pfSense

Rmoeve register_long_arrays from php.ini and from php code the use of HTTP_*_VARS as its deprecated and luckily low use in pfSense to win memory and compativility

Omit IP warning if HTTP_REFERER check is disabled.

Treat openvpn tunnel IPs as local IPs and prevent warning on login page when acessing it using tun IP address. Fixes #1681

Fix login form username field focus

The Username filed was no longer getting focus - just a missing "/" in a critical place.

Update HTML in "include" files

Udated the DOCTYPE to make it W3C standard/compliant.

Moved "sorttable.js", "ticker.js" and the "antiClickJack style" from
"fbegin.inc" and place them in "head.inc" (where they belong), this may
also help the Widescreen package to work....

Update PHP shorthand tag

Standardise all PHP start tags from "

Always commit the session fast to allow other consumers to proceed to their requests. This unbreaks now the lock up the GUI had allowing only one action from same source per time. Now even if you run a command that blocks indefinitely for example the GUI want lock anymore but allow you to proceed to other actions

No need to do this here - we have a System > Advanced option that already controls this. Revert "Do not allow autocomplete of the password field to avoid security issues:"

This reverts commit 3dc69d374dcfa39094b0332e2516d3ae68467cfa.

Do not allow autocomplete of the password field to avoid security issues:

Make a function to get the current theme and use it everywhere rather than duplicating code or missing functions. (Fixes forced themes using the wrong theme for login screen)

fix permissions check to xml package files and show only menus user has access to

making small fixes on jQuery code

Scriptaculous / prototype replaced by jQuery

Only do cookie check if the form has already been posted. The cookie check is not accurate for the first page load after a browser has been opened, has to be at least one refresh/post first.

If a user's browser does not support cookies, print an error on the login form telling them so.

Conflicts:

etc/inc/authgui.inc

Log when a user tries to access an unauthorized page.

Merge remote-tracking branch 'upstream/master'

Conflicts:
etc/inc/easyrule.inc
etc/inc/filter.inc
etc/inc/interfaces.inc
etc/inc/services.inc
etc/inc/xmlrpc_client.inc
usr/local/www/fbegin.inc
usr/local/www/services_dhcp.php

Fix gettext

Merge remote-tracking branch 'mainline/master' into inc

Conflicts:
etc/inc/interfaces.inc
etc/inc/upgrade_config.inc
etc/inc/vpn.inc

Merge remote branch 'upstream/master'

Conflicts:
etc/inc/vslb.inc
etc/version

Make autocomplete on the login form optional.

Merge remote-tracking branch 'mainline/master' into inc

Conflicts:
etc/inc/auth.inc
etc/inc/config.lib.inc
etc/inc/filter.inc
etc/inc/pfsense-utils.inc
etc/inc/pkg-utils.inc
etc/inc/priv.defs.inc
etc/inc/services.inc...

Merge remote branch 'upstream/master'

Allow autocomplete on login form (Fixes saving password on Firefox and Chrome)

Add ipv6 local addresses to the IP address list for the rebinding check

• Adding function get_configured_ip_addresses() which returns all interfaces and their configured IP address
• Add checkbox to System -> Advanced -> Admin for HTTP_REFERER checks
• Add and enforce HTTP_REFERER check if checkbox is not checked.

This will prevent HTML pages from crafting HTML GETs against the web interface and will prevent firewall admins from being "tricked" into clicking on links that may be harmful to their firewall.

Merge remote branch 'mainline/master' into inc

Conflicts:
etc/inc/authgui.inc

Fix text.

Wording fix.

Fix quotes to use %N$X on gettext calls

Fix gettext calls with printf to permit change strings order

Implement gettext() calls on authgui.inc

No need to use # in color code, it's already set with this

Allow overriding the Nifty corners background color

Handle VIP DNS-Rebinding detection correctly

Fix this function call, it only takes one parameter.

Print a warning on the login screen if you are accessing the router by a non-local IP address (one not configured on the system) to warn about potential MITM attacks.

Overhaul the user login system to use the Servers tab as its base.

Fix quite a few problems down the way.

Recommit #161 changes. It appears a different commit has broken firewall rules edit and firewall nat edit.

Revert "Redirect to / when logging in to avoid posting to forms accidently and clearing the form and causing all kinds of chaos. Ticket #161"

This reverts commit 6af7c40b296e0f95ec308d41aea55b3306c5e1ee.

Redirect to / when logging in to avoid posting to forms accidently and clearing the form and causing all kinds of chaos. Ticket #161

Add priv.defs.inc to authgui.inc

Set 2nd parameter for isAllowedPage. Will be required for #34, 33, 32

Rework includes/require. This saves about 4 megabytes.
Simplify get_memory(). Tested on mips/i386

Add pfSense_BUILDER_BINARIES: and pfSense_MODULE: additions

• Move functions that output html to guiconfig.inc
• Remove some recursive dependency on some includes
• Remove ^M or \r from files
• Remove some entries from functions.inc to avoid including them twice
• Remove some unneccessary includes from some files
  ...

Set focus to the username field

Fix the case when users without access to index.php get an error message.
This redirects the users to the first allowed pagge if they do not have access to index.php and errors out only if no page has been assigned to them.

NOTE: It is strange that a user cannot change its password!

Cleanup some of the authentication code. Fix the problem where you must
navigate away from the initial page twice to get somewhere. Remove some
of the cruft that was no longer used. Don't unconditionally redirect a
user to their homepage if another url was specified pre-login. This will...

Cleanup authentication code. The basic auth method, the passwd, htpasswd
and pam backing functions have been removed. The basic auth method was
legacy code and the backing functions were redundant with no added value
that I could see. A simplified replacement backing function named...

Rewrite portions of the user manager to ensure data is properly synced to
the system password and group databases. This is to provide better support
for centralized user management when local account administration is
preferred.

I also took this opportunity to do some housekeeping. A lot of funtions...

fix IE login

Ticket #1707

Make loginpage more themeable. Only theme that uses this so far is the_wall. Other themes look ugly now (only loginpage) but are usable. Will be fixed within the next day(s).

• Remove blank trailing line
• Allow custom urls that include pkg.php to be saved

Latest LDAP changes from Mark Batchelor

• Remove trailing blank line
• Make sure $search has data before operating on it

Latest eDir / Active Directory tweaks from Mark Batchelor.

Thanks again for him helping us with this project!

• Missing =
• Allow user manager to adhere to admins group

Allow multiple groups to be assigned per user.

Work sponsored-by: Centipede Networks

Adding LDAP backend glue.

Work sponsored-by: Centipede Networks <http://centipedenetworks.com/>

Store global privs list in $g['privs']

Nuke code that does nothing.

Make the error message clickable so that the admin can easily return to the GUI.

Do not logout session if the user does not have access to a page. We should also hide menu items that user does not have access to.

Correctly check for page names by including .php. Strip off / if found so that we can get an exact page match against the URL. My test diagnostics user now works.

Instead of throwing a very vague 401 error actually tell the user which page they do not have access to. This will also help admins troubleshoot group manager page privs.

Correctly show 401 errors.

Fix field display on login screen

Users that have specific page access can now login

• fix: background on login screen

Remove trailing space / cr

Correct style sheet class.

Backport usermanager code from HEAD so I can get it in the snaps and
start testing it properly
There's still some CSS/HTML fixes needed but the code seems to work