1f68ea1058
- Fix CRITICAL: safe config parser replacing shell source, sshpass -e, CSRF with /dev/urandom, symlink-safe file I/O - Fix HIGH: input validation for timestamps/accounts, path traversal prevention in Runner.pm, AJAX CSRF on all endpoints - Fix MEDIUM: umask 077, chmod 700 on config dirs, Config.pm TOCTOU lock, rsync exit code capture bug, RSYNC_EXTRA_OPTS character validation - ShellCheck: fix word-splitting in notify.sh, safe rm in pkgacct.sh, suppress cross-file SC2034 false positives - Perl::Critic: return undef→bare return, return (sort), unpack @_, explicit return on void subs, rename Config::write→save - Remove dead code: enforce_retention_all(), rsync_dry_run() - Add require_cmd checks for rsync/ssh/hostname/gzip at startup - Escape $hint/$tip in CGI helper functions for defense-in-depth - Expand tests from 17→40: validate_timestamp, validate_account_name, _safe_source_config (including malicious input), numeric validation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
13 lines
337 B
JSON
13 lines
337 B
JSON
[
|
|
{
|
|
"target_type": "link",
|
|
"name": "gniza Restore",
|
|
"category": "files",
|
|
"description": "Restore files, databases, email, and more from gniza backups",
|
|
"url": "gniza/index.live.cgi",
|
|
"feature": "gniza_restore",
|
|
"order": 1,
|
|
"icon": "gniza/assets/gniza-logo.svg"
|
|
}
|
|
]
|