Project

General

Profile

Feature #11228

Replace WebGUI HTTP links to HTTPS

Added by Viktor Gurov about 2 months ago. Updated 14 days ago.

Status:
Resolved
Priority:
Low
Assignee:
Category:
Web Interface
Target version:
Start date:
01/07/2021
Due date:
% Done:

0%

Estimated time:

Description

There are many HTTP links on the WebGUI pages:

pfsense/src/usr/local/www$ grep -r "http://" | grep -v "*" | grep php
status_logs_vpn.php:    $group->setHelp('<a target="_blank" href="http://www.php.net/manual/en/book.pcre.php">' . gettext('Regular expression reference') . '</a> ' . gettext('Precede with exclamation (!) to exclude match.'));
diag_packet_capture.php:    '&nbsp;<a target="_blank" href="http://www.freebsd.org/cgi/man.cgi?query=tcpdump&amp;apropos=0&amp;sektion=0&amp;manpath=FreeBSD+11.0-stable&amp;arch=default&amp;format=html">[3]</a>',
services_captiveportal.php:    $href = "http://{$host}:{$port}/?zone={$cpzone}";
services_dhcp_edit.php:    sprintf(gettext('For a list of available options please visit this %1$s URL%2$s.%3$s'), '<a href="http://www.iana.org/assignments/bootp-dhcp-parameters/" target="_blank">', '</a>', '</div>')
system_advanced_admin.php:    '<a href="http://en.wikipedia.org/wiki/DNS_rebinding">', '</a>');
system_advanced_admin.php:    '<a target="_blank" href="http://en.wikipedia.org/wiki/HTTP_referrer">', '</a>.');
status_logs_common.inc:    $group->setHelp('<a target="_blank" href="http://www.php.net/manual/en/book.pcre.php">' . gettext('Regular expression reference') . '</a> ' . gettext('Precede with exclamation (!) to exclude match.'));
status_logs_common.inc:    $group->setHelp('<a target="_blank" href="http://www.php.net/manual/en/book.pcre.php">' . gettext('Regular expression reference') . '</a> ' . gettext('Precede with exclamation (!) to exclude match.'));
status_ntpd.php:    print('<td colspan="' . $gps_goo_lnk . '"><a target="_gmaps" href="http://maps.google.com/?q=' . $gps_lat . ',' . $gps_lon . '">' . gettext("Google Maps Link") . '</a></td>');
status_logs_filter.php:// From http://stackoverflow.com/questions/5499078/fastest-method-to-escape-html-tags-as-html-entities
status_graph_cpu.php:               width="550" height="275" pluginspage="http://www.adobe.com/svg/viewer/install/auto" />
status_graph_cpu.php:        <?=sprintf(gettext('If the graph cannot be seen, the %1$sAdobe SVG viewer%2$s may need to be installed'), '<a href="http://www.adobe.com/svg/viewer/install/" target="_blank">', '</a>')?>
graph_cpu.php:<svg width="100%" height="100%" viewBox="0 0 <?=$width?> <?=$height?>" preserveAspectRatio="none" xml:space="preserve" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" onload="init(evt);">
services_dhcp.php:    sprintf(gettext('For a list of available options please visit this %1$s URL%2$s.%3$s'), '<a href="http://www.iana.org/assignments/bootp-dhcp-parameters/" target="_blank">', '</a>', '</div>')
services_unbound_advanced.php:))->setHelp('This helps lower the latency of requests but does utilize a little more CPU. See: %1$sWikipedia%2$s', '<a href="http://en.wikipedia.org/wiki/List_of_DNS_record_types">', '</a>');
widgets/widgets/ntp_status.widget.php:                <a target="_gmaps" href="http://maps.google.com/?q=<?=$gps_lat;?>,<?=$gps_lon;?>">
graph.php:<svg width="100%" height="100%" viewBox="0 0 <?=$width?> <?=$height?>" preserveAspectRatio="none" xml:space="preserve" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" onload="init(evt)">

Better to replace them to HTTPS

History

#2 Updated by Michael Spears about 2 months ago

From what I can tell, these are all links to external sites, and they all redirect to HTTPS when accessed. There's more important bugs/issues we should likely be dealing with. I feel like this would be better served for a redesign.

Viktor Gurov wrote:

There are many HTTP links on the WebGUI pages:
[...]

Better to replace them to HTTPS

#3 Updated by Jim Pingle about 2 months ago

  • Target version set to CE-Next

Worth doing but not yet.

#4 Updated by Renato Botelho 17 days ago

  • Status changed from New to Feedback
  • Assignee set to Viktor Gurov

PR has been merged. Thanks!

#5 Updated by Max Leighton 15 days ago

Checked in:

2.6.0-DEVELOPMENT (amd64)
built on Sat Feb 20 01:03:44 EST 2021
FreeBSD 12.2-STABLE

These which are directly in the GUI have all been changed to HTTPS.

I still see:

graph_cpu.php:<svg width="100%" height="100%" viewBox="0 0 " preserveAspectRatio="none" xml:space="preserve" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" onload="init(evt);">

This could be changed to HTTPS, but I'm not sure if it needs to be. If not, this can be marked as resolved.

#6 Updated by Viktor Gurov 14 days ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF