2025-11-24 11:20:31 +01:00
|
|
|
|
xlx db v2.3.9
|
|
|
|
|
|
|
|
|
|
|
|
SECURITY UPDATE - Minor upgrade to further improve dashboard security
|
|
|
|
|
|
|
|
|
|
|
|
- "index.php"
|
|
|
|
|
|
* Added additional security headders to improve security score for dashbaord application.
|
|
|
|
|
|
* Add Content Security Policy
|
|
|
|
|
|
* Add Permissions Policy
|
|
|
|
|
|
* Add Transport Security Policy
|
|
|
|
|
|
|
|
|
|
|
|
|
2025-10-14 13:25:26 +02:00
|
|
|
|
xlx db v2.3.8
|
|
|
|
|
|
|
|
|
|
|
|
SECURITY UPDATE - XSS Vulnerability Patches and Security Enhancements
|
|
|
|
|
|
- "functions.php" added SafeOutput() and SafeOutputAttr() for XSS protection
|
|
|
|
|
|
added GenerateCSRFToken() and ValidateCSRFToken() for CSRF protection
|
|
|
|
|
|
- "index.php" added session_start() for CSRF token support
|
|
|
|
|
|
added SafeOutput() to all $_GET['show'] outputs
|
|
|
|
|
|
added input whitelist validation for $_GET['show'] parameter
|
|
|
|
|
|
changed file permission from 777 to 600 for hash file (security hardening)
|
|
|
|
|
|
added SafeOutputAttr() to all meta tag outputs
|
|
|
|
|
|
added SafeOutput() to contact email output
|
|
|
|
|
|
improved error messages to prevent information disclosure
|
|
|
|
|
|
- "users.php" added CSRF token validation for all POST requests
|
|
|
|
|
|
added CSRF tokens to both filter forms
|
|
|
|
|
|
added input validation with regex for callsign filter (alphanumeric, dash, asterisk only)
|
|
|
|
|
|
added input validation with regex for module filter (single letter A-Z only)
|
|
|
|
|
|
added SafeOutput() and SafeOutputAttr() to all user data outputs
|
|
|
|
|
|
added SafeOutput() to all callsign, suffix, via, peer, and module outputs
|
|
|
|
|
|
- "repeaters.php" added SafeOutput() to all node callsign, suffix, protocol, and module outputs
|
|
|
|
|
|
added SafeOutput() to all IP address outputs
|
|
|
|
|
|
- "peers.php" added SafeOutput() and SafeOutputAttr() to peer name and URL outputs
|
|
|
|
|
|
added SafeOutput() to protocol, module, and IP address outputs
|
|
|
|
|
|
- "reflectors.php" added SafeOutput() and SafeOutputAttr() to reflector name, country, comment, and URL outputs
|
|
|
|
|
|
- "class.reflector.php" added URL validation in CallHome() method to prevent remote file inclusion attacks
|
|
|
|
|
|
|
2016-07-05 18:29:40 +02:00
|
|
|
|
xlx db v2.3.1
|
|
|
|
|
|
|
|
|
|
|
|
- "config.inc.php" $CallingHome['InterlinkFile'] added
|
|
|
|
|
|
- "index.php" added support for interlink visualization
|
|
|
|
|
|
- "class.reflector.php" callingHome redisigned for interlink visualization
|
|
|
|
|
|
- "class.interlink.php" interlink visualization
|
|
|
|
|
|
|
|
|
|
|
|
xlx db v2.2.3
|
|
|
|
|
|
|
|
|
|
|
|
- "config.inc.php" $CallingHome['HashFile'] and $CallingHome['OverrideIPAddress'] added
|
|
|
|
|
|
- "index.php" supports new variables from config.inc.php
|
|
|
|
|
|
- "class.reflector.php" supports new variables from config.inc.php
|
|
|
|
|
|
- "country.csv " prefixes update
|
|
|
|
|
|
|
|
|
|
|
|
xlx db v2.2.2
|
|
|
|
|
|
|
|
|
|
|
|
This version is a major release with voluntary self-registration feature build in.
|
|
|
|
|
|
You need to edit the conf.inc.php to your needs.
|
2025-10-14 13:25:26 +02:00
|
|
|
|
On the first run your personal hash to access the database is place in the server<65>s /tmp folder.
|
2016-07-05 18:29:40 +02:00
|
|
|
|
Take care to make a backup of this file because this folder is cleaned up after a server reboot.
|
|
|
|
|
|
|
|
|
|
|
|
This version is a major release
|
|
|
|
|
|
|
|
|
|
|
|
xlx db v2.1.6
|
|
|
|
|
|
|
|
|
|
|
|
With this version of the dashboard, serveral parameters
|
|
|
|
|
|
are free configurable.
|
|
|
|
|
|
Changes are made in "config.inc.php"
|
|
|
|
|
|
|
|
|
|
|
|
- "config.inc.php"
|
|
|
|
|
|
- "index.php"
|
|
|
|
|
|
- "users.php"
|
|
|
|
|
|
- "peers.php
|
|
|
|
|
|
- "repeaters.php"
|
|
|
|
|
|
|
|
|
|
|
|
xlx db v2.1.5
|
|
|
|
|
|
|
|
|
|
|
|
- "class.node.php" added "get prefix
|
|
|
|
|
|
- "repeaters.php" check for XRF or REF link
|
|
|
|
|
|
- "country.csv " prefixes update + gate symbol
|
|
|
|
|
|
- "flags" gate.png
|
|
|
|
|
|
|
|
|
|
|
|
xlx db v2.1.4
|
|
|
|
|
|
|
|
|
|
|
|
- "class.reflector.php" improved the flag search
|
|
|
|
|
|
- "country.csv" added serveral prefixes
|
2025-10-14 13:25:26 +02:00
|
|
|
|
- "flags" added Puerto Ricco and <20>land Islands
|
2016-07-05 18:29:40 +02:00
|
|
|
|
|
|
|
|
|
|
xlx db v2.1.3
|
|
|
|
|
|
|
|
|
|
|
|
- "index.php" added support for multiradio repeaters
|
|
|
|
|
|
- "users.php" added support for multiradio repeaters
|
|
|
|
|
|
- "class.reflector.php" added support for multiradio repeaters
|
|
|
|
|
|
- "repeaters.php" added suffix "D" for "dongle"
|
|
|
|
|
|
|
|
|
|
|
|
xlx db v2.1.2
|
|
|
|
|
|
|
|
|
|
|
|
- "index.php" bugfix to correct an error if XLX name is equal to XLX000
|
|
|
|
|
|
|
|
|
|
|
|
xlx db v2.1.1
|
|
|
|
|
|
|
|
|
|
|
|
- "peers.php" added hyperlink to the peers ip address
|
|
|
|
|
|
|
|
|
|
|
|
xlx db v2.1.0
|
|
|
|
|
|
|
|
|
|
|
|
- "index.php"
|
|
|
|
|
|
button "Peers" added
|
|
|
|
|
|
button "Repeaters/Nodes" shows now the number of connected devices
|
|
|
|
|
|
moved XLX name, version and service uptime to improve view on mobile devices
|
|
|
|
|
|
|
|
|
|
|
|
- "class.peer.php" added
|
|
|
|
|
|
|
|
|
|
|
|
- "peers.php" added
|
|
|
|
|
|
|
|
|
|
|
|
- "repeaters.php" limits nodes show up to 100 nodes
|
|
|
|
|
|
|
|
|
|
|
|
xlx db v2.0.6
|
|
|
|
|
|
|
|
|
|
|
|
- "index.php" now reads out the XLX service uptime and not the server uptime
|
|
|
|
|
|
- "country.csv" prefixes update
|
|
|
|
|
|
- "class.reflector.php" flags showing improvements
|
|
|
|
|
|
- "users.php" limits user show up to 40 users
|
|
|
|
|
|
- "repeaters.php" limits nodes show up to 40 nodes
|
|
|
|
|
|
|
|
|
|
|
|
xlx db v2.0.5
|
|
|
|
|
|
|
|
|
|
|
|
- "class.reflector.php" extra callsign checking
|
