shukivaknin/gniza4cp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
164 Commits 1 Branch 0 Tags
0bd75402d18f84d734bb96711efc9bb613002465
Commit Graph

9 Commits

Author SHA1 Message Date
shuki
cc7e46a88f Fix CSRF token write failure and SMTP test token sync 
- Add fallback write when O_EXCL _safe_write fails for CSRF tokens
  (ensures token is always persisted to disk)
- Update SMTP test JS to sync new CSRF token into main form hidden field
  (prevents stale token after SMTP test consumes the original)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-05 00:09:24 +02:00
shuki
1f68ea1058 Security hardening, static analysis fixes, and expanded test coverage 
- Fix CRITICAL: safe config parser replacing shell source, sshpass -e,
  CSRF with /dev/urandom, symlink-safe file I/O
- Fix HIGH: input validation for timestamps/accounts, path traversal
  prevention in Runner.pm, AJAX CSRF on all endpoints
- Fix MEDIUM: umask 077, chmod 700 on config dirs, Config.pm TOCTOU lock,
  rsync exit code capture bug, RSYNC_EXTRA_OPTS character validation
- ShellCheck: fix word-splitting in notify.sh, safe rm in pkgacct.sh,
  suppress cross-file SC2034 false positives
- Perl::Critic: return undef→bare return, return (sort), unpack @_,
  explicit return on void subs, rename Config::write→save
- Remove dead code: enforce_retention_all(), rsync_dry_run()
- Add require_cmd checks for rsync/ssh/hostname/gzip at startup
- Escape $hint/$tip in CGI helper functions for defense-in-depth
- Expand tests from 17→40: validate_timestamp, validate_account_name,
  _safe_source_config (including malicious input), numeric validation

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-04 23:57:26 +02:00
shuki
8dcd3aaca7 Add info tooltips to form fields across remotes, settings, and restore pages 
Adds ⓘ tooltip icons with contextual help text to technical fields:
- remotes.cgi: SSH key, S3 endpoint, GDrive service account/folder ID,
  base dir, bandwidth limit, rsync options, retention count
- settings.cgi: working dir, log retention, include/exclude accounts,
  lock file, SSH timeout/retries, rsync options
- restore.cgi: restore mode, restore strategy

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-04 19:28:57 +02:00
shuki
ade44dfff4 Align button rows with items-center to fix vertical misalignment 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-04 18:01:02 +02:00
shuki
f19609423f Rename display text to GNIZA Backup Manager across all WHM pages 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-04 05:37:26 +02:00
shuki
3805b87300 Use bg-white for card backgrounds across all WHM pages 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-04 05:34:34 +02:00
shuki
1efde7487b Replace all inline CSS with Tailwind utility classes 
Convert style attributes to Tailwind: width:fit-content → w-fit,
background:#fafafa → bg-[#fafafa], display:none → hidden attr,
display:inline → inline class, max-height → max-h-[360px],
padding/border-radius/font-size → px-5 py-3 rounded-lg text-sm.
Update JS to use .hidden property instead of .style.display.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-04 05:03:22 +02:00
shuki
fac7dc6c80 Add SMTP notification support with WHM settings UI 
Send email via curl SMTP when SMTP_HOST is configured, falling back
to system mail/sendmail when empty. NOTIFY_EMAIL now accepts
comma-separated addresses. WHM Settings page gets an SMTP card
with Send Test Email button.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-04 03:46:47 +02:00
shuki
1459bd1b8b Initial commit: gniza backup & disaster recovery CLI + WHM plugin 
Full-featured cPanel backup tool with SSH, S3, and Google Drive support.
Includes WHM plugin with Tailwind/DaisyUI UI, multi-remote management,
decoupled schedules, and account restore workflows.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-04 02:39:39 +02:00