xlx db v2.4.3

SECURITY UPDATE - All files updated to fix vulnerabilities

This release addresses multiple security vulnerabilities including XSS (Cross-Site Scripting), 
command injection, path traversal, and SSRF (Server-Side Request Forgery) attacks.

Files Changed and Security Fixes:

- "functions.php"
  * Added sanitize_output() and sanitize_attribute() helper functions for XSS prevention
  * Added validate_callsign(), validate_module(), validate_protocol() input validation functions
  * Replaced exec() call in GetSystemUptime() with secure file reading from /proc/uptime
  * Added input validation and shell argument escaping to VNStatGetData()
  * Added array bounds checking to ParseTime() to prevent errors on malformed input

- "class.interlink.php"
  * Added input validation to SetName() - validates reflector name format
  * Added input validation to SetAddress() - validates IP addresses and hostnames
  * Added input validation to AddModule(), RemoveModule(), and HasModuleEnabled()

- "class.node.php"
  * Added input validation in constructor for all parameters
  * IP addresses validated with filter_var()
  * Protocol validated against whitelist
  * Callsign format validated with regex
  * LinkedModule validated as single A-Z letter

- "class.parsexml.php"
  * Added element name sanitization to prevent XML injection

- "class.peer.php"
  * Added input validation in constructor for all parameters
  * Same validation as class.node.php for consistency

- "class.reflector.php"
  * Added path traversal prevention to SetXMLFile(), SetPIDFile(), and SetFlagFile()
  * Added SSRF protection to CallHome() - blocks internal/private IP addresses
  * Added validation to ReadInterlinkFile() to prevent path traversal
  * Added XML entity encoding to PrepareInterlinkXML() and PrepareReflectorXML()
  * Added URL validation to SetCallingHome()
  * Added missing InterlinkCount(), GetInterlink(), and IsInterlinked() methods

- "class.station.php"
  * Added input validation in constructor for all parameters
  * Callsign format validation
  * Module validation

- "modules.php"
  * All output wrapped with sanitize_output() to prevent XSS

- "peers.php"
  * All peer data output sanitized with sanitize_output() and sanitize_attribute()
  * URL and callsign outputs properly escaped

- "reflectors.php"
  * All XML element data sanitized before output
  * Dashboard URLs and reflector names properly escaped

- "repeaters.php"
  * Added input validation for filter parameters
  * All node/repeater data sanitized before output
  * Flag images and URLs properly escaped
  * IP addresses sanitized

- "traffic.php"
  * Added strict whitelist validation for interface parameter
  * Interface names validated against configured list only

- "users.php"
  * Added input validation for filter parameters
  * All station/user data sanitized before output
  * Callsigns, suffixes, and module names properly escaped

- "index.php"
  * Added secure session configuration (HttpOnly, SameSite, Secure flags)
  * Added security headers (X-Content-Type-Options, X-Frame-Options, X-XSS-Protection, Referrer-Policy)
  * Added whitelist validation for 'show' parameter
  * Added validation for 'do' and 'callhome' parameters
  * All configuration values sanitized before output to HTML
  * JavaScript injection prevented in page refresh code
  * All meta tags properly escaped

Security Vulnerabilities Fixed:
- XSS (Cross-Site Scripting) - All user input and XML data now properly escaped
- Command Injection - Removed unsafe exec() calls, added shell argument escaping
- Path Traversal - File paths validated and restricted to expected directories
- SSRF (Server-Side Request Forgery) - CallHome validates URLs and blocks internal IPs
- Session Hijacking - Added HttpOnly, SameSite, and Secure cookie flags
- XML Injection - Element names sanitized, content stripped of tags

xlx db v2.4.1

you can now hide the liveircddb menu button, if you are running your db in https.

- "config.inc.php
- "index.php"

xlx db v2.4.0

- "config.inc.php"
- "index.php"
- "js"
- "layout.css"

xlx db v2.3.9

redesign for the callinghome.php

- "config.inc.php"
- "index.php"
- "functions.php"

xlx db v2.3.8

add support for network traffic statistics via vnstat.

- "config.inc.php"
- "index.php"
- "functions.php"

add traffic.php

xlx db v2.3.7

add background color change on active page.

- "config.inc.php"
- "layout.css"
- "index.php"

xlx db v2.3.6

add xlx reflector version to calling home.

- "config.inc.php"
- "class.reflector.php"

xlx db v2.3.5

now the page refresh is now suspended until you leave the filte fields.

- "index.php"
- "users.php"
- "config.inc.php"

xlx db v2.3.4

add filter function to the dashboard. It can be enabled or disabled via the config.inc.php

- "index.php"
- "users.php"
- "config.inc.php"	$PageOptions['UserPage']['ShowFilter'] added
- "layout.css"

xlx db v2.3.3

now displays always the correct module for the last heard station.
db v2.3.3 requires xlxd v1.4.1

- "class.station.php"
- "class.reflector.php"
- "users.php"

xlx db v2.3.2

add random id for nodes, to show the correct linked module for multiple nodes with
the same call signe linked to different modules.

- "class.node.php"
- "class.reflector.php"
- "users.php"	

xlx db v2.3.1
 
- "config.inc.php" 	$CallingHome['InterlinkFile'] added
- "index.php"		added support for interlink visualization
- "class.reflector.php" callingHome redisigned for interlink visualization	
- "class.interlink.php"	interlink visualization

xlx db v2.2.3

- "config.inc.php" 	$CallingHome['HashFile'] and $CallingHome['OverrideIPAddress'] added
- "index.php" 		supports new variables from config.inc.php
- "class.reflector.php" supports new variables from config.inc.php
- "country.csv " 	prefixes update	

xlx db v2.2.2

This version is a major release with voluntary self-registration feature build in.
You need to edit the conf.inc.php to your needs.
On the first run your personal hash to access the database is place in the server’s /tmp folder.
Take care to make a backup of this file because this folder is cleaned up after a server reboot.

This version is a major release

xlx db v2.1.6

With this version of the dashboard, serveral parameters
are free configurable.
Changes are made in "config.inc.php" 

- "config.inc.php"
- "index.php"
- "users.php"
- "peers.php
- "repeaters.php"

xlx db v2.1.5

- "class.node.php" added "get prefix
- "repeaters.php" check for XRF or REF link
- "country.csv " prefixes update + gate symbol
- "flags" gate.png 

xlx db v2.1.4

- "class.reflector.php" improved the flag search
- "country.csv" added serveral prefixes
- "flags" added Puerto Ricco and Åland Islands

xlx db v2.1.3

- "index.php" added support for multiradio repeaters
- "users.php" added support for multiradio repeaters
- "class.reflector.php" added support for multiradio repeaters
- "repeaters.php" added suffix "D" for "dongle"

xlx db v2.1.2

- "index.php" bugfix to correct an error if XLX name is equal to XLX000

xlx db v2.1.1

- "peers.php" added hyperlink to the peers ip address

xlx db v2.1.0
 
- "index.php" 
   button "Peers" added
   button "Repeaters/Nodes" shows now the number of connected devices
   moved XLX name, version and service uptime to improve view on mobile devices

 - "class.peer.php" added
 
 - "peers.php" added 
 
 - "repeaters.php" limits nodes show up to 100 nodes
 
xlx db v2.0.6

- "index.php" now reads out the XLX service uptime and not the server uptime
- "country.csv" prefixes update
- "class.reflector.php" flags showing improvements
- "users.php" limits user show up to 40 users
- "repeaters.php" limits nodes show up to 40 nodes

xlx db v2.0.5

- "class.reflector.php" extra callsign checking