Commit Graph

8239 Commits

Author SHA1 Message Date
Erik Fonnesbeck
b8d4d7cdc5 Handling this properly when the web gui is on an alternate port number. 2010-11-18 00:23:41 -07:00
Erik Fonnesbeck
6898927f4f Make this check more general in case someone makes a wizard that changes an opt interface's IP address and wants to use the "Reload in progress" step. Ticket #455 2010-11-17 20:00:05 -07:00
jim-p
9c37f8cdc5 Properly reflect ports in the GUI view of the anti-lockout rule since Ermal's changes restricted it to only ssh/gui ports. 2010-11-17 19:37:24 -05:00
jim-p
916ee7453e Show CRL download link only for imported certificates or CRLs with revoked certificates. 2010-11-17 19:16:45 -05:00
jim-p
304af9d8ef Some CRL fixes. 2010-11-17 19:12:15 -05:00
Ermal
4c3d9312e8 Ticket #1017. Put a @ before each fwrite to silence errors. Also setup the log file in the beginning rather than on each individual function. 2010-11-17 19:47:01 +00:00
Ermal
1ae5c631e8 Resolves #1018. Provide a more unique host name for the file. 2010-11-17 19:36:32 +00:00
Erik Fonnesbeck
a219c64325 Add workaround for referrer check to not be triggered on the previous IP address when redirected by the setup wizard. 2010-11-17 08:35:30 -07:00
Erik Fonnesbeck
fd7f136b26 Redirect to the correct IP at the end of the setup wizard if accessing it on an IP address that was changed. Fixes #455 2010-11-17 07:01:19 -07:00
jim-p
b450c94e17 Fix typo in comment. 2010-11-16 23:47:56 -05:00
Erik Fonnesbeck
f02f0675cc Ensure this is an array before entering the foreach loop. Fixes #1012 2010-11-16 18:38:44 -07:00
Ermal
7b22832377 Avoid exec() and use php calls. 2010-11-16 22:38:49 +00:00
Ermal
fcf92daec2 * Use pkg_info -E pkgname* for testing if a package is installed.
* Do not call eval if we cannot include an .inc file since that will make the whole script fail.
* Keep the log from the start to the end without overwriting. This makes debugging and problem reporting easy and explains what is done during installation.
* Check retrun value of download_with_progress_bar to make it possible catching errors during download.
* Lots of improvements in between

Related to Ticket #950
2010-11-16 19:40:20 +00:00
Scott Ullrich
99b1cc43b3 Disable CSRF checks on the backup page. 2010-11-15 14:16:54 -05:00
Scott Ullrich
64ec1ddf35 Add nocsrf flag 2010-11-14 14:46:35 -05:00
jim-p
364ecdd1ba Fix misnamed form field on CRL import. 2010-11-14 14:29:26 -05:00
Erik Fonnesbeck
fbd96b06f5 Fix variable names. Ticket #954 2010-11-14 07:55:31 -07:00
Erik Fonnesbeck
bd32ac6cf1 Fix case of variable name for swap usage. Ticket #477 2010-11-14 06:59:41 -07:00
Scott Ullrich
ac50365306 Open link in new tab/window 2010-11-13 19:38:46 -05:00
Erik Fonnesbeck
bddc88183a Form image buttons are submit buttons and thus default buttons, causing unwanted behavior with the enter key. Use links instead, where possible. 2010-11-12 22:44:11 -07:00
Erik Fonnesbeck
6f7a997828 Add style to rowhelper normal text fields in packages for consistency. 2010-11-12 20:05:15 -07:00
Scott Ullrich
83fcd140dd CSRF startup code has been moved to guiconfig.inc 2010-11-12 18:34:51 -05:00
Scott Ullrich
fafd303ea9 Unbreak AJAX 2010-11-12 18:30:43 -05:00
Scott Ullrich
c895ab7b9d Misc XSS fixes 2010-11-12 16:05:47 -05:00
jim-p
2bf0ada5ed Protect against XSS by someone broadcasting an HTML SSID... (better to be safe...) 2010-11-12 12:29:53 -05:00
jim-p
f01d8c4951 One more potential XSS vector. Not sure how it would have text injected here, but better safe than sorry. 2010-11-12 12:15:14 -05:00
jim-p
060d4c5ec0 More notice XSS fixes. 2010-11-12 12:02:44 -05:00
Scott Ullrich
dd5bf424c1 Fix XSS issues 2010-11-12 11:36:20 -05:00
jim-p
190d5d5814 Fix XSS in notices. 2010-11-12 11:29:25 -05:00
Scott Ullrich
225a2f0b46 Bring in XSS id fixes from m0n0wall 2010-11-12 11:03:51 -05:00
Erik Fonnesbeck
19310a561a Clarify these descriptions a bit more on 1:1 edit. 2010-11-12 02:17:29 -07:00
Scott Ullrich
a2f38ac4d4 Handle AJAX 2010-11-11 09:17:56 -05:00
Warren Baker
6f567a593d NiftyCheck already included in bottom-loader.js otherwise div mainarea gets rounded twice. 2010-11-11 12:51:56 +02:00
Erik Fonnesbeck
cb53651f67 Small rework of code for applying drag and drop reordering of rules and some extra checks added to fix some potential bugs. Ticket #878
Also minimizes the extent of the changes performed (useful when comparing config.xml files from before and after).
2010-11-11 02:24:04 -07:00
Erik Fonnesbeck
a5ebdeff92 Fix handling of floating rules in the drag and drop reordering code. Fix for part of ticket #878 2010-11-11 00:51:24 -07:00
Erik Fonnesbeck
baaa8bb142 Move this function to allow removing it from easyrule. 2010-11-10 22:58:30 -07:00
Erik Fonnesbeck
88bc276013 Fix filter_rules_sort's compare function to know about floating rules so it won't change their order. 2010-11-10 22:43:08 -07:00
Erik Fonnesbeck
ea57ccb86b Use this sort before saving, so the rule just added is sorted into the proper category like the rest. 2010-11-10 21:27:24 -07:00
Scott Ullrich
ce2078f7d0 Unbreak graphs 2010-11-10 23:14:31 -05:00
jim-p
2b30323ef3 Copy logic for when to show the cellular tab from status_rrd_graph.php. Fixes #714 2010-11-10 21:56:12 -05:00
Erik Fonnesbeck
fa6c42d05b Return this field to its old name to prevent a conflict of names and since the code that uses it still refers to it by that name. Issue reported at http://forum.pfsense.org/index.php/topic,29985.0.html
This caused the full name field to be ignored when creating a user and prevented making a certificate at the creation of the user (either could still be changed afterward).
2010-11-10 18:30:55 -07:00
jim-p
29f76490d8 Only use escapeshellarg when passing the arguments to the shell. Fixes #1005 2010-11-10 17:22:37 -05:00
Ermal
dd18038e50 * Call get_configured_interface_* functions only once in the code
* Optimize the test if the passed interface is a vaild one
* Fix the apply settings to actually do something rather than do nothing at all
* Some style and whitespace fixes
2010-11-10 21:42:46 +00:00
Scott Ullrich
612fa5724a Note that this textbox controls HTTP_REFERER hostname checks as well 2010-11-10 12:25:05 -05:00
Scott Ullrich
4fe9c2dcf1 * Adding function get_configured_ip_addresses() which returns all interfaces and their configured IP address
* Add checkbox to System -> Advanced -> Admin for HTTP_REFERER checks
* Add and enforce HTTP_REFERER check if checkbox is not checked.

This will prevent HTML pages from crafting HTML GETs against the web interface and will prevent firewall admins from being "tricked" into clicking on links that may be harmful to their firewall.
2010-11-10 11:56:23 -05:00
Scott Ullrich
daab67a170 Fix misc XSS issues from davey b 2010-11-10 09:49:47 -05:00
Erik Fonnesbeck
f0ce6758e8 Add option to System: Firmware: Settings for running gitsync after installing an update, hidden/disabled if git has not been installed yet. 2010-11-10 03:03:00 -07:00
Scott Ullrich
506f6e90d4 Ensure csrf magic is loaded 2010-11-09 13:07:55 -05:00
Scott Ullrich
034f08e7dd Fix Misc XSS issues 2010-11-09 11:38:27 -05:00
Scott Ullrich
9b2bc1af9c Testing csrf-magic 2010-11-09 11:23:49 -05:00