pfSense

Move to preg_match()

The function ereg() is deprecated since PHP 5.3.

Remove superfluous argument

The product label was mistakenly separated in 573ec19. Now simply remove it.

Remove superfluous function arguments

Added in 0eae38c

Correctly detect changed settings

Correctly set duplicates limit in forms

Fix missing variable assignment in 22dbacd

Fix missed changes in f593f80

The argument being removed was previously used to retrieve optX
interfaces; this no longer applies.

Fix missed changes in 0e2bed2

The "level" is determined automatically by the function.

Fix missed changes in c618897

The function parameter was removed since it was not used.

Fix missed changes in 015a482

The IP Protocol is now determined automatically be the function.

Fix missed changes in the transition from ipfw to pf

Fix typos and copy/paste issues

Issues found by the PHP linter mostly include typos and usage of
unassigned variables. To address these, traverse the commit history
to determine the intent.

Fix PHP linter issues

Set correct value when toggling CARP maintenance

Correct inconsistent CRL tab names. Fixes #15454

Add boot method to sysinfo widget. Implements #15422

Fix usermgrpasswd check for non-privileged users. Fixes #15442

Fix syntax when moving IPsec P2. Fixes #15384

Set FW log widget min interval to 5. Fixes #12673

Fix syntax error (short open tag)

Fix log widget callback filename. Issue #12673

Improve the messaging used when the upgrade system is busy.

Replace the generic 'error' message by a correct and more clear message.

Reflect config value of ddnsreverse for DHCPv6. Fixes #15118

Disallow hostnames in Kea NTP. Fixes #14991

• If they are in the config.xml data already, do not write them into
  the Kea configuration.
• Do not allow the user to enter them in the GUI

Instrument the upgrade JSON data with more information about errors and failures.

Now, with the proper return code, instead of presenting no data to the user when
the pfSense-upgrade is busy (running in background), explain properly what is
happening.

Catch/handle some HTTP errors. Implements #15322

• Catch 50x errors, even from PHP FPM, so users don't end up with a
  blank white screen if an error happens too early in processing.
• Catch 404 errros.
• Handle both with static pages since PHP-FPM may have an issue of its...

Correct empty resolver alias handling. Fixes #14942

Adjust unbound host alias validation. Fixes #14942

Add self-service user pw mgr to menu/tab. Issue #15266

No need to hide this since it's convenient and works well.

While here, make all tab arrays in the user manager consistent.

Fix FW log multiple instance bug. Fixes #15339

Move the mdiff function into pfsense-utils.inc and also rename it so its
purpose is more clear.

Add password check mode to usermgrpasswd. Issue #15266

More accurate priv check for warning. Issue #15266

Improve user password warning boxes. Issue #15266

- Show warnings for user accounts as well as admin
- Try to send the user to the self-service password
manager page if they have access
- Move the test/error generation to a function so it
is simple to reuse....

Use pw validation function in wizard. Issue #15266

Centralize password hints. Issue #15266

Reduces repetition and makes it easier to maintain.

User Manager shell scripts. Issue #15266

• usermgrwhoami prints info about the current user from the user manager
  database.
• usermgrpasswd allows root/admin to change passwords for user manager
  entries from the shell/console.

Password validation for user manager. Issue #15266

Log widget fast update changes. Fixes #12673

Submitted-By: LouisAtGH @ GitHub

status_interfaces.php: make sure "{}" is expanded by PHP and not be sh

pkg_mgr_install.php: ensure pkg_switch_repo reads latest config

Password management changes. Part of issue #15266

• Add function to determine if a given password is valid for use.
• Revise the self-service password change page to be more user-friendly
  and to handle password validation.
• Leave room for Plus to utilize additional restrictions.

Ensure RO user cannot trigger QinQ operations. Fixes #15318

Ensure RO user cannot trigger VLAN operations. Fixes #15282

While here, fix a problem that prevented a VLAN delete operation that
failed from displaying errors.

More PHP error handling changes. Fixes #15263

• Clean up outdated code/comments
• Change how error messages are formed in different contexts
• Allow warnings to be handled if debugging is enabled
• Fix diag_command.php parsing/handling of error detection and output

Use correct option when removing groups. Fix #15067

While there, add comments for clarity.

Suppress Kea status info w/sample confs. Fixes #14953

Don't add overflow scroll to static navigation menu. Fix #7943

Restores old behavior to the static navigation menu.

Improve input validation for Captive Portal MAC masks

Now rejects decimal masks and masks of size 0.

Support blocking MAC addresses with a mask. Implement #15257

The Captive Portal allows for blocking specific MAC addresses without
using pf rules so a message can be displayed to the client. With this
change, masks can be used to block partial addresses.

Fix some SFP module info fields. Fixes #15112

Text format changed slightly in ifconfig, so regex patterns had to be
changed to match

Add hardware IDs for 4xxx QAT. Implements #15233

Fix IPsec Dual Stack w/any remote. Fixes #15147

status.php: Omit IPsec if inactive. Fixes #15310

Add Kea info to status.php. Implements #14953

While here, change ISC DHCP info header to include "ISC" and only
include those sections if the config files exist.

qinq: remove incorrect config access

Improve Setup Wizard error handling. Fixes #15302

While here, clean up some misc PHP syntax I spotted along the way.

Also made sure all error messages are wrapped in gettext()

Fixup wizard pw to reduce diff against issue #15266

Fix setup wizard WAN form field name. Fixes #15301

Update setup wizard WAN JavaScript. Fixes #15301

Update old fontawesome class reference

Add loader.conf.lua to status.php. Implements #15298

Add EFI boot info to status.php. Implements #15297

Remove unnecessary treegrid files. Implements #15265

Encode PHP error log content before display. Fixes #15264

Change "IP family" to "address family"

Prevent the default gateway group from being deleted. Fix #15248

Show interface subnet details for IPsec Phase 2. Implement #15245

While there, prevent interface subnet selections from
showing for the NAT/BINAT field.

Show system alias popups for rules. Implement #15234

ACB: Validate+encode frequency value. Fixes #15224

Remove failover states using only the gateway label

Interfaces were previously specified since the inbound state needs to
be killed (due to route-to) for the connection to restart on the
preferred gateway. This interrupts connections already established on...

Update gateway recovery text

Show negate option in popup for advanced rule options. Fix #15214

While there, reoder the tag text to read closr to
how rules are processed.

Revert "Show negate option in popup for advanced rule options. Fix #15214"

This reverts commit e933a0230e366faa772686447b530a145af06acf.

Show negate option in popup for advanced rule options. Fix #15214

While there, reoder the tag text to read closr to
how rules are processed.

Add scroll when nagivating menus overlfow. Fix #7943

Kill states on gateway failover recovery. Implement #855

Sync generated gateways to config. Fix #12920

Remove old state killing colde. Fix #12942

For rc.newwanip, it's redundant to kill specific states before killing
all states. For ppp-linkup, state killing is already handled by calling
filter_configure_sync() in rc.newwanip which is called by
check_reload_status.

Remove OpenVPN engine option. Implements #15188

It's been non-functional for years and is only confusing users now.

Per-rule State Policy option. Implements #15183

Adds a setting in the advanced section when editing a firewall rule
which allows a rule to use a state policy that differs from the
configured default.

Fix RA IPsec EAP-RADIUS accounting. Fixes #15176

Set the flag which only activates accounting for connections with VIPs
which will restrict accounting to only mobile IPsec connections.

IPsec P1/P2 delete corrections. Fixes #15171

Add option to set State Policy. Implements #15173

Also changes default policy to if-bound.

Use absolute links in GUI info messages. Fixes #13413

Fix packet captures on tailscale. Fixes #15145

Merge pull request #4664 from opoplawski/no_system_dns

Handle VIPs in OpenVPN Wizard. Fix #15148

Font Awesome: Update to v6.5.1

Consolidate is_url_hostname_resolvable() into resolve_address()

is_url_hostname_resolvable() used gethostbyname() which only
supports getting IPv4 records. This change makes resolve_address()
more flexible by accepting URLs and consumes the timeout code
from is_url_hostname_resolvable().

Clarify function use and description

Refactor system DNS check. Fix #15127

Improve validation of DNS Resolver Python script. Fixes #15135

Update the years in the Copyright notice.

Correct DHCPv6 lease shortcut section. Fixes #15117

pfSenseHelpers.js: improve usepost interface. See comment.

Trim DHCP & DHCPv6 search strings. #14261

Fix typo in setup wizard. Fixes #14989

Show only the Message column for raw logs. Implement #15106

Remove TOTH. Fix NG#12636

Fix off-by-one error when checking for system uid/gid. Fix #15067