pfSense

Copy /boot/loader.conf.local to the newly imaged slice. Ticket #892

Don't perform referer check if display_error_form is not defined (captive portal), just like as is done for the DNS rebind check. Ticket #1007

Rework handling of ports for reflection on port forwards to work properly with port aliases. Ticket #672

Unset this reference before reusing the variable name to prevent corruption of groups.

Fix test for altq on vlans and wlan.

Fix a theoretical/potential XSS in the http_referer check warning.

Add whitespace to avoid breaking the resulting rule.

Whitespace fixes.

Make sure there is a direction specified otherwise errors might occur.

Initialize rule keeping array to avoid possible caching effects on php.

Separate this into the original case with the floating rule cases above it to fix some scenarios where the order was still wrong.

Move this function to allow removing it from easyrule.

Fix filter_rules_sort's compare function to know about floating rules so it won't change their order.

Take into account if we have redirection active to allow even port 443.

Make the antilockout rule match the webgui and ssh(if enabled) rather than any traffic destined to pfSense itself.

• Call get_configured_interface_* functions only once in the code
• Optimize the test if the passed interface is a vaild one
• Fix the apply settings to actually do something rather than do nothing at all
• Some style and whitespace fixes

Small improvement no functional change.

Use php calls rather than forking to shell.

Use exec and check return value of command to avoid priting messages of stderr to console.

Not sure why sometimes works sometimes does not work when bound to localhost the lighttpd instance of CP. Back to previous setup! Though security of it is debatble.

Bring interfaces up only if there is a mismatch to allow them to be reassigned.

Ticket #904. Hmm fix the interface_has_gateway() too.

Ticket #904. Actually correctly handle the assigned openvpn client as a dynamic gateway rather than breaking the behaviour of the system. Strange nobody has noticed broken gateway behaviour with openvpn assigned!

Actually was coorect before. 3rd parameter is length not index.

Revert "Correct this to make it actually work. This is also mentioned in Ticket #904 though it was already implemented."

This reverts commit 6f2cc3a680f984ccbb387301a26d022e6969e665.

Correct HTTP_REFERER check when using an IP Address vs the Firewalls hostname

Remove trailing carriage return

• Adding function get_configured_ip_addresses() which returns all interfaces and their configured IP address
• Add checkbox to System -> Advanced -> Admin for HTTP_REFERER checks
• Add and enforce HTTP_REFERER check if checkbox is not checked.

This will prevent HTML pages from crafting HTML GETs against the web interface and will prevent firewall admins from being "tricked" into clicking on links that may be harmful to their firewall.

Add option to System: Firmware: Settings for running gitsync after installing an update, hidden/disabled if git has not been installed yet.

Remove csrf-magic include from functions.inc -- it was causing problems with console PHP scripts.

Correct this to make it actually work. This is also mentioned in Ticket #904 though it was already implemented.

Use a shell script rather than bad hack to execute php code for pppoe periodic reset.

Fix display of queues on rules and layer7 containers.

Revert

Testing csrf-magic

Set session.use_trans_sid to true

Add a setting for the data type of values used with DHCP option numbers and input validation for each type. Fixes #962

Kill dhcplease before writing the hosts file so that it does not scramble the content from kqueue events.

Cosmetic issue, add space before 'done', otherwise package XML name and done are combined.

Recent move (d32d3970d58683d02f89073103eb595eaa8f395f) of routed/ items required additional files to be updated to reflect correct path.

Add routed/ items to obsoleted files. Force removal of file so that directories can be included in the future

Ignore /var/etc directory to avoid these kinds of errors: tar: /var/etc/openvpn/client1.sock: tar format cannot archive socket

Spelling fix.

Change the dhcpd startup for isc dhcpd server 4.1

Activate code to allow ipsec to work normally.

Ticket #980. Bring CP widget up to date. Also bind lighty for CP to 127.0.0.1 it should not be accessible otherwise.

Protect from strange situations on bootup by testing for is_array(). Do not add anymore the 127.0.0.2 route its not needed anymore. Also during bootup bring up all interfaces so the assignment process can deal with them(Possibly should be done in another code flow!).

More VPN log fixes, for consistency. Ticket #912

Fix typo (standart -> standard)

Switch to a unified vpn-linkup and vpn-linkdown.

Fix l2tp interface naming. Fixes #985

Use individual linkdown scripts.

Various sync fixes to ensure sections are pushed even if empty, otherwise the last entries of these sections cannot be deleted and have that deletion sync to the secondary.

Make isvalidpid() know about pidfile the same as the other *pid functions do.(consistency)

Also mention that this allows access to the dashboard.

Ooops use meant logic.

Ticket #975. Properly initialize variables to avoid caching issues. Also check an array exists before trying to foreach to avoid errors.

Do some is_array() testing before renaming fields, otherwise empty variables can be accidentally created.

Do not require LDAP search base DN. Requiring this can prevent some valid LDAP configurations from properly authenticating. (See GDD-550841).

If there are no aliases, push an empty aliases array. Fixes #961

Add a note to the DNS Rebinding protection error letting the user know to try by IP address.

Do not show on the queue/limiters list the disabled entries(optimized and cleaner version).

Do not show on the queue/limiters list the disabled entries.

Ticket #943. Call the update procedure directly to not do an unecessary loop.

Make this more strict checking.

Add l7 rules synchro. Ticket #951

Be smart and correct; first check for opt*ip and after check for opt* otherwise it will never match the first case!

Mark this entry as an array before treating it as such otherwise php complains.

Check to see if it is not an array first - as per jim-p on IRC.

Fix crl upgrade code.

Add ability to select reason codes for revocation. Reformat CRL edit screen a bit. Ticket #555

Refresh OpenVPN CRL files when a CRL has a cert added/removed. Ticket #555

Add upgrade code for importing CRLs. Ticket #555

Add more CRL functionality. Needs to wait on a new build for further testing.

move dhcpd.conf authoritative; so it's only there once, not once per interface.

Sync CRLs, too.

Correctly call die() in the places needed. Also remove unused global.

Rename 'name' to 'descr' for CA, Certificates, and CRLs, to gain CDATA protection and standardize field names. Ticket #320.

Generalize this function and use it in more places to reduce duplicated code.

Convert fullname field on users to descr, so it gains CDATA protection.

desc to descr in Load Balancer config, so they gain CDATA protection and standardize field names. Ticket #320.

Update field name reference in code, it was changed to descr but this code was missed. (Is this code even needed? Doesn't seem to do anything.)

Change the description field on sysctl tunables to be 'descr' and not 'desc' so they will gain CDATA protection. Ticket #320

ipalias type should be handled in backup_vip_config_section. Remove useless code which copies vip section before call to backup_vip_config_section. Ticket #882

Use proper matching because the command might contain nice in it.

Resolves #957. Correct the code to reflect what its supposed to do.

Bump config.

Do not run anymore the cron job for monitoring check_reload_status since it has a monitoring process that does this through kqueue.

Ticket #927. Increase timeout to gice mpd the time needed to exit gracefully.

Ticket #950. Correctly handle failures while installing packages which might leave stale information behind. Also do not try to startup services twice. Rename uninstall_package_from_name to uninstall_package because the operation on packages is only done through package names.

We want to upgrade all of interfaces/gateways.

Make sure this is an array before entering the foreach loop. Reported at http://forum.pfsense.org/index.php/topic,29118.0.html

Wording fix.

Ticket #942. Try to prevent empty entries and use implode to avoid problems.

Resolves #944. Actually bring down the vlan interface if it existed previously. This is a regression from the ppp dance/requests/whatever.

Add backend code to verify username against cn on login if set by user. Needs GUI code to set the option yet. Ticket #887

revert miniupnpd -d change

Be more verbose with miniupnpd logs. otherwise practically nothing is logged.

Bail out here if a variable isn't an array like it should be.

Hard-coded pfSense to product_name for Growl alert notifications.

Fix text.