Feature #11228
closedReplace HTTP links with HTTPS in the GUI
0%
Description
There are many HTTP links on the WebGUI pages:
pfsense/src/usr/local/www$ grep -r "http://" | grep -v "*" | grep php status_logs_vpn.php: $group->setHelp('<a target="_blank" href="http://www.php.net/manual/en/book.pcre.php">' . gettext('Regular expression reference') . '</a> ' . gettext('Precede with exclamation (!) to exclude match.')); diag_packet_capture.php: ' <a target="_blank" href="http://www.freebsd.org/cgi/man.cgi?query=tcpdump&apropos=0&sektion=0&manpath=FreeBSD+11.0-stable&arch=default&format=html">[3]</a>', services_captiveportal.php: $href = "http://{$host}:{$port}/?zone={$cpzone}"; services_dhcp_edit.php: sprintf(gettext('For a list of available options please visit this %1$s URL%2$s.%3$s'), '<a href="http://www.iana.org/assignments/bootp-dhcp-parameters/" target="_blank">', '</a>', '</div>') system_advanced_admin.php: '<a href="http://en.wikipedia.org/wiki/DNS_rebinding">', '</a>'); system_advanced_admin.php: '<a target="_blank" href="http://en.wikipedia.org/wiki/HTTP_referrer">', '</a>.'); status_logs_common.inc: $group->setHelp('<a target="_blank" href="http://www.php.net/manual/en/book.pcre.php">' . gettext('Regular expression reference') . '</a> ' . gettext('Precede with exclamation (!) to exclude match.')); status_logs_common.inc: $group->setHelp('<a target="_blank" href="http://www.php.net/manual/en/book.pcre.php">' . gettext('Regular expression reference') . '</a> ' . gettext('Precede with exclamation (!) to exclude match.')); status_ntpd.php: print('<td colspan="' . $gps_goo_lnk . '"><a target="_gmaps" href="http://maps.google.com/?q=' . $gps_lat . ',' . $gps_lon . '">' . gettext("Google Maps Link") . '</a></td>'); status_logs_filter.php:// From http://stackoverflow.com/questions/5499078/fastest-method-to-escape-html-tags-as-html-entities status_graph_cpu.php: width="550" height="275" pluginspage="http://www.adobe.com/svg/viewer/install/auto" /> status_graph_cpu.php: <?=sprintf(gettext('If the graph cannot be seen, the %1$sAdobe SVG viewer%2$s may need to be installed'), '<a href="http://www.adobe.com/svg/viewer/install/" target="_blank">', '</a>')?> graph_cpu.php:<svg width="100%" height="100%" viewBox="0 0 <?=$width?> <?=$height?>" preserveAspectRatio="none" xml:space="preserve" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" onload="init(evt);"> services_dhcp.php: sprintf(gettext('For a list of available options please visit this %1$s URL%2$s.%3$s'), '<a href="http://www.iana.org/assignments/bootp-dhcp-parameters/" target="_blank">', '</a>', '</div>') services_unbound_advanced.php:))->setHelp('This helps lower the latency of requests but does utilize a little more CPU. See: %1$sWikipedia%2$s', '<a href="http://en.wikipedia.org/wiki/List_of_DNS_record_types">', '</a>'); widgets/widgets/ntp_status.widget.php: <a target="_gmaps" href="http://maps.google.com/?q=<?=$gps_lat;?>,<?=$gps_lon;?>"> graph.php:<svg width="100%" height="100%" viewBox="0 0 <?=$width?> <?=$height?>" preserveAspectRatio="none" xml:space="preserve" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" onload="init(evt)">
Better to replace them to HTTPS
Updated by Viktor Gurov almost 4 years ago
Updated by Michael Spears almost 4 years ago
From what I can tell, these are all links to external sites, and they all redirect to HTTPS when accessed. There's more important bugs/issues we should likely be dealing with. I feel like this would be better served for a redesign.
Viktor Gurov wrote:
There are many HTTP links on the WebGUI pages:
[...]Better to replace them to HTTPS
Updated by Renato Botelho almost 4 years ago
- Status changed from New to Feedback
- Assignee set to Viktor Gurov
PR has been merged. Thanks!
Updated by Max Leighton almost 4 years ago
Checked in:
2.6.0-DEVELOPMENT (amd64)
built on Sat Feb 20 01:03:44 EST 2021
FreeBSD 12.2-STABLE
These which are directly in the GUI have all been changed to HTTPS.
I still see:
graph_cpu.php:<svg width="100%" height="100%" viewBox="0 0 =$width?> =$height?>" preserveAspectRatio="none" xml:space="preserve" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" onload="init(evt);">
This could be changed to HTTPS, but I'm not sure if it needs to be. If not, this can be marked as resolved.
Updated by Viktor Gurov almost 4 years ago
- Status changed from Feedback to Resolved
Updated by Jim Pingle almost 4 years ago
- Target version changed from CE-Next to 2.6.0
Updated by Jim Pingle over 3 years ago
- Plus Target Version set to 21.05
Already present on 21.05 builds.
Updated by Jim Pingle over 3 years ago
- Subject changed from Replace WebGUI HTTP links to HTTPS to Replace HTTP links with HTTPS in the GUI
Updating subject for release notes.
Updated by Jim Pingle over 3 years ago
- Target version changed from 2.6.0 to 2.5.2