Fix status_rrd_graph_img.php and also improve it:
- Remove escapeshellarg that broke command line- Only remove dangerous chars to avoid command injection- Replace all `hostname` calls by php_uname('n')- Replace all `date` calls by strftime()- Add $_gb to collect possibly garbage from exec return
Make sure single quotes are encoded and avoid javascript injection
Use CDATA for javascript
Fix indent and whitespaces
Simplify logic, add some protection to user input parameters
Fix whitespaces and indent
We need to allow subdirectories under /usr/local/pkg, here is the proper fix
Protect servicestatusfilter parameter with htmlspecialchars()
Protect rssfeed parameters with htmlspecialchars()
Avoid directory traversal on restorefullbackup
Fix core dump on viewing invalid package log
Remove . and / from pkg name to avoid directory traversal
Remove id=0 from miniupnpd menu and shortcut
Avoid directory traversal when reading package xml files, also check if file exists before try to read it
Make sure variables are escaped, also replace exec calls to run rm by unlink_if_exists()
Remove useless code, variable is set again on next line
Escape parameters passed to shell_exec()
Be more careful with host parameter and make sure it's escaped when call shell functions
Validate starttime and stoptime format
Be more precise to match members of a bridge interface, it should fix #3637
Do not allow interface group name to be bigger than 15 chars, helps ticket #3208
Add some protection to parameters that come through _GET
remove openbgpd bits from system_gateways_edit and system.inc. The packagematch is case-sensitive and hasn't matched the openbgpd package's name inat least 5 years, so it doesn't do anything. It's far from functional inany useful manner even fixing that issue.
Unset iflist and iflist_disabled
Show disabled interface when it was already part of interface group, it avoids to show a random interface instead and let user to add it by mistake. It should fix #3680
add guiconfig to widgets not including it. ticket #3498
remove text not relevant to Allowed IPs. Ticket #3594
Merge pull request #1131 from razzfazz/make_upnp_listen_on_if_optional
Merge pull request #1130 from razzfazz/status_upnp_int_port
Fix #3646, Revert part of 082c9d961e and fix highlight selected rules
make listening on interface rather than IP optional for miniupnp
add column for internal port on UPnP status page
Fix Bug #3627 Diagnostics: Tables - Remove button dont work after update to PfSense 2.1.2
This annoyed me also, so I thought it worth finding what changes exactly broke this.del_entry was broken on 2.1 branch by https://github.com/pfsense/pfsense/commit/fe3088b965a99772e76622d17ceae87288471edc...
Check the right field here
Unbreak 'add rule on top of the list' allowing after param to be -1
Move clog from /usr to /usr/local
Conflicts: etc/inc/filter_log.inc etc/inc/system.inc etc/rc usr/local/www/guiconfig.inc
make miniupnpd listen on interface instead of IP
The 'listening_ip' option in miniupnpd.conf can accept an interface namedirectly instead of having to translate it to an IPv4 address first. (This isactually required if IPv6 support is enabled.)
Don't refuse to delete a bridge in the GUI just because its bridge interface doesn't exist, just log that it doesn't exist and don't attempt to ifconfig destroy it, delete it from config
Remove problematic code without proper checks but even not needed here
List GWGs in Interface to send update from
Back-port of this fix done in master https://github.com/pfsense/pfsense/commit/31300a95f71b14dcb98c139388205223a36e8c8b and https://github.com/pfsense/pfsense/commit/8f56dd279432c4fd5a027310622e2650822e4651Unfortunately this never got back-merged to 2.1 branch. A user on the forum noticed the issue again on 2.1.1 - https://forum.pfsense.org/index.php?topic=74922.0...
Use an alphanumeric test rather than purely is_numericint because the ID is generated by uniqid and is not purely numeric. Fixes #3591
fixes Bug #3569
On packages that uses row_helper when user clicks on add or delete button, the page scrolls to top.It seems something with ajaxhttp://stackoverflow.com/questions/1061580/jquery-click-on-anchor-element-forces-scroll-to-top
A simple return false after jquery action fixes the unwanted scroll.
Fix #3555, on chrome it is not initializing correct minutes when adding a new time, just drop unused php variables and set it on js
Revert "XHTML Compliance"
This commit broke schedules edit, it should fix #3555.
This reverts commit e1002cd2724869eabdfe1f9258d4522d572722e4.
Handle the reinstallall case with confirmation. Fixes #3548
Fix days and weeks selection on schedules, reported at https://forum.pfsense.org/index.php?topic=74101.0
Only consider javascript files that ends with .js
Detect Zones and Cores for thermal sensors using regex, it fixes #3337
remove unused supportedbybsdperimeter tag
s/BSDP/ESF/
Automatic outbound NAT rules skip openvpn interfaces, lets skip them when creating the first set of manual rules too. It fixes #3528
standardize URLs
standardize on https://www.pfsense.org
standardize pfsense.com references to https://www.pfsense.org
fix white space
s/http/https/ for www.pfsense.org
Fix #3521, show correct field descr
fix text, remove product_website mentions here since that's not actually used anyway.
Use descr prepended to voucher fields containing descriptions to have them encoded as CDATA. Fixes #3441
Improve checks for params 'id', 'dup' and other similar ones to make sure they are numeric integer, also, pass them through htmlspecialchars() before print
Validate rule Advanced Options numeric entries
version of pull request #1021 for 2.1 branch
Pass id variable through htmlspecialchars before print it
Make Firewall Rules Advanced Options open if used - 2.1 branch
This is the same code as pull request 997 but for 2.1 branch
Merge pull request #991 from phil-davis/RELENG_2_1
Return GWG IP protocol (version) when no gateway IP - 2.1 version
Fix order of parameters to explode() here
Fix OpenVPN XML section name
Forum https://forum.pfsense.org/index.php?topic=73479.0
Merge pull request #1004 from phil-davis/patch-3
Add all advanced options to rule table hover text on 2.1 branch
XHTML Compliance
Services - DNS Forwarder
Services - DHCP Server
Diagnostics - Packet Capture
Diagnostics - Tables
VPN - PPTP - Users
VPN - PPTP - Configuration
VPN - PPPOE
VPN - L2TP - Users
VPN - L2TP - Configuration
VPN - IPsec - Pre-Shared Keys
Bug #3512
VPN - IPsec - Mobile Clients
Properly use key here.
Skip input validation when choosing an existing certificate, it should fix #3505
Remove unecessary quotes
VPN - IPsec - Tunnels
Couple Corrections
Table Cell Close LocationStyle Border Typo
VPN - OpenVPN - Client Specific Overrides
VPN - OpenVPN - Client
Merge pull request #993 from N0YB/RELENG_2_1
Remove alert confirmation to delete a package, today user need to confirm twice
VPN - OpenVPN - Server
Validate if src OR dst have IP address set when protocol is IPv4+v6. Fixes #3499
Firewall - Traffic Shaper
Firewall - Schedules - Edit
Firewall - Aliases - Edit
Merge pull request #987 from N0YB/RELENG_2_1
Firewall - NAT - Npt - Edit
Add an option to verify peers_identifier when it's ASN.1 distinguished name. It should fix #2904
Tidy up GWG dropdown selection tests
Tested this making a new rule, and editing existing IPv4, IPv6 and IPv4+Ipv6 rules, and switching the IP version on an existing rule. Seems to work!