pfSense

Ticket #1017. Put a @ before each fwrite to silence errors. Also setup the log file in the beginning rather than on each individual function.

Resolves #1018. Provide a more unique host name for the file.

Add workaround for referrer check to not be triggered on the previous IP address when redirected by the setup wizard.

Redirect to the correct IP at the end of the setup wizard if accessing it on an IP address that was changed. Fixes #455

Fix typo in comment.

Ensure this is an array before entering the foreach loop. Fixes #1012

Avoid exec() and use php calls.

• Use pkg_info -E pkgname* for testing if a package is installed.
• Do not call eval if we cannot include an .inc file since that will make the whole script fail.
• Keep the log from the start to the end without overwriting. This makes debugging and problem reporting easy and explains what is done during installation....

Disable CSRF checks on the backup page.

Add nocsrf flag

Fix misnamed form field on CRL import.

Fix variable names. Ticket #954

Fix case of variable name for swap usage. Ticket #477

Open link in new tab/window

Form image buttons are submit buttons and thus default buttons, causing unwanted behavior with the enter key. Use links instead, where possible.

Add style to rowhelper normal text fields in packages for consistency.

CSRF startup code has been moved to guiconfig.inc

Unbreak AJAX

Misc XSS fixes

Protect against XSS by someone broadcasting an HTML SSID... (better to be safe...)

One more potential XSS vector. Not sure how it would have text injected here, but better safe than sorry.

More notice XSS fixes.

Fix XSS issues

Fix XSS in notices.

Bring in XSS id fixes from m0n0wall

Clarify these descriptions a bit more on 1:1 edit.

Handle AJAX

NiftyCheck already included in bottom-loader.js otherwise div mainarea gets rounded twice.

Small rework of code for applying drag and drop reordering of rules and some extra checks added to fix some potential bugs. Ticket #878

Also minimizes the extent of the changes performed (useful when comparing config.xml files from before and after).

Fix handling of floating rules in the drag and drop reordering code. Fix for part of ticket #878

Move this function to allow removing it from easyrule.

Fix filter_rules_sort's compare function to know about floating rules so it won't change their order.

Use this sort before saving, so the rule just added is sorted into the proper category like the rest.

Unbreak graphs

Copy logic for when to show the cellular tab from status_rrd_graph.php. Fixes #714

Return this field to its old name to prevent a conflict of names and since the code that uses it still refers to it by that name. Issue reported at http://forum.pfsense.org/index.php/topic,29985.0.html

This caused the full name field to be ignored when creating a user and prevented making a certificate at the creation of the user (either could still be changed afterward).

Only use escapeshellarg when passing the arguments to the shell. Fixes #1005

• Call get_configured_interface_* functions only once in the code
• Optimize the test if the passed interface is a vaild one
• Fix the apply settings to actually do something rather than do nothing at all
• Some style and whitespace fixes

Note that this textbox controls HTTP_REFERER hostname checks as well

• Adding function get_configured_ip_addresses() which returns all interfaces and their configured IP address
• Add checkbox to System -> Advanced -> Admin for HTTP_REFERER checks
• Add and enforce HTTP_REFERER check if checkbox is not checked.

This will prevent HTML pages from crafting HTML GETs against the web interface and will prevent firewall admins from being "tricked" into clicking on links that may be harmful to their firewall.

Fix misc XSS issues from davey b

Add option to System: Firmware: Settings for running gitsync after installing an update, hidden/disabled if git has not been installed yet.

Ensure csrf magic is loaded

Fix Misc XSS issues

Testing csrf-magic

Add a setting for the data type of values used with DHCP option numbers and input validation for each type. Fixes #962

Add a function type to the field types allowed, to allow more field types without directly adding all of them to row helper.

fix input validation for GRE

Add a button to connect a non-mobile IPsec VPN from Status > IPsec. Sends a ping from a local IP in the p2 subnet (if one exists on the router) to the remote p2 subnet.

Return disabled interfaces as well

Return disabled interfaces as well

Recent move (d32d3970d58683d02f89073103eb595eaa8f395f) of routed/ items required additional files to be updated to reflect correct path.

Do not use sub array

Make sure ipsec is incuded in valid interfaces

Move Note to bottom of page

Show interface description

Interface names should appear as uppercase

Interface names should appear as uppercase

Do not escape strings twice

Misc fixes. Use htmlspecialchars() in more places. Use escaped shell argument.

Interface names should appear as uppercase

Interface names should appear as uppercase

Various CRL fixes.

Interface names should appear as uppercase

Define variable a bit earlier in case its shared

Use get_configured_interface_list() so Ermal does not yell at me :)

Fix misc input validation errors. Move routed/* to same dir as pkg items

Ensure passed interface is valid

Use htmlspecialchars() for santitized output

Ensure that we are working with a proper passed interface..

If the anti-lockout rule is active, show it in the rules list for the LAN interface (or WAN if the interface count is 1, same rules as in filter.inc for putting the rule in the ruleset)

Warn a user when entering the OpenVPN client/server screens that they need a CA/Cert if none exist.

Use addslashes() here to prevent unescaped quotes from causing PHP errors. Fixes advanced/custom options in OpenVPN wizard.

Use a different variable name here to avoid colliding with another of the same name.

Use != here to avoid a potential issue with empty() testing intermediate arrays.

Add a button to the filter reload screen to force a config sync (only shows up if a config sync peer is defined).

Fix saving of off/disabled PPPoE server instances. Fixes #987

Don't show empty user IPsec keys.

Ticket #980. Bring CP widget up to date. Also bind lighty for CP to 127.0.0.1 it should not be accessible otherwise.

Don't use pconfig in a widget, it can cause issues with other widget settings.

CSS changes, fixes misaligned cursor in some password fields. Fixes item 1 in ticket #830

More VPN log fixes, for consistency. Ticket #912

Switch from buttons to tabs, add a mode to view raw mpd logs for each vpn type, and some general cleanup. Fixes #912

Remove these now-obsolete linkup/linkdown scripts.

Fix VPN log page to use the updated log format (again). Ticket #912.

Use a unified vpn-linkup script that detects the type based on interface name.

Show login/logout events for pptp, pppoe server, and l2tp. Could use some work to simplify. Ticket #912.

Add individual linkdown scripts so the service type can be set in the log.

Add service type to vpn log

Sync service status widget code with service status page. Fixes #984

Test for arrays first, should fix #968

Make the change here, too.

Replace \r from custom options otherwise it breaks config.

Fix logging parameters.

Fix pfctl -b parameters to prevent the killing of unintended states.

Fix formatting

Fix this logic.

Ticket #975. Rearrange code a little.

Do not require LDAP search base DN. Requiring this can prevent some valid LDAP configurations from properly authenticating. (See GDD-550841).

Ticket #959: keep local ipalias and proxyarp vip's during a XMLRPC restore