kamaji/aptool
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add password generator, duplicate AP rejection, and input sanitization

Browse Source 
- Add Gen button to admin panel that generates 13-char alphanumeric
  passwords for Nextcloud credentials (Add Site form and Edit modal)
- Reject duplicate AP numbers within the same site (409 response)
- Fix newline injection vulnerability in admin API that allowed
  creating backdoor site entries via sites.conf corruption
- Fix colon-in-PIN bug by rejecting colons in PIN and NC User fields
- Use maxsplit=3 in sites.conf parser so NC Pass can contain colons
- Add nc_change_password() to sync password edits to Nextcloud
- Clean up corrupted sites.conf entries from prior injection

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
kamaji
2026-01-26 08:47:30 -06:00
parent 30fc55567c
commit a719e528ed
3 changed files with 132 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
sites.conf
View File

@@ -21,5 +21,6 @@
# The app reloads this file on every login attempt, so changes
# take effect immediately — no restart needed.
1102:1102:1102:FocusWrite2000!
1234:1234:1234:railFocus11
2725:2725:2725:makeBiscuits
2725:2725:2725:makeBiscuits112