pfSense

Add a mechanism by which the serial port can be forced on always regardless of the config setting. (useful for nano+vga setups)

Fix #2952, escape necessary chars to avoid xss injection

Respect g['tmp_path']

XHTML Compliance

Status DHCP Leases

XHTML Compliance

Create an empty row in tbody if there are no log entries displayed.

XHTML Compliance

Create an empty row in tbody when there are no firewall log entries displayed.

Catch a validation issue reported on the mailing list thread: IPv6 address data validation from: Brian Candler. It prevents putting a subnet in the address field since it then breaks the whole filter generation process

When adding ip aliases on top of carp not in the subnet of the carp configured address but an ip alias of the real interface do not error out but accept this as a valid configuration.

Merge pull request #910 from phil-davis/RELENG_2_1

Releng 2 1 Standardize LAN net display

Standardise LAN net display

Standardise LAN net display

Standardise LAN net display

for 2.1.1

Merge pull request #909 from phil-davis/RELENG_2_1

Releng 2 1 Return all stats when all or remote is selected on Traffic Graph

Reorder Traffic Graph filter options so Local is default

Return all stats when all or remote is selected on Traffic Graph

and make the default query return "Local" traffic.

XHTML Compliance - RRD Graphs

Close input tag

XHTML Compliance - RRD Graphs

Add specific permission for easyrule.

Remove this sort. It's unnecessary and causes problems when editing and saving privileges, it can reorder users and cause edits to the wrong account.

s/http/https/ for doc.pfsense.org

Fix some wrong escapeshellarg() calls

Conflicts:
etc/inc/filter_log.inc
etc/inc/pkg-utils.inc

Simplify logic calling grep less times, as done on mail_reports.inc on 2c6efc9

Use unlink_if_exists or @unlink to avoid PHP errors when file doesn't exist

Conflicts:
usr/local/www/firewall_aliases_edit.php

Merge pull request #901 from Klaws--/patch-2

Added previously missing DSCP VA (requires kernel patch patch submitted ...

Add escapeshellarg() calls on exec parameters. While I'm here, replace some exec() calls by php functions like symlink, copy, unlink, mkdir

Conflicts:
usr/local/www/diag_logs_vpn.php
usr/local/www/firewall_aliases_edit.php
usr/local/www/guiconfig.inc

Fix an obvious typo on var name

Added previously missing DSCP VA (requires kernel patch patch submitted by me)

Merge pull request #897 from N0YB/RELENG_2_1

XHTML Compliance - Status: System logs: Firewall

Update shortcuts.inc

XHTML Compliance
Shortcuts edit link - r/&id/&id

Couple style vertical-align corrections

Include these check boxes.

Really fix #3376

Thanks to Grischa Zengel for spotting the semi-colon at the end of the "if" line that was the real cause. Please also back merge this to 2.1 branch.

XHTML Compliance - Status: System logs: Firewall

An attribute value specification must be an attribute value literal unless SHORTTAG YES is specified
Quote (or escape) the quotes so they show up in the HTML.
Use style where attribute not supported.
Relocate tfoot to supported location and add tbody....

Also make the dialog_output query string option XHTML compliant.

Make select option XHTML compliant for "Number of lines to display".

http://validator.w3.org/check
"SELECTED" is not a member of a group specified for any attribute
<option value="7" SELECTED >7</option>

The name and VI delimiter can be omitted from an attribute specification only if SHORTTAG YES is specified...

Missing a couple table element end tags.

The service status icon (get_service_status_icon) is not always in a table.

So the caller should apply table td element, rather than the function.

Document type does not allow element "td" here <td class="listr" align="center">
The element named above was found in a context where it is not allowed.

Do not list the same CARP ip as an option for Interface

Revert "Fix #3350. Do not destroy an interface when it's being disabled"

Ermal reported issues when changes are made on VLAN parent interface
with this patch. He did other changes and interface_configure() will now
be able to re-create VLAN interface

This reverts commit f70a140fe18cb80012e53f82c268788fbcae5436.

ports ntp moved to sbin, follow

updates to license.php

Should to go master, not RELENG_2_1. Revert "Merge pull request #882 from derelict-pf/cp-nohttpsforwards"

This reverts commit f8d1587b6e2cd8441fa16733a02af25257fc7708, reversing
changes made to 51922cb793b83bf7d22fdaa47205fd59b4d70e87.

Merge pull request #882 from derelict-pf/cp-nohttpsforwards

Add checkbox and logic to disable forwarding HTTPS/SSL (Port 443)

Update reserved_keywords checks to match firewall_aliases_edit

firewall_aliases_import should have the same checks for reserved names as firewall_aliases_edit
This code should really be in a function in a common include file, but which one is the appropriate one?...

Fix display of CIDR/Update Freq in Alias Edit

Fixes #3376. I have no idea what the "^" characters were meant to do, but removing them makes the CIDR/Update Freq value be displayed correctly when editing. Will there be some other side-effect from removing the "^"?

Validate IP address ranges correctly on Alias Bulk Import

The code was there to attempt to validate and implement IP address range lines in Alias Bulk Import e.g.
10.20.0.0-10.21.22.0
should produce a bunch of smaller ranges with appropriate CIDRs.
This fixes the code so IP address ranges actually make it through into the resulting Alias.

Remove not needed code

Make sense of interface mtu handling code. No need to do unneeded operations. This fixes slow boot times and proper handling of mtu for vlans though some work or better model is needed for other interface types.

Delete static route when monitor IP is removed, also save monitor IP even when it's disabled

When WANTIME is empty, there is nothing to do here

test only does integer comparison, use bc to compare float

Save status even if no script is executed

On first run REVIOUSSTATUS doesn't exist, so it cannot be UP or DOWN, invert the logic to fix this. While I'm here, check if file exists before cat it

Fix DHCP lease time display, strftime already convert it to local timezone, so we no need to calc offset

Remove 'deny unknown clients' option from DHCPv6 since it's not supported, it fixes #3364

Avoid dashboard divide by zero errors

Add checkbox and logic to disable forwarding HTTPS/SSL (Port 443)
connections to the captive portal if HTTPS logins is enabled.

Fix saving of voucher sync settings.

Fix vpn_pppoe_get_id and stop duplicating pppoeid for multiple servers, it fixes #2286

Merge pull request #860 from iamzam/RELENG_2_1

Allow setting a default scale type preference for the traffic graphs wid...

Also account for a widget being null/not defined, and not just closed/open.

added missing quotes

thx rbgarga

Allow setting a default scale type preference for the traffic graphs widget

I originally submitted this at https://redmine.pfsense.org/issues/2994
but it seems that is not used for commits now so I am adding it here.
It works great on my box, and I can't see these changes causing any...

Prevent network or broadcast address to be set on interface (console, GUI and wizard). It should fix #3196

Fix #3350. Do not destroy an interface when it's being disabled

One more typo on Alternative Names fill, that was setting type field with $value

Fix a (probably) copy/paste issue that is making all Alternative Names disapear when an input error is detected

Allow an "empty" CRL to be exported, since this is still a valid action.

Fix an issue that changes wrong gateway entry when items are hidden

Many fixes on privileges, ticket #3216:

- Remove unused privilege page-diagnostics-logs-wireless
- Remove duplicated privileges
- Fix limiter-info, pf-info and system-pftop that were using wrong name
- Add privs for services-igmpproxy-edit
- Fix ID for acptiveportal allowedhostnames and editallowedhostnames...

system_camanager init $input_errors so array_push works

Fixes input validation when creating an internal certificate. Reported in forum http://forum.pfsense.org/index.php/topic,68849.0.html

Simplify the code.

No need to worry about the second column, we only need to pad the first one.

Rewrite the display_host_results() function to use spaces instead of
tabs. It does a much better job of aligning the fields in each column
and works in all the browsers, particularly chrome which doesn't
support the tab character.

It still isn't perfect due to the javascript alert() function's...

Call conf_mount_rw before delete user, a better fix for #3294

Prevent a Fall Back Pool from being selected when the DNS protocol is in use. If one is present in the config, ignore it. Fixes #3300

Revert "Define dynamic gateway for GRE interfaces and do not user to define IP address to the interface. Fixes #3280"

Another solution will be implemented

This reverts commit bb6291e0204ffe2828fe9c9425bdae9c8541fe54.

Define dynamic gateway for GRE interfaces and do not user to define IP address to the interface. Fixes #3280

fix typo

Use a more accurate error message, fixes #3282

Add source address selection to syslog settings, so it can work more effectively over a VPN. Fixes #355

Fix #3235

. diag_nanobsd.php:
. Since conf_mount_ro() is always being called, always call
conf_mount_rw to keep refcount correct
. Do not show refcount_read() return when it's -1
. config.lib.inc
. Increment and decrement refcount even if nanobsd_force_rw is set....

Make the RADIUS settings respect the description of the timeout field. If the timeout value is left blank, use 5 seconds, don't print an error.

Make it more explicit that 'update freq.' unit is days

Remove unused variable

Fix priv name

Optimize DHCPv4 lease display online status for static leases. Do not re-parse complete ARP table for each lease, as it can be slow with large ARP tables.

Fix #3283, use jQuery to change attributes based on id

Set id for select elements created dynamicaly created

Limit CIDR choices for IPv4 on GRE interface, fixes #3277

Fix #3273

- When you disable a interface, it destroys vlan interface from system.
Do not report error when interface doesn't exist.
- While I'm here, use pfSense_interface_destroy() instead of ifconfig

Actually there is no reason to set a variable just to use once

Fix #3242 and some code cleanup:

- Only explode '/' and set address_subnet when address is a subnet, it
fixes issue reported at #3242
- While I'm here, do some cleanup on the way addresses are treated
- Remove unecessary variable $tracker, we already have $counter set...

Split SSL/TLS into separate checkboxes so that plaintext connections can be made secured by using STARTTLS. Support for SMTPS connections should probably be done away with in future. Fixes #3180

Fix #3268 - avoid pf table names conflict:

. Create a list of reserved table names for the hardcoded ones
. Use this list to validate aliases and load balance pool names
. Check if alias names don't conflict with LB pool names and vice-versa

added favicon to logged in pages

Replace pfSense with the rebrand

Now that doc.pfsense.org does https and redirects http to https, we may as well send the help links to the https destinations.

Fix display of pools in the LB status widget and on the LB Virtual Server status.

fix pkg_edit.php to show interface description instead of interface name

Patch applied manually. Fixes bug #3245 and old interface names