pfSense

Fix checkbox always being unchecked on page load

For the GUI option introduced in #15430

Encode dir names in browser.php. Fixes #15525

Automatically use floating states for IPsec rules. Fix #15430

Avoid configuration loop with LAGG interfaces. Fix #14083

The fix to #9453 introduced a loop when configuring LAGG interfaces.
This happens when interface_lagg_configure() ultimately calls
set_interface_mtu() which also calls interface_lagg_configure(). Since...

Default to an empty array for functions expecting a countable value

Do this for foreach() and count().

Correct default for 'system/acb' in write_config() to empty array instead of null

Update all direct config access with accessor functions

Refactor config upgrade to use config accessors

Use config accessors in traffic shaper functions

Use config accessors in certificate functions

Use config accessors in users and groups functions

Remove potential direct config references when displaying form rows

The first eval() change removes the reference and has no functional
effect given that $pkg_source_txt is not modified. While here, catch
any exceptions as well; before PHP 7, eval() would return false on...

Move to is_platform_booting()

The function platform_booting() is deprecated.

Move from ${var} to {$var}

The use of ${var} has been deprecated since PHP 8.2

Move to date()

The function strftime() is deprecated since PHP 8.2

Move to mb_convert_encoding()

The functions utf8_encode()/utf8_decode() are deprecated since PHP 8.2

Move to str_replace()

The function ereg_replace() is deprecated since PHP 5.3.

Move to preg_match()

The function ereg() is deprecated since PHP 5.3.

Move to foreach()

The function each() is deprecated since PHP 7.2.

Move to password_hash()

Use of crypt() requires a salt since PHP 8.0. Use password_hash() to align with 8ddf2b5.

Remove superfluous argument

The product label was mistakenly separated in 573ec19. Now simply remove it.

Remove superfluous function arguments

Added in 0eae38c

Correctly detect changed settings

Return a value in convert_openvpn_interface_to_friendly_descr()

Calls to this function expect a return value which is then echo'd.

Correctly set duplicates limit in forms

Fix missing variable assignment in 22dbacd

Fix missed changes in f593f80

The argument being removed was previously used to retrieve optX
interfaces; this no longer applies.

Fix missed changes in 0e2bed2

The "level" is determined automatically by the function.

Fix missed changes in c618897

The function parameter was removed since it was not used.

Fix missed changes in 015a482

The IP Protocol is now determined automatically be the function.

Fix missed changes in 2aafa69

The direct value is now used instead of the constant variable.

Fix missed changes in the transition from ipfw to pf

Fix typos and copy/paste issues

Issues found by the PHP linter mostly include typos and usage of
unassigned variables. To address these, traverse the commit history
to determine the intent.

Fix PHP linter issues

Support adding to an array in array_set_path()

- Avoid infinite loop with empty paths.
- Support setting $value to the $arr root.
- If $path contains a trailing forward-slash '/', push $value to the
leaf node; replace the leaf node if it's a scalar.

With pkg switching to curl the format of the auth string has changed

Set correct value when toggling CARP maintenance

Add newlines to crontab proxy variables. Fixes #15502

Correct inconsistent CRL tab names. Fixes #15454

Add boot method to sysinfo widget. Implements #15422

Fix CA trust store custom entries. Fixes #15440

certctl rehash behavior changed, so we need to write the CA files out
differently now so it picks them up.

Fix usermgrpasswd check for non-privileged users. Fixes #15442

Fix resolv.conf logic for DNS Forwarder. Fixes #15434

Update comment

The updated comment matches the actual behavior. Albeit the
variable name is unintuitive, it follows the behavior before the
refactor.

Correct bitwise check when getting a list of gateways. Fix #15399

Fix syntax when moving IPsec P2. Fixes #15384

Use only local notifications when config file cannot be read. Fixes #15157

Set FW log widget min interval to 5. Fixes #12673

Fix syntax error (short open tag)

Fix log widget callback filename. Issue #12673

Improve the messaging used when the upgrade system is busy.

Replace the generic 'error' message by a correct and more clear message.

register_all_installed_packages: introduce option

Reflect config value of ddnsreverse for DHCPv6. Fixes #15118

Disallow hostnames in Kea NTP. Fixes #14991

• If they are in the config.xml data already, do not write them into
  the Kea configuration.
• Do not allow the user to enter them in the GUI

Fix order of Kea boot files. Fixes #15032

Fix variable typo. Fixes #14996

Fix an radvd service status edge case. Fixes #14936

Update the code for consistency.

No functional changes.

Run the pfSense-repoc with the new file names style.

Instrument the upgrade JSON data with more information about errors and failures.

Now, with the proper return code, instead of presenting no data to the user when
the pfSense-upgrade is busy (running in background), explain properly what is
happening.

Add the support to the new pfSense-repoc repository files style.

Keeps the support to the old style, so both versions of pfSense-repoc are supported.

Catch/handle some HTTP errors. Implements #15322

• Catch 50x errors, even from PHP FPM, so users don't end up with a
  blank white screen if an error happens too early in processing.
• Catch 404 errros.
• Handle both with static pages since PHP-FPM may have an issue of its...

Correct empty resolver alias handling. Fixes #14942

Adjust unbound host alias validation. Fixes #14942

Add self-service user pw mgr to menu/tab. Issue #15266

No need to hide this since it's convenient and works well.

While here, make all tab arrays in the user manager consistent.

Fix FW log multiple instance bug. Fixes #15339

Move the mdiff function into pfsense-utils.inc and also rename it so its
purpose is more clear.

Add password check mode to usermgrpasswd. Issue #15266

Console password reset changes. Issue #15266

• Correct menu description as this is the admin user manager account and
  it is not specific to the GUI.
• Clean up code and fix various strings/formatting
• Use the password change script instead of setting a default value so...

More accurate priv check for warning. Issue #15266

Improve user password warning boxes. Issue #15266

- Show warnings for user accounts as well as admin
- Try to send the user to the self-service password
manager page if they have access
- Move the test/error generation to a function so it
is simple to reuse....

Use pw validation function in wizard. Issue #15266

Centralize password hints. Issue #15266

Reduces repetition and makes it easier to maintain.

Fix local auth type match. Issue #15266

User Manager shell scripts. Issue #15266

• usermgrwhoami prints info about the current user from the user manager
  database.
• usermgrpasswd allows root/admin to change passwords for user manager
  entries from the shell/console.

Set a stricter nginx header timeout.

Password validation for user manager. Issue #15266

Log widget fast update changes. Fixes #12673

Submitted-By: LouisAtGH @ GitHub

status_interfaces.php: make sure "{}" is expanded by PHP and not be sh

pkg_mgr_install.php: ensure pkg_switch_repo reads latest config

Password management changes. Part of issue #15266

• Add function to determine if a given password is valid for use.
• Revise the self-service password change page to be more user-friendly
  and to handle password validation.
• Leave room for Plus to utilize additional restrictions.

Ensure RO user cannot trigger QinQ operations. Fixes #15318

Ensure RO user cannot trigger VLAN operations. Fixes #15282

While here, fix a problem that prevented a VLAN delete operation that
failed from displaying errors.

Fix tmpfs RAM disk mount permissions. Fixes #15054

Don't make OpenVPN routes for empty nets. Fixes #14919

Ensure loader.conf.lua is referenced. Fixes #15288

Correct typo. Fixes #14488

Fix PHP extension dir for PHP 8.3. Fixes #14488

More PHP error handling changes. Fixes #15263

• Clean up outdated code/comments
• Change how error messages are formed in different contexts
• Allow warnings to be handled if debugging is enabled
• Fix diag_command.php parsing/handling of error detection and output

Use correct option when removing groups. Fix #15067

While there, add comments for clarity.

Suppress Kea status info w/sample confs. Fixes #14953

Don't add overflow scroll to static navigation menu. Fix #7943

Restores old behavior to the static navigation menu.

Prune old Captive Portal sessions for autoadded MAC. Fix #15299

Use the correct function to delete passthrumac entries. Remove the pipe
check since it's already handled by the function.

Improve input validation for Captive Portal MAC masks

Now rejects decimal masks and masks of size 0.

Support blocking MAC addresses with a mask. Implement #15257

The Captive Portal allows for blocking specific MAC addresses without
using pf rules so a message can be displayed to the client. With this
change, masks can be used to block partial addresses.

Fix some SFP module info fields. Fixes #15112

Text format changed slightly in ifconfig, so regex patterns had to be
changed to match

Add hardware IDs for 4xxx QAT. Implements #15233

Fix IPsec Dual Stack w/any remote. Fixes #15147

status.php: Omit IPsec if inactive. Fixes #15310

Add Kea info to status.php. Implements #14953

While here, change ISC DHCP info header to include "ISC" and only
include those sections if the config files exist.

Use getter/setters for config access in gwlb.inc