Skynet/misc_pterodactyl-panel
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
misc_pterodactyl-panel/app
History
Dane Everitt e8dcd30e0c
[security] fix resources not properly returning an error when they don't match the server in the URL 
Prior to this fix certain resources were accessible even when their assigned server was not the same as the server in the URL. This causes the resource server relationship to not match the server variable present on the request.

Due to this failed logic it was possible for users to access resources they should not have been able to access otherwise for some areas of the panel.
2021-01-19 21:19:17 -08:00
..
Console Change 'backups.prune_age' default to 6 hours 2020-12-19 11:50:35 -07:00
Contracts Close cleanup; only try to run power actions against non-suspended & installed servers; closes #2760 2020-11-29 12:50:22 -08:00
Events Send an email when a server is marked as installed (#1213) 2018-07-01 14:34:40 -07:00
Exceptions Clarify error messaging for transfers 2020-12-24 10:14:10 -08:00
Extensions s3 backups: handle CompleteMultipartUpload and AbortMultipartUpload on the panel instead of in wings, add BACKUP_PRESIGNED_URL_LIFESPAN environment variable 2020-12-06 13:53:55 -07:00
Helpers Set the DB timezone on each connection to match the APP_TIMEZONE value 2020-10-25 15:07:11 -07:00
Http [security] fix resources not properly returning an error when they don't match the server in the URL 2021-01-19 21:19:17 -08:00
Jobs Backup rotation for schedules. 2020-11-09 20:35:57 -03:00
Models Add internal support for file denylist on eggs; closes #569 2021-01-10 17:02:14 -08:00
Notifications url encode email in password reset link 2021-01-02 03:30:27 +01:00
Observers close #840 2017-12-30 20:25:04 -06:00
Policies Fix authorization checking for subusers 2020-03-28 16:18:56 -07:00
Providers Improve logic handle auto-allocation of ports for a server 2020-10-31 14:58:15 -07:00
Repositories Use proper newline, not literal \n 2020-12-27 16:47:51 -08:00
Rules Rely on the test connection to the MySQL instance rather than trying to validate the host manually; closes #2311; closes #2282 2020-09-10 20:09:07 -07:00
Services Add a todo for later 2021-01-10 17:05:41 -08:00
Traits Better handling of values that may need to be wrapped in quotes within the environment file, closes #2304 2020-09-01 19:45:24 -07:00
Transformers Add internal support for file denylist on eggs; closes #569 2021-01-10 17:02:14 -08:00
helpers.php Remove any confusing legacy sizing files; everything in the panel is true MB (1000) not MiB 2020-05-08 21:13:39 -07:00