Ilia Ross
d4850c3aa3
Fix as the small limit is much smaller
...
webmin.dev: webmin/webmin / build (push) Has been cancelled
(does it even make sense to have?)
https://forum.virtualmin.com/t/backup-and-restore-failures-no-space-left-on-device/136639/32?u=ilia
2026-02-25 01:40:02 +02:00
Ilia Ross
7cbe00ade2
Fix the message as it's already in the alert box
webmin.dev: webmin/webmin / build (push) Has been cancelled
2026-02-24 11:57:56 +02:00
Ilia Ross
540181ae22
Fix minimum size check for Webmin temp directory
2026-02-24 11:56:10 +02:00
Jamie Cameron
38cae2fae2
Add a warning if the temp files directory is less than 10 MB
webmin.dev: webmin/webmin / build (push) Has been cancelled
2026-02-23 21:13:03 -08:00
Jamie Cameron
9a14c437b8
Merge branch 'master' of github.com:webmin/webmin
2026-02-23 20:58:59 -08:00
Jamie Cameron
bd3fd5d49b
Fix perl formatting
2026-02-23 20:58:55 -08:00
Ilia Ross
fb9f7ead7c
Fix read_file_lines_as_user to use proper file name and params
...
https://forum.virtualmin.com/t/error-installing-wordpress-from-web-apps-after-update/136447/19?u=ilia
2026-02-24 01:24:21 +02:00
Jamie Cameron
92ac52893e
Revert back to using /tmp/.webmin
webmin.dev: webmin/webmin / build (push) Has been cancelled
2026-02-21 15:34:24 -08:00
Ilia Ross
2397653d55
Fix IPv6 hostname matching for alwaysresolve access rules
...
webmin.dev: webmin/webmin / build (push) Has been cancelled
* Note: Fix Miniserv IPv6 hostname resolution and matching used by access control when `alwaysresolve` is enabled:
1. Correct `to_ip6address()` success handling (before getaddrinfo result was interpreted backwards)
2. In `ip_match()`, resolve hostnames with `to_ip6address()` for IPv6 clients instead of IPv4-only `to_ipaddress()`
3. Canonicalize IPv6 addresses before reverse and forward verification to avoid format-based mismatches.
4. Mirror the IPv6 logic change in "webmin/webmin-lib.pl"
https://forum.virtualmin.com/t/webmin-access-control-for-domain-names-with-ipv6/136661?u=ilia
2026-02-21 13:30:08 +02:00
Ilia Ross
209a2cbbc3
Fix to use /var/tmpas default temp dir instead of /var/cache (not rw by user)
webmin.dev: webmin/webmin / build (push) Has been cancelled
2026-02-20 16:09:30 +02:00
Ilia Ross
29c2c6f59d
Fix to prefer /var/cache or /var/tmp over /tmp for default temp directory
2026-02-20 15:35:47 +02:00
Ilia Ross
c89dc4996f
Fix to de-hardcode default temp directory path
webmin.dev: webmin/webmin / build (push) Has been cancelled
2026-02-20 15:16:01 +02:00
Ilia Ross
bfc1f10b38
Fix to avoid leaking to neighboring property when size is unset
webmin.dev: webmin/webmin / build (push) Has been cancelled
2026-02-19 23:22:48 +02:00
Ilia Ross
56a1c323c8
Fix def min width
2026-02-19 23:16:41 +02:00
Jamie Cameron
f7384bbf05
Properly propogate error messages
webmin.dev: webmin/webmin / build (push) Has been cancelled
2026-02-19 11:33:20 -08:00
Ilia Ross
9cd60f4741
Fix to disable directory listing by default
webmin.dev: webmin/webmin / build (push) Has been cancelled
2026-02-18 16:24:58 +02:00
Ilia Ross
f778af84a0
Fix create_launchd_agent to support optional load parameter
...
webmin.dev: webmin/webmin / build (push) Has been cancelled
https://github.com/webmin/authentic-theme/issues/1729#issuecomment-3899950457
2026-02-16 20:15:52 +02:00
Ilia Ross
2eb2be2318
Add support for updating launchd agents with start init wrapper
...
webmin.dev: webmin/webmin / build (push) Has been cancelled
https://github.com/webmin/authentic-theme/issues/1729
2026-02-13 17:44:07 +02:00
Jamie Cameron
38352f5c01
Deprecate the unused template params support in hlink.cgi
webmin.dev: webmin/webmin / build (push) Has been cancelled
2026-02-11 16:16:33 -08:00
Ilia Ross
07a11f7de6
Fix to use quotemeta to prevent shell injection in Useradmin module
webmin.dev: webmin/webmin / build (push) Has been cancelled
2026-02-11 13:03:27 +02:00
Ilia Ross
8b76f2ffc8
Fix OS list field separations to do correctly
2026-02-11 11:49:02 +02:00
Jamie Cameron
6d014e31cb
Merge pull request #2628 from pbobbenb/macOS-detection
...
webmin.dev: webmin/webmin / build (push) Has been cancelled
Added missing macOS versions.
2026-02-10 18:12:11 -08:00
Pär Boberg
3b05ce756d
Added missing macOS versions.
2026-02-11 00:06:07 +01:00
Ilia Ross
7f322a5df6
Fix to use quotemeta to prevent shell injection in Logviewer module
webmin.dev: webmin/webmin / build (push) Has been cancelled
2026-02-11 01:05:36 +02:00
Ilia Ross
c47047953b
Fix to use quotemeta to prevent shell injection in Software module
2026-02-11 00:53:29 +02:00
Ilia Ross
f30560d61b
Fix to use quotemeta to prevent shell injection in Cron module
2026-02-10 22:09:07 +02:00
Ilia Ross
e13123bed1
Fix to use quotemeta to prevent shell injection in Proc module
2026-02-10 21:40:15 +02:00
Ilia Ross
821548354d
Fix file opening syntax
2026-02-10 20:34:51 +02:00
Jamie Cameron
3a1ea4682d
Fix merge conflict
2026-02-10 10:24:58 -08:00
Jamie Cameron
3713ee01b8
The server_root function doesn't need the global config as a parameter
2026-02-10 10:21:22 -08:00
Ilia Ross
de87e037d4
Fix to use quotemeta to prevent shell injection in FSdump module
2026-02-10 19:58:24 +02:00
Ilia Ross
e805f95b48
Fix regression
webmin.dev: webmin/webmin / build (push) Has been cancelled
2026-02-10 18:59:02 +02:00
Ilia Ross
b782a124b5
Fix to use quotemeta to prevent shell injection in Quota module
2026-02-10 18:56:37 +02:00
Ilia Ross
c85d04cc74
Fix to use proper validation before writing files
2026-02-10 16:23:58 +02:00
Ilia Ross
a6bd5c6ebc
Fix to use quotemeta to prevent shell injection in Apache module
2026-02-10 15:57:07 +02:00
Ilia Ross
9fd37b7404
Fix to use quotemeta to prevent shell injection in BIND module
2026-02-10 15:40:29 +02:00
Ilia Ross
ac9456b368
Fix to use quotemeta to prevent shell injection in fetchmail module
...
Ref.: 50a2460d-441a-4bc6 (VULN-003)
2026-02-10 14:45:20 +02:00
Ilia Ross
399d7a8651
Fix to use quotemeta to prevent shell injection in fdisk module
...
Ref.: 796677885d (VULN-001)
2026-02-10 14:05:16 +02:00
Ilia Ross
c87712ef4e
Fix to use quotemeta to prevent shell injection in usermin module
...
Ref.: a8417099-d3bc-468a (VULN-004)
2026-02-10 13:21:56 +02:00
Ilia Ross
c47b63bfcf
Fix to use quotemeta to prevent shell injection in mount module
...
Ref.: 97bf3c03-fbe3-4ee0
2026-02-10 12:57:59 +02:00
Jamie Cameron
3a86d961ce
Merge branch 'master' of github.com:webmin/webmin
webmin.dev: webmin/webmin / build (push) Has been cancelled
2026-02-09 10:57:04 -08:00
Jamie Cameron
402b21abac
Fix permissions
2026-02-09 10:56:52 -08:00
Jamie Cameron
0816c0a71e
Revert "Add extra protection against packets somehow arriving before handshake is called"
...
This reverts commit d9c651d06d
2026-02-09 10:56:23 -08:00
Ilia Ross
a38114e623
Fix to use flags unconditionally as supported by all modern distros
webmin.dev: webmin/webmin / build (push) Has been cancelled
2026-02-08 16:20:29 +02:00
Ilia Ross
a655f875cf
Fix log filtering logic to work with new regex flag correctly
2026-02-08 16:16:57 +02:00
Ilia Ross
79b5b307ed
Add regex filter option to log viewer
2026-02-08 15:41:01 +02:00
Ilia Ross
5a3b0cfd2d
Add context lines option for log viewer filter
...
https://github.com/virtualmin/virtualmin-gpl/issues/1174
2026-02-08 14:31:16 +02:00
Ilia Ross
fa32009fbb
Merge pull request #2625 from karmantyu/master
...
Improved disk detection, smart status, partition mounting, added labe…
2026-02-08 11:11:26 +02:00
karmantyu
a9f4fdc8ca
Corrected escape, removed broad, unanchored regex checks .
2026-02-08 08:34:32 +01:00
karmantyu
b593501cff
Some fixes.
...
All $err type error messages in HTML are safely escaped now.
URL-encoding in links:
I have implemented urlize() in all places where user input ($in{'device'}, $in{'slice'}, $in{'part'}) was included in the URL (footer/redirect/other link), e.g. edit_slice.cgi?device=...&slice=....
Affected files include: create_part.cgi, create_slice.cgi, delete_part.cgi, delete_slice.cgi, change_slice_label.cgi, part_form.cgi, slice_form.cgi, edit_slice.cgi, edit_part.cgi, fsck.cgi, newfs.cgi, newfs_form.cgi, save_part.cgi, save_slice.cgi, save_slice_label.cgi, zfs_create.cgi, zvol_create.cgi.
2026-02-07 19:43:08 +01:00
