Make sure this isn't searching the referrer using a blank host or IP, which will always match the referrer.
Fix case for testing the referrer check setting. Ticket #1011
Remove these anchors they just provide overhead and are not really used much in pfSense.
Remove gre helping rules they are not anymore needed.
Send errors to 2>
Don't perform referer check if display_error_form is not defined (captive portal), just like as is done for the DNS rebind check. Ticket #1007
Rework handling of ports for reflection on port forwards to work properly with port aliases. Ticket #672
Unset this reference before reusing the variable name to prevent corruption of groups.
Fix test for altq on vlans and wlan.
Fix a theoretical/potential XSS in the http_referer check warning.
Add whitespace to avoid breaking the resulting rule.
Whitespace fixes.
Make sure there is a direction specified otherwise errors might occur.
Initialize rule keeping array to avoid possible caching effects on php.
Separate this into the original case with the floating rule cases above it to fix some scenarios where the order was still wrong.
Move this function to allow removing it from easyrule.
Fix filter_rules_sort's compare function to know about floating rules so it won't change their order.
Take into account if we have redirection active to allow even port 443.
Make the antilockout rule match the webgui and ssh(if enabled) rather than any traffic destined to pfSense itself.
Small improvement no functional change.
Use php calls rather than forking to shell.
Use exec and check return value of command to avoid priting messages of stderr to console.
Not sure why sometimes works sometimes does not work when bound to localhost the lighttpd instance of CP. Back to previous setup! Though security of it is debatble.
Ticket #904. Hmm fix the interface_has_gateway() too.
Ticket #904. Actually correctly handle the assigned openvpn client as a dynamic gateway rather than breaking the behaviour of the system. Strange nobody has noticed broken gateway behaviour with openvpn assigned!
Actually was coorect before. 3rd parameter is length not index.
Revert "Correct this to make it actually work. This is also mentioned in Ticket #904 though it was already implemented."
This reverts commit 6f2cc3a680f984ccbb387301a26d022e6969e665.
Correct HTTP_REFERER check when using an IP Address vs the Firewalls hostname
Remove trailing carriage return
This will prevent HTML pages from crafting HTML GETs against the web interface and will prevent firewall admins from being "tricked" into clicking on links that may be harmful to their firewall.
Remove csrf-magic include from functions.inc -- it was causing problems with console PHP scripts.
Correct this to make it actually work. This is also mentioned in Ticket #904 though it was already implemented.
Use a shell script rather than bad hack to execute php code for pppoe periodic reset.
Fix display of queues on rules and layer7 containers.
Testing csrf-magic
Add a setting for the data type of values used with DHCP option numbers and input validation for each type. Fixes #962
Kill dhcplease before writing the hosts file so that it does not scramble the content from kqueue events.
Cosmetic issue, add space before 'done', otherwise package XML name and done are combined.
Spelling fix.
Change the dhcpd startup for isc dhcpd server 4.1
Activate code to allow ipsec to work normally.
Ticket #980. Bring CP widget up to date. Also bind lighty for CP to 127.0.0.1 it should not be accessible otherwise.
Protect from strange situations on bootup by testing for is_array(). Do not add anymore the 127.0.0.2 route its not needed anymore. Also during bootup bring up all interfaces so the assignment process can deal with them(Possibly should be done in another code flow!).
More VPN log fixes, for consistency. Ticket #912
Fix typo (standart -> standard)
Switch to a unified vpn-linkup and vpn-linkdown.
Fix l2tp interface naming. Fixes #985
Use individual linkdown scripts.
Make isvalidpid() know about pidfile the same as the other *pid functions do.(consistency)
Also mention that this allows access to the dashboard.
Do some is_array() testing before renaming fields, otherwise empty variables can be accidentally created.
Do not require LDAP search base DN. Requiring this can prevent some valid LDAP configurations from properly authenticating. (See GDD-550841).
Add a note to the DNS Rebinding protection error letting the user know to try by IP address.
Do not show on the queue/limiters list the disabled entries(optimized and cleaner version).
Do not show on the queue/limiters list the disabled entries.
Make this more strict checking.
Be smart and correct; first check for opt*ip and after check for opt* otherwise it will never match the first case!
Mark this entry as an array before treating it as such otherwise php complains.
Check to see if it is not an array first - as per jim-p on IRC.
Fix crl upgrade code.
Add ability to select reason codes for revocation. Reformat CRL edit screen a bit. Ticket #555
Refresh OpenVPN CRL files when a CRL has a cert added/removed. Ticket #555
Add upgrade code for importing CRLs. Ticket #555
Add more CRL functionality. Needs to wait on a new build for further testing.
move dhcpd.conf authoritative; so it's only there once, not once per interface.
Correctly call die() in the places needed. Also remove unused global.
Rename 'name' to 'descr' for CA, Certificates, and CRLs, to gain CDATA protection and standardize field names. Ticket #320.
Generalize this function and use it in more places to reduce duplicated code.
Convert fullname field on users to descr, so it gains CDATA protection.
desc to descr in Load Balancer config, so they gain CDATA protection and standardize field names. Ticket #320.
Update field name reference in code, it was changed to descr but this code was missed. (Is this code even needed? Doesn't seem to do anything.)
Change the description field on sysctl tunables to be 'descr' and not 'desc' so they will gain CDATA protection. Ticket #320
Use proper matching because the command might contain nice in it.
Resolves #957. Correct the code to reflect what its supposed to do.
Bump config.
Do not run anymore the cron job for monitoring check_reload_status since it has a monitoring process that does this through kqueue.
Ticket #927. Increase timeout to gice mpd the time needed to exit gracefully.
Ticket #950. Correctly handle failures while installing packages which might leave stale information behind. Also do not try to startup services twice. Rename uninstall_package_from_name to uninstall_package because the operation on packages is only done through package names.
We want to upgrade all of interfaces/gateways.
Make sure this is an array before entering the foreach loop. Reported at http://forum.pfsense.org/index.php/topic,29118.0.html
Wording fix.
Ticket #942. Try to prevent empty entries and use implode to avoid problems.
Resolves #944. Actually bring down the vlan interface if it existed previously. This is a regression from the ppp dance/requests/whatever.
Add backend code to verify username against cn on login if set by user. Needs GUI code to set the option yet. Ticket #887
revert miniupnpd -d change
Be more verbose with miniupnpd logs. otherwise practically nothing is logged.
Bail out here if a variable isn't an array like it should be.
Hard-coded pfSense to product_name for Growl alert notifications.
Fix text.
Kill apinger with a large axe until the TERM issues can be resolved
Cosmetic change from product_website to product_name
Fix the "all dynamic gateways are shown as default" problem reported here: http://forum.pfsense.org/index.php/topic,28960.0.html
A non-empty string will evaluate true with == operator.
Add function to convert pfsense slice name to product name.
Use mwexec_bg instead of exec to run a service's start command so PHP doesn't hang in the likely event that it spawns a background process.
Fix racoon.conf generation for localid_type=address. Ticket #936
Avoid generating a dynamic gateway entry in the list if there is already one in the config for the interface.
Test if this variable is set before making a reference, for safety. Add reference back for speed.
This one looks safe, and might improve speed. Add it back.