Replace GET by POST, it fixes #3833
Hide FreeBSD version from sshd banner. It fixes #3840
Do not reconfigure dhcpd twice on secondary after config sync. Fixes #3797
Alias name cannot have more than 31 chars, add maxlength here just as an extra check. Ticket #3827
pgrep parameters are out of order and it also needs -a to find sshd. While I'm here, simplify sh syntax and prevent noise to be printed if pid file doesn't exist
delete the dhcpd.pid file before starting dhcpd. Fixes bug where on rare occasions a stale PID file could prevent dhcpd from starting until it's manually deleted.
use pgrep here instead, previous way could wrongly show SSH as enabled where it isn't.
Fix text description for interface mismatch, fixes #3820
Merge branch 'RELENG_2_1' of git.pfmechanics.com:pfsense/pfsense into RELENG_2_1
fix top nav to fit gold in non-default themes
non-css parts of gold menu
fix spacing in pfsense_ng topnav
Ensure this is always an array to avoid a PHP error from foreach.
Bump version to 2.1.5
Added filter.so to list of extensions loaded for filter_var() support.
Do not reset source and destination port range values when it's an associated rule created by nat port forward. It fixes #3778
Move dhcp6c log to dhcpd.log, it fixes #3799
Fix #3798 - 'IPsec phase 2 pinghost is not used if the source IP should be a virtual IP address'
Avoid generating an invalid racoon config if the user specified a mobile pool that is too small.
Avoid a "Cannot use string offset as an array" error if the packages section of the config is missing.
Require click-through POST confirmation when restoring or deleting a configuation from the backup history page.
Remove javascript alert DNS resolution action from the firewall log view. It was already removed from 2.2, and it's better not to allow a GET action to perform that action.
Do not execute on GET, only pre-fill Host box so the user can press the button to execute. Turn alias creation links into submit buttons for POST. While here, remove some backticks and simplify a little.
Shorten the wait at "reload" in startup wizard to 5 seconds from 60. That's more than adequate for current systems, no need to make people sit there for 1 minute. Many likely click out via the logo and miss the last screen entirely.
Per the dhcpd.conf man page and other documentation from ISC, mclt must not be defined on the secondary.
Encode interface/VIP descriptions before displaying them on the GRE and GIF pages also;While here, the GRE page was missing IP aliases from its list of bind IPs, add it in.
Encode interface/VIP descriptions before displaying them on the NTP daemon settings.
Encode the detail field of an alias entry before displaying its contents back to the user.
Escape the individual dnsmasq advanced/custom options
Fix input validation logic on diag_testport.php, escape more shell arguments for good measure
Allow hostnames in bulk import since they are valid entries in a network type alias.
no () around qlength here
Change Cancel button to call history.back() as done in Firewall Rules, the current method has issues with IE 11, it should fix #3728
qlimit must be included here
Avoid reseting firewall hostname by WAN DHCP. It should fix #3746
use HTTPS for dyndns providers that support it
Fix #3725:
- Fix match_filter_field() and also simplify logic- Fix $filterfieldsarray initialization- Avoid to have double spaces on filterfieldsarray['act']- Fix filter on Firewall Logs
Merge pull request #1244 from phil-davis/patch-11
Fix a regression introduced on 8d6c5f6621 that broke CARP+IP alias
Handle no dhcpd settings when upgrading
This minor fix was in master but not 2.1 branch. I noticed the warning message when doing a fresh install/test of 2.1.4-release. It prevents the warning message:Warning: Invalid argument supplied for foreach() in /etc/inc/upgrade_config.inc on line 3153...
Only include a scheduled rule if it is strictly before the end time
The exact moment of the end time is the end of the schedule. We do not want to include a rule when filter_configure_sync wakes up at 00:15:00 etc and is on a not-slow system that processes this code during the interval 00:15:00 to 00:15:01. This should help intermittent issues with schedules not finishing at the appropriate 15-minute boundary. Might help or fix #3558
Remove extra data after space and fix pf rule syntax. It should fix #3688
Merge pull request #1208 from razzfazz/nat_add_missing_protocols
Remove also . and / from graph
Fix status_rrd_graph_img.php and also improve it:
- Remove escapeshellarg that broke command line- Only remove dangerous chars to avoid command injection- Replace all `hostname` calls by php_uname('n')- Replace all `date` calls by strftime()- Add $_gb to collect possibly garbage from exec return
Make sure single quotes are encoded and avoid javascript injection
Use CDATA for javascript
Fix indent and whitespaces
Simplify logic, add some protection to user input parameters
Fix whitespaces and indent
We need to allow subdirectories under /usr/local/pkg, here is the proper fix
Set 'Disable webConfigurator login autocomplete' as on by default
Always set httponly attribute on cookies
Protect servicestatusfilter parameter with htmlspecialchars()
Protect rssfeed parameters with htmlspecialchars()
Add comment I forgot on last commit
Re-generate session ID on a successful login to avoid session fixation
Avoid directory traversal on restorefullbackup
Fix core dump on viewing invalid package log
Remove . and / from pkg name to avoid directory traversal
Remove id=0 from miniupnpd menu and shortcut
Avoid directory traversal when reading package xml files, also check if file exists before try to read it
Make sure variables are escaped, also replace exec calls to run rm by unlink_if_exists()
Remove useless code, variable is set again on next line
Escape parameters passed to shell_exec()
Be more careful with host parameter and make sure it's escaped when call shell functions
Validate starttime and stoptime format
Do not expire already disabled users, it fixes #3644
Be more precise to match members of a bridge interface, it should fix #3637
Revert "Revert "Fix #3700 and other syntax issues:""
This reverts commit 4cc2ae78d3027c349969437f08a88b1fb88c9de8.
Revert "Fix sh syntax"
This reverts commit cd49f9cd5d21a6592ba690cd315f19266092bee5.
Fix sh syntax
Revert "Fix #3700 and other syntax issues:"
This reverts commit e912bfae186b6b657daf52607f9d027f46be0478.
Fix #3700 and other syntax issues:
- Remove G parameter from pfctl since it doesn't exist anymore Initialize $old_router- Fix sh syntax on variable assign, it couldn't have space before =- Simplify logic- Avoid flush states twice, if it was done on IP change, don't do it...
Do not allow interface group name to be bigger than 15 chars, helps ticket #3208
Escape argument on call to is_process_running too, also remove some unecessary mwexec() calls
Add some protection to parameters that come through _GET
Escape this before running.
Bump version to 2.1.4
Fix #3691, use curl instead of fetch to download update files
allow ipaliases to be configured on lo0
remove openbgpd bits from system_gateways_edit and system.inc. The packagematch is case-sensitive and hasn't matched the openbgpd package's name inat least 5 years, so it doesn't do anything. It's far from functional inany useful manner even fixing that issue.
client-config-dir is also useful when using OpenVPN's internal DHCP while bridging.
Unset iflist and iflist_disabled
Show disabled interface when it was already part of interface group, it avoids to show a random interface instead and let user to add it by mistake. It should fix #3680
Convert protocol ssl:// to https:// when creating http headers
bring protocols on NAT edit page more in line with rule edit page
Properly handle this rename, and squelch errors if it fails.
Delete all ip aliases when interface is disabled, it should fix #3650
fix variable typo. ticket #3669
/etc/version_kernel and /etc/version_base no longer exist, use php_uname to get the info instead.
add guiconfig to widgets not including it. ticket #3498
remove text not relevant to Allowed IPs. Ticket #3594
Merge pull request #1131 from razzfazz/make_upnp_listen_on_if_optional
Merge pull request #1130 from razzfazz/status_upnp_int_port
Fix #3646, Revert part of 082c9d961e and fix highlight selected rules
make listening on interface rather than IP optional for miniupnp
Remove units from burst as it is always specified in bytes. (Per ipfw(8)).Worked for me in testing, I watched a file briefly burst until and then be clamped down to the limiter's rate.
add column for internal port on UPnP status page
Merge the forgotten Ticket #3062 patch for CP pipeno leaking issue which leads to the 'Maximum login reached' on CP