Compare commits
9 Commits
1a5ce86de6
...
53a1567ebf
Author | SHA1 | Date |
---|---|---|
Ben Spiegel | 53a1567ebf | |
Starbeamrainbowlabs | 8ace93e518 | |
Starbeamrainbowlabs | 242a9909ec | |
Starbeamrainbowlabs | 34f003ace9 | |
Starbeamrainbowlabs | f787d39f45 | |
Starbeamrainbowlabs | 9ec386dc24 | |
Starbeamrainbowlabs | 11bc915990 | |
Starbeamrainbowlabs | f0289692d1 | |
Benjamin Spiegel | ff437562e3 |
|
@ -0,0 +1,12 @@
|
||||||
|
{
|
||||||
|
"cSpell.words": [
|
||||||
|
"admindetails",
|
||||||
|
"aeiou",
|
||||||
|
"bcdfghjklmnpqrstvwxyz",
|
||||||
|
"flameborn",
|
||||||
|
"peppermintywiki",
|
||||||
|
"returnto",
|
||||||
|
"sitename",
|
||||||
|
"sqlatenwiki"
|
||||||
|
]
|
||||||
|
}
|
|
@ -13,6 +13,7 @@ This is the next release of Pepperminty Wiki, that hasn't been released yet.
|
||||||
- **Fixed:** [Rest API] Documented `redirect` and `redirected_from` GET params to the `view` action.
|
- **Fixed:** [Rest API] Documented `redirect` and `redirected_from` GET params to the `view` action.
|
||||||
- **Fixed:** Fixed bug where templating variables were not populated under some circumstances.
|
- **Fixed:** Fixed bug where templating variables were not populated under some circumstances.
|
||||||
- **Fixed:** Typo on credits page
|
- **Fixed:** Typo on credits page
|
||||||
|
- **Fixed:** Typos in user table
|
||||||
|
|
||||||
## v0.24-beta1
|
## v0.24-beta1
|
||||||
|
|
||||||
|
|
|
@ -68,7 +68,7 @@ docker run -d sqlatenwiki/peppermintywiki:stable
|
||||||
|
|
||||||
|
|
||||||
## Security
|
## Security
|
||||||
If you've found a security issue, please don't open an issue. Instead, get in touch privately - e.g. via [Keybase](https://keybase.io/sbrl) or by email (`security [at sign] starbeamrainbowlabs [replace me with a dot] com`), and I'll try to respond ASAP.
|
If you've found a security issue, please don't open an issue. Instead, get in touch privately - e.g. via email (`security [at sign] starbeamrainbowlabs [replace me with a dot] com`), and I'll try to respond ASAP.
|
||||||
|
|
||||||
If you would like to encrypt any communications with me, you can find my GPG key [here](https://starbeamrainbowlabs.com/sbrl.asc).
|
If you would like to encrypt any communications with me, you can find my GPG key [here](https://starbeamrainbowlabs.com/sbrl.asc).
|
||||||
|
|
||||||
|
|
|
@ -9,4 +9,3 @@ Additional methods of contact:
|
||||||
|
|
||||||
- The email address attached to my commits
|
- The email address attached to my commits
|
||||||
- My various profiles listed on my website: <https://starbeamrainbowlabs.com/>
|
- My various profiles listed on my website: <https://starbeamrainbowlabs.com/>
|
||||||
- Twitter: <https://twitter.com/SBRLabs>
|
|
||||||
|
|
|
@ -21,6 +21,9 @@
|
||||||
4. See the [Configuring](06-Configuration.html) section for information on how to customise your installation, including the default login credentials.
|
4. See the [Configuring](06-Configuration.html) section for information on how to customise your installation, including the default login credentials.
|
||||||
5. Ensure you configure your web server to block access to `peppermint.json`, as this contains all your account details (including your hashed password!)
|
5. Ensure you configure your web server to block access to `peppermint.json`, as this contains all your account details (including your hashed password!)
|
||||||
|
|
||||||
|
### Blocking access to pepppermint.json
|
||||||
|
|
||||||
|
#### Nginx
|
||||||
For those running Nginx, this configuration snippet should block access to `peppermint.json`:
|
For those running Nginx, this configuration snippet should block access to `peppermint.json`:
|
||||||
|
|
||||||
```nginx
|
```nginx
|
||||||
|
@ -29,6 +32,7 @@ location /peppermint.json {
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
#### Apache
|
||||||
If you are running Apache, then the following configuration snippet should block access to `peppermint.json` (credit: [@viradpt](https://github.com/sbrl/Pepperminty-Wiki/issues/224#issuecomment-912683114)):
|
If you are running Apache, then the following configuration snippet should block access to `peppermint.json` (credit: [@viradpt](https://github.com/sbrl/Pepperminty-Wiki/issues/224#issuecomment-912683114)):
|
||||||
|
|
||||||
```htaccess
|
```htaccess
|
||||||
|
@ -38,6 +42,32 @@ If you are running Apache, then the following configuration snippet should block
|
||||||
</Files>
|
</Files>
|
||||||
```
|
```
|
||||||
|
|
||||||
|
#### Lighttpd
|
||||||
|
If you're running lighttpd, then you need to load the `mod_access` module:
|
||||||
|
|
||||||
|
```lighttpd
|
||||||
|
server.modules += ( "mod_access" )
|
||||||
|
```
|
||||||
|
|
||||||
|
If you already have a `server.modules` directive, simply add `mod_access` to the list if you haven't already. Then, just block access like so:
|
||||||
|
|
||||||
|
```lighttpd
|
||||||
|
$HTTP["url"] =~ "^/peppermint.json" {
|
||||||
|
url.access-deny = ("")
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Caddy
|
||||||
|
The Caddy web server makes it easy to block files. Add this to your `server` block if you have one, or if not just to the end of your Caddyfile:
|
||||||
|
|
||||||
|
```caddy
|
||||||
|
@blocked {
|
||||||
|
path *peppermint.json
|
||||||
|
}
|
||||||
|
respond @blocked 403
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Microsoft IIS
|
||||||
For those running IIS, the following will grant the appropriate read and write permissions to the IIS_IUSRS group, and prevent the peppermint.json file from being retrieved.
|
For those running IIS, the following will grant the appropriate read and write permissions to the IIS_IUSRS group, and prevent the peppermint.json file from being retrieved.
|
||||||
|
|
||||||
Open an elevated (administrator) Command Prompt and run the following.
|
Open an elevated (administrator) Command Prompt and run the following.
|
||||||
|
@ -59,6 +89,7 @@ icacls . /grant IIS_IUSRS:(OI)(CI)RXWM
|
||||||
ENDLOCAL
|
ENDLOCAL
|
||||||
```
|
```
|
||||||
|
|
||||||
|
#### Other web servers
|
||||||
If you aren't running any of these web servers and have a configuration snippet to share for your web server, please [open an issue](https://github.com/sbrl/Pepperminty-Wiki/issues/new) to get in touch - and then we can add your configuration snippet to improve this documentation for everyone.
|
If you aren't running any of these web servers and have a configuration snippet to share for your web server, please [open an issue](https://github.com/sbrl/Pepperminty-Wiki/issues/new) to get in touch - and then we can add your configuration snippet to improve this documentation for everyone.
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -134,7 +134,7 @@ register_module([
|
||||||
"timestamp" => time(),
|
"timestamp" => time(),
|
||||||
"page" => $env->page,
|
"page" => $env->page,
|
||||||
"user" => $env->user,
|
"user" => $env->user,
|
||||||
"reply_depth" => $comment_thread !== null ? count($comment_thread) : 0,
|
"reply_depth" => isset($comment_thread) ? count($comment_thread) : 0,
|
||||||
"comment_id" => $new_comment->id
|
"comment_id" => $new_comment->id
|
||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,9 +5,9 @@
|
||||||
|
|
||||||
register_module([
|
register_module([
|
||||||
"name" => "User Organiser",
|
"name" => "User Organiser",
|
||||||
"version" => "0.1.2",
|
"version" => "0.1.3",
|
||||||
"author" => "Starbeamrainbowlabs",
|
"author" => "Starbeamrainbowlabs",
|
||||||
"description" => "Adds a organiser page that lets moderators (or better) control the reegistered user accounts, and perform adminstrative actions such as password resets, and adding / removing accounts.",
|
"description" => "Adds a organiser page that lets moderators (or better) control the registered user accounts, and perform administrative actions such as password resets, and adding / removing accounts.",
|
||||||
"id" => "feature-user-table",
|
"id" => "feature-user-table",
|
||||||
"code" => function() {
|
"code" => function() {
|
||||||
global $settings, $env;
|
global $settings, $env;
|
||||||
|
@ -149,7 +149,7 @@ https://github.com/sbrl/Pepperminty-Wiki/
|
||||||
");
|
");
|
||||||
|
|
||||||
$content = "<h2>Add User</h2>
|
$content = "<h2>Add User</h2>
|
||||||
<p>The new user was added to $settings->sitename sucessfully! Their details are as follows:</p>
|
<p>The new user was added to $settings->sitename successfully! Their details are as follows:</p>
|
||||||
<ul>
|
<ul>
|
||||||
<li>Username: <code>$new_username</code></li>";
|
<li>Username: <code>$new_username</code></li>";
|
||||||
if(!empty($new_email))
|
if(!empty($new_email))
|
||||||
|
@ -282,7 +282,7 @@ Powered by Pepperminty Wiki
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
||||||
if($env->is_admin) add_help_section("949-user-table", "Managing User Accounts", "<p>As a moderator on $settings->sitename, you can use the <a href='?action=user-table'>User Table</a> to adminstrate the user accounts on $settings->sitename. It allows you to perform actions such as adding and removing accounts, and resetting passwords.</p>");
|
if($env->is_admin) add_help_section("949-user-table", "Managing User Accounts", "<p>As a moderator on $settings->sitename, you can use the <a href='?action=user-table'>User Table</a> to administrate the user accounts on $settings->sitename. It allows you to perform actions such as adding and removing accounts, and resetting passwords.</p>");
|
||||||
}
|
}
|
||||||
]);
|
]);
|
||||||
/**
|
/**
|
||||||
|
|
Loading…
Reference in New Issue