pfSense

Reserved table names are lower-case

Update related comments while there.

Bump config version

Introduce function to detect and resolve conflicting aliase names

Expose system aliases to the GUI. Implement #1979

Refactor system_alias_info_popup()

It now supports any alias name. Additionally check for html characters.

Refactor get_alias_list()

It now uses CSVs for multiple types instead of an array.

Fix NTP DNS resolution option for pools. Fixes #15552

Merge pull request #4695 from Self-Hosting-Group/remove-interface

UPnP IGD & PCP: Improve descriptions

Improve error message for duplicated aliases

Merge pull request #4696 from lriley2020/edit-menu

Clarify console menu option 0 description. Implement #15705

Merge pull request #4700 from GChuf/sameSiteCookiesAttribute

Add samesite attribute to cookies. Implement #15729

Adjust widget refresh intervals

Now that the refresh interval works as expected, decrease the refresh
frequency to more closely match the previous behavior.

Display correct bandwidth usage. Fix #14933

Merge pull request #4683 from FloFaber/improve_alphabetic_interface_sorting

Allow apex records for Azure DDNS. Implement #10000

Allow apex records for name.com DDNS. Implement #14289

Improve code readability for DDNS checks

Sanitize RFC2136 key data in status output. Fixes #15490

Merge pull request #4699 from GChuf/logWidgetFix

Merge pull request #4698 from GChuf/thermalSensorWidgetImprovement

Merge pull request #4697 from GChuf/WidgetRefreshRework

Refresh widgets at specified intervals. Fix #15725

Remove old code references in thermal widget

Originally removed in https://redmine.pfsense.org/issues/5369

Improve thermal widget refresh code. Implement #15728

Only replace values instead of entire DOM elements.

Display seconds in firewall log widget

Respect user-specified interval for log widget. Fix #15373

Config access regression. Fix #15762

kea: fix service restart shortcut

Clarify error log when omitting gateway from ruleset

Correct Mobile IPSec Attribute IDs. Fix #15755

Fix admin reset password conditions. Fixes #15751

Clean up diffs

dhcp: ensure $pconfig is never null or not an array

rc.bootup: support deferred package installation scripts

kea: filter self-signed certs from TLS options

Print motd-passwd when it exists

Add package hooks plugin_xmlrpc_send plugin_xmlrpc_recv, and plugin_xmlrpc_post_recv

Repeat optimization made for product_name

Save the product name on /etc/product_name at /etc/rc.banner.

This way we do not need to run PHP again on rc.initial to read the product name.

This file is only written if /etc is writeable, if /etc/product_name does not exist the old (and slow) PHP code will run....

ip_range_to_address_array() 32-bit ARM fix. Issue NG #5445

(cherry picked from commit a6ee0ff91086ba153cfd485dc8fb6d72f918d78b)
(cherry picked from commit 0f5485a49ed4da33bf48f1053be3671d7f08dd09)

Identify Azure more accurately.

Gen2 smbios info is indistinguishable between Azure and Hyper-V

Initialize the PHP settings a little bit earlier so PHP is ready for pfSense-upgrade.

Fixes #13726 in more detail (and for 22.05.1).

ddb.conf: fix script length issue

We need to re-arrange things a little to avoid the maximum script length of
128 bytes.

While here also re-order the different commands a little. Present the likely
most useful information first.

Don't unnecessarily remove the config cache

Removing the cache is no longer necessary; the behavior remains the
same without removing the config cache.

Add safety check for alias ID

Add check for empty interface

Callers may call get_real_interface() with an empty interface;
bail early if so.

Tighten DHCP client rules. Fixes #15702

Avoid config access with unknown userid

Handle empty variable

Callers of these functions may send null variabes; bail early if so.

Fix input validation for gateway

Set the working directory before checking unbound config. Fix #15723

Improve localhost DNS checks. Fix #15722

Include GUI logout in auth log. Fix #15719

User logouts do not need to be as loud as user logins. Include
them in the auth log but make them quiet for the console.

Allow adding package menus with different sections

A package may have multiple menus with the same name but
different sections.

Improve thermal widget readability

Add a margin between progress bars and sort sensors.

Theme the progress-bar color in pfSense-dark

Additional safety checks for explode()

See 8c81cad531b1dd43a6514604091b3c4a6932d715

Add config path check when creating a user

Don't do ACB uploads while the system is booting

Fix indentation

Style guide is to indent using tabs.

Fix config paths with leading slash

A single or a leading forwward-slash is not supported.

Skip ppp modem interfaces where appropriate

Refactor automatic EDNS. Fix #15704

The change adds handling for empty active interfaces. Additionally,
support passing an interface list to allow unbound config testing
based on the desired config rather than the currently active config.

Additional safety checks for explode()

See 8c81cad531b1dd43a6514604091b3c4a6932d715

Handle unassigned interfaces in rc.newwanip

Add safety checks for calls to convert_real_interface_to_friendly_interface_name()

The function will return null for unassigned interfaces. Add checks
for this where appropriate.

Filter out empty array values for explode()

Calling explode() with an empty string will return a single-element
array with an empty value. This change filters out empty values
where appropriate - i.e. where it's not already a condition check for
it and the value should not be empty.

Skip ppp modem interfaces where appropriate

This avoids calling e.g. get_real_interface() for a modem device.

Fix returned gateways list

When get_gateways() was introduced, some existing function calls
that were updated to use this new function now get a different
result. This is due to the use of GW_CACHE_ALL which includes
disabled, inactive, and localhost gateways. This change returns the...

Fix checks for mobile IPsec

When mobile is set, it is an empty string and hence should be
checked with isset(). Also make sure the mobile network type
is properly set, otherwise ipsec_idinfo_to_cidr() will not catch it.

Escape only once when printing form fields

Form titles and values are already escaped when printed.

Don't try to configure empty ntpd interfaces

Don't try to configure interface groups without members

kea: allow identical MAC address filters on multiple interfaces. Fixes #15130

Log invalid config path access

Trim name when adding package navigation menus

Remove reference to undefined function

Fix regression when removing interface assignments

Add path safety checks to config access functions

Before the move to config access functions, accessing the global config
array with null keys would lead to errors or null results. An
additional failure case was introduced with the move to config access
functions: null keys may lead to a result from a different path. Check...

Add some config access safety checks

Fix accidental deletion of CAs

$ca does not reference the config at this point - no need to remove it.

Source xml parsing functions in config.lib.inc

config.lib.inc may be sourced without the xml parsing functions being
available first. For example, from auth.inc(31) and config.inc(40).

Revert "Adjust xmlparse.inc require order"

This reverts commit c599e81b822bb8d6c89b3844372b44fcc55808bf.
Revert this in favor of requiring the file within the relevant includes.

Add safety checks to config index variables

If a config path is called with a null index, the result is undefined due to the
config functions ignoring consecutive slashes.

Kill states on both sides during gateway failover

Actually kill states when recovering the default gateway group

Adjust xmlparse.inc require order

XML parsing functions must be available for other includes to use them.
This is most important during boot where config.xml can potentially be
parsed e.g. in config.lib.inc.

Fix saving DHCP6 config with empty interface config

Correct OpenVPN QinQ creation. Fix #15692

Also avoid creating bogus dynamic gateways for QinQ interfaces.

Silence error when checking for dynamic route

If the grep command doesn't find the route, there's no need to log an error.

Don't restart sshguard when the syslogd service is restarted

Config access regression in general setup

Stop sshguard spam in system logs. Fix #12747

Instead of restarting sshguard with each log rotation, keep it running
separately while monitoring the auth log file. This allows sshguard
start/stop events to still be included in the system log without
spamming it. When the log file is rotated by newsyslog, sshguard will...

Introduce parse_config() and init_config_arr() stubs for backwards compatibility

Clarify comment while there.

Minor cleanup

Move to CURLINFO_RESPONSE_CODE

As of cURL 7.10.8, CURLINFO_HTTP_CODE is a legacy alias of
CURLINFO_RESPONSE_CODE.

Fix function declaration in config_read_file()