Projet

Général

Profil

« Précédent | Suivant » 

Révision 08f30320

Ajouté par Renato Botelho il y a presque 10 ans

Change the option for webconfig login autocomplete from opt-in to opt-out, also bump config version and write a function to keep the current status on upgrades

Voir les différences:

etc/inc/authgui.inc
264 264 
					$nifty_background = "#999";
265 265 
					print_info_box(gettext("You are accessing this router by an IP address not configured locally, which may be forwarded by NAT or other means. <br /><br />If you did not setup this forwarding, you may be the target of a man-in-the-middle attack."));
266 266 
				}
267 
				$noautocomplete = isset($config['system']['webgui']['noautocomplete']) ? 'autocomplete="off"' : '';
267 
				$loginautocomplete = isset($config['system']['webgui']['loginautocomplete']) ? '' : 'autocomplete="off"';
268 268 
			?>
269 
			<form id="iform" name="iform" method="post" <?= $noautocomplete ?> action="<?=$_SERVER['SCRIPT_NAME'];?>">
269 
			<form id="iform" name="iform" method="post" <?= $loginautocomplete ?> action="<?=$_SERVER['SCRIPT_NAME'];?>">
270 270 
				<h1>&nbsp;</h1>
271 271 
				<div id="inputerrors"><?=$_SESSION['Login_Error'];?></div>
272 272 
				<p>
etc/inc/globals.inc
73 73 
	"disablecrashreporter" => false,
74 74 
	"crashreporterurl" => "https://crashreporter.pfsense.org/crash_reporter.php",
75 75 
	"debug" => false,
76 
	"latest_config" => "10.7",
76 
	"latest_config" => "10.8",
77 77 
	"nopkg_platforms" => array("cdrom"),
78 78 
	"minimum_ram_warning" => "101",
79 79 
	"minimum_ram_warning_text" => "128 MB",
etc/inc/upgrade_config.inc
3333 3333 
	}
3334 3334 
}
3335 3335 

  		




  
  3336
  
    
function upgrade_107_to_108() {


  		




  
  3337
  
    
	global $config;


  		




  
  3338
  
    

  		




  
  3339
  
    
	if (isset($config['system']['webgui']['noautocomplete']))


  		




  
  3340
  
    
		unset($config['system']['webgui']['noautocomplete']);


  		




  
  3341
  
    
	else


  		




  
  3342
  
    
		$config['system']['webgui']['loginautocomplete'] = true;


  		




  
  3343
  
    
}


  		




  
  3344
  
    

  		




  3336
  3345
  
    
?>


  		












  

    
      usr/local/www/system_advanced_admin.php
    
  





  59
  59
  
    
$pconfig['nodnsrebindcheck'] = isset($config['system']['webgui']['nodnsrebindcheck']);


  		




  60
  60
  
    
$pconfig['nohttpreferercheck'] = isset($config['system']['webgui']['nohttpreferercheck']);


  		




  61
  61
  
    
$pconfig['beast_protection'] = isset($config['system']['webgui']['beast_protection']);


  		




  62
  
  
    
$pconfig['noautocomplete'] = isset($config['system']['webgui']['noautocomplete']);


  		




  
  62
  
    
$pconfig['loginautocomplete'] = isset($config['system']['webgui']['loginautocomplete']);


  		




  63
  63
  
    
$pconfig['althostnames'] = $config['system']['webgui']['althostnames'];


  		




  64
  64
  
    
$pconfig['enableserial'] = $config['system']['enableserial'];


  		




  65
  65
  
    
$pconfig['serialspeed'] = $config['system']['serialspeed'];


  		




  ......




  178
  178
  
    
		else


  		




  179
  179
  
    
			unset($config['system']['webgui']['beast_protection']);


  		




  180
  180
  
    

  		




  181
  
  
    
		if ($_POST['noautocomplete'] == "yes")


  		




  182
  
  
    
			$config['system']['webgui']['noautocomplete'] = true;


  		




  
  181
  
    
		if ($_POST['loginautocomplete'] == "yes")


  		




  
  182
  
    
			$config['system']['webgui']['loginautocomplete'] = true;


  		




  183
  183
  
    
		else


  		




  184
  
  
    
			unset($config['system']['webgui']['noautocomplete']);


  		




  
  184
  
    
			unset($config['system']['webgui']['loginautocomplete']);


  		




  185
  185
  
    

  		




  186
  186
  
    
		if ($_POST['althostnames'])


  		




  187
  187
  
    
			$config['system']['webgui']['althostnames'] = $_POST['althostnames'];


  		




  ......




  404
  404
  
    
							<tr>


  		




  405
  405
  
    
								<td width="22%" valign="top" class="vncell"><?=gettext("WebGUI Login Autocomplete"); ?></td>


  		




  406
  406
  
    
								<td width="78%" class="vtable">


  		




  407
  
  
    
									<input name="noautocomplete" type="checkbox" id="noautocomplete" value="yes" <?php if ($pconfig['noautocomplete']) echo "checked=\"checked\""; ?> />


  		




  408
  
  
    
									<strong><?=gettext("Disable webConfigurator login autocomplete"); ?></strong>


  		




  
  407
  
    
									<input name="loginautocomplete" type="checkbox" id="loginautocomplete" value="yes" <?php if ($pconfig['loginautocomplete']) echo "checked=\"checked\""; ?> />


  		




  
  408
  
    
									<strong><?=gettext("Enable webConfigurator login autocomplete"); ?></strong>


  		




  409
  409
  
    
									<br />


  		




  410
  
  
    
									<?php echo gettext("When this is unchecked, login credentials for the webConfigurator " .


  		




  
  410
  
    
									<?php echo gettext("When this is checked, login credentials for the webConfigurator " .


  		




  411
  411
  
    
									"may be saved by the browser. While convenient, some security standards require this to be disabled. " .


  		




  412
  
  
    
									"Check this box to disable autocomplete on the login form so that browsers will not prompt to save credentials (NOTE: Some browsers do not respect this option). ");


  		




  
  412
  
    
									"Check this box to enable autocomplete on the login form so that browsers will prompt to save credentials (NOTE: Some browsers do not respect this option). ");


  		




  413
  413
  
    
									?>


  		




  414
  414
  
    
								</td>


  		




  415
  415
  
    
							</tr>


  		












Formats disponibles :  Unified diff