cclauss
|
b82cf8d08d
|
Update FilePackPlugin.py
|
2017-07-16 22:39:42 +02:00 |
|
cclauss
|
c44cb11800
|
Update CryptMessagePlugin.py
|
2017-07-16 22:38:47 +02:00 |
|
cclauss
|
b9e0275417
|
Update __init__.py
|
2017-07-16 22:35:14 +02:00 |
|
shortcutme
|
a6ce2a0253
|
Rev2156
|
2017-07-15 01:32:39 +02:00 |
|
shortcutme
|
a0d85d7d83
|
Prompt new site addition in raw mode
|
2017-07-15 01:32:15 +02:00 |
|
shortcutme
|
6a4882d81d
|
Test SafeRe repetition limit
|
2017-07-15 01:31:08 +02:00 |
|
shortcutme
|
ac1a03d17b
|
Don't allow more than 10 repetitions in one pattern
|
2017-07-15 01:30:53 +02:00 |
|
shortcutme
|
0e930efd95
|
Cache SafeRe patterns
|
2017-07-15 01:30:35 +02:00 |
|
shortcutme
|
d281f112d9
|
Rev2154, Fix same origin checking in proxy mode
|
2017-07-14 11:08:22 +02:00 |
|
shortcutme
|
5a42cb92cd
|
Rev2153
|
2017-07-14 10:37:19 +02:00 |
|
shortcutme
|
3459d35ed2
|
Test unsafe regex pattern recognization
|
2017-07-14 10:37:09 +02:00 |
|
shortcutme
|
699a8be721
|
Test unsafe patterns in dbschema
|
2017-07-14 10:36:41 +02:00 |
|
shortcutme
|
1f4a5643db
|
Test unsafe regex patterns on sign and verify
|
2017-07-14 10:36:18 +02:00 |
|
shortcutme
|
492408def7
|
Use class variable to store test site privatekey
|
2017-07-14 10:35:44 +02:00 |
|
shortcutme
|
74763465a8
|
Use SafeRe to match file patterns in dbschema.json
|
2017-07-14 10:34:57 +02:00 |
|
shortcutme
|
c069d4f67c
|
Use SafeRe to match user defined patterns in content.json
|
2017-07-14 10:34:18 +02:00 |
|
shortcutme
|
bf41c7b651
|
Detect potentionally unsafe regex patterns
|
2017-07-14 10:31:42 +02:00 |
|
shortcutme
|
3f5a5b4f9b
|
Rev2151
|
2017-07-13 19:33:16 +02:00 |
|
shortcutme
|
b60a1ec455
|
Test invalid filenames
|
2017-07-13 19:33:07 +02:00 |
|
shortcutme
|
13157eea1e
|
Move included content verification to separate function, fix root content.json file path verification
|
2017-07-13 19:32:54 +02:00 |
|
shortcutme
|
dd11f87673
|
Rev2148, Fix signing typo
|
2017-07-13 15:03:04 +02:00 |
|
shortcutme
|
87910a236b
|
Rev2147
|
2017-07-13 15:00:23 +02:00 |
|
shortcutme
|
096675c87e
|
Add unit to verification error
|
2017-07-13 15:00:04 +02:00 |
|
shortcutme
|
7d3beeb9e0
|
Enforce valid relative paths on verification
|
2017-07-13 14:59:17 +02:00 |
|
shortcutme
|
96a097e33d
|
Separate isValidRelativePath function
|
2017-07-13 14:58:52 +02:00 |
|
shortcutme
|
1bb3140f5b
|
Move file hashing to separate funcion to allow easier extension
|
2017-07-13 14:58:16 +02:00 |
|
shortcutme
|
6bf3d34c6c
|
Rev2145
|
2017-07-12 12:28:28 +02:00 |
|
shortcutme
|
3cd7e4e48e
|
Better way to strip pyc/pyd from config file path
|
2017-07-12 12:28:21 +02:00 |
|
shortcutme
|
2777c4c537
|
Read max 6MB from archive to protect against tar/zipbombs
|
2017-07-12 12:28:03 +02:00 |
|
shortcutme
|
e525ea2431
|
Rev2144, Fix CSP header in FilePack plugin, Allow media-src and font-src from self source
|
2017-07-11 23:00:33 +02:00 |
|
shortcutme
|
c8f37674c6
|
Rev2142, Fix random wrong data dir path
|
2017-07-11 21:03:24 +02:00 |
|
shortcutme
|
12ca870e38
|
Rev2141
|
2017-07-10 02:42:50 +02:00 |
|
shortcutme
|
f630e6c25e
|
Test raw access security
|
2017-07-10 02:42:41 +02:00 |
|
shortcutme
|
7c6bea6ddd
|
Fix raw site access without / at the site address end
|
2017-07-10 02:42:28 +02:00 |
|
shortcutme
|
efbef25c76
|
UserSetSettings, UserGetSettings Websocket API commands
|
2017-07-10 02:41:01 +02:00 |
|
shortcutme
|
1384da4691
|
Rev2137
|
2017-07-09 14:54:20 +02:00 |
|
shortcutme
|
26a250d1df
|
Media isMediaRequestAllowed no longer required for origin checking
|
2017-07-09 14:12:53 +02:00 |
|
shortcutme
|
426fe561c9
|
Cleanup not used wrapper opener check
|
2017-07-09 14:12:13 +02:00 |
|
shortcutme
|
5950b04c40
|
Add allow-origin header for media requests from same origin to fix css font support
|
2017-07-09 14:11:44 +02:00 |
|
shortcutme
|
434cfce32a
|
More simple same origin test for media files cross-site access
|
2017-07-09 14:11:06 +02:00 |
|
shortcutme
|
febdea6c64
|
Serve files without wrapper if requested using /raw/ prefix
|
2017-07-09 14:10:01 +02:00 |
|
shortcutme
|
6c0062dbc1
|
Rev2132
|
2017-07-06 00:09:47 +02:00 |
|
shortcutme
|
49735b7e55
|
Fix not internal error on request files from not seeded sites
|
2017-07-06 00:09:35 +02:00 |
|
shortcutme
|
1d6168f457
|
Download, svg, xml, flash, pdf files instead of displaying to avoid js execution
|
2017-07-06 00:09:05 +02:00 |
|
shortcutme
|
2a161f4421
|
Never allow cross-origin file request
|
2017-07-06 00:08:32 +02:00 |
|
shortcutme
|
f30b2b6fc2
|
Rev2130, Use SslPatch to load openssl library, Fix Android 6 openssl loading
|
2017-07-04 01:12:58 +02:00 |
|
shortcutme
|
ebbe19131b
|
Rev2128, Update to OpenSSL v1.0.2l
|
2017-06-30 10:13:25 +02:00 |
|
shortcutme
|
03cabcb07c
|
Rev2127, Fix delete files without file_info
|
2017-06-27 18:08:28 +02:00 |
|
shortcutme
|
401d3ec1c9
|
Rev2125, Fix missing if line
|
2017-06-21 00:03:26 +02:00 |
|
shortcutme
|
fd1f104f4e
|
Rev2124
|
2017-06-20 20:32:59 +02:00 |
|