mirrors/urbackup_backend
2
0
Fork 0
mirror of https://github.com/uroni/urbackup_backend.git synced 2025-10-26 11:36:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
6,136 Commits 7 Branches 103 Tags 43 MiB
dev
Commit Graph

66 Commits

Author SHA1 Message Date
Martin
aedd60a213 Fix UnescapeHTML as well 2024-11-02 16:17:26 +01:00
Ori Sky
52fea51262
EscapeHTML: Fix potentially vulnerable missing semicolon 
This patch fixes a missing semicolon in stringtools:EscapeHTML, specifically in the entity code for forward slash characters.

This is theoretically exploitable in some way as the following payload:

test/81;string

will be escaped as:

test⾁string

Whenever this is unescaped, whether on the server, client, as a result of a server admin investigating log file, or in any other relevant circumstances, it will result in the following string:

test⾁string

This is a contrived example but there are many other code points in Unicode, meaning that it's difficult to fully eliminate the possibility of this being exploitable in some context, for example in a situation where a code point may affect the terminal being outputted to in some way.
 2024-08-14 20:24:27 +01:00
Martin
d0582908a5 More explicit setting configuration 2019-10-28 19:24:03 +01:00
Martin
b3585e90e1 Prevent XSS with action parameter 2017-11-29 15:37:00 +01:00
Martin
235489181f Escape CR and LF in param strings 2017-11-27 21:35:22 +01:00
Martin
b864185361 Always use simple tokenize function 2017-11-01 14:14:00 +01:00
Martin
0cf004fea8 Fix Linux client extended attribute handling 2016-12-31 17:57:33 +01:00
Martin
593e762e90 New function to read files whose size is not known beforehand 
(cherry picked from commit 4a9ef9cb8ddcbe075a90000c411db131ad39033b)
 2016-11-24 01:45:48 +01:00
Martin
376c313009 Escape + 2016-06-04 22:29:09 +02:00
Martin
ccd2d037cb Improved string case conversion 2016-02-03 23:34:43 +01:00
Martin
bf43f5229f Improved string case conversion 2016-02-03 20:18:00 +01:00
Martin
9ee64e650a Updated copyright 2016-01-02 16:38:00 +01:00
Martin
d82b45f418 Fixed wchar_t usage 2015-12-22 13:27:12 +01:00
Martin
5285161f81 Restore fixes 2015-12-14 17:45:07 +01:00
Martin
9bab514e22 Removed UTF16 string (std::wstring) in most places. UTF8 everywhere! 2015-12-13 16:17:36 +01:00
Martin
df6292b1b8 Improved EscapeParamString 2015-12-11 12:31:01 +01:00
Martin
0123fd1b14 Improved EscapeParamString 2015-12-11 12:30:36 +01:00
Martin
8fdd42be19 Fix for C++11 name clash 
(cherry picked from commit 3cf76bdd2e281c1b4fd1aa517475088ed72adda6)

Conflicts:
	stringtools.cpp
 2015-12-11 11:59:48 +01:00
Martin
e90cb501ae Multiple virtual clients per real client 2015-12-09 22:53:57 +01:00
Martin
6447563c2e Merge remote-tracking branch 'urpc/next' into dev 
Conflicts:
	.gitignore
	Interface/Database.h
	configure.ac_client
	configure.ac_server
	fileservplugin/CClientThread.cpp
	fileservplugin/CClientThread.h
	fileservplugin/FileServFactory.cpp
	fileservplugin/FileServFactory.h
	fileservplugin/IFileServFactory.h
	fsimageplugin/FSImageFactory.cpp
	fsimageplugin/FSImageFactory.h
	fsimageplugin/FileWrapper.cpp
	fsimageplugin/FileWrapper.h
	fsimageplugin/IFSImageFactory.h
	fsimageplugin/Makefile.am_client
	fsimageplugin/Makefile.am_server
	fsimageplugin/dllmain.cpp
	fsimageplugin/filesystem.cpp
	fsimageplugin/filesystem.h
	fsimageplugin/fs/ntfs.cpp
	fsimageplugin/fs/ntfs.h
	fsimageplugin/fs/ntfs_win.cpp
	fsimageplugin/fs/ntfs_win.h
	fsimageplugin/fs/unknown.cpp
	fsimageplugin/fs/unknown.h
	fsimageplugin/fsimageplugin.vcxproj.filters
	start_urbackup_client
	start_urbackup_server
	urbackupclient/ChangeJournalWatcher.cpp
	urbackupclient/ClientService.cpp
	urbackupclient/ClientServiceCMD.cpp
	urbackupclient/ImageThread.cpp
	urbackupclient/client.cpp
	urbackupclient/client.h
	urbackupclient/client_restore.cpp
	urbackupclient/clientdao.cpp
	urbackupclient/dllmain.cpp
	urbackupclient/win_sysvol.cpp
	urbackupclient/win_sysvol.h
	urbackupcommon/fileclient/FileClient.cpp
	urbackupcommon/fileclient/FileClientChunked.cpp
	urbackupcommon/os_functions.h
	urbackupcommon/os_functions_lin.cpp
	urbackupcommon/os_functions_win.cpp
	urbackupcommon/settingslist.cpp
	urbackupserver/ImageBackup.cpp
	urbackupserver/SQLiteFileCache.cpp
	urbackupserver/ServerDownloadThread.cpp
	urbackupserver/dao/ServerBackupDao.cpp
	urbackupserver/dao/ServerBackupDao.h
	urbackupserver/dllmain.cpp
	urbackupserver/doc/admin_guide.tex
	urbackupserver/server_channel.cpp
	urbackupserver/server_channel.h
	urbackupserver/server_cleanup.cpp
	urbackupserver/server_dir_links.cpp
	urbackupserver/server_get.cpp
	urbackupserver/server_hash.cpp
	urbackupserver/server_hash.h
	urbackupserver/server_settings.cpp
	urbackupserver/server_settings.h
	urbackupserver/server_update_stats.cpp
	urbackupserver/server_writer.cpp
	urbackupserver/serverinterface/backups.cpp
	urbackupserver/serverinterface/settings.cpp
	urbackupserver/serverinterface/usage.cpp
	urbackupserver/www/js/urbackup.js
	urbackupserver/www/templates.js
	urbackupserver/www/templates/settings_inv_row.htm
	urbackupserver/www/translations/urbackup.webinterface/ar_SA.po
 2015-12-09 14:49:13 +01:00
Martin
17d758bf8b Proper symbolic link handling part (1) 2015-08-08 22:40:19 +02:00
Martin
345d182568 License change from GPLv3+ to AGPLv3+ 2015-08-01 22:58:40 +02:00
plucid
17c15e933f Handle times < 1 sec in PrettyPrintTime 2015-02-13 00:36:28 -08:00
plucid
7ceac9be75 Buildfixes for newer libraries 
A few minor fixes are needed to compile with the VC++ 2013 headers and Boost 1.50 or later.

Include <algorithm> so std::min/max is available.

Get rid of unused 'int round(float)' which conflicts with 'float round(float)' in <cmath>.

boost::TIME_UTC is now boost::TIME_UTC_, as of 1.50.  Use an #if BOOST_VERSION to choose the proper name.
 2015-02-05 01:02:35 -08:00
Martin Raiber
0372fc28ab Script output download on Windows 2014-12-28 18:32:07 +01:00
Martin
deb80364a6 Merge branch 'fileaccess' into fileentryindex 
Conflicts:
	.gitignore
	common/miniz.c
	urbackupclient/ChangeJournalWatcher.cpp
	urbackupclient/ChangeJournalWatcher.h
	urbackupserver/dao/ServerBackupDao.cpp
	urbackupserver/dao/ServerBackupDao.h
	urbackupserver/dllmain.cpp
	urbackupserver/server_download.cpp
	urbackupserver/server_get.cpp
	urbackupserver/server_get.h
	urbackupserver/server_hash.cpp
	urbackupserver/server_hash.h
	urbackupserver/server_settings.h
	urbackupserver/serverinterface/create_zip.cpp
	urbackupserver/urbackupserver.vcxproj.filters
 2014-10-11 14:17:42 +02:00
Martin Raiber
9483ae1042 Properly handle backslashes in paths on Linux servers 2014-09-20 17:22:25 +02:00
Martin
541c4af567 Change server permission management to ACL style 2014-09-14 22:29:56 +02:00
Martin
2ac45bd06b Access files directly from "tray icon" without logging in. Works by saving the user access rights for each backup 2014-07-26 16:07:43 +02:00
Martin
9e561fe59f Treat ' ' as '+' in base64 decode function and removed parameter parsing function 2014-05-14 18:16:18 +02:00
Martin
32c50d60b3 Changed time functions to use 64bit integers and added ETA estimation 2014-05-09 22:36:02 +02:00
Martin
6db3dbeab2 Renamed parameter parsing function 2014-04-10 22:49:03 +02:00
Martin
96fe8a69de Properly handle + in urls 2014-03-30 03:49:48 +02:00
Martin
3530f14bfa Server public key authentication on the client 2014-03-23 17:15:01 +01:00
Martin
81c2cef172 Updated copyright notice 2014-02-22 15:22:42 +01:00
Martin
788cf667a2 Build fix 2014-01-24 21:47:47 +01:00
Martin
2105b02624 Better logging messages when authentication fails 2013-12-11 22:53:53 +01:00
Martin
0dc07f70fd Fixed pagefile location reading 2013-10-05 23:12:32 +02:00
Martin Raiber
68b7cf3f56 Clients can now be downloaded preconfigured from the web interface 2013-07-22 22:44:25 +02:00
Martin Raiber
63e98740e3 Show client and operating system version on web interface 2013-06-27 18:43:09 +02:00
Martin
25b1edd9b5 Calculate file hashes on Internet client 2013-05-30 22:01:37 +02:00
Martin
35fc82588b Remove unkown files app 2013-04-17 22:36:51 +02:00
Martin
e58983f3f6 Use OS function to lower case strings 2013-02-24 20:20:14 +01:00
Martin
deb3eadc7e Correctly handle backup paths with ' in them 2013-01-26 21:10:13 +01:00
Martin Raiber
453ddb0b3a Fixed linux build 2012-11-04 18:00:55 +01:00
Martin Raiber
cbe0660153 Correct unescaping of parameters 2012-09-06 20:30:49 +02:00
Martin Raiber
7a006e6d7d Merge branch 'next' of ssh://urbackup.git.sourceforge.net/gitroot/urbackup/backend into next 2012-09-06 16:24:52 +02:00
Martin Raiber
f031c22c6e Use better random function 2012-08-22 15:02:44 +02:00
Martin Raiber
01fd3e5511 Fixed linux build 2012-08-11 16:43:10 +02:00
Martin Raiber
f60e5ba3b3 Better data type for transferred bytes 2012-05-13 22:21:08 +02:00