CIDRAM: Classless Inter-Domain Routing Access Manager.
[2024.02.20; Maikuolan]: The internal AbuseIPDB reporting page now includes a field to specify the exact time of attack for reports.
[2024.04.04; Bug-fix; Maikuolan]: Removed the minimum parameter from the input fields for the start and expiry dates at the auxiliary rules page, as it interfered with a user's ability to modify any auxiliary rules when such a field preceded the current date (#572).
Caleb M (Maikuolan), April 6, 2024.
Caleb M (Maikuolan), April 6, 2024.
[2023.12.01; Maikuolan]: Improved escaping. Added support for specifying a Redis database number to the supplementary cache options (#540).
[2023.12.02; Bug-fix; Maikuolan]: Two-factor authentication found to be broken since v3.0.0-beta1; Fixed.
[2023.12.03; Bug-fixes; Maikuolan]: When an installed component was outdated, but the version constraints of the update's dependencies weren't met, the update shouldn't be being included in the list of outdated components for updating all at once, but was; Fixed. At the page for entering a 2FA code when logging into a 2FA-enabled account, no logout button was displayed, preventing the user from logging out easily, which may be needed in the event of not receiving any 2FA code; Fixed.
[2023.12.08; Maikuolan]: Improved resource guards for the auxiliary rules file.
[2023.12.08; Bug-fix; Maikuolan]: Not escaping keys when reconstructing YAML data could prevent successful reprocessing of those keys if said keys contained any hashes or backslashes. The solution is to enforce escaping of keys when such bytes are detected, regardless of how the property for quoting keys is defined. Accordingly, that's been done, and a new method added for that purpose (#547).
[2023.12.12; Security; Maikuolan]: Added a method to check whether a name is reserved, and applied it as a guard at the points where signature files, modules, and events are read in, and where files are required via Run commands. Attempting to perform file operations on reserved names under Windows and some other operating systems could cause the underlying file system to attempt to communicate with a serial port instead of the intended file. PHP is likely to then wait indefinitely for a response it's unlikely to ever receive, thus locking up the process and preventing further requests unless the process is restarted. Although it's infinitesimally unlikely that a user would actually want to use a reserved name for one of their signature files, modules, events, or run commands, as the solution is exceedingly simple, with no particular performance impact, I've implemented it accordingly.
[2023.12.12; Maikuolan]: Split the code for most of the various front-end pages, which the view method was responsible for, into their own distinct files. Worked it in such a way that it should now be possible to create custom front-end pages. Renamed some assets.
[2023.12.15; New Feature; Maikuolan]: Capture groups from regular expression auxiliary rule matches can now be reflected into an auxiliary rule's name or block reason (#524).
[2023.12.15~26; New Feature; Maikuolan]: Built an integrated reporting page to be able to manually report IP addresses to AbuseIPDB directly from the CIDRAM Front-End, or to be able to delete previous reports in the event that an IP address has been reported in error (#338).
[2023.12.26; Maikuolan]: Refactored the page greeting and some theme assets.
[2023.12.29; Bug-fix; Maikuolan]: Some of the more unusual available number formatting choices (e.g., choices not using base-10 or Arabic numerals) didn't mesh well with the JavaScript code responsible for using them; Fixed.
[2023.12.01; Maikuolan]: Improved escaping. Added support for specifying a Redis database number to the supplementary cache options (#540).
[2023.12.03; Bug-fixes; Maikuolan]: When an installed component was outdated, but the version constraints of the update's dependencies weren't met, the update shouldn't be being included in the list of outdated components for updating all at once, but was; Fixed. At the page for entering a 2FA code when logging into a 2FA-enabled account, no logout button was displayed, preventing the user from logging out easily, which may be needed in the event of not receiving any 2FA code; Fixed.
[2023.12.08; Bug-fix; Maikuolan]: Not escaping keys when reconstructing YAML data could prevent successful reprocessing of those keys if said keys contained any hashes or backslashes. The solution is to enforce escaping of keys when such bytes are detected, regardless of how the property for quoting keys is defined. Accordingly, that's been done, and a new method added for that purpose (#547).
[2023.12.12; Security; Maikuolan]: Added a method to check whether a name is reserved, and applied it as a guard at the points where signature files, modules, and events are read in, and where files are required via Run commands. Attempting to perform file operations on reserved names under Windows and some other operating systems could cause the underlying file system to attempt to communicate with a serial port instead of the intended file. PHP is likely to then wait indefinitely for a response it's unlikely to ever receive, thus locking up the process and preventing further requests unless the process is restarted. Although it's infinitesimally unlikely that a user would actually want to use a reserved name for one of their signature files, modules, events, or run commands, as the solution is exceedingly simple, with no particular performance impact, I've implemented it accordingly.
[2023.12.29; Bug-fix; Maikuolan]: Some of the more unusual available number formatting choices (e.g., choices not using base-10 or Arabic numerals) didn't mesh well with the JavaScript code responsible for using them; Fixed.
Caleb M (Maikuolan), January 14, 2024.
[2023.12.01; Maikuolan]: Improved escaping. Added support for specifying a Redis database number to the supplementary cache options (#540).
[2023.12.03; Bug-fixes; Maikuolan]: When an installed component was outdated, but the version constraints of the update's dependencies weren't met, the update shouldn't be being included in the list of outdated components for updating all at once, but was; Fixed. At the page for entering a 2FA code when logging into a 2FA-enabled account, no logout button was displayed, preventing the user from logging out easily, which may be needed in the event of not receiving any 2FA code; Fixed.
[2023.12.08; Bug-fix; Maikuolan]: Not escaping keys when reconstructing YAML data could prevent successful reprocessing of those keys if said keys contained any hashes or backslashes. The solution is to enforce escaping of keys when such bytes are detected, regardless of how the property for quoting keys is defined. Accordingly, that's been done, and a new method added for that purpose (#547).
[2023.12.12; Security; Maikuolan]: Added a method to check whether a name is reserved, and applied it as a guard at the points where signature files, modules, and events are read in, and where files are required via Run commands. Attempting to perform file operations on reserved names under Windows and some other operating systems could cause the underlying file system to attempt to communicate with a serial port instead of the intended file. PHP is likely to then wait indefinitely for a response it's unlikely to ever receive, thus locking up the process and preventing further requests unless the process is restarted. Although it's infinitesimally unlikely that a user would actually want to use a reserved name for one of their signature files, modules, events, or run commands, as the solution is exceedingly simple, with no particular performance impact, I've implemented it accordingly.
[2023.12.29; Bug-fix; Maikuolan]: Some of the more unusual available number formatting choices (e.g., choices not using base-10 or Arabic numerals) didn't mesh well with the JavaScript code responsible for using them; Fixed.
Caleb M (Maikuolan), January 14, 2024.
[2023.10.13; Bug-fix; Maikuolan]: Some calls to the executor were missing a necessary parameter, and when to engage queuing wasn't always being decided correctly; Fixed.
[2023.10.16; Maikuolan]: Added decorative SVGs to the front-end backup page.
[2023.10.21; Bug-fix; Maikuolan]: The label for the CAPTCHA submit button wasn't rendering properly; Fixed (#526).
[2023.11.10; Maikuolan]: Better missing class guarding.
[2023.11.17; Maikuolan]: Added an icon for entries at the IP tracking page to go directly to the AbuseIPDB reporting page for those entries.
[2023.11.18; Maikuolan]: Improved dynamic icons, extended the AbuseIPDB reporting page icon to the logs page, and added an IP testing page icon to IP tracking and logs page entries.
[2023.11.19; Maikuolan]: Restyled file inputs.
[2023.11.21; Bug-fix; Maikuolan]: The YAML handler's unescape method wasn't unescaping correctly when escaped backslashes preceded other escapable symbols; Fixed (#532).
[2023.11.26; Bug-fix; Maikuolan]: The repair option at the updates page sometimes not offered when it should be; Fixed.
[2023.11.27; Bug-fix; Maikuolan]: The isSensitive method would sometimes fail to correctly identify regular expressions; Fixed.
[2023.11.27; Maikuolan]: Added a new option for the usemode configuration directives: To offer CAPTCHAs only when not blocked, at sensitive page requests.
[2023.09.15; Bug-fixes; Maikuolan]: Auxiliary rules automatic method detection failed to detect for numeric comparison; Fixed. Auxiliary rules numeric comparison could accept non-numeric values under certain conditions; Fixed.
[2023.09.16~18; Maikuolan]: Significantly refactored all L10N data.
[2023.09.18; Maikuolan]: Better resource guarding (#516).
[2023.09.19~20; Maikuolan]: BunnyCDN and IP-API modules can now populate profiles.
[2023.09.20; Maikuolan]: The front-end IP testing interface can now switch between focusing primarily on IP addresses versus focusing primarily on user agents (#464).
[2023.09.20; Bug-fix; Maikuolan]: Added horizontal scrollbars for rows generated by IP testing which exceed the normal width of the page to prevent page overflow (#447).
[2023.09.20; Security; Maikuolan]: Self-inflicted XSS was possible at the front-end IP testing page when user agents, queries, or referrers which contain valid HTML tags (e.g., JavaScript) were entered for testing; Fixed.
[2023.09.21; Maikuolan]: Replaced all emoji at the auxiliary rules page with SVGs. Replaced the delete emoji at the cache data page with an SVG.
[2023.10.05; Bug-fix; Maikuolan]: Stop Forum Spam module found to have been broken since v3.0; Fixed.
[2023.09~10; Maikuolan]: Added L10N for Afrikaans and Romanian.