Clean up, organize, and expand the info presented by status.php. Save the output to individual text files and compress them into a .tgz for later download.
Also sanitize OpenVPN static/tls keys in status.php
Setup Wizard can result in invalid LAN DHCP pool calculation
1) consider where the LAN IP is in the subnet range and then put theDHCP pool in the biggest remaining segment, either above or below.2) Check the size of the available segment. If it is reasonably big then...
Improve setup wizard host name check
Redmine #4712It seems good enough to make the regex strings here be "reasonable". The full checks are done after pressing Next and the correct routines are called that do an exhaustive check. There seems not much point in trying to re-engineer all that here also....
Minor wizard text fixups
Supply current WAN gateway name to wizard
As the name of the WAN gateway is not always WANGW.Should fix redmine #4713
Clarify DNS Forwarder and Resolver both apply in these places. partially Ticket #3730
Allow option to specify just 1 of user and pass in OpenVPN .up file
As per comment in https://redmine.pfsense.org/issues/3633 sometimes theserver end only requires a password, no username. Usually 1 long stringthat serves as the hard-to-guess authentication. OpenVPN expects...
remove pointless filter on dhcp static mappings table
Added the Stateless DHCP Dropdown here
Add tracker rule number to dynamic firewall log
Bug #4730 - the code was not there yet.
Call htmlspecialchars() to remove dangerouns chars from zone parameter. Also redirect user to services_captiveportal_zones.php when an invalid zone is passed
Unbalanced td tag in services_dnsmasq
Consistent clear_subsystem_dirty after unbound restart
from services_dhcp.This looks like it is wanting curlies to put all clear_subsytem_dirty inside the "if".
Update/correct wireless status flags and capabilities list.There are many more possible flags, documented on the wiki: https://doc.pfsense.org/index.php/Wireless_Status
Update pkg_edit.php
a) When we are doing combined fields and usecolspan2 is in effect, then usecolspan2 is also a signal that we want to spread the combined fields horizontally in a single row. In that case we want the combined fields to all be in a single "tr" tag enclosing them all. That was already working in that way....
Correct descriptions on Key Rotation and Master Key Regeneration for wireless.
More combinedfields and usecolspan2 fixes
Actually the "tr" tag needs to be a single tag-pair that encloses all of the set of fields with combinedfields specified - combinedfields=begin is where the "tr" tag starts and combinedfields=end is where the "tr" tag ends, enclosing a whole set of combined fields....
Fix tr use for combinedfields in pkg xml
Use correct variable to fix pagination
Fix startingat var name typo in pkp.php
Even with this fix, the code does not make sense. The first test is:if ($startingat > -1)
if it gets into the else, then $startingat must be negative. But the test in the "else" tests for >1 ???
Someone who knows what it really is supposed to do could fix it!
Remove the "insert my MAC" feature from interfaces.php. It hasn't worked in a while (credit sbeaver for noticing), and the only thing it tends to accomplish is breaking people's connectivity from the system where they end up duplicating the MAC of their local system....
Add some curlies in status_rrd_graph_img
These "if data" tests look like they should apply to all 4 lines below them.After sorting out this real-looking issue, I can mess with the rest of the formatting...
Cleanup code logic status_upnp
1) Variable $i is was set, incremented and not used.2) "if preg_match" at line 94 had no curlies after it, so it was only applying to the first line after it ($rdr_proto = ...) It really looks like "if preg_match"should apply to the whole code chunk - settings the various "rdr*" vars and then spitting out the "tr" with the various matches values in the row....
Fix alias rename and delete bug #4701
The old advancedoutbound key in config.xml is now called outbound.
Slash-select should be inside if in load_balancer_pool_edit
otherwise there is an unbalanced slash-select when the else happens (if there are no load-balancer monitors defined)
fixed indent according to the style guide.
Currently pfsense enforces unique unqualified hostnames for static dhcp leases, which is not correct as only the fully qualified hostname (hostname + domainname) must be unique. With this commit the old validation logic for uniqeness is modified such that hostnames no longer need to be unique and at the same time the fully qualified hostname hast to be unique....
Firewall Rules Edit missing slash
This should be the end of a "tr" here.Browsers seem to be forgiving of this stuff - I don't see any difference in rendering in Firefox before or after this change.
Unmatched td in firewall_nat
This file seems to have an unmatched "td" ending. Adding the line here matches the "td" at line 320 and this embraces the little table that has the 4 icons in it in a square that comes at the right hand end of each port-forward entry in the main table....
Call clear_subsystem_dirty('staticmaps') if using Unbound
Encode server name before displaying back to the user.
Fixes #4633 Enable carp packets to flow on the first carp interface creation. This is needed only when the system is booted up without any carp vip configured
Show correct selection for noshuntlan option. Ticket #4655
Add static mapping interface not set when IP in a pool
If the DHCP IP address is in a pool (not in the main DHCP range for the interface) then the interface that corresponds to the IP address is not found. This results in the link to "add static mapping for this MAC address" not having any value for "if=" and thus clicking on the "+" button does not work....
Do not process dhcpd implementation if input errors
If I go to Service->DHCP Server, make some edits that are invalid (e.g. change range start or end to some invalid string) and press Save then the page comes back displaying the input error(s). But it also says:...
Tidy up "services_unbound.php" XHTML
Add missing closing TD tag
Tidy up "status_upnp.php" XHTML
Remove double line from table
Remove the DHCP static lease overlap cleanup and associated function and kill, as it can cause problems with failover scenarios.
Trying to submit a symlink as part of crash reports will cause a failedsubmission. Remove symlinks first. Also properly set user agent whilehere, consistent with others. Fix some style and whitespace too. Ticket
Fix #4640 IPsec Auto-exclude LAN address toggles every time save is pressed.Actually the GUI is displaying the opposite setting to what is in the config. When the user pressed save that opposite setting was saved, but then again it displays the opposite of the opposite...
Implement make bofre break feature avaliable on strongswan 5.3.0 useful for IKEv2. Fixes #4626
Add support for EAP-RADIUS to IKEv2 Mobile Clients (Rel. 2.2)
When deleting a VIP check it is not used by OpenVPN
I noticed this when cleaning up VIPs and OpenVPN server when testing for this forum post https://forum.pfsense.org/index.php?topic=92174.0The system let me delete my test VIP before I deleted the OpenVPN server using, probably not a good thing....
Domain override with multiple authoritative DNS servers
Tell users that this is possible in DNS Resolver and how to achieve it. The code in unbound.inc already supports it and works.I had asked for this in Redmine feature request #4350 and when I went to look at coding to implement it I found code that already did it....
Allow single interface bridges. Useful with span port option, and when shuffling configuration around.
Few minor text typos
Note that advertise is spelt with an "s" in other places in the GUI, somaking it consistent in services_ntpd - but maybe Americans do spell it"advertize" these days?
diag_sockets show sockets listening on localhostthis helps pick a free port for services using sockets bound to localhost, and helps determine if the service has at least started and bound the port without needing to go through all 'connected' sockets as well
Fix up Ticket #4504 implementation. Match config style with other areas. Use a config setting to disable, rather than enable, this functionality since it's enabled by default so the tag isn't necessary in the default config. Remove now unnecessary config upgrade code.
Remove array_intersect_key here too, definitely not needed. add to obsoletedfiles
There is no longer any need to restrict protocols for IPv4+IPv6 rules, the appropriate ruleset is generated and problem scenarios that would otherwise break here are prevented by other input validation.
remove dead code, clean up excess white space a bit.
Fixes #4504 use correct key index
Fixes #4504 Allow the bypass policy for LAN to be enabled and prevent traffic sent to lan ip to go to the ipsec tunnel
Fixes #4259 Use proper variable to do calculations
Add SCTP to protocol list for filtering.
Merge manually pull request #1593
Fix encoding issues in Configuration History list.
Fix a few misc encoding issues in load balancer code.
Fixed minor spelling error
RRD Graph Custom Tab display friendly description
The other tabs of Status:RRD Graphs put the friendly description of each interface into the drop-down list for selection.This change makes the Custom tab do that also.
Status DHCP Leases handle expire never
Note: We can let the code pass "never" (or any other unexpected stuff)to adjust_gmt()adjust_gmt() should anyway handle the case when strtotime() cannotunderstand the input string and thus returns false. In that case we...
Use is_numericint() instead of empty() to check if value has been entered because empty() does not allow 0, which is a valid value.
Make sure 'DHCPv6 Prefix Delegation size' is provided if 'Send IPv6 prefix hint' flag is checked to avoid generating invalid dhcp6c configuration file.
Handle release number in installer
This code just looked wrong. It was considering 10.1-RELEASE-p6 to be release number "1" and comparing it to "9".These changes to do what it seems to intend. This will make that UFS+J stuff appear, if that is of any consequence.
Add option for wireless standard "auto", to omit "mode" entirely from ifconfig. This shouldn't be necessary, but specifying mode has proven to trigger driver problems that don't exist if it's left unspecified (such as FreeBSD PR 198680). Chosing "auto" fixes ath(4) BSS mode issues otherwise preventing it from connecting.
change the location of jquery-ui images in each theme's css file
Cleanup code path when adding a new user
1) Only attempt to delete the oldusername if it actually was non-empty - at the moment errors are logged in the system log when adding a new user, because the code was trying to delete the user name "".2) Call local_user_set() first to create (change, whatever) the user record. This makes the user record exist for a new user. Then call local_user_set_groups() to sort out what groups the user should be in or not in. The existing code would fail to add a new user to the specified group/s because local_user_set_groups() was called too early, before the user actually existed....
Do not allow VLAN tag zero
At the moment you can make a VLAN with tag 0. The input validation does not catch it because when $_POST['tag'] = "0" that evaluates to false by PHP.Always make the checks on 'tag' value whenever the 'tag' key is set at all. If the (required) 'tag' key is not set, then that is already checked for by do_input_validation().
txpower was disabled for good reason it would appear, it triggers syntax errors in some configurations. Disable it again since it's been disabled for years, and comment out the user-facing config portion for now since it doesn't do anything. Ticket #4516
Apply WME input validation to all modes, not just hostap. Ticket #4516
Default to 11ng if an option hasn't been configured. Previously we let the browser pick the first in the list (the first the card reported as available), which ended up being 802.11b. Ticket #4516
Default to WPA2, AES for new wireless interface configs. Ticket #4516
Auto-size the interface box on the bridge edit page.
touch up interfaces.php text
Require WPA PSK where WPA-PSK is enabled. Clean up some other text. Ticket #4516
clean up input errors text
Fix up text, remove "only for Atheros" since the option is only shown if a compatible card exists.
"Auto" channel with hostap doesn't work correctly at the moment, force choosing a specific channel with hostap mode for now.
add more wireless validation. Ticket #4516
Add more validation for wireless config settings. Ticket #4516
Add more input validation for wireless parameters. Ticket #4516
Touch up wifi text
clean up unique IDs text a bit.
Proper fix #4443, do not unset carp entry when content differ, also set correct real interface and use subnet to check IP protocol
Save vip interface and subnet to use to delete old vips from secondary nodes. Fixes #4446
Revert "Use a consistent variable name here. related to Ticket #4446"
This reverts commit 0e7954b8a333d7ca92f56c86c74e2d9d7457b546.
add granular control of state timeouts. Ticket #4509
Remove BEAST protection option since default cipher is now good and works with hifn cards
Fix password box cursor position
Similar tohttps://github.com/pfsense/pfsense/commit/dedc40f7ded5f88aee4720aa8a3a57667b975254The password field shows the little lock icon, but the text input areastarts over the top of the icon and as I type in the field the password...
Pencil symbols
These are places in the GUI where the cursor sits not in the far leftside of the input box and there is odd-looking white space to the leftof the cursor. Normally there would be a little input graphic in thewhite space to the left of the cursor (a pencil, a computer screen, a...
update description after adaptive start/end default change.
Use a consistent variable name here. related to Ticket #4446
Don't enable interfaces_use by default. Add checkbox to enable on Advancedtab, in case there are scenarios where it's desirable. Ticket #4341
Conflicts: etc/inc/vpn.inc
Fixes #4427 Correct traffic shaper wizard to properly save and use Voip provided settings
Fixes #4446 Correct ipalias removal on top of carp during configuration sync.
Allow reassignment from PPP types to DHCP. From testing, it appears to work OK, this input validation appears to be outdated.If there is some edge case that this catches, perhaps it needs to be a more specific test.
Add missing 'break' statement that broke switching from a PPP type to 'none'.
DNS Forwarder Host Override Edit make the pencil symbols appear
In most places in the GUI a little pencil symbol appears before text input fields. For example it already appears for the Host, Domain and Description fields in this very form when you "Enter additional names for this host."...