emoncms releases

• update version
• php 7 compatibility
• update version

Full commit diff

• Merge pull request #1987 from emoncms/fix/trusted-proxy-host-header-injection
• fix log escapeshell issue
• remove escapeshell from logfile
• fix redis error
• update version (modular admin)
• minor fixes
• include local changes tag
• fix core info
• fix access to directories
• use components directly for core as well
• clean up camel case
• consistent model names
• re-organise
• log model, clean up
• fix routes
• clean up
• seperate services class
• extended sysinfo to match original
• second system info class test
• latest sys info
• refactor system info method
• refinements
• fix translations
• refactored admin info view
• json systeminfo end point
• remove serial monitor, serial cofig ui is sufficient
• move view calls to relevant sections
• modularise serial
• modularise update and components
• component model
• remove post body http method over-ride option and add comment cors preflight for reference
• avoid filepath variable override in view()
• harden db_check with prepared statement
• fix: only trust X-Forwarded-* headers from local/LAN proxies
• remember me module tests
• update version
• readme for tests
• remove old tests, replace with php user model tests as a POC
• option to disable rate limiting for local testing
• require_once on remember me

Full commit diff

• update version
• handle migration from sha1 to sha256
• fix timezone login error

Full commit diff

• update version

Full commit diff

• update version
• changes for consistency with emoncms.org
• security: fix shell injection, session corruption and unescaped args in admin module
• centralise exec & passthru calls
• extract out exec and passthru for ease of reference
• extract out exec calls for easy reference
• refactor: get_rpi_info
• security: harden file upload, redis version check, and service execution
• security: fix command injection risks in admin module
• DiD: prepared statement in schedule create
• DiD: casting and prepared statements for process list mysql timeseries engine methods
• DiD: use prepared statement
• defence in depth casts
• minor fix
• breakout admin user functionality to AdminUserModel class
• remove email from email verification link, there is enough security in the key already
• validate timezone and exit if ip returns empty on ratelimit
• centralise referrer validation
• avoid enumeration in password reset
• tighten apikey validation, remove sql error output
• remove dead code, catch db write error
• comments for readability
• avoid enumeration on login, rate limit change password
• fix setting of uuid
• centralise validation, rate limit on login, auth, register, password reset
• missing auth check on multigraph getlist, would just return empty array but better to have it
• Fix XSS via Broken Sanitize-then-Store Pattern (Type 9 — Colour)
• use core.php get fn here
• fix htmlspecialchars() Misapplied to URL in Logout Flow (Logic Bug)
• avoid usernam enumeration
• Fix: Open Redirect / Potential XSS via referrer Parameter
• upgrade rememberme token to sha256
• remove logging of remember me cookie, use hash_equals better timing, close stmt
• belt and braces
• Merge branch 'master' of github.com:emoncms/emoncms
• harden get_uuid
• Merge pull request #1985 from jeremypoulter/allow_redis_host_configure
• update version
• fix contains error
• breakout common serial config code to simplify maintanence
• Refactor Redis client connection in service-runner to use environment variables for host and port configuration

Full commit diff

• update version
• fix vactive hide inactive

Full commit diff

• update version
• remove setting of session variable
• support changing feed/data route

Full commit diff