pfSense

Add input validation for interface names on firewall_nat_edit.php and fix encoding of the interface name in dst_change. Fixes #7651

Fix handling of the 'type' parameter so it is validated and encoded on diag_table.php. Fixes #7652

Prevent the filename from being used to run XSS in the diag_edit.php file browser. Fixes #7650

Change paid support help link to new support URL

Restore the captive portal feature to view the captive portal page directly from the portal web server. Add this as an additional button so both methods are possible. Fixes #7646

Redact BGP MD5 password/key in status output. Fixes #7642

(cherry picked from commit aa18c5b9b62e110ebf88fbb24c39c2a13813bd89)

Various updates to PR

1) convert echo to print, and add infobox, as requested in PR comments
2) If no identifiable line number, say so
3) EVAL gives an error message format that wasn't picked up, it is now. Test case - enter as the code: eval("X");
4) Warn that EVAL gives a "spurious" "error at line 1" as well, the real error is in the (...). See above test case for this....

add comment
(cherry picked from commit d2d58d6ad1b32e0ccce094bfd247547f353e38ba)

typo
(cherry picked from commit 4711322b4a6ecedba6a4a11c1f7f04ef8427b46e)

If user-entered PHP errors out, display the error line in context to help the user

If the user enters PHP in the command-line page, and it errors out, it's usually a typo or something minor. But the user is left with an error that references a /tmp file which doesn't exist at the point they read the message, a line number that's incorrect, and their input which doesn't display line numbers anyhow....