michael/webmin
1
0
Fork 0
mirror of https://github.com/webmin/webmin.git synced 2026-05-16 03:40:26 +01:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
25,023 Commits 46 Branches 91 Tags
aa87f85d4a12d4bcf712cb90bd84bf538a52892d
Commit Graph

25023 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ilia Ross
aa87f85d4a Fix man module opts URL escaping
Some checks failed
webmin.dev: webmin/webmin / build (push) Has been cancelled
Details
2026-05-15 12:58:12 +02:00
Jamie Cameron
8159fad28f Escape URL parameter for safety
Some checks failed
webmin.dev: webmin/webmin / build (push) Has been cancelled
Details
2026-05-14 21:14:45 -07:00
Jamie Cameron
4fa30e782e Merge branch 'master' of github.com:webmin/webmin 2026-05-14 19:58:02 -07:00
Jamie Cameron
b251b7182c Quota all parameters 2026-05-14 19:57:42 -07:00
Ilia Ross
aeaa9333b8 Code Review Test: Fix language string final
Some checks failed
webmin.dev: webmin/webmin / build (push) Has been cancelled
Details
2026-05-14 22:00:21 +02:00
Ilia Ross
585293fbd3 Code Review Test: Fix language strings once more 2026-05-14 21:59:08 +02:00
Ilia Ross
ae2c6a4301 Code Review Test: Fix language strings more 2026-05-14 21:53:51 +02:00
Ilia Ross
4e734a9bd0 Code Review Test: Fix language strings 2026-05-14 21:44:30 +02:00
Ilia Ross
222d92e392 Rename CI code review secret [no-build] 2026-05-14 21:38:43 +02:00
Ilia Ross
de8e5e36d8 Add Anthropic API key to CI secrets [no-build] 2026-05-14 20:58:42 +02:00
Jamie Cameron
e36729f20b Merge branch 'master' of github.com:webmin/webmin
Some checks failed
webmin.dev: webmin/webmin / build (push) Has been cancelled
Details
2026-05-13 20:56:25 -07:00
Jamie Cameron
96dd0ef65d Harden check for valid SSL SNI hostname 2026-05-13 20:56:18 -07:00
Ilia Ross
d367189711 Fix to reset remaining per-request keep-alive state too
Some checks failed
webmin.dev: webmin/webmin / build (push) Has been cancelled
Details 
https://github.com/webmin/webmin/pull/2699#issuecomment-4435490798
 2026-05-14 00:38:34 +02:00
Ilia Ross
0db0cf77f9 Fix to disregard silly new line option 2026-05-13 23:12:42 +02:00
Jamie Cameron
7dd3902da8 Merge pull request #2699 from swelljoe/keep-alive-auth-state
Some checks failed
webmin.dev: webmin/webmin / build (push) Has been cancelled
Details 
Reset auth state in keep-alive proxied requests
 2026-05-12 19:55:13 -07:00
Ilia Ross
413087ae84 Fix MariaDB create user auth plugin syntax
Some checks failed
webmin.dev: webmin/webmin / build (push) Has been cancelled
Details 
* Note: Use MariaDB-compatible IDENTIFIED VIA ... USING PASSWORD(...) syntax when creating users with an explicit authentication plugin, while preserving default password creation and MySQL behavior.

https://forum.virtualmin.com/t/mariadb-syntax-change-on-rocky-10/137187
 2026-05-13 02:20:42 +02:00
Ilia Ross
911aa64a36 Fix systemd multiline ExecStart handling 
* Note: Generate separate ExecStart= entries for newline-separated systemd start commands and set Type=oneshot when required.

https://github.com/webmin/webmin/issues/2697
 2026-05-13 01:06:57 +02:00
Ilia Ross
c6647ce76c Fix to scope SSL cert auth user to one request 
* Note: Declare the SSL certificate lookup user as lexical inside `handle_request`, so a previously matched client certificate user cannot survive into later keep-alive requests handled by the same miniserv child.

Enlightened by: https://github.com/webmin/webmin/pull/2699
 2026-05-13 00:46:39 +02:00
Joe Cooper
0b478a1940 Merge pull request #2702 from swelljoe/master 
Ignore ugly require in acl_security.pl
 2026-05-12 18:18:15 -04:00
Joe Cooper
2b8091537c Ignore ugly require in acl_security.pl 2026-05-12 16:31:24 -05:00
Ilia Ross
0863d6ba7a Revert #2700 reverted but only fix exact bug
Some checks failed
webmin.dev: webmin/webmin / build (push) Has been cancelled
Details 
This reverts commit 0d3e3d9473, reversing
changes made to 236c5cf489.
 2026-05-12 18:01:16 +02:00
Ilia Ross
d46c8f20d5 Fix escapes 2026-05-12 17:51:37 +02:00
Ilia Ross
0d3e3d9473 Merge pull request #2700 from webmin/revert-2698-nftables-perlcritic 
Revert "perlcritic fixes"
 2026-05-12 13:01:46 +02:00
Ilia Ross
084f7b7314 Revert "perlcritic fixes" 2026-05-12 13:00:03 +02:00
Joe Cooper
29952dce1e Also reset already_authuser 2026-05-11 21:57:34 -05:00
Joe Cooper
d202eca8f8 Probably resolve proxied keep-alive requests retain auth state 2026-05-11 21:46:10 -05:00
Jamie Cameron
236c5cf489 Merge pull request #2695 from swelljoe/minserv-as-module
Some checks failed
webmin.dev: webmin/webmin / build (push) Has been cancelled
Details 
Wrap miniserv.pl server loop in unless (caller) so we can require miniserv for unit testing
 2026-05-11 19:38:06 -07:00
Jamie Cameron
99371ad462 Merge pull request #2698 from swelljoe/nftables-perlcritic 
perlcritic fixes
 2026-05-11 19:22:25 -07:00
Joe Cooper
a9aae79fcd perlcritic fixes 2026-05-11 20:37:30 -05:00
Ilia Ross
04ae776e6a Fix to validate action paths
Some checks failed
webmin.dev: webmin/webmin / build (push) Has been cancelled
Details 
* Note: Validate File Manager action name/file parameters as checked paths under the current directory and `allowed_paths` before operations, blocking traversal and symlink escapes.
 2026-05-12 01:25:57 +02:00
Ilia Ross
7cab23a3ea Fix to validate upload paths before writing 
* Note: Canonicalize and check uploaded file and directory-upload paths against `allowed_paths` before creating directories or writing files, preventing traversal outside the File Manager ACL sandbox.
 2026-05-12 00:05:02 +02:00
Ilia Ross
04c33e77a4 Add optional pre and post scripts for scheduled package updates 
https://forum.virtualmin.com/t/add-option-to-run-a-custom-command-following-all-scheduled-package-updates/136397
 2026-05-11 22:06:20 +02:00
Ilia Ross
9dccd2cdce Add comments 
[no-build]
 2026-05-11 21:16:26 +02:00
Ilia Ross
1645cadc91 Fix stored passphrase file lookup 
* Note: Make passphrase lookup use the same fallback path for full fingerprints, key IDs, and legacy generic passphrase files.

https://forum.virtualmin.com/t/usermin-gpg-encryption/136781/8?u=ilia
 2026-05-11 21:14:12 +02:00
Jamie Cameron
2c8ff4ba15 Merge pull request #2692 from swelljoe/session-dbm
Some checks failed
webmin.dev: webmin/webmin / build (push) Has been cancelled
Details 
Prefer SHA over MD5 or crypt for session hash, other minor session tweaks
 2026-05-10 22:03:47 -07:00
Joe Cooper
da0ff56ee0 Cleanup ASCII decorations 2026-05-10 23:04:08 -05:00
Joe Cooper
bf43c793d3 qualify the test name, since other files will get tests 2026-05-10 22:57:15 -05:00
Joe Cooper
46d571c6b5 Add http_error unit tests as useful example 2026-05-10 22:55:41 -05:00
Jamie Cameron
ce1ab74c6f Merge pull request #2694 from swelljoe/login-redirect-password 
Remove login_redirect
2.641 		2026-05-10 20:13:52 -07:00
Joe Cooper
4472f210b9 Wrap app in unless (caller) so we can require miniserv for unit testing 2026-05-10 22:11:21 -05:00
Joe Cooper
7aeb5e4dd7 Only create session key file when session=1 2026-05-10 20:57:09 -05:00
Joe Cooper
77d817357d Remove login_redirect 2026-05-10 20:52:09 -05:00
Jamie Cameron
350908ed56 changelog update 2026-05-10 17:56:11 -07:00
Jamie Cameron
94ac2ff7d7 New version bump 2026-05-10 17:46:56 -07:00
Jamie Cameron
a24e5371b7 Merge pull request #2691 from swelljoe/add-trusted-proxies 
Add trusted_proxies config
 2026-05-10 17:37:42 -07:00
Ilia Ross
0810083588 Fix skip hwclock when unavailable #2693
Some checks failed
webmin.dev: webmin/webmin / build (push) Has been cancelled
Details
2026-05-10 19:48:18 +02:00
Ilia Ross
2ec6cadbbd Fix not to print newly created module config dirs to stdout 2026-05-10 19:36:28 +02:00
Joe Cooper
4c3f7f5bd9 Omit needless words 2026-05-10 10:58:50 -05:00
Joe Cooper
1b5e48841a Don't fall back to weak session hash, use SHA instead 2026-05-10 03:36:07 -05:00
Joe Cooper
241abfe719 Add trusted_proxies config 2026-05-10 01:19:01 -05:00