Project

General

Profile

Actions

Feature #11228

closed

Replace HTTP links with HTTPS in the GUI

Added by Viktor Gurov 9 months ago. Updated 5 months ago.

Status:
Resolved
Priority:
Low
Assignee:
Category:
Web Interface
Target version:
Start date:
01/07/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
21.05
Release Notes:
Default

Description

There are many HTTP links on the WebGUI pages:

pfsense/src/usr/local/www$ grep -r "http://" | grep -v "*" | grep php
status_logs_vpn.php:    $group->setHelp('<a target="_blank" href="http://www.php.net/manual/en/book.pcre.php">' . gettext('Regular expression reference') . '</a> ' . gettext('Precede with exclamation (!) to exclude match.'));
diag_packet_capture.php:    '&nbsp;<a target="_blank" href="http://www.freebsd.org/cgi/man.cgi?query=tcpdump&amp;apropos=0&amp;sektion=0&amp;manpath=FreeBSD+11.0-stable&amp;arch=default&amp;format=html">[3]</a>',
services_captiveportal.php:    $href = "http://{$host}:{$port}/?zone={$cpzone}";
services_dhcp_edit.php:    sprintf(gettext('For a list of available options please visit this %1$s URL%2$s.%3$s'), '<a href="http://www.iana.org/assignments/bootp-dhcp-parameters/" target="_blank">', '</a>', '</div>')
system_advanced_admin.php:    '<a href="http://en.wikipedia.org/wiki/DNS_rebinding">', '</a>');
system_advanced_admin.php:    '<a target="_blank" href="http://en.wikipedia.org/wiki/HTTP_referrer">', '</a>.');
status_logs_common.inc:    $group->setHelp('<a target="_blank" href="http://www.php.net/manual/en/book.pcre.php">' . gettext('Regular expression reference') . '</a> ' . gettext('Precede with exclamation (!) to exclude match.'));
status_logs_common.inc:    $group->setHelp('<a target="_blank" href="http://www.php.net/manual/en/book.pcre.php">' . gettext('Regular expression reference') . '</a> ' . gettext('Precede with exclamation (!) to exclude match.'));
status_ntpd.php:    print('<td colspan="' . $gps_goo_lnk . '"><a target="_gmaps" href="http://maps.google.com/?q=' . $gps_lat . ',' . $gps_lon . '">' . gettext("Google Maps Link") . '</a></td>');
status_logs_filter.php:// From http://stackoverflow.com/questions/5499078/fastest-method-to-escape-html-tags-as-html-entities
status_graph_cpu.php:               width="550" height="275" pluginspage="http://www.adobe.com/svg/viewer/install/auto" />
status_graph_cpu.php:        <?=sprintf(gettext('If the graph cannot be seen, the %1$sAdobe SVG viewer%2$s may need to be installed'), '<a href="http://www.adobe.com/svg/viewer/install/" target="_blank">', '</a>')?>
graph_cpu.php:<svg width="100%" height="100%" viewBox="0 0 <?=$width?> <?=$height?>" preserveAspectRatio="none" xml:space="preserve" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" onload="init(evt);">
services_dhcp.php:    sprintf(gettext('For a list of available options please visit this %1$s URL%2$s.%3$s'), '<a href="http://www.iana.org/assignments/bootp-dhcp-parameters/" target="_blank">', '</a>', '</div>')
services_unbound_advanced.php:))->setHelp('This helps lower the latency of requests but does utilize a little more CPU. See: %1$sWikipedia%2$s', '<a href="http://en.wikipedia.org/wiki/List_of_DNS_record_types">', '</a>');
widgets/widgets/ntp_status.widget.php:                <a target="_gmaps" href="http://maps.google.com/?q=<?=$gps_lat;?>,<?=$gps_lon;?>">
graph.php:<svg width="100%" height="100%" viewBox="0 0 <?=$width?> <?=$height?>" preserveAspectRatio="none" xml:space="preserve" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" onload="init(evt)">

Better to replace them to HTTPS

Actions #2

Updated by Michael Spears 9 months ago

From what I can tell, these are all links to external sites, and they all redirect to HTTPS when accessed. There's more important bugs/issues we should likely be dealing with. I feel like this would be better served for a redesign.

Viktor Gurov wrote:

There are many HTTP links on the WebGUI pages:
[...]

Better to replace them to HTTPS

Actions #3

Updated by Jim Pingle 9 months ago

  • Target version set to CE-Next

Worth doing but not yet.

Actions #4

Updated by Renato Botelho 8 months ago

  • Status changed from New to Feedback
  • Assignee set to Viktor Gurov

PR has been merged. Thanks!

Actions #5

Updated by Max Leighton 8 months ago

Checked in:

2.6.0-DEVELOPMENT (amd64)
built on Sat Feb 20 01:03:44 EST 2021
FreeBSD 12.2-STABLE

These which are directly in the GUI have all been changed to HTTPS.

I still see:

graph_cpu.php:<svg width="100%" height="100%" viewBox="0 0 " preserveAspectRatio="none" xml:space="preserve" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" onload="init(evt);">

This could be changed to HTTPS, but I'm not sure if it needs to be. If not, this can be marked as resolved.

Actions #6

Updated by Viktor Gurov 8 months ago

  • Status changed from Feedback to Resolved
Actions #7

Updated by Jim Pingle 7 months ago

  • Target version changed from CE-Next to 2.6.0
Actions #8

Updated by Jim Pingle 5 months ago

  • Plus Target Version set to 21.05

Already present on 21.05 builds.

Actions #9

Updated by Jim Pingle 5 months ago

  • Subject changed from Replace WebGUI HTTP links to HTTPS to Replace HTTP links with HTTPS in the GUI

Updating subject for release notes.

Actions #10

Updated by Jim Pingle 5 months ago

  • Target version changed from 2.6.0 to 2.5.2
Actions

Also available in: Atom PDF