lichenblankie/tinyweb
1
0
Fork 0
Code Issues Pull requests Projects 1 Releases 1 Packages Wiki Activity Actions
No description
13 commits 1 branch 1 tag 4.6 MiB
Find a file
lichenblankie 0981c2e0a9 hardened CSRF, SSRF, FTS5 
- CSRF: Generate random token at startup, include as hidden field in
  all 11 POST forms, validate at top of POST dispatch (returns 403)
- SSRF: Block private/internal IP ranges (127/8, 10/8, 172.16/12,
  192.168/16, 169.254/16, ::1, fc00::/7) by resolving hostname before
  fetch. Remove verify=False from requests.get().
- DELETE: Change /delete/<id> from GET (instant delete) to GET
  (confirmation page) + POST (actual delete) to prevent accidental
  deletion from prefetchers/crawlers.
- FTS5: Wrap search input in double quotes to neutralize FTS5
  operators (AND, OR, NOT, *, column:). Add try/except fallback.
2026-06-05 05:29:35 +00:00
themes created themes folder with kodama template 2026-06-05 05:29:35 +00:00
.gitignore created themes folder with kodama template 2026-06-05 05:29:35 +00:00
app.py bound to 0.0.0.0 for remote access 2026-06-05 05:29:35 +00:00
db.py hardened CSRF, SSRF, FTS5 2026-06-05 05:29:35 +00:00
gateway.py single-command startup 2026-06-05 05:29:35 +00:00
handlers.py hardened CSRF, SSRF, FTS5 2026-06-05 05:29:35 +00:00
README.md first commit 2026-06-05 05:22:37 +00:00
requirements.txt ported everything to Reticulum mesh 2026-06-05 05:29:35 +00:00
rns_client.py wired up mesh subscriptions + search 2026-06-05 05:29:35 +00:00
templates.py added custom template editor, cleaned up UI 2026-06-05 05:29:35 +00:00

README.md