pfSense

Config access regression in interface groups

Add scrolling when dislaying overflow columns for NTP status

Config access regression in CAs. Fix #15578

Fix PHP error regression when listing system users

Merge pull request #4658 from MatthewA1/ntp-authentication-feature-8794

Add support for NTP authentication. Implement #8794

Initial implementation allows for one auth key between all servers.

URL encode HTTP_PROXY username and password. Fix #15565

Also enclose the fields with CDATA in config

Use the repo name when saving the branch selection

https://redmine.pfsense.org/issues/15560

Remove redundant system link step

This code regressed at some point, making $repo equal e.g.:
'/usr/local/etc/pfSense/pkg/repos/pfSense-repo-0000.conf/pfSense-repo-24_03-rel.conf'
Remove the code since "repo-setup -U" handles the linking.

Update text references to UPnP protocols

Add a helper function for unserialize(). Fix #15423

For calls to unserialize() which do not check for errors, use the
helper function instead.

Fix checkbox always being unchecked on page load

For the GUI option introduced in #15430

Encode dir names in browser.php. Fixes #15525

Automatically use floating states for IPsec rules. Fix #15430

Default to an empty array for functions expecting a countable value

Do this for foreach() and count().

Update all direct config access with accessor functions

Use config accessors in traffic shaper functions

Use config accessors in certificate functions

Use config accessors in users and groups functions

Remove potential direct config references when displaying form rows

The first eval() change removes the reference and has no functional
effect given that $pkg_source_txt is not modified. While here, catch
any exceptions as well; before PHP 7, eval() would return false on...

Move to is_platform_booting()

The function platform_booting() is deprecated.

Move from ${var} to {$var}

The use of ${var} has been deprecated since PHP 8.2

Move to date()

The function strftime() is deprecated since PHP 8.2

Move to str_replace()

The function ereg_replace() is deprecated since PHP 5.3.

Move to preg_match()

The function ereg() is deprecated since PHP 5.3.

Remove superfluous argument

The product label was mistakenly separated in 573ec19. Now simply remove it.

Remove superfluous function arguments

Added in 0eae38c

Correctly detect changed settings

Correctly set duplicates limit in forms

Fix missing variable assignment in 22dbacd

Fix missed changes in f593f80

The argument being removed was previously used to retrieve optX
interfaces; this no longer applies.

Fix missed changes in 0e2bed2

The "level" is determined automatically by the function.

Fix missed changes in c618897

The function parameter was removed since it was not used.

Fix missed changes in 015a482

The IP Protocol is now determined automatically be the function.

Fix missed changes in the transition from ipfw to pf

Fix typos and copy/paste issues

Issues found by the PHP linter mostly include typos and usage of
unassigned variables. To address these, traverse the commit history
to determine the intent.

Fix PHP linter issues

Set correct value when toggling CARP maintenance

Correct inconsistent CRL tab names. Fixes #15454

Add boot method to sysinfo widget. Implements #15422

Fix usermgrpasswd check for non-privileged users. Fixes #15442

Fix syntax when moving IPsec P2. Fixes #15384

Set FW log widget min interval to 5. Fixes #12673

Fix syntax error (short open tag)

Fix log widget callback filename. Issue #12673

Improve the messaging used when the upgrade system is busy.

Replace the generic 'error' message by a correct and more clear message.

Reflect config value of ddnsreverse for DHCPv6. Fixes #15118

Disallow hostnames in Kea NTP. Fixes #14991

• If they are in the config.xml data already, do not write them into
  the Kea configuration.
• Do not allow the user to enter them in the GUI

Instrument the upgrade JSON data with more information about errors and failures.

Now, with the proper return code, instead of presenting no data to the user when
the pfSense-upgrade is busy (running in background), explain properly what is
happening.

Catch/handle some HTTP errors. Implements #15322

• Catch 50x errors, even from PHP FPM, so users don't end up with a
  blank white screen if an error happens too early in processing.
• Catch 404 errros.
• Handle both with static pages since PHP-FPM may have an issue of its...

Correct empty resolver alias handling. Fixes #14942

Adjust unbound host alias validation. Fixes #14942

Add self-service user pw mgr to menu/tab. Issue #15266

No need to hide this since it's convenient and works well.

While here, make all tab arrays in the user manager consistent.

Fix FW log multiple instance bug. Fixes #15339

Move the mdiff function into pfsense-utils.inc and also rename it so its
purpose is more clear.

Add password check mode to usermgrpasswd. Issue #15266

More accurate priv check for warning. Issue #15266

Improve user password warning boxes. Issue #15266

- Show warnings for user accounts as well as admin
- Try to send the user to the self-service password
manager page if they have access
- Move the test/error generation to a function so it
is simple to reuse....

Use pw validation function in wizard. Issue #15266

Centralize password hints. Issue #15266

Reduces repetition and makes it easier to maintain.

User Manager shell scripts. Issue #15266

• usermgrwhoami prints info about the current user from the user manager
  database.
• usermgrpasswd allows root/admin to change passwords for user manager
  entries from the shell/console.

Password validation for user manager. Issue #15266

Log widget fast update changes. Fixes #12673

Submitted-By: LouisAtGH @ GitHub

status_interfaces.php: make sure "{}" is expanded by PHP and not be sh

pkg_mgr_install.php: ensure pkg_switch_repo reads latest config

Password management changes. Part of issue #15266

• Add function to determine if a given password is valid for use.
• Revise the self-service password change page to be more user-friendly
  and to handle password validation.
• Leave room for Plus to utilize additional restrictions.

Ensure RO user cannot trigger QinQ operations. Fixes #15318

Ensure RO user cannot trigger VLAN operations. Fixes #15282

While here, fix a problem that prevented a VLAN delete operation that
failed from displaying errors.

More PHP error handling changes. Fixes #15263

• Clean up outdated code/comments
• Change how error messages are formed in different contexts
• Allow warnings to be handled if debugging is enabled
• Fix diag_command.php parsing/handling of error detection and output

Use correct option when removing groups. Fix #15067

While there, add comments for clarity.

Suppress Kea status info w/sample confs. Fixes #14953

Don't add overflow scroll to static navigation menu. Fix #7943

Restores old behavior to the static navigation menu.

Improve input validation for Captive Portal MAC masks

Now rejects decimal masks and masks of size 0.

Support blocking MAC addresses with a mask. Implement #15257

The Captive Portal allows for blocking specific MAC addresses without
using pf rules so a message can be displayed to the client. With this
change, masks can be used to block partial addresses.

Fix some SFP module info fields. Fixes #15112

Text format changed slightly in ifconfig, so regex patterns had to be
changed to match

Add hardware IDs for 4xxx QAT. Implements #15233

Fix IPsec Dual Stack w/any remote. Fixes #15147

status.php: Omit IPsec if inactive. Fixes #15310

Add Kea info to status.php. Implements #14953

While here, change ISC DHCP info header to include "ISC" and only
include those sections if the config files exist.

qinq: remove incorrect config access

Improve Setup Wizard error handling. Fixes #15302

While here, clean up some misc PHP syntax I spotted along the way.

Also made sure all error messages are wrapped in gettext()

Fixup wizard pw to reduce diff against issue #15266

Fix setup wizard WAN form field name. Fixes #15301

Update setup wizard WAN JavaScript. Fixes #15301

Update old fontawesome class reference

Add loader.conf.lua to status.php. Implements #15298

Add EFI boot info to status.php. Implements #15297

Remove unnecessary treegrid files. Implements #15265

Encode PHP error log content before display. Fixes #15264

Change "IP family" to "address family"

Prevent the default gateway group from being deleted. Fix #15248

Show interface subnet details for IPsec Phase 2. Implement #15245

While there, prevent interface subnet selections from
showing for the NAT/BINAT field.

Show system alias popups for rules. Implement #15234

ACB: Validate+encode frequency value. Fixes #15224

Remove failover states using only the gateway label

Interfaces were previously specified since the inbound state needs to
be killed (due to route-to) for the connection to restart on the
preferred gateway. This interrupts connections already established on...

Update gateway recovery text

Show negate option in popup for advanced rule options. Fix #15214

While there, reoder the tag text to read closr to
how rules are processed.

Revert "Show negate option in popup for advanced rule options. Fix #15214"

This reverts commit e933a0230e366faa772686447b530a145af06acf.

Show negate option in popup for advanced rule options. Fix #15214

While there, reoder the tag text to read closr to
how rules are processed.

Add scroll when nagivating menus overlfow. Fix #7943

Kill states on gateway failover recovery. Implement #855

Sync generated gateways to config. Fix #12920