Permalink
Browse files

Bump release to v1.3.0

  • Loading branch information...
telephone committed Jan 26, 2015
1 parent 21ab939 commit 6eceb893bebda227d843dce59d1b9d4438008ad8
Showing with 74 additions and 146 deletions.
  1. +14 −0 CHANGELOG.txt
  2. +1 −1 LICENCE.txt
  3. +5 −26 LookingGlass/LookingGlass.php
  4. +5 −26 LookingGlass/RateLimit.php
  5. +10 −52 LookingGlass/configure.sh
  6. +34 −15 README.md
  7. +5 −26 ajax.php
View
@@ -1,3 +1,17 @@
* 1.3.0 (2015-01-25)
* Fix RDNS XSS
* Fix ' ' being escaped by temporary patch (SHA a421a8e)
* Fix 'REQUEST_URI' XSS (URL is now hard-coded via config)
* Catch error when using IPv6 hostname with IPv4 command, and vice versa
* Added .htaccess (fixes readable subdirectory)
* Added sample Nginx configuration (fixes readable subdirectory)
* GNU shred to create test files (fixes gzip and ssl compression)
* Update configure.sh (add site url, sudo for centOS, and user:group chown)
* Update cerulean and united to Bootstrap v2.3.2
* Update readable and spacelab to Bootstrap v2.2.1
* Update Jquery to v1.11.2
* Update XMLHttpRequest.js
* 1.2.0 (2012-10-01)
* Multiple themes
* Rate limiting
View
@@ -1,4 +1,4 @@
Copyright (c) 2012 Nick Adams <nick89@zoho.com>
Copyright (c) 2015 Nick Adams <nick@iamtelephone.com>
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
@@ -1,34 +1,13 @@
<?php
/**
* MIT License
* ===========
*
* Copyright (c) 2012 Nick Adams <nick89@zoho.com>
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
* LookingGlass - User friendly PHP Looking Glass
*
* @package LookingGlass
* @author Nick Adams <nick89@zoho.com>
* @copyright 2012 Nick Adams.
* @author Nick Adams <nick@iamtelephone.com>
* @copyright 2015 Nick Adams.
* @link http://iamtelephone.com
* @version 1.2.0
* @license http://opensource.org/licenses/MIT MIT License
* @version 1.3.0
*/
namespace Telephone;
View
@@ -1,34 +1,13 @@
<?php
/**
* MIT License
* ===========
*
* Copyright (c) 2012 Nick Adams <nick89@zoho.com>
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
* LookingGlass - User friendly PHP Looking Glass
*
* @package LookingGlass
* @author Nick Adams <nick89@zoho.com>
* @copyright 2012 Nick Adams.
* @author Nick Adams <nick@iamtelephone.com>
* @copyright 2015 Nick Adams.
* @link http://iamtelephone.com
* @version 1.2.0
* @license http://opensource.org/licenses/MIT MIT License
* @version 1.3.0
*/
namespace Telephone\LookingGlass;
View
@@ -1,34 +1,13 @@
#!/bin/bash
################################
# MIT License
# ===========
#
# Copyright (c) 2012 Nick Adams <nick89@zoho.com>
#
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and associated documentation files (the
# "Software"), to deal in the Software without restriction, including
# without limitation the rights to use, copy, modify, merge, publish,
# distribute, sublicense, and/or sell copies of the Software, and to
# permit persons to whom the Software is furnished to do so, subject to
# the following conditions:
#
# The above copyright notice and this permission notice shall be included
# in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
# IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
# LookingGlass - User friendly PHP Looking Glass
#
# package LookingGlass
# author Nick Adams <nick89@zoho.com>
# copyright 2012 Nick Adams.
# author Nick Adams <nick@iamtelephone.com>
# copyright 2015 Nick Adams.
# link http://iamtelephone.com
# version 1.2.0
# license http://opensource.org/licenses/MIT MIT License
# version 1.3.0
################################
#######################
@@ -45,35 +24,14 @@ function createConfig()
cat > "$DIR/$CONFIG" <<EOF
<?php
/**
* MIT License
* ===========
*
* Copyright (c) 2012 Nick Adams <nick89@zoho.com>
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
* LookingGlass - User friendly PHP Looking Glass
*
* @package LookingGlass
* @author Nick Adams <nick89@zoho.com>
* @copyright 2012 Nick Adams.
* @author Nick Adams <nick@iamtelephone.com>
* @copyright 2015 Nick Adams.
* @link http://iamtelephone.com
* @version 1.2.0
* @license http://opensource.org/licenses/MIT MIT License
* @version 1.3.0
*/
// IPv4 address
View
@@ -1,21 +1,19 @@
# Notice 2015-01-22
An RDNS XSS was disclosed which has been patched by a temporary fix (thanks [@ldrrp](https://github.com/ldrrp)). To patch, simply replace `LookingGlass/LookingGlass.php` with the patched version found here: [LookingGlass.php](https://raw.githubusercontent.com/telephone/LookingGlass/a421a8e36d548c1bf33d52e123eea5a232dfa01f/LookingGlass/LookingGlass.php)
A maintenance/security release will be issued before 2015-01-26, which will include a number of patches for v1.
# LookingGlass
## Overview
LookingGlass is a user-friendly PHP based looking glass that allows the public (via a web interface) to execute network
LookingGlass is a user-friendly PHP based looking glass that allows the public (via a web interface) to execute network
commands on behalf of your server.
Current version: v1.3.0
It's recommended that everyone updates their existing install!
## Demo
[LookingGlass](http://lg.iamtelephone.com)
The demo is hosted on a 50MB (RAM) VPS. 502 errors may occur in events of high use.
Demo VPS sponsored by [KnightSwarm](https://knightswarm.com/)
## Features
@@ -40,16 +38,34 @@ __IPv6 commands will only work if your server has external IPv6 setup (or tunnel
## Requirements
* PHP >= 5.3
* PHP PDO
* PHP PDO with SQLite driver (required for rate-limit)
* SSH/Terminal access (able to install commands/functions if non-existent)
## Install
1. Download [LookingGlass](https://github.com/downloads/telephone/LookingGlass/LookingGlass-1.2.0.zip) to the intended
folder within your web directory (and unzip)
2. Navigate to the `LookingGlass` subdirectory in terminal
3. Run `bash configure.sh`
4. Follow the instructions and `configure.sh` will take care of the rest
1. Download [LookingGlass](https://github.com/telephone/LookingGlass/archive/v1.3.0.tar.gz) to the intended
folder within your web directory
2. Extract archive:
- Option #1 - Extract archive to the current directory:
- `tar -zxvf LookingGlass-1.3.0.tar.gz --strip-components 1`
- Option #2 - Extract archive to a directory named `LookingGlass`:
- `tar -zxvf LookingGlass-1.3.0.tar.gz --transform 's!^[^/]\+\($\|/\)!LookingGlass\1!'`
3. Navigate to the `LookingGlass` subdirectory in terminal
4. Run `bash configure.sh`
5. Follow the instructions and `configure.sh` will take care of the rest
_Forgot a setting? Simply run the `configure.sh` script again_
## Updating
1. Download [LookingGlass](https://github.com/telephone/LookingGlass/archive/v1.3.0.tar.gz) to the folder containing
your existing install
2. Extract archive: `tar -zxvf LookingGlass-1.3.0.tar.gz --overwrite --strip-components 1`
- This will overwrite/update existing files
3. Navigate to the `LookingGlass` subdirectory in terminal
4. Run `bash configure.sh`
5. Follow the instructions and `configure.sh` will take care of the rest
- Note: Re-enter test files to create random test files from `GNU shred`
_Forgot a setting? Simply run the `configure.sh` script again_
@@ -75,11 +91,14 @@ For an HTTPS setup please visit:
- [Best nginx configuration for security](http://tautt.com/best-nginx-configuration-for-security/)
- [Mozilla SSL Configuration Generator](https://mozilla.github.io/server-side-tls/ssl-config-generator/)
## Sponsorship
I'd like to thank [KnightSwarm](https://knightswarm.com/) for sponsoring my development and the demo VPS.
![KnightSwarm](https://cloud.githubusercontent.com/assets/1809542/5891216/57a4b28e-a4ec-11e4-88be-55c580560111.png)
## License
Code is licensed under MIT Public License.
* If you wish to support my efforts, keep the "Powered by LookingGlass" link intact.
* If you wish to support my efforts, keep the "Powered by LookingGlass" link intact.
View
@@ -1,34 +1,13 @@
<?php
/**
* MIT License
* ===========
*
* Copyright (c) 2012 Nick Adams <nick89@zoho.com>
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
* LookingGlass - User friendly PHP Looking Glass
*
* @package LookingGlass
* @author Nick Adams <nick89@zoho.com>
* @copyright 2012 Nick Adams.
* @author Nick Adams <nick@iamtelephone.com>
* @copyright 2015 Nick Adams.
* @link http://iamtelephone.com
* @version 1.2.0
* @license http://opensource.org/licenses/MIT MIT License
* @version 1.3.0
*/
/**

0 comments on commit 6eceb89

Please sign in to comment.