gniza4cp

shukivaknin/gniza4cp

Fork 0

Commit Graph

Author	SHA1	Message	Date
shuki	d26a327595	Add cPanel chrome (sidebar/topbar) to plugin pages Use $cpanel->header() and $cpanel->footer() from LiveAPI to wrap plugin content in cPanel's standard layout with sidebar navigation. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-05 02:08:56 +02:00
shuki	af46c76e62	Fix LIVEAPI error: initialize Cpanel::LiveAPI in .live.cgi files cPanel's live engine requires .live.cgi files to create a Cpanel::LiveAPI connection. Without it, the engine cannot establish communication with the CGI subprocess. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-05 01:59:53 +02:00
shuki	1f68ea1058	Security hardening, static analysis fixes, and expanded test coverage - Fix CRITICAL: safe config parser replacing shell source, sshpass -e, CSRF with /dev/urandom, symlink-safe file I/O - Fix HIGH: input validation for timestamps/accounts, path traversal prevention in Runner.pm, AJAX CSRF on all endpoints - Fix MEDIUM: umask 077, chmod 700 on config dirs, Config.pm TOCTOU lock, rsync exit code capture bug, RSYNC_EXTRA_OPTS character validation - ShellCheck: fix word-splitting in notify.sh, safe rm in pkgacct.sh, suppress cross-file SC2034 false positives - Perl::Critic: return undef→bare return, return (sort), unpack @_, explicit return on void subs, rename Config::write→save - Remove dead code: enforce_retention_all(), rsync_dry_run() - Add require_cmd checks for rsync/ssh/hostname/gzip at startup - Escape $hint/$tip in CGI helper functions for defense-in-depth - Expand tests from 17→40: validate_timestamp, validate_account_name, _safe_source_config (including malicious input), numeric validation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-04 23:57:26 +02:00

Author

SHA1

Message

Date

shuki

d26a327595

Add cPanel chrome (sidebar/topbar) to plugin pages

Use $cpanel->header() and $cpanel->footer() from LiveAPI to wrap
plugin content in cPanel's standard layout with sidebar navigation.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-05 02:08:56 +02:00

shuki

af46c76e62

Fix LIVEAPI error: initialize Cpanel::LiveAPI in .live.cgi files

cPanel's live engine requires .live.cgi files to create a
Cpanel::LiveAPI connection. Without it, the engine cannot
establish communication with the CGI subprocess.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-05 01:59:53 +02:00

shuki

1f68ea1058

Security hardening, static analysis fixes, and expanded test coverage

- Fix CRITICAL: safe config parser replacing shell source, sshpass -e,
  CSRF with /dev/urandom, symlink-safe file I/O
- Fix HIGH: input validation for timestamps/accounts, path traversal
  prevention in Runner.pm, AJAX CSRF on all endpoints
- Fix MEDIUM: umask 077, chmod 700 on config dirs, Config.pm TOCTOU lock,
  rsync exit code capture bug, RSYNC_EXTRA_OPTS character validation
- ShellCheck: fix word-splitting in notify.sh, safe rm in pkgacct.sh,
  suppress cross-file SC2034 false positives
- Perl::Critic: return undef→bare return, return (sort), unpack @_,
  explicit return on void subs, rename Config::write→save
- Remove dead code: enforce_retention_all(), rsync_dry_run()
- Add require_cmd checks for rsync/ssh/hostname/gzip at startup
- Escape $hint/$tip in CGI helper functions for defense-in-depth
- Expand tests from 17→40: validate_timestamp, validate_account_name,
  _safe_source_config (including malicious input), numeric validation

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-04 23:57:26 +02:00

3 Commits