b5b307ed
Add regex filter option to log viewer
2026-02-08 15:41:01 +02:00
Ilia Ross
5a3b0cfd2d
Add context lines option for log viewer filter
...
https://github.com/virtualmin/virtualmin-gpl/issues/1174
2026-02-08 14:31:16 +02:00
Ilia Ross
fa32009fbb
Merge pull request #2625 from karmantyu/master
...
Improved disk detection, smart status, partition mounting, added labe…
2026-02-08 11:11:26 +02:00
karmantyu
a9f4fdc8ca
Corrected escape, removed broad, unanchored regex checks .
2026-02-08 08:34:32 +01:00
karmantyu
b593501cff
Some fixes.
...
All $err type error messages in HTML are safely escaped now.
URL-encoding in links:
I have implemented urlize() in all places where user input ($in{'device'}, $in{'slice'}, $in{'part'}) was included in the URL (footer/redirect/other link), e.g. edit_slice.cgi?device=...&slice=....
Affected files include: create_part.cgi, create_slice.cgi, delete_part.cgi, delete_slice.cgi, change_slice_label.cgi, part_form.cgi, slice_form.cgi, edit_slice.cgi, edit_part.cgi, fsck.cgi, newfs.cgi, newfs_form.cgi, save_part.cgi, save_slice.cgi, save_slice_label.cgi, zfs_create.cgi, zvol_create.cgi.
2026-02-07 19:43:08 +01:00
karmantyu
107a2e42f4
Merge branch 'webmin:master' into master
2026-02-07 19:04:42 +01:00
Jamie Cameron
3572049284
Handle error listing zones more cleanly
...
webmin.dev: webmin/webmin / build (push) Has been cancelled
https://forum.virtualmin.com/t/how-to-configure-secondary-dns/136557
2026-02-06 21:08:06 -08:00
karmantyu
d9be1b956f
bsdfdisk-lib.pl patched to enumerate nda* devices
...
Related to the NVMe issue: I patched bsdfdisk-lib.pl to enumerate nda* devices (in addition to nvd*), since the reporter uses the nda driver.
2026-02-06 18:38:10 +01:00
karmantyu
b2f54c36ca
Some tidy up and numeric validation + quote_path.
2026-02-04 08:42:44 +01:00
karmantyu
cbc96170c4
Delete save_slice.cgi
2026-02-04 08:42:16 +01:00
karmantyu
9d01f3cd9e
Delete bsdfdisk-lib.pl
2026-02-04 08:41:34 +01:00
karmantyu
ca7c57b181
Some tidy up and numeric validation + quote_path.
2026-02-04 08:39:11 +01:00
karmantyu
859580a224
Tidy up.
2026-02-02 07:50:07 +01:00
