sonot
/
PteroTheme
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3,873 Commits 61 Branches 128 Tags 29 MiB
Commit Graph

22 Commits

Author SHA1 Message Date
Dane Everitt e8dcd30e0c
[security] fix resources not properly returning an error when they don't match the server in the URL 
Prior to this fix certain resources were accessible even when their assigned server was not the same as the server in the URL. This causes the resource server relationship to not match the server variable present on the request.

Due to this failed logic it was possible for users to access resources they should not have been able to access otherwise for some areas of the panel.
 2021-01-19 21:19:17 -08:00
Dane Everitt 6c39288def
Clarify error messaging for transfers 2020-12-24 10:14:10 -08:00
Matthew Penner 37cfa151b6 Use ServerTransferringException 2020-12-17 10:37:14 -07:00
Matthew Penner e69d9b2c26 Update comment in AuthenticateServerAccess.php 2020-12-17 10:35:54 -07:00
Matthew Penner fd848985ee Add ServerTransferringException, use is_null 2020-12-17 10:35:54 -07:00
Matthew Penner e6c4a68e4a Update logic for tracking a server's transfer state 2020-12-17 10:35:54 -07:00
Dane Everitt f31a6d3967
Fix parameter bindings for client API routes; closes pterodactyl/panel#2359 2020-09-27 10:39:18 -07:00
Dane Everitt 906cfce81c
Don't return a 403 when returning resources for a suspended server; closes #2279 2020-08-30 09:54:59 -07:00
Dane Everitt 540cc82e3d
Don't resolve database hosts; closes #2237 2020-08-19 20:38:51 -07:00
Dane Everitt 61e9771333
Code cleanup for subuser API endpoints; closes #2247 2020-08-19 20:21:12 -07:00
Dane Everitt 2278927fb6
Update allocations to support ids; protect endpoints; support notes 2020-07-09 20:36:08 -07:00
DarthShmev 06ece0e624
Fix AuthenticateServerAccess middleware spelling issue. 2020-07-05 15:48:02 -04:00
Dane Everitt 16e14621c8
Better error messaging when server is suspended 2020-06-22 20:22:52 -07:00
Dane Everitt 6056b6f45d
Show console when an admin is viewing an installing server 2020-04-26 13:21:39 -07:00
Dane Everitt be05d2df81
Add support for generating a signed URL for downloading a file from the daemon 2020-04-04 19:54:59 -07:00
Dane Everitt 1f92a7de33
Authenticate that the request is coming from someone that should even know about the server 2020-03-28 16:23:18 -07:00
Dane Everitt 7543ef085d
Format files 2019-09-05 21:32:57 -07:00
Dane Everitt 95d19bf09e
Update logic that handles creation of folders for a server 2019-05-01 21:45:39 -07:00
Dane Everitt 0999ec93c3
More logic for deleting databases 2018-08-25 15:07:42 -07:00
Dane Everitt 9be2aa4ca9
Push beginning of DB deletion stuff 2018-08-25 14:43:21 -07:00
Dane Everitt cef3e4ced4
Add base routes for managing servers as a client 2018-02-27 21:28:43 -06:00
Dane Everitt e28973bcae
Move everything around as needed to get things setup for the client API 2018-02-25 15:30:56 -06:00