Erik Fonnesbeck
b8d4d7cdc5
Handling this properly when the web gui is on an alternate port number.
2010-11-18 00:23:41 -07:00
Erik Fonnesbeck
6898927f4f
Make this check more general in case someone makes a wizard that changes an opt interface's IP address and wants to use the "Reload in progress" step. Ticket #455
2010-11-17 20:00:05 -07:00
jim-p
9c37f8cdc5
Properly reflect ports in the GUI view of the anti-lockout rule since Ermal's changes restricted it to only ssh/gui ports.
2010-11-17 19:37:24 -05:00
jim-p
916ee7453e
Show CRL download link only for imported certificates or CRLs with revoked certificates.
2010-11-17 19:16:45 -05:00
jim-p
304af9d8ef
Some CRL fixes.
2010-11-17 19:12:15 -05:00
Ermal
4c3d9312e8
Ticket #1017 . Put a @ before each fwrite to silence errors. Also setup the log file in the beginning rather than on each individual function.
2010-11-17 19:47:01 +00:00
Ermal
1ae5c631e8
Resolves #1018 . Provide a more unique host name for the file.
2010-11-17 19:36:32 +00:00
Erik Fonnesbeck
a219c64325
Add workaround for referrer check to not be triggered on the previous IP address when redirected by the setup wizard.
2010-11-17 08:35:30 -07:00
Erik Fonnesbeck
fd7f136b26
Redirect to the correct IP at the end of the setup wizard if accessing it on an IP address that was changed. Fixes #455
2010-11-17 07:01:19 -07:00
jim-p
b450c94e17
Fix typo in comment.
2010-11-16 23:47:56 -05:00
Erik Fonnesbeck
f02f0675cc
Ensure this is an array before entering the foreach loop. Fixes #1012
2010-11-16 18:38:44 -07:00
Ermal
7b22832377
Avoid exec() and use php calls.
2010-11-16 22:38:49 +00:00
Ermal
fcf92daec2
* Use pkg_info -E pkgname* for testing if a package is installed.
...
* Do not call eval if we cannot include an .inc file since that will make the whole script fail.
* Keep the log from the start to the end without overwriting. This makes debugging and problem reporting easy and explains what is done during installation.
* Check retrun value of download_with_progress_bar to make it possible catching errors during download.
* Lots of improvements in between
Related to Ticket #950
2010-11-16 19:40:20 +00:00
Scott Ullrich
99b1cc43b3
Disable CSRF checks on the backup page.
2010-11-15 14:16:54 -05:00
Scott Ullrich
64ec1ddf35
Add nocsrf flag
2010-11-14 14:46:35 -05:00
jim-p
364ecdd1ba
Fix misnamed form field on CRL import.
2010-11-14 14:29:26 -05:00
Erik Fonnesbeck
fbd96b06f5
Fix variable names. Ticket #954
2010-11-14 07:55:31 -07:00
Erik Fonnesbeck
bd32ac6cf1
Fix case of variable name for swap usage. Ticket #477
2010-11-14 06:59:41 -07:00
Scott Ullrich
ac50365306
Open link in new tab/window
2010-11-13 19:38:46 -05:00
Erik Fonnesbeck
bddc88183a
Form image buttons are submit buttons and thus default buttons, causing unwanted behavior with the enter key. Use links instead, where possible.
2010-11-12 22:44:11 -07:00
Erik Fonnesbeck
6f7a997828
Add style to rowhelper normal text fields in packages for consistency.
2010-11-12 20:05:15 -07:00
Scott Ullrich
83fcd140dd
CSRF startup code has been moved to guiconfig.inc
2010-11-12 18:34:51 -05:00
Scott Ullrich
fafd303ea9
Unbreak AJAX
2010-11-12 18:30:43 -05:00
Scott Ullrich
c895ab7b9d
Misc XSS fixes
2010-11-12 16:05:47 -05:00
jim-p
2bf0ada5ed
Protect against XSS by someone broadcasting an HTML SSID... (better to be safe...)
2010-11-12 12:29:53 -05:00
jim-p
f01d8c4951
One more potential XSS vector. Not sure how it would have text injected here, but better safe than sorry.
2010-11-12 12:15:14 -05:00
jim-p
060d4c5ec0
More notice XSS fixes.
2010-11-12 12:02:44 -05:00
Scott Ullrich
dd5bf424c1
Fix XSS issues
2010-11-12 11:36:20 -05:00
jim-p
190d5d5814
Fix XSS in notices.
2010-11-12 11:29:25 -05:00
Scott Ullrich
225a2f0b46
Bring in XSS id fixes from m0n0wall
2010-11-12 11:03:51 -05:00
Erik Fonnesbeck
19310a561a
Clarify these descriptions a bit more on 1:1 edit.
2010-11-12 02:17:29 -07:00
Scott Ullrich
a2f38ac4d4
Handle AJAX
2010-11-11 09:17:56 -05:00
Warren Baker
6f567a593d
NiftyCheck already included in bottom-loader.js otherwise div mainarea gets rounded twice.
2010-11-11 12:51:56 +02:00
Erik Fonnesbeck
cb53651f67
Small rework of code for applying drag and drop reordering of rules and some extra checks added to fix some potential bugs. Ticket #878
...
Also minimizes the extent of the changes performed (useful when comparing config.xml files from before and after).
2010-11-11 02:24:04 -07:00
Erik Fonnesbeck
a5ebdeff92
Fix handling of floating rules in the drag and drop reordering code. Fix for part of ticket #878
2010-11-11 00:51:24 -07:00
Erik Fonnesbeck
baaa8bb142
Move this function to allow removing it from easyrule.
2010-11-10 22:58:30 -07:00
Erik Fonnesbeck
88bc276013
Fix filter_rules_sort's compare function to know about floating rules so it won't change their order.
2010-11-10 22:43:08 -07:00
Erik Fonnesbeck
ea57ccb86b
Use this sort before saving, so the rule just added is sorted into the proper category like the rest.
2010-11-10 21:27:24 -07:00
Scott Ullrich
ce2078f7d0
Unbreak graphs
2010-11-10 23:14:31 -05:00
jim-p
2b30323ef3
Copy logic for when to show the cellular tab from status_rrd_graph.php. Fixes #714
2010-11-10 21:56:12 -05:00
Erik Fonnesbeck
fa6c42d05b
Return this field to its old name to prevent a conflict of names and since the code that uses it still refers to it by that name. Issue reported at http://forum.pfsense.org/index.php/topic,29985.0.html
...
This caused the full name field to be ignored when creating a user and prevented making a certificate at the creation of the user (either could still be changed afterward).
2010-11-10 18:30:55 -07:00
jim-p
29f76490d8
Only use escapeshellarg when passing the arguments to the shell. Fixes #1005
2010-11-10 17:22:37 -05:00
Ermal
dd18038e50
* Call get_configured_interface_* functions only once in the code
...
* Optimize the test if the passed interface is a vaild one
* Fix the apply settings to actually do something rather than do nothing at all
* Some style and whitespace fixes
2010-11-10 21:42:46 +00:00
Scott Ullrich
612fa5724a
Note that this textbox controls HTTP_REFERER hostname checks as well
2010-11-10 12:25:05 -05:00
Scott Ullrich
4fe9c2dcf1
* Adding function get_configured_ip_addresses() which returns all interfaces and their configured IP address
...
* Add checkbox to System -> Advanced -> Admin for HTTP_REFERER checks
* Add and enforce HTTP_REFERER check if checkbox is not checked.
This will prevent HTML pages from crafting HTML GETs against the web interface and will prevent firewall admins from being "tricked" into clicking on links that may be harmful to their firewall.
2010-11-10 11:56:23 -05:00
Scott Ullrich
daab67a170
Fix misc XSS issues from davey b
2010-11-10 09:49:47 -05:00
Erik Fonnesbeck
f0ce6758e8
Add option to System: Firmware: Settings for running gitsync after installing an update, hidden/disabled if git has not been installed yet.
2010-11-10 03:03:00 -07:00
Scott Ullrich
506f6e90d4
Ensure csrf magic is loaded
2010-11-09 13:07:55 -05:00
Scott Ullrich
034f08e7dd
Fix Misc XSS issues
2010-11-09 11:38:27 -05:00
Scott Ullrich
9b2bc1af9c
Testing csrf-magic
2010-11-09 11:23:49 -05:00