xlxd/dashboard2/changes.txt

xlx db v2.3.10
Fix liveircddb page broken by CSP security headers

 - "pgs/ircddb_proxy.php" (NEW)
  * Added transparent proxy for live.ircddb.net to resolve CSP and mixed-content issues
  * Proxies all requests through local server, rewriting URLs to maintain functionality
  * Supports both HTTP and HTTPS dashboard deployments
  * Defaults to live.ircddb.net:8080, configurable via $PageOptions['IRCDDB']['URL']
  * Default page ircddblive5.html, configurable via $PageOptions['IRCDDB']['Page']

 - "pgs/liveircddb.php"
  * Changed iframe source from direct external URL to local proxy

 - "pgs/config.inc.php"
  * Added $PageOptions['IRCDDB']['Show'] option
  * Added commented out optional override options for URL and Page

xlx db v2.3.9

SECURITY UPDATE - Minor upgrade to further improve dashboard security

 - "index.php"
  * Added additional security headders to improve security score for dashbaord application.
  * Add Content Security Policy
  * Add Permissions Policy
  * Add Transport Security Policy


xlx db v2.3.8

SECURITY UPDATE - XSS Vulnerability Patches and Security Enhancements
- "functions.php"       added SafeOutput() and SafeOutputAttr() for XSS protection
                        added GenerateCSRFToken() and ValidateCSRFToken() for CSRF protection
- "index.php"           added session_start() for CSRF token support
                        added SafeOutput() to all $_GET['show'] outputs
                        added input whitelist validation for $_GET['show'] parameter
                        changed file permission from 777 to 600 for hash file (security hardening)
                        added SafeOutputAttr() to all meta tag outputs
                        added SafeOutput() to contact email output
                        improved error messages to prevent information disclosure
- "users.php"           added CSRF token validation for all POST requests
                        added CSRF tokens to both filter forms
                        added input validation with regex for callsign filter (alphanumeric, dash, asterisk only)
                        added input validation with regex for module filter (single letter A-Z only)
                        added SafeOutput() and SafeOutputAttr() to all user data outputs
                        added SafeOutput() to all callsign, suffix, via, peer, and module outputs
- "repeaters.php"       added SafeOutput() to all node callsign, suffix, protocol, and module outputs
                        added SafeOutput() to all IP address outputs
- "peers.php"           added SafeOutput() and SafeOutputAttr() to peer name and URL outputs
                        added SafeOutput() to protocol, module, and IP address outputs
- "reflectors.php"      added SafeOutput() and SafeOutputAttr() to reflector name, country, comment, and URL outputs
- "class.reflector.php" added URL validation in CallHome() method to prevent remote file inclusion attacks

xlx db v2.3.1

- "config.inc.php" 	$CallingHome['InterlinkFile'] added
- "index.php"		added support for interlink visualization
- "class.reflector.php" callingHome redisigned for interlink visualization	
- "class.interlink.php"	interlink visualization

xlx db v2.2.3

- "config.inc.php" 	$CallingHome['HashFile'] and $CallingHome['OverrideIPAddress'] added
- "index.php" 		supports new variables from config.inc.php
- "class.reflector.php" supports new variables from config.inc.php
- "country.csv " 	prefixes update	

xlx db v2.2.2

This version is a major release with voluntary self-registration feature build in.
You need to edit the conf.inc.php to your needs.
On the first run your personal hash to access the database is place in the server<65>s /tmp folder.
Take care to make a backup of this file because this folder is cleaned up after a server reboot.

This version is a major release

xlx db v2.1.6

With this version of the dashboard, serveral parameters
are free configurable.
Changes are made in "config.inc.php" 

- "config.inc.php"
- "index.php"
- "users.php"
- "peers.php
- "repeaters.php"

xlx db v2.1.5

- "class.node.php" added "get prefix
- "repeaters.php" check for XRF or REF link
- "country.csv " prefixes update + gate symbol
- "flags" gate.png 

xlx db v2.1.4

- "class.reflector.php" improved the flag search
- "country.csv" added serveral prefixes
- "flags" added Puerto Ricco and <20>land Islands

xlx db v2.1.3

- "index.php" added support for multiradio repeaters
- "users.php" added support for multiradio repeaters
- "class.reflector.php" added support for multiradio repeaters
- "repeaters.php" added suffix "D" for "dongle"

xlx db v2.1.2

- "index.php" bugfix to correct an error if XLX name is equal to XLX000

xlx db v2.1.1

- "peers.php" added hyperlink to the peers ip address

xlx db v2.1.0
 
- "index.php" 
   button "Peers" added
   button "Repeaters/Nodes" shows now the number of connected devices
   moved XLX name, version and service uptime to improve view on mobile devices

 - "class.peer.php" added
 
 - "peers.php" added 
 
 - "repeaters.php" limits nodes show up to 100 nodes
 
xlx db v2.0.6

- "index.php" now reads out the XLX service uptime and not the server uptime
- "country.csv" prefixes update
- "class.reflector.php" flags showing improvements
- "users.php" limits user show up to 40 users
- "repeaters.php" limits nodes show up to 40 nodes

xlx db v2.0.5

- "class.reflector.php" extra callsign checking