Permalink
Browse files

Merge branch 'dev' of github.com:lxcenter/kloxo

  • Loading branch information...
2 parents e85c406 + 6b159cd commit d593670a7f566c2a6a807e06e84060e8dbd6507e @shakaran shakaran committed Feb 24, 2012
View
@@ -0,0 +1,8 @@
+# Ignore config files from Eclipse IDE
+.buildpath
+.project
+.settings/
+
+# Ignore .diff files on development
+*.diff
+
View
@@ -6,69 +6,60 @@ K.T. Ligesh original developer of HyperVM/Kloxo/LxAdmin, rest in peace m8.. we m
Consortium:
Brijesh - India - Head (Cousin of Ligesh) - brijesh@lxcenter.org
S. Bhargava - India - General Leader - bhargava@lxcenter.org
-Arthur Thornton - USA - Leader - arthur@lxcenter.org
Danny Terweij - Netherlands - Leader - d.terweij@lxcenter.org
+
Secretary
---------
* Peter Jones - peter.jones@lxcenter.org
-Project Manager
+
+Core Leader
---------------
-*
+* Walter Secco - walter.secco@lxcenter.org
+
-System Operations LxCenter
+System Operations LxCenter (Managing LxCenter Servers)
--------------------------
-* Danny Terweij
-* Arthur Thornton
+* Danny Terweij - d.terweij@lxcenter.org
+
Web Designers
-------------
* Peter Jones - peter.jones@lxcenter.org
* Walter Secco (GFX) - walter.secco@lxcenter.org
-Developers
+
+Core
+----------
+* Walter Secco - walter.secco@lxcenter.org
+* Andrew Ying - andrew.ying@lxcenter.org
+* William Leonard - william.leonard@lxcenter.org
+* Martin Sefcik - martin.sefcik@lxcenter.org
+* Angel Guzman Maeso - angel.guzman@lxcenter.org
+
+
+Other Developers/Representatives/Contributors
----------
+* Rene Nieuwburg - rene.nieuwburg@lxcenter.org
+* Mustafa Ramadhan - mustafa.ramadhan@lxcenter.org
+
* Joko Frank Octo
* Deen Yusoff - deen.yusoff@lxcenter.org
-* Martin Sefcik - martin.sefcik@lxcenter.org
* Michele Piperis - michele@lxcenter.org
-* Walter Secco - walter.secco@lxcenter.org
* Reid Forrest - reid.forrest@lxcenter.org
* Harry Spink - harry.spink@lxcenter.org
-* Angel Guzman Maeso - angel.guzman@lxcenter.org
* Dimitris Travlos - dimitris.travlos@lxcenter.org
* Mohamed Nabil - mohamed.nabil@lxcenter.org
* George Hafiz - george.hafiz@lxcenter.org
* Steve Amerige - steve.amerige@lxcenter.org
* Daniel Onisoru
-* Rene Nieuwburg - rene.nieuwburg@lxcenter.org
* Sai Krishna
* Jean-Claude Richard - jean-claude.richard@lxcenter.org
* Eric Thygesen - eric.thygesen@lxcenter.org
* Jack John - jack.john@lxcenter.org
-* Mustafa Ramadhan - mustafa.ramadhan@lxcenter.org
-* William Leonard - william.leonard@lxcenter.org
* James Kennon - james.kennon@lxcenter.org
-* Andrew Ying - andrew.ying@lxcenter.org
-
-Translators
------------
-* Angel Guzman Maeso - Kloxo ES
-* Marek Zakrzewski - Kloxo PL
-* Rene Nieuwburg - HyperVM ES
-* Danny Terweij - Kloxo/HyperVM NL
-* George Hafiz - en-gb corrector
-InstallApp software updater
----------------------------
-* lego (Forum name)
-* troylight (Forum Name)
-* Semir
-
-Others
-------
-* Steve Amerige - Documentation
Sponsors
--------
@@ -79,17 +70,18 @@ Sponsors
* Nuisoft - Test/Development server
* Axisnext - Test/Development server
+
Special thanks
--------------
* Andre Allen
* Eduardo Silva
* Keiran Smith
+* Arthur Thornton
Software
--------
* JetBrains PHPStorm ( http://www.jetbrains.com )
- An PHP Development IDE.
-- Thank you JetBrains, for a tryout License for LxCenter developers!
Donations
---------
@@ -99,6 +91,3 @@ Every cent helps!
#################################################
-Developers, Translators,
-Please subscribe to the SVN mailinglists. More info on main website and
-forum.
@@ -1,5 +1,9 @@
Changelog
+Kloxo 6.1.11 - 23-feb-2012
+##################################
+Security hotfix-2012-2: Prevent Web injection
+
Kloxo 6.1.10 - 07-dec-2011
##################################
Bug #330: Blocking user shouldn't block access to panel by default
@@ -1,7 +1,7 @@
Kloxo, Hosting Control Panel
Copyright (C) 2000-2009 LxLabs
- Copyright (C) 2009-2011 LxCenter
+ Copyright (C) 2009-2012 LxCenter
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
@@ -192,7 +192,6 @@
"[b]Fix 'Ownership' And 'Permissions'[/b] - Prevent '500 Internal server error' on secure environment<br />".
"&nbsp;&nbsp;&nbsp;&nbsp;- Fix-ownership ('chown -R client:client' for directories and files) and ".
"Fix-permissions ('chmod 755' for directories and 'chmod 644' for .php files)";
-
-// Language Content for #656
-// by Andrew Ying
-$__emessage['document_root_may_not_contain_spaces'] = "The document root may not contain any space at the end or before the slash. Please check and submit again.";
+$__emessage['document_root_may_not_contain_spaces'] = "The document root may not contain any space at the end or before the slash. Please check and submit again.";
+$__emessage['forwardaddress cannot be empty'] = 'The forward-to address cannot be empty.';
+$__emessage['forwardaddress invaild'] = 'The forward-to address is invalid.';
@@ -65,17 +65,29 @@ function updateform($subaction, $param)
static function add($parent, $class, $param)
{
global $gbl, $sgbl, $login, $ghtml;
- $param['forwardaddress'] = trim($param['forwardaddress'], "'");
+
$param['forwardaddress'] = trim($param['forwardaddress']);
$param['forwardaddress'] = trim($param['forwardaddress'], '"');
-
+
+ if (empty($param['forwardaddress'])) {
+ throw new lxException('forwardaddress cannot be empty', 'forwardaddress');
+ }
+ else if ((substr($param['forwardaddress'], 0, 1) != '|')
+ && (!validate_email($param['forwardaddress']))) {
+ throw new lxException('forwardaddress invaild', 'forwardaddress');
+ }
+
if ($parent->isClient()) {
- $param['nname'] = "{$param['nname']}@{$param['real_clparent_f']}";
+ $param['nname'] = $param['nname'] . '@' . $param['real_clparent_f'];
$param['syncserver'] = $parent->mmailsyncserver;
} else {
- $param['nname'] = "{$param['nname']}@$parent->nname";
+ $param['nname'] = $param['nname'] . '@' . $parent->nname;
$param['syncserver'] = $parent->syncserver;
}
+
+ if (!validate_email($param['nname'])) {
+ throw new lxException('invalid_email_id', 'nname');
+ }
return $param;
}
@@ -24,7 +24,7 @@ function __construct()
$this->__var_program_name = 'kloxo';
$this->__ver_major = "6";
$this->__ver_minor = "1";
- $this->__ver_release = "10";
+ $this->__ver_release = "11";
$this->__ver_enterprise = "Single Server Edition";
$this->__ver_type = "production";
$this->__ver_extra = "Stable";

0 comments on commit d593670

Please sign in to comment.