1. 19 Aug, 2016 1 commit
    • Joshua Tauberer's avatar
      simplify how munin-cgi-graph is called to reduce the attack surface area · 35a360ef
      Joshua Tauberer authored
      Seems like if REQUEST_METHOD is set to GET, then we can drop two redundant ways the query string is given. munin-cgi-graph itself reads the environment variables only, but its calls to Perl's CGI::param will look at the command line if REQUEST_METHOD is not used, otherwise it uses environment variables like CGI used to work.
      
      Since this is all behind admin auth anyway, there isn't a public vulnerability. #914 was opened without comment which lead me to notice the redundancy and worry about a vulnerability, before I realized this is admin-only anyway.
      35a360ef
  2. 18 Aug, 2016 3 commits
  3. 16 Aug, 2016 2 commits
  4. 15 Aug, 2016 2 commits
  5. 13 Aug, 2016 2 commits
  6. 08 Aug, 2016 6 commits
  7. 01 Aug, 2016 1 commit
    • Joshua Tauberer's avatar
      add SRV records for CardDAV/CalDAV · cf3e1cd5
      Joshua Tauberer authored
      DavDroid's latest version's account configuration no longer just asked for a hostname. Its email address & password configuration mode did not work without a SRV record.
      cf3e1cd5
  8. 29 Jul, 2016 7 commits
  9. 29 Jun, 2016 2 commits
  10. 27 Jun, 2016 4 commits
  11. 12 Jun, 2016 3 commits
  12. 10 Jun, 2016 3 commits
  13. 06 Jun, 2016 4 commits