michael/webmin
1
0
Fork 0
mirror of https://github.com/webmin/webmin.git synced 2026-06-05 04:40:24 +01:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
25,048 Commits 6 Branches 91 Tags
3f367adf8d3e326e1935eee2ee27a1dbb0099b95
Commit Graph

25048 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ilia Ross
3f367adf8d Add code review SMTP secret [no-build]
Some checks failed
webmin.dev: webmin/webmin / build (push) Has been cancelled
Details
2026-05-17 20:45:20 +02:00
Ilia Ross
2d01675139 Fix reflected XSS in Webmin status messages 
* Note: Escape the /webmin/ message parameter, strip restart redirect HTML to plain text, and harden filter_javascript().
 2026-05-17 14:32:10 +02:00
Ilia Ross
e60d005ab0 Fix to enforce RPC-only users before module ACL check
Some checks failed
webmin.dev: webmin/webmin / build (push) Has been cancelled
Details 
* Note: Block `rpc=3` users from normal Webmin UI before `init_config` marks module ACLs checked, while explicitly allowing RPC endpoints.

https://github.com/webmin/webmin/actions/runs/25971500591/job/76344191751

45292ea815
 2026-05-17 00:55:15 +02:00
Ilia Ross
7d129ee5e1 Code Review Test: Fix back 2026-05-17 00:41:26 +02:00
Ilia Ross
14abf9f938 Code Review Test: Fix language strings (try more) 2026-05-17 00:39:42 +02:00
Ilia Ross
f508c58929 Code Review Test: Fix back 2026-05-17 00:38:19 +02:00
Ilia Ross
3cff366b1f Code Review Test: Fix language strings (try again) 
This reverts commit e4b7e97848.
 2026-05-17 00:34:57 +02:00
Ilia Ross
e4b7e97848 Revert "Code Review Test: Fix language strings" 
This reverts commit 257fc2d87c.
 2026-05-17 00:34:50 +02:00
Ilia Ross
257fc2d87c Code Review Test: Fix language strings 2026-05-17 00:28:52 +02:00
Jamie Cameron
45292ea815 Respect the RPC-only setting for users 2026-05-16 12:59:58 -07:00
Jamie Cameron
1d4556b905 Add new option for RPC-only mode, and a help page 2026-05-16 12:40:12 -07:00
Jamie Cameron
4cceba5f8f Delete RBAC perl module we no longer use 2026-05-16 12:30:03 -07:00
Jamie Cameron
d41377983e Move the option that controls if a user can accept RPC calls out of the global ACL and into a more findable location in the Edit User page 2026-05-16 12:16:29 -07:00
Jamie Cameron
f65fe5b44c Merge branch 'master' of github.com:webmin/webmin 2026-05-16 12:03:12 -07:00
Jamie Cameron
ccbe7369dd Delete all RBAC-related code from the Webmin Users module, since this is a niche unsupported feature 2026-05-16 12:02:58 -07:00
Ilia Ross
d0f6a7672f Fix placeholder
Some checks failed
webmin.dev: webmin/webmin / build (push) Has been cancelled
Details
2026-05-16 20:09:59 +02:00
Jamie Cameron
042891c941 Merge branch 'master' of github.com:webmin/webmin 2026-05-16 09:52:09 -07:00
Jamie Cameron
af175ce12c Drop ancient support for RBAC-controller Webmin ACLs 2026-05-16 09:49:36 -07:00
Ilia Ross
065ce627a0 Add quick service and port forward controls 
* Note: Add lightweight quick controls for allowed ports, services, and port forwards, with service autocomplete, ACLs, and structured NAT redirect/DNAT editing.
 2026-05-16 15:55:28 +02:00
Ilia Ross
869173d7c6 Fix partial print 2026-05-16 15:55:27 +02:00
Jamie Cameron
1a86501e88 Delete code and languages related to email feedback feature that is no longer linked to, or useful
Some checks failed
webmin.dev: webmin/webmin / build (push) Has been cancelled
Details
2026-05-15 16:51:34 -07:00
Jamie Cameron
60a9bc010c Code cleanup 2026-05-15 16:46:30 -07:00
Jamie Cameron
86b9014b21 Merge branch 'master' of github.com:webmin/webmin 2026-05-15 16:43:37 -07:00
Jamie Cameron
dd4e3e22ef Allow global permissions to be set for new users 2026-05-15 16:43:29 -07:00
Ilia Ross
361d3b5175 Add ability to discover profile service ports dynamically 
* Note: Resolve nftables profile service ports from supported Webmin module configs and /etc/services, with safe fallbacks and SSH custom-port regression coverage.

https://github.com/webmin/webmin/issues/2706
 2026-05-15 21:26:15 +02:00
Ilia Ross
aa87f85d4a Fix man module opts URL escaping
Some checks failed
webmin.dev: webmin/webmin / build (push) Has been cancelled
Details
2026-05-15 12:58:12 +02:00
Jamie Cameron
8159fad28f Escape URL parameter for safety
Some checks failed
webmin.dev: webmin/webmin / build (push) Has been cancelled
Details
2026-05-14 21:14:45 -07:00
Jamie Cameron
4fa30e782e Merge branch 'master' of github.com:webmin/webmin 2026-05-14 19:58:02 -07:00
Jamie Cameron
b251b7182c Quota all parameters 2026-05-14 19:57:42 -07:00
Ilia Ross
aeaa9333b8 Code Review Test: Fix language string final
Some checks failed
webmin.dev: webmin/webmin / build (push) Has been cancelled
Details
2026-05-14 22:00:21 +02:00
Ilia Ross
585293fbd3 Code Review Test: Fix language strings once more 2026-05-14 21:59:08 +02:00
Ilia Ross
ae2c6a4301 Code Review Test: Fix language strings more 2026-05-14 21:53:51 +02:00
Ilia Ross
4e734a9bd0 Code Review Test: Fix language strings 2026-05-14 21:44:30 +02:00
Ilia Ross
222d92e392 Rename CI code review secret [no-build] 2026-05-14 21:38:43 +02:00
Ilia Ross
de8e5e36d8 Add Anthropic API key to CI secrets [no-build] 2026-05-14 20:58:42 +02:00
Jamie Cameron
e36729f20b Merge branch 'master' of github.com:webmin/webmin
Some checks failed
webmin.dev: webmin/webmin / build (push) Has been cancelled
Details
2026-05-13 20:56:25 -07:00
Jamie Cameron
96dd0ef65d Harden check for valid SSL SNI hostname 2026-05-13 20:56:18 -07:00
Ilia Ross
d367189711 Fix to reset remaining per-request keep-alive state too
Some checks failed
webmin.dev: webmin/webmin / build (push) Has been cancelled
Details 
https://github.com/webmin/webmin/pull/2699#issuecomment-4435490798
 2026-05-14 00:38:34 +02:00
Ilia Ross
0db0cf77f9 Fix to disregard silly new line option 2026-05-13 23:12:42 +02:00
Jamie Cameron
7dd3902da8 Merge pull request #2699 from swelljoe/keep-alive-auth-state
Some checks failed
webmin.dev: webmin/webmin / build (push) Has been cancelled
Details 
Reset auth state in keep-alive proxied requests
 2026-05-12 19:55:13 -07:00
Ilia Ross
413087ae84 Fix MariaDB create user auth plugin syntax
Some checks failed
webmin.dev: webmin/webmin / build (push) Has been cancelled
Details 
* Note: Use MariaDB-compatible IDENTIFIED VIA ... USING PASSWORD(...) syntax when creating users with an explicit authentication plugin, while preserving default password creation and MySQL behavior.

https://forum.virtualmin.com/t/mariadb-syntax-change-on-rocky-10/137187
 2026-05-13 02:20:42 +02:00
Ilia Ross
911aa64a36 Fix systemd multiline ExecStart handling 
* Note: Generate separate ExecStart= entries for newline-separated systemd start commands and set Type=oneshot when required.

https://github.com/webmin/webmin/issues/2697
 2026-05-13 01:06:57 +02:00
Ilia Ross
c6647ce76c Fix to scope SSL cert auth user to one request 
* Note: Declare the SSL certificate lookup user as lexical inside `handle_request`, so a previously matched client certificate user cannot survive into later keep-alive requests handled by the same miniserv child.

Enlightened by: https://github.com/webmin/webmin/pull/2699
 2026-05-13 00:46:39 +02:00
Joe Cooper
0b478a1940 Merge pull request #2702 from swelljoe/master 
Ignore ugly require in acl_security.pl
 2026-05-12 18:18:15 -04:00
Joe Cooper
2b8091537c Ignore ugly require in acl_security.pl 2026-05-12 16:31:24 -05:00
Ilia Ross
0863d6ba7a Revert #2700 reverted but only fix exact bug
Some checks failed
webmin.dev: webmin/webmin / build (push) Has been cancelled
Details 
This reverts commit 0d3e3d9473, reversing
changes made to 236c5cf489.
 2026-05-12 18:01:16 +02:00
Ilia Ross
d46c8f20d5 Fix escapes 2026-05-12 17:51:37 +02:00
Ilia Ross
0d3e3d9473 Merge pull request #2700 from webmin/revert-2698-nftables-perlcritic 
Revert "perlcritic fixes"
 2026-05-12 13:01:46 +02:00
Ilia Ross
084f7b7314 Revert "perlcritic fixes" 2026-05-12 13:00:03 +02:00
Joe Cooper
29952dce1e Also reset already_authuser 2026-05-11 21:57:34 -05:00