pfSense

Interfaces PPPs edit avoid foreach() warning

If you go to Interfaces, assign, PPPs, press "+" to add an entry, then press Save without entering anything then you get a warning about the foreach() here.
The is_array() check fixes it.

Fix glob for serial device names

Removing the "." that was in {,.[0-9]} allows it to match /dev/cuau10 and onward.
I added lots of comments on the glob expression, because the format of the glob expression is not the same as an ordinary regex.

Fix adding of VoIP rules from traffic shaper wizard where IP/alias is not
specified.

manual merge of Phil Davis pull request, commit b45537f75b24bc323987094e459db7b2f75aa405

Fix dashboard hardware crypto display where AES-NI is enabled. Ticket

Don't check whether the QinQ interface exists when deleting. Unnecessarily
makes QinQ un-deletable where the parent interface no longer exists
(removed, config restored from diff hardware, etc.).

Fix put static route destination in config change description

When enabling or disabling a route by using the enable/disable button on the Routes page, the destination network was not being put in the config change description, although the code intended it to be there....

Encode ca descr in system_camanager.php

Encode ca/cert descr in system_certmanager.php

Encode ca/cert/crl descr in system_crlmanager.php

Encode ca/cert descr in vpn_openvpn_server.php

Encode ca/cert descr in vpn_openvpn_client.php

Encode ca/cert descr in vpn_ipsec_phase1.php

Encode ca/cert descr in system_authservers.php

Encode ca/cert descr in system_usermanager.php

Encode cert/ca descr in system_advanced_admin.php

Encode cert/ca descr in services_captiveportal.php

Encode ca/cert info in openvpn_wizard.inc

Add semicolon

Fix delete Java Script to match valid HTML ID

XHTML Compliance

html id's not permitted to begin with a number.
html id's not permitted to contain '/'
add prefix (entry_) and replace slash with hyphen.
table entry id format becomes: entry_<ip address>-<cidr>
replacing the format: <ip address>/<cidr>
does not change the displayed format.

Move pt_BR translation from ISO to UTF-8

Move pt_BR directory, it's moving from ISO to UTF-8

Ticket #4746 Correctly set global variables to be used by hostnames cod epaths

Add a GUI field to increase the pf frag entries limit. Fixes ticket #4775

Say what is happening when reinstalling package GUI XML

At the confirmation dialog after pressing the "Reinstall XML" button, the text does not distinguish between having pressed "Reinstall the whole package" and "Reinstall the GUI/XML". It would be nice if the text of this confirmation allowed the user to be confident about which button they had just pushed, before confirming the action....

Remove load_balancer_relay_* -- They are not used, not linked, not functional, not maintained, and have potential security issues.

Why is break missing for reinstallxml

I thought that "reinstallxml" should do less than "reinstallpkg" but actually it was getting stuff here, then falling through "reinstalpkg" which did delete_package_xml and then install_pkg, which got the files a 2nd time and......

Encoding in services_unbound_advanced.php

Encoding in system_advanced_sysctl.php

Encoding in interfaces.php

Encoding in services_unbound.php

Encoding in pkg_mgr_settings.php

Encoding in system_advanced_admin.php

Encoding in interfaces_ppps_edit.php

Encoding in diag_packet_capture.php

Encoding in interfaces_qinq_edit.php

Encoding in services_dnsmasq.php

Encoding in vpn_ipsec_settings.php

More encoding

Fix some low-hanging potential security issues.

Be more careful with encoding on pages that use single quotes around HTML attributes

Additional encoding for system_advanced_misc.php

Protect single quotes as well to prevent JS injection, due to the way this page uses single quotes for attributes.

Encode parameters in system_advanced_firewall.php before displaying back to the user.

Merge manullay pull/1722

Remove the GUI for the pc-sysinstaller as well and add it to obsoletee files

status_queues missing semi-colon

This really looks like it should have a semi-colon. Somehow the PHP interpreter is not being fussy about it in this context, I guess being followed by the "endif;" keyword the interpreter guesses the previous statement must be done.

Ticket #4655 well manually merge pull/1715. Thanks: Phil

add input validation for proxy URL, port, user.

Ok another round of this which unbreaks input error validation messages

Make this right finally :). Thanks-ti: Phil-davis

Activate the redirection that for some reason got disabled

Ticket #4655 Do not behave against the logic of checkbox and description.

fix checking for overlaps of NAT destination port

Make the host uuid opt-out

Re-generate broken .mo files, it fixes #4705

Remove duplicate message

Clean up, organize, and expand the info presented by status.php. Save the output to individual text files and compress them into a .tgz for later download.

Also sanitize OpenVPN static/tls keys in status.php

Setup Wizard can result in invalid LAN DHCP pool calculation

1) consider where the LAN IP is in the subnet range and then put the
DHCP pool in the biggest remaining segment, either above or below.
2) Check the size of the available segment. If it is reasonably big then...

Improve setup wizard host name check

Redmine #4712
It seems good enough to make the regex strings here be "reasonable". The full checks are done after pressing Next and the correct routines are called that do an exhaustive check. There seems not much point in trying to re-engineer all that here also....

Minor wizard text fixups

Supply current WAN gateway name to wizard

As the name of the WAN gateway is not always WANGW.
Should fix redmine #4713

Clarify DNS Forwarder and Resolver both apply in these places. partially Ticket #3730

Allow option to specify just 1 of user and pass in OpenVPN .up file

As per comment in https://redmine.pfsense.org/issues/3633 sometimes the
server end only requires a password, no username. Usually 1 long string
that serves as the hard-to-guess authentication. OpenVPN expects...

remove pointless filter on dhcp static mappings table

Added the Stateless DHCP Dropdown here

Add tracker rule number to dynamic firewall log

Bug #4730 - the code was not there yet.

Call htmlspecialchars() to remove dangerouns chars from zone parameter. Also redirect user to services_captiveportal_zones.php when an invalid zone is passed

Unbalanced td tag in services_dnsmasq

Consistent clear_subsystem_dirty after unbound restart

from services_dhcp.
This looks like it is wanting curlies to put all clear_subsytem_dirty inside the "if".

Update/correct wireless status flags and capabilities list.
There are many more possible flags, documented on the wiki: https://doc.pfsense.org/index.php/Wireless_Status

Update pkg_edit.php

a) When we are doing combined fields and usecolspan2 is in effect, then usecolspan2 is also a signal that we want to spread the combined fields horizontally in a single row. In that case we want the combined fields to all be in a single "tr" tag enclosing them all. That was already working in that way....

Correct descriptions on Key Rotation and Master Key Regeneration for wireless.

More combinedfields and usecolspan2 fixes

Actually the "tr" tag needs to be a single tag-pair that encloses all of the set of fields with combinedfields specified - combinedfields=begin is where the "tr" tag starts and combinedfields=end is where the "tr" tag ends, enclosing a whole set of combined fields....

Fix tr use for combinedfields in pkg xml

Use correct variable to fix pagination

Fix startingat var name typo in pkp.php

Even with this fix, the code does not make sense. The first test is:
if ($startingat > -1)

if it gets into the else, then $startingat must be negative. But the test in the "else" tests for >1 ???

Someone who knows what it really is supposed to do could fix it!

Remove the "insert my MAC" feature from interfaces.php. It hasn't worked in a while (credit sbeaver for noticing), and the only thing it tends to accomplish is breaking people's connectivity from the system where they end up duplicating the MAC of their local system....

Add some curlies in status_rrd_graph_img

These "if data" tests look like they should apply to all 4 lines below them.
After sorting out this real-looking issue, I can mess with the rest of the formatting...

Cleanup code logic status_upnp

1) Variable $i is was set, incremented and not used.
2) "if preg_match" at line 94 had no curlies after it, so it was only applying to the first line after it ($rdr_proto = ...) It really looks like "if preg_match"should apply to the whole code chunk - settings the various "rdr*" vars and then spitting out the "tr" with the various matches values in the row....

Fix alias rename and delete bug #4701

The old advancedoutbound key in config.xml is now called outbound.

Slash-select should be inside if in load_balancer_pool_edit

otherwise there is an unbalanced slash-select when the else happens (if there are no load-balancer monitors defined)

fixed indent according to the style guide.

Currently pfsense enforces unique unqualified hostnames for static dhcp leases, which is not correct as only the fully qualified hostname (hostname + domainname) must be unique. With this commit the old validation logic for uniqeness is modified such that hostnames no longer need to be unique and at the same time the fully qualified hostname hast to be unique....

Firewall Rules Edit missing slash

This should be the end of a "tr" here.
Browsers seem to be forgiving of this stuff - I don't see any difference in rendering in Firefox before or after this change.

Unmatched td in firewall_nat

This file seems to have an unmatched "td" ending. Adding the line here matches the "td" at line 320 and this embraces the little table that has the 4 icons in it in a square that comes at the right hand end of each port-forward entry in the main table....

Call clear_subsystem_dirty('staticmaps') if using Unbound

Encode server name before displaying back to the user.

Fixes #4633 Enable carp packets to flow on the first carp interface creation. This is needed only when the system is booted up without any carp vip configured

Ticket #4131 before formatting the mac extract the needed statistics from below

Show correct selection for noshuntlan option. Ticket #4655

Add static mapping interface not set when IP in a pool

If the DHCP IP address is in a pool (not in the main DHCP range for the interface) then the interface that corresponds to the IP address is not found. This results in the link to "add static mapping for this MAC address" not having any value for "if=" and thus clicking on the "+" button does not work....

Do not process dhcpd implementation if input errors

If I go to Service->DHCP Server, make some edits that are invalid (e.g. change range start or end to some invalid string) and press Save then the page comes back displaying the input error(s). But it also says:...

Tidy up "services_unbound.php" XHTML

Add missing closing TD tag

Tidy up "status_upnp.php" XHTML

Remove double line from table

Remove the DHCP static lease overlap cleanup and associated function and kill, as it can cause problems with failover scenarios.

Trying to submit a symlink as part of crash reports will cause a failed
submission. Remove symlinks first. Also properly set user agent while
here, consistent with others. Fix some style and whitespace too. Ticket

Fix #4640 IPsec Auto-exclude LAN address toggles every time save is pressed.
Actually the GUI is displaying the opposite setting to what is in the config. When the user pressed save that opposite setting was saved, but then again it displays the opposite of the opposite...

Implement make bofre break feature avaliable on strongswan 5.3.0 useful for IKEv2. Fixes #4626