Linux premium180.web-hosting.com 4.18.0-553.54.1.lve.el8.x86_64 #1 SMP Wed Jun 4 13:01:13 UTC 2025 x86_64
LiteSpeed
: 162.0.209.168 | : 216.73.216.187
Cant Read [ /etc/named.conf ]
8.3.30
nortrmdp
www.github.com/MadExploits
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
CPANEL RESET
CREATE WP USER
BLACK DEFEND!
README
+ Create Folder
+ Create File
/
var /
softaculous /
crafty /
[ HOME SHELL ]
Name
Size
Permission
Action
images
[ DIR ]
drwxr-xr-x
php53
[ DIR ]
drwxr-xr-x
php56
[ DIR ]
drwxr-xr-x
php71
[ DIR ]
drwxr-xr-x
php81
[ DIR ]
drwxr-xr-x
php82
[ DIR ]
drwxr-xr-x
changelog.txt
10.42
KB
-rw-r--r--
clone.php
2.47
KB
-rw-r--r--
config.php
4.08
KB
-rw-r--r--
crafty.sql
33.5
KB
-rw-r--r--
crafty.zip
6.33
MB
-rw-r--r--
edit.php
4.2
KB
-rw-r--r--
edit.xml
433
B
-rw-r--r--
fileindex.php
2
KB
-rw-r--r--
import.php
3.13
KB
-rw-r--r--
info.xml
2.35
KB
-rw-r--r--
install.js
924
B
-rw-r--r--
install.php
3.47
KB
-rw-r--r--
install.xml
1.77
KB
-rw-r--r--
md5
2.22
KB
-rw-r--r--
upgrade.php
3.77
KB
-rw-r--r--
upgrade.xml
292
B
-rw-r--r--
Delete
Unzip
Zip
${this.title}
Close
Code Editor : changelog.txt
## VERSION_3_7_5 — 2025-11-14 (Livehelp JS Transparency & Icon Refresh) ### Highlights - Finalized the “local embeds only” policy from 3.7.x clarifying that every Crafty Syntax deploy must host its own tracking assets to meet 2025 privacy baselines. - Removed the last obfuscated powered-by tag hiding in `livehelp_js.php`; the credit line now appears as a normal HTML anchor so auditors (and operators) can see exactly what ships in the bundle. - Added a trailing `csrepeat_()` invocation to `livehelp_js.php` so the floating help icon re-checks operator presence and swaps artwork even after the visitor widget has been idle—most noticeable when the operator drops offline mid-session. - Repacked the 3.7.5 ZIP to include the clean powered-by link plus the extra refresh call; anyone who grabbed the first 3.7.4 build on 2025‑11‑12 should download the updated archive dated late 2025‑11‑12 or newer. ### Status - **Release published**: Distributed as `crafty_syntax-3.7.5.zip`; supersedes the late 3.7.4 refresh so partners have one canonical bundle. - **Upgrade guidance**: If you previously patched to the early 3.7.4 ZIP, copy `livehelp_js.php` (and the updated scratchpad copy) from 3.7.5 so embeds honor the privacy+branding changes without a full reinstall. ## VERSION_3_7_4 — 2025-11-12 (Crafty Syntax Name Restoration) ### Highlights - Reissued the 3.7.3 codebase under the restored **Crafty Syntax** brand; binaries now publish as `crafty_syntax-3.7.4.zip`. - Updated headers, about boxes, installer copy, and powered-by strings to read “Crafty Syntax 3.7.4 (formerly Sales Syntax 3.7.3).” - Refreshed the default login branding: swapped the package logo (`images/logo.png`) and updated `login.php` artwork/labels to show the Crafty Syntax identity. - Restored the `2025_modern/operator.jpg` asset that was missing from the 3.7.3 package so the modern theme displays correctly in 3.7.4. - Corrected the quick-upgrade path in `setup.php` to open a database connection before updating `livehelp_config.version`, ensuring the script actually writes `3.7.4` during the drop-in upgrade. - Generated fresh MD5/SHA256 checksums for both the rebranded package and the archived Sales Syntax bundle so operators can verify integrity. - Documented the rename across `public/what_was_crafty_syntax.php`, `public/crafty_syntax_evolved.php`, and the Crafty Syntax changelog alias. - Notified auto-installer partners (Fantastico, Softaculous, Installatron) that the package is a branding update only—no schema or code changes. ### Status - **Release published**: Use `crafty_syntax-3.7.4.zip` for new installs or upgrades; `salessyntax-3.7.3.zip` remains in `/archive/releases/` for historical reference. - **Upgrade guidance**: Existing Sales Syntax 3.7.3 installs can drop in the rebranded files or continue running unchanged—functionality is identical. --- ## VERSION_3_7_3 — 2025-11-10 (Timezone Offset & Hardening Sweep) ### Highlights - Removed the legacy `offset` column from fresh installs so `setup.php` no longer creates or references the misspelled field that broke MySQL import checks. - Added a tolerant loader for existing databases: if a config row still exposes `offest`, the runtime maps it to `offset` on the fly and falls back to PHP’s active timezone when neither value is present. - Replaced the admin “time offset” dropdown with a read-only notice that shows either the preserved legacy value or the resolved timezone identifier, avoiding undefined-index warnings during upgrades. - Mirrored the fixes into the redistributed `/public/salessyntax` snapshot so hosted customers and LUPOPEDIA deployments stay aligned. - Tightened the HTML embed generator (`htmltags.php`) to display a same-domain placement notice, preventing remote-site integration issues uncovered during shared-host testing. - Tracking now requires local embeds only. To align with 2025 privacy expectations, remote cross-domain tracking was removed in 3.7.x. All installations must use relative paths on the host domain so visitors are not tracked on third-party sites. - Sanitized mobile/iPhone settings updates (`cellphone`, `sessiontimeout`) with `filter_sql` so chat operators cannot inject SQL through the quick settings forms. - Escaped the `see` parameter in `admin_connect.php` before injecting it into the XMLHTTP redirect URL, closing the reflected XSS the legacy admin widget relied on. - Hardened `setup.php` redisplays by wrapping installer inputs in `cslh_escape`/`rawurlencode` and swapping the column-existence checks over to shared-host-friendly `SHOW COLUMNS` queries. - Added `scripts/security_sweep.py` so maintainers can automatically flag risky patterns (`eval`, dynamic includes, raw `$_REQUEST`, unescaped `$UNTRUSTED` output) before shipping future patches. - Completed fresh-install and upgrade validation on Windows (XAMPP) and Linux shared hosts to confirm timezone fallbacks, security fixes, and language loader updates behave consistently. - Restored operator desktop cues: `admin_users_refresh.php` now escalates focus through nested frames (window.parent.bottomof → parent → top → self) before falling back to an alert, and wraps HTML5/EMBED chat sounds with autoplay-promise catches so operators hear the bell even when browsers block background playback. - Standardized all “powered by” links to `https://lupopedia.com/?utm_source=poweredby&utm_campaign=poweredby`, removing obfuscation and legacy domains so embeds point at the LUPOPEDIA hub. - Fixed `leavemessage.php` mail delivery: corrected the status update query, ensured department contact emails are honored, and fall back to `owner_email` so contact alerts always send when visitors leave a message. --- ## Deployment Status (Completed) - Shared-hosting verification completed on Windows and Linux environments; 3.7.3 is cleared for packaging and distribution to hosted customers. ### Status - **Patch released**: Tagged as 3.7.3 within 48 hours to unblock installers seeing the `offest` typo and shore up shared-host security. - **Packaging**: Prepare and distribute the refreshed ZIP bundle to partners; continue monitoring support tickets for any residual timezone edge cases ahead of the planned timezone-schema audit during LUPOPEDIA rollout. - **Verification**: Final security_sweep.py run, admin console debug regression tests, and fresh install/upgrade retests all pass with no new findings; package is ready for delivery. --- ## VERSION_3_7_2 — 2025-11-10 (Installatron Compliance & Branding Refresh) ### Highlights - Rebased the working tree on the original 3.7.1 payload (`public/salessyntax/`) so all new fixes start from the shipped, unmodified theme. - Retired the legacy `filter_html()` sanitizer and swapped every call site to native escaping helpers (`cslh_escape`, `htmlspecialchars`, `rawurlencode`) to eliminate double-sanitization flags raised by Installatron. - Modernized the visitor typing beacon in `livehelp.php` (and mirrored scripts) to prefer `fetch`/`XMLHttpRequest` while keeping the `<img>`/`GETForm` fallbacks for browsers stuck in 2005. - Removed obsolete upgrade prompts (`pp.gif`, `gopro.png`, “Go Pro” copy) now that unbranded features ship by default. - Updated footer credits across operator/admin pages to read: `Sales Syntax Live Help 2003 - 2025 ( a product of Lupopedia LLC )`. - Added an opt-in `2025_modern` theme (responsive layout, flex-based header/footer, refreshed offline/connecting screens) without disturbing existing templates. - Mobile and iPhone operator consoles now submit chats through modern `fetch` with `GETForm2` fallback, keeping the `postmessage` workflow intact for legacy browsers. - Logged the remediation plan in `plan_for_sales_syntax_3_7_2.md` so future patches stay aligned with Installatron requirements. - Introduced hosted documentation stubs (`howto`, `qa`, `updates`) and new public landing pages (`account.php`, `support.php`, `directory.php`, `members.php`). Added an operator-facing notice on `scratch.php` explaining why the 3.7.2 release preserves the 2012-era UI (to keep diff baselines intact) and how LUPOPEDIA 1.0.0 will layer in modern tooling plus AI-driven migration of community customizations. - Refreshed `javascript/xmlhttp.js` to use a shared `fetch` wrapper with automatic fallbacks to the legacy `GETForm` helpers, keeping polling/typing scripts functional on older browsers while modern installs run via `fetch`. - Packaging/testing: preparing the clean 3.7.2 ZIP and verifying shared-host installs with the modernized AJAX pathways. - Updated configuration helpers so generated URLs drop the domain entirely (always relative paths). This avoids mixed-content issues—legacy installs that were `http://` now call AJAX endpoints over the current scheme (`https://` when needed) without breaking. ### Status - **Release in preparation**: Regression testing and packaging still pending before tagging 3.7.2. - **Next steps**: Mirror the modern typing helpers into mobile/iPhone/external clients, refresh shared `xmlhttp.js`, and produce Installatron-ready ZIP + changelog. --- ## VERSION_3_7_1 — 2025-11-09 (Security Patch & LUPOPEDIA Integration) ### Highlights - Hardened every public visitor entry point (`livehelp.php`, `user_connect.php`, `user_chat_*`, `user_top.php`, `user_qa.php`) to reuse already-sanitized department/tab/offset integers before building redirects, query strings, or embedded JavaScript. - Sanitized visitor-supplied hidden fields in lost-password and chat-color forms so remote widgets and password-reset flows cannot inject markup when rendered off-site. - Refreshed the powered-by link in `livehelp_js.php`, allowing brand swaps to point directly to LUPOPEDIA while preserving the optional creditline toggle. - Expanded the session fingerprinting ladder (`get_ipaddress`) to honor modern proxy/CDN headers, preferring public IPs and falling back safely so legacy installs maintain tracking accuracy. - Packaged the release as the LUPOPEDIA migration baseline: the core now ships with the full Sales Syntax codebase, layered-pop-up heritage, and 3.7.1 security posture. - Added LUPOPEDIA-side scaffolding: `livehelps` parent table (Migration 1071), CSV export guidance, and updated public docs (`public/crafty_syntax_evolved.php`, `public/what_was_crafty_syntax.php`) so operators understand the upgrade path. ### Recommended Action - Apply 3.7.1 (latest GPL release) before migrating. PORTUNUS and LUPO warn or block imports when `livehelps.version = '3.7.0'`. - After patching, regenerate CSV snapshots so `livehelps_rows.csv` reflects the sanitized schema and `version,3.7.1`.
Close
