diff options
88 files changed, 1449 insertions, 582 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index 4a0c794..80471fe 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -1347,16 +1347,14 @@ function session_auth() { global $config, $_SESSION, $page; // Handle HTTPS httponly and secure flags - if($config['system']['webgui']['protocol'] == "https") { - $currentCookieParams = session_get_cookie_params(); - session_set_cookie_params( - $currentCookieParams["lifetime"], - $currentCookieParams["path"], - NULL, - true, - true - ); - } + $currentCookieParams = session_get_cookie_params(); + session_set_cookie_params( + $currentCookieParams["lifetime"], + $currentCookieParams["path"], + NULL, + ($config['system']['webgui']['protocol'] == "https"), + true + ); if (!session_id()) session_start(); @@ -1366,6 +1364,8 @@ function session_auth() { $authcfg = auth_get_authserver($config['system']['webgui']['authmode']); if (authenticate_user($_POST['usernamefld'], $_POST['passwordfld'], $authcfg) || authenticate_user($_POST['usernamefld'], $_POST['passwordfld'])) { + // Generate a new id to avoid session fixation + session_regenerate_id(); $_SESSION['Logged_In'] = "True"; $_SESSION['Username'] = $_POST['usernamefld']; $_SESSION['last_access'] = time(); @@ -1444,7 +1444,7 @@ function session_auth() { return false; /* redirect to page the user is on, it'll prompt them to login again */ - Header("Location: {$scriptName}"); + header("Location: {$scriptName}"); return false; } diff --git a/etc/inc/authgui.inc b/etc/inc/authgui.inc index 11d4d45..cda6ef3 100644 --- a/etc/inc/authgui.inc +++ b/etc/inc/authgui.inc @@ -264,9 +264,9 @@ $have_cookies = isset($_COOKIE["cookie_test"]); $nifty_background = "#999"; print_info_box(gettext("You are accessing this router by an IP address not configured locally, which may be forwarded by NAT or other means. <br /><br />If you did not setup this forwarding, you may be the target of a man-in-the-middle attack.")); } - $noautocomplete = isset($config['system']['webgui']['noautocomplete']) ? 'autocomplete="off"' : ''; + $loginautocomplete = isset($config['system']['webgui']['loginautocomplete']) ? '' : 'autocomplete="off"'; ?> - <form id="iform" name="iform" method="post" <?= $noautocomplete ?> action="<?=$_SERVER['SCRIPT_NAME'];?>"> + <form id="iform" name="iform" method="post" <?= $loginautocomplete ?> action="<?=$_SERVER['SCRIPT_NAME'];?>"> <h1> </h1> <div id="inputerrors"><?=$_SESSION['Login_Error'];?></div> <p> diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index abd680a..6e00224 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -708,8 +708,8 @@ function captiveportal_prune_old() { $cpentry[2], // clientip $cpentry[3], // clientmac 10); // NAS Request - $_gb = @pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_ZERO_ENTRY_STATS, 1, $cpentry[2], $cpentry[3]); - $_gb = @pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_ZERO_ENTRY_STATS, 2, $cpentry[2], $cpentry[3]); + $_gb = @pfSense_ipfw_Tableaction($cpzoneid, IP_FW_TABLE_XZEROENTRY, 1, $cpentry[2], $cpentry[3]); + $_gb = @pfSense_ipfw_Tableaction($cpzoneid, IP_FW_TABLE_XZEROENTRY, 2, $cpentry[2], $cpentry[3]); RADIUS_ACCOUNTING_START($cpentry[1], // ruleno $cpentry[4], // username $cpentry[5], // sessionid @@ -835,7 +835,7 @@ function captiveportal_prune_old_automac() { /* remove a single client according to the DB entry */ function captiveportal_disconnect($dbent, $radiusservers,$term_cause = 1,$stop_time = null) { - global $g, $config, $cpzone; + global $g, $config, $cpzone, $cpzoneid; $stop_time = (empty($stop_time)) ? time() : $stop_time; @@ -855,8 +855,8 @@ function captiveportal_disconnect($dbent, $radiusservers,$term_cause = 1,$stop_t if (is_ipaddr($dbent[2])) { /* Delete client's ip entry from tables 1 and 2. */ - $_gb = @pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_DEL, 1, $dbent[2], $dbent[3]); - $_gb = @pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_DEL, 2, $dbent[2], $dbent[3]); + $_gb = @pfSense_ipfw_Tableaction($cpzoneid, IP_FW_TABLE_XDEL, 1, $dbent[2], $dbent[3]); + $_gb = @pfSense_ipfw_Tableaction($cpzoneid, IP_FW_TABLE_XDEL, 2, $dbent[2], $dbent[3]); /* XXX: Redundant?! Ensure all pf(4) states are killed. */ $_gb = @pfSense_kill_states($dbent[2]); $_gb = @pfSense_kill_srcstates($dbent[2]); @@ -1951,14 +1951,14 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut $clientsn = (is_ipaddrv6($clientip)) ? 128 : 32; if (!isset($config['captiveportal'][$cpzone]['nomacfilter'])) - $_gb = @pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_ADD, 1, $clientip, $clientsn, $clientmac, $bw_up_pipeno); + $_gb = @pfSense_ipfw_Tableaction($cpzoneid, IP_FW_TABLE_XADD, 1, $clientip, $clientsn, $clientmac, $bw_up_pipeno); else - $_gb = @pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_ADD, 1, $clientip, $clientsn, NULL, $bw_up_pipeno); + $_gb = @pfSense_ipfw_Tableaction($cpzoneid, IP_FW_TABLE_XADD, 1, $clientip, $clientsn, NULL, $bw_up_pipeno); if (!isset($config['captiveportal'][$cpzone]['nomacfilter'])) - $_gb = @pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_ADD, 2, $clientip, $clientsn, $clientmac, $bw_down_pipeno); + $_gb = @pfSense_ipfw_Tableaction($cpzoneid, IP_FW_TABLE_XADD, 2, $clientip, $clientsn, $clientmac, $bw_down_pipeno); else - $_gb = @pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_ADD, 2, $clientip, $clientsn, NULL, $bw_down_pipeno); + $_gb = @pfSense_ipfw_Tableaction($cpzoneid, IP_FW_TABLE_XADD, 2, $clientip, $clientsn, NULL, $bw_down_pipeno); if ($attributes['voucher']) $attributes['session_timeout'] = $remaining_time; diff --git a/etc/inc/certs.inc b/etc/inc/certs.inc index 518bc59..a1397b8 100644 --- a/etc/inc/certs.inc +++ b/etc/inc/certs.inc @@ -449,10 +449,16 @@ function cert_get_issuer($str_crt, $decode = true) { ksort($components); foreach ($components as $a => $v) { - if (!strlen($issuer)) - $issuer = "{$a}={$v}"; - else - $issuer = "{$a}={$v}, {$issuer}"; + if (is_array($v)) { + ksort($v); + foreach ($v as $w) { + $aissuer = "{$a}={$w}"; + $issuer = (strlen($issuer)) ? "{$aissuer}, {$issuer}" : $aissuer; + } + } else { + $aissuer = "{$a}={$v}"; + $issuer = (strlen($issuer)) ? "{$aissuer}, {$issuer}" : $aissuer; + } } return $issuer; diff --git a/etc/inc/config.inc b/etc/inc/config.inc index 790fbc1..7ce4d72 100644 --- a/etc/inc/config.inc +++ b/etc/inc/config.inc @@ -121,7 +121,7 @@ else if ($g['booting'] and !file_exists($g['cf_conf_path'] . "/config.xml") ) { if (strstr($g['platform'], "cdrom")) { /* config is on floppy disk for CD-ROM version */ $cfgdevice = $cfgpartition = "fd0"; - $dmesg = `dmesg -a`; + $_gb = exec('/sbin/dmesg -a', $dmesg); if(preg_match("/da0/", $dmesg) == true) { $cfgdevice = $cfgpartition = "da0" ; if (mwexec("/sbin/mount -r /dev/{$cfgdevice} /cf")) { @@ -137,7 +137,7 @@ else if ($g['booting'] and !file_exists($g['cf_conf_path'] . "/config.xml") ) { } else { if($g['booting']) echo "."; /* probe kernel known disks until we find one with config.xml */ - $disks = explode(" ", trim(preg_replace("/kern.disks: /", "", exec("/sbin/sysctl kern.disks")))); + $disks = explode(" ", trim(exec("/sbin/sysctl -n kern.disks"))); foreach ($disks as $mountdisk) { /* skip mfs mounted filesystems */ if (strstr($mountdisk, "md")) diff --git a/etc/inc/config.lib.inc b/etc/inc/config.lib.inc index 64cbf0a..69a4811 100644 --- a/etc/inc/config.lib.inc +++ b/etc/inc/config.lib.inc @@ -190,13 +190,17 @@ function generate_config_cache($config) { } function discover_last_backup() { - $backups = explode("\n", `cd /cf/conf/backup && ls -ltr *.xml | awk '{print \$9}'`); + $backups = glob('/cf/conf/backup/*.xml'); $last_backup = ""; - foreach($backups as $backup) - if($backup) - $last_backup = $backup; + $last_mtime = 0; + foreach($backups as $backup) { + if(filemtime($backup) > $last_mtime) { + $last_mtime = filemtime($backup); + $last_backup = $backup; + } + } - return $last_backup; + return basename($last_backup); } function restore_backup($file) { diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 6526d44..e0cff7e 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -106,7 +106,7 @@ function flowtable_configure() { else $maxstates = 150000; // nmbflows cpu count * ($maxstates * 2) - $cpus = trim(`/sbin/sysctl -n kern.smp.cpus`, " \n"); + $cpus = trim(exec('/sbin/sysctl -n kern.smp.cpus'), " \n"); $nmbflows = ($cpus*($maxstates*2)); // Flowtable currently only works on 8.0 if(get_freebsd_version() == "8") { diff --git a/etc/inc/filter_log.inc b/etc/inc/filter_log.inc index cddd5d2..6b3e279 100644 --- a/etc/inc/filter_log.inc +++ b/etc/inc/filter_log.inc @@ -81,11 +81,17 @@ function conv_log_filter($logfile, $nentries, $tail = 50, $filtertext = "", $fil return isset($config['syslog']['reverse']) ? $filterlog : array_reverse($filterlog); } +function escape_filter_regex($filtertext) { + /* If the caller (user) has not already put a backslash before a slash, to escape it in the regex, */ + /* then this will do it. Take out any "\/" already there, then turn all ordinary "/" into "\/". */ + return str_replace('/', '\/', str_replace('\/', '/', $filtertext)); +} + function match_filter_line($flent, $filtertext = "") { if (!$filtertext) return true; - $filtertext = str_replace(' ', '\s+', $filtertext); - return preg_match("/{$filtertext}/i", implode(" ", array_values($flent))); + $filtertext = escape_filter_regex(str_replace(' ', '\s+', $filtertext)); + return @preg_match("/{$filtertext}/i", implode(" ", array_values($flent))); } function match_filter_field($flent, $fields) { @@ -95,12 +101,20 @@ function match_filter_field($flent, $fields) { $fields[$field] = substr($fields[$field], 1); if (preg_match("/act/i", $field)) { if ( (in_arrayi($flent[$field], explode(",", str_replace(" ", ",", $fields[$field]))) ) ) return false; - } else if ( (preg_match("/{$fields[$field]}/i", $flent[$field])) ) return false; + } else { + $field_regex = escape_filter_regex($fields[$field]); + if ( (@preg_match("/{$field_regex}/i", $flent[$field])) ) + return false; + } } else { if (preg_match("/act/i", $field)) { if ( !(in_arrayi($flent[$field], explode(",", str_replace(" ", ",", $fields[$field]))) ) ) return false; - } else if ( !(preg_match("/{$fields[$field]}/i", $flent[$field])) ) return false; + } else { + $field_regex = escape_filter_regex($fields[$field]); + if ( !(@preg_match("/{$field_regex}/i", $flent[$field])) ) + return false; + } } } return true; diff --git a/etc/inc/functions.inc b/etc/inc/functions.inc index a86876a..a89aeff 100644 --- a/etc/inc/functions.inc +++ b/etc/inc/functions.inc @@ -66,7 +66,7 @@ if(!function_exists("pfSenseHeader")) { $complete_url = "{$protocol}://{$_SERVER['SERVER_NAME']}{$port}/{$text}"; echo "\ndocument.location.href = '{$complete_url}';\n"; } else { - Header("Location: $text"); + header("Location: $text"); } } } @@ -148,4 +148,4 @@ require_once("certs.inc"); require_once("system.inc"); require_once("vslb.inc"); -?>
\ No newline at end of file +?> diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc index 0a49017..e34a681 100644 --- a/etc/inc/globals.inc +++ b/etc/inc/globals.inc @@ -73,7 +73,7 @@ $g = array( "disablecrashreporter" => false, "crashreporterurl" => "https://crashreporter.pfsense.org/crash_reporter.php", "debug" => false, - "latest_config" => "10.7", + "latest_config" => "10.8", "nopkg_platforms" => array("cdrom"), "minimum_ram_warning" => "101", "minimum_ram_warning_text" => "128 MB", @@ -101,7 +101,7 @@ $tcpflags = array("syn", "ack", "fin", "rst", "psh", "urg", "ece", "cwr"); if(file_exists("/etc/platform")) { $arch = php_uname("m"); /* Do not remove this, it is not needed for the snapshots URL but is needed later for the -RELEASE/stable URLs */ - $arch = ($arch == "i386") ? "" : '/' . $arch; + //$arch = ($arch == "i386") ? "" : '/' . $arch; /* Full installs and NanoBSD use the same update directory and manifest in 2.x */ $g['update_url']="https://snapshots.pfsense.org/FreeBSD_stable/10/{$arch}/pfSense_HEAD/.updaters/"; diff --git a/etc/inc/gmirror.inc b/etc/inc/gmirror.inc new file mode 100644 index 0000000..cd6eb5f --- /dev/null +++ b/etc/inc/gmirror.inc @@ -0,0 +1,314 @@ +<?php +/* + gmirror.inc + Copyright (C) 2009-2014 Jim Pingle + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INClUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +global $balance_methods; +$balance_methods = array("load", "prefer", "round-robin", "split"); + +/* Create a status array for each mirror and its disk components. */ +function gmirror_get_status() { + $status = ""; + exec("/sbin/gmirror status -s", $status); + $mirrors = array(); + + /* Empty output = no mirrors found */ + if (count($status) > 0) { + /* Loop through gmirror status output. */ + foreach ($status as $line) { + /* Split the line by whitespace */ + $all = preg_split("/[\s\t]+/", trim($line), 3); + if (count($all) == 3) { + /* If there are three items on a line, it is mirror name, status, and component */ + $currentmirror = basename($all[0]); + $mirrors[$currentmirror]['name'] = basename($all[0]); + $mirrors[$currentmirror]['status'] = $all[1]; + if (!is_array($mirrors[$currentmirror]['components'])) + $mirrors[$currentmirror]['components'] = array(); + $mirrors[$currentmirror]['components'][] = $all[2]; + } + } + } + /* Return an hash of mirrors and components */ + return $mirrors; +} + +/* Get only status word for a single mirror. */ +function gmirror_get_status_single($mirror) { + $status = ""; + $mirror_status = gmirror_get_status(); + var_dump($mirror_status); + return $mirror_status[$mirror]['status']; +} + +/* Generate an HTML formatted status for mirrors and disks in a small format for the widget */ +function gmirror_html_status() { + $mirrors = gmirror_get_status(); + $output = ""; + if (count($mirrors) > 0) { + $output .= "<tr>\n"; + $output .= "<td width=\"40%\" class=\"vncellt\">Name</td>\n"; + $output .= "<td width=\"40%\" class=\"vncellt\">Status</td>\n"; + $output .= "<td width=\"20%\" class=\"vncellt\">Component</td>\n"; + $output .= "</tr>\n"; + foreach ($mirrors as $mirror => $name) { + $components = count($name["components"]); + $output .= "<tr>\n"; + $output .= "<td width=\"40%\" rowspan=\"{$components}\" class=\"listr\">{$name['name']}</td>\n"; + $output .= "<td width=\"40%\" rowspan=\"{$components}\" class=\"listr\">{$name['status']}</td>\n"; + $output .= "<td width=\"20%\" class=\"listr\">{$name['components'][0]}</td>\n"; + $output .= "</tr>\n"; + if (count($name["components"]) > 1) { + $morecomponents = array_slice($name["components"], 1); + foreach ($morecomponents as $component) { + $output .= "<tr>\n"; + $output .= "<td width=\"20%\" class=\"listr\">{$component}</td>\n"; + $output .= "</tr>\n"; + } + } + } + } else { + $output .= "<tr><td colspan=\"3\" class=\"listr\">No Mirrors Found</td></tr>\n"; + } + // $output .= "<tr><td colspan=\"3\" class=\"listr\">Updated at " . date("F j, Y, g:i:s a") . "</td></tr>\n"; + return $output; +} + +/* List all disks in the system (potential gmirror targets) */ +function gmirror_get_disks() { + $disklist = ""; + /* Get a list of disks in a scriptable way, exclude optical drives */ + exec("/sbin/geom disk status -s | /usr/bin/grep -v '[[:blank:]]*cd[[:digit:]]*' | /usr/bin/awk '{print $1;}'", $disklist); + return $disklist; +} + +/* List all potential gmirror consumers */ +function gmirror_get_unused_consumers() { + $consumerlist = ""; + /* Get a list of consumers, exclude existing mirrors and diskid entries */ + exec("/sbin/geom part status -s | /usr/bin/egrep -v '(mirror|diskid)' | /usr/bin/awk '{print $1, $3;}'", $consumerlist); + $all_consumers = array(); + foreach ($consumerlist as $cl) { + $parts = explode(" ", $cl); + foreach ($parts as $part) + $all_consumers[] = $part; + } + return $all_consumers; +} + +/* List all existing geom mirrors */ +function gmirror_get_mirrors() { + $mirrorlist = ""; + exec("/sbin/gmirror list | /usr/bin/grep '^Geom name:' | /usr/bin/awk '{print $3;}'", $mirrorlist); + return $mirrorlist; +} + + +/* List all consumers for a given mirror */ +function gmirror_get_consumers_in_mirror($mirror) { + if (!is_valid_mirror($mirror)) + return array(); + + $consumers = array(); + exec("/sbin/gmirror status -s " . escapeshellarg($mirror) . " | /usr/bin/awk '{print $3;}'", $consumers); + return $consumers; +} + +/* Test if a given consumer is a member of an existing mirror */ +function is_consumer_in_mirror($consumer, $mirror) { + if (!is_valid_consumer($consumer) || !is_valid_mirror($mirror)) + return false; + + $mirrorconsumers = gmirror_get_consumers_in_mirror($mirror); + return in_array(basename($consumer), $mirrorconsumers); +} + +/* Test if a mirror exists */ +function is_valid_mirror($mirror) { + $mirrors = gmirror_get_mirrors(); + return in_array($mirror, $mirrors); +} + +/* Test if a disk is valid/exists */ +function is_valid_disk($disk) { + $adisks = gmirror_get_disks(); + return in_array(basename($disk), $adisks); +} + +/* Test if a consumer is valid and in use in a mirror */ +function is_consumer_used($consumer) { + $found = false; + $mirrors = gmirror_get_mirrors(); + foreach ($mirrors as $mirror) { + $consumers = gmirror_get_consumers_in_mirror($mirror); + if (in_array($consumer, $consumers)) + return true; + } + return false; +} + +/* Test if a consumer is valid and not in use */ +function is_consumer_unused($consumer) { + $consumers = gmirror_get_unused_consumers(); + return in_array($consumer, $consumers); +} + +/* Test if a consumer is valid (either a disk or partition) */ +function is_valid_consumer($consumer) { + return (is_consumer_unused($consumer) || is_consumer_used($consumer)); +} + +/* Remove all disconnected drives from a mirror */ +function gmirror_forget_disconnected($mirror) { + if (!is_valid_mirror($mirror)) + return false; + return mwexec("/sbin/gmirror forget " . escapeshellarg($mirror)); +} + +/* Insert another consumer into a mirror */ +function gmirror_insert_consumer($mirror, $consumer) { + if (!is_valid_mirror($mirror) || !is_valid_consumer($consumer)) + return false; + return mwexec("/sbin/gmirror insert " . escapeshellarg($mirror) . " " . escapeshellarg($consumer)); +} + +/* Remove consumer from a mirror and clear its metadata */ +function gmirror_remove_consumer($mirror, $consumer) { + if (!is_valid_mirror($mirror) || !is_valid_consumer($consumer)) + return false; + return mwexec("/sbin/gmirror remove " . escapeshellarg($mirror) . " " . escapeshellarg($consumer)); +} + +/* Wipe geom info from drive (if mirror is not running) */ +function gmirror_clear_consumer($consumer) { + if (!is_valid_consumer($consumer)) + return false; + return mwexec("/sbin/gmirror clear " . escapeshellarg($consumer)); +} + +/* Find the balance method used by a given mirror */ +function gmirror_get_mirror_balance($mirror) { + if (!is_valid_mirror($mirror)) + return false; + $balancemethod = ""; + exec("/sbin/gmirror list " . escapeshellarg($mirror) . " | /usr/bin/grep '^Balance:' | /usr/bin/awk '{print $2;}'", $balancemethod); + return $balancemethod[0]; +} + +/* Change balance algorithm of the mirror */ +function gmirror_configure_balance($mirror, $balancemethod) { + global $balance_methods; + if (!is_valid_mirror($mirror) || !in_array($balancemethod, $balance_methods)) + return false; + return mwexec("/sbin/gmirror configure -b " . escapeshellarg($balancemethod) . " " . escapeshellarg($mirror)); +} + +/* Force a mirror member to rebuild */ +function gmirror_force_rebuild($mirror, $consumer) { + if (!is_valid_mirror($mirror) || !is_valid_consumer($consumer)) + return false; + return mwexec("/sbin/gmirror rebuild " . escapeshellarg($mirror) . " " . escapeshellarg($consumer)); +} + +/* Show all metadata on the physical consumer */ +function gmirror_get_consumer_metadata($consumer) { + if (!is_valid_consumer($consumer)) + return array(); + $output = ""; + exec("/sbin/gmirror dump " . escapeshellarg($consumer), $output); + return array_map('trim', $output); +} + +/* Test if a consumer has metadata, indicating it is a member of a mirror (active or inactive) */ +function gmirror_consumer_has_metadata($consumer) { + return (count(gmirror_get_consumer_metadata($consumer)) > 0); +} + +/* Find the mirror to which this consumer belongs */ +function gmirror_get_consumer_metadata_mirror($consumer) { + if (!is_valid_consumer($consumer)) + return array(); + $metadata = gmirror_get_consumer_metadata($consumer); + foreach ($metadata as $line) { + if (substr($line, 0, 5) == "name:") { + list ($key, $value) = explode(":", $line, 2); + return trim($value); + } + } +} + +/* Deactivate consumer, removing it from service in the mirror, but leave metadata intact */ +function gmirror_deactivate_consumer($mirror, $consumer) { + if (!is_valid_mirror($mirror) || !is_valid_consumer($consumer)) + return false; + return mwexec("/sbin/gmirror deactivate " . escapeshellarg($mirror) . " " . escapeshellarg($consumer)); +} + +/* Reactivate a deactivated consumer */ +function gmirror_activate_consumer($mirror, $consumer) { + if (!is_valid_mirror($mirror) || !is_valid_consumer($consumer)) + return false; + return mwexec("/sbin/gmirror activate " . escapeshellarg($mirror) . " " . escapeshellarg($consumer)); +} + +/* Find the size of the given mirror */ +function gmirror_get_mirror_size($mirror) { + if (!is_valid_mirror($mirror)) + return false; + $mirrorsize = ""; + exec("/sbin/gmirror list " . escapeshellarg($mirror) . " | /usr/bin/grep 'Mediasize:' | /usr/bin/head -n 1 | /usr/bin/awk '{print $2;}'", $mirrorsize); + return $mirrorsize[0]; +} + +/* Return a list of all potential consumers on a disk with sizes. The geom part + list output is a little odd, we can't get the output for just the disk, if the disk contains + slices those get output also. */ +function gmirror_get_all_unused_consumer_sizes_on_disk($disk) { + if (!is_valid_disk($disk) || !is_consumer_unused($disk)) + return array(); + $output = ""; + exec("/sbin/geom part list " . escapeshellarg($disk) . " | /usr/bin/egrep '(Name:|Mediasize:)' | /usr/bin/cut -c4- | /usr/bin/sed -l -e 'N;s/\\nMediasize://;P;D;' | /usr/bin/cut -c7-", $output); + $disk_contents = array(); + foreach ($output as $line) { + list($name, $size, $humansize) = explode(" ", $line, 3); + $consumer = array(); + $consumer['name'] = $name; + $consumer['size'] = $size; + $consumer['humansize'] = $humansize; + $disk_contents[] = $consumer; + } + return $disk_contents; +} + +/* Get only the size for one specific potential consumer. */ +function gmirror_get_unused_consumer_size($consumer) { + $consumersizes = gmirror_get_all_unused_consumer_sizes_on_disk($consumer); + foreach ($consumersizes as $csize) { + if ($csize['name'] == $consumer) + return $csize['size']; + } + return -1; +} +?>
\ No newline at end of file diff --git a/etc/inc/gwlb.inc b/etc/inc/gwlb.inc index e5c5058..6935e9a 100644 --- a/etc/inc/gwlb.inc +++ b/etc/inc/gwlb.inc @@ -754,7 +754,7 @@ function fixup_default_gateway($ipprotocol, $gateways_status, $gateways_arr) { mwexec("/sbin/route change {$inetfamily} default {$gateways_arr[$upgw]['gateway']}"); } } else { - $defaultgw = trim(`/sbin/route -n get -{$ipprotocol} default | /usr/bin/grep gateway | /usr/bin/sed 's/gateway://g'`, " \n"); + $defaultgw = trim(exec("/sbin/route -n get -{$ipprotocol} default | /usr/bin/awk '/gateway:/ {print $2}'"), " \n"); if(is_ipaddrv6($gateways_arr[$dfltgwname]['gateway'])) { $inetfamily = "-inet6"; } else { diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 13308e0..9115308 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -1322,12 +1322,13 @@ function interface_bring_down($interface = "wan", $destroy = false, $ifacecfg = services_dhcpd_configure('inet6', $track6); } + $old_router = ''; if (file_exists("{$g['tmp_path']}/{$realif}_router")) $old_router = trim(file_get_contents("{$g['tmp_path']}/{$realif}_router")); // log_error("Checking for old router states: {$g['tmp_path']}/{$realif}_router = {$old_router}"); if (!empty($old_router)) { log_error("Clearing states to old gateway {$old_router}."); - mwexec("/sbin/pfctl -i " . escapeshellarg($realif) . " -Fs -G {$old_router}"); + mwexec("/sbin/pfctl -i " . escapeshellarg($realif) . " -Fs"); } /* remove interface up file if it exists */ @@ -2124,10 +2125,10 @@ function interface_ipalias_configure(&$vip) { if ($vip['mode'] != "ipalias") return; - if (!isset($config['interfaces'][$vip['interface']])) + if ($vip['interface'] != 'lo0' && !isset($config['interfaces'][$vip['interface']])) return; - if (!isset($config['interfaces'][$vip['interface']]['enable'])) + if ($vip['interface'] != 'lo0' && !isset($config['interfaces'][$vip['interface']]['enable'])) return; $if = get_real_interface($vip['interface']); @@ -2944,7 +2945,7 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven } /* Need to check that the interface exists or not in the case where its coming back from disabled state see #3270 */ - if (!does_interface_exist($interface_to_check)) + if (in_array(substr($realif, 0, 3), array("gre", "gif")) || !does_interface_exist($interface_to_check)) interface_virtual_create($interface_to_check); /* Disable Accepting router advertisements unless specifically requested */ @@ -3415,6 +3416,10 @@ function interface_6rd_configure($interface = "wan", $wancfg) { $tmpstfiface = pfSense_interface_create("stf"); pfSense_interface_rename($tmpstfiface, $stfiface); pfSense_interface_flags($stfiface, IFF_LINK2); + if ($wancfg['prefix-6rd-v4plen'] > 0) + $rd6prefixlen += intval($wancfg['prefix-6rd-v4plen']); + else + $rd6prefixlen += 32; mwexec("/sbin/ifconfig {$stfiface} inet6 {$rd6prefix}/{$rd6prefixlen}"); mwexec("/sbin/ifconfig {$stfiface} stfv4br " . escapeshellarg($wancfg['gateway-6rd'])); if ($wancfg['prefix-6rd-v4plen'] > 0 && $wancfg['prefix-6rd-v4plen'] < 32) diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc index a6efa65..2710f9a 100644 --- a/etc/inc/ipsec.inc +++ b/etc/inc/ipsec.inc @@ -656,6 +656,30 @@ function ipsec_get_number_of_phase2($ikeid) { return $nbph2; } +function ipsec_get_descr($ikeid) { + global $config; + + if (!isset($config['ipsec']['phase1']) || + !is_array($config['ipsec']['phase1'])) + return ""; + + $descr = ''; + $a_phase1 = $config['ipsec']['phase1']; + foreach ($a_phase1 as $p1) { + if ($p1['ikeid'] == $ikeid) { + $descr = $p1['descr']; + break; + } + } + unset($a_phase1); + + return $descr; +} + +function ipsec_get_descr_by_peerconfig($peerconfig) { + return ipsec_get_descr(substr($peerconfig, strrpos($peerconfig, '-') + 1)); +} + function ipsec_disconnect_mobile($username) { if (empty($username)) return false; diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index 15a9e9f..0591e56 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -562,6 +562,7 @@ function openvpn_reconfigure($mode, $settings) { $biface_sm=gen_subnet_mask(get_interface_subnet($settings['serverbridge_interface'])); if (is_ipaddrv4($biface_ip) && is_ipaddrv4($settings['serverbridge_dhcp_start']) && is_ipaddrv4($settings['serverbridge_dhcp_end'])) { $conf .= "server-bridge {$biface_ip} {$biface_sm} {$settings['serverbridge_dhcp_start']} {$settings['serverbridge_dhcp_end']}\n"; + $conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc\n"; } else { $conf .= "mode server\n"; } @@ -592,10 +593,14 @@ function openvpn_reconfigure($mode, $settings) { if (!isset($settings['cert_depth']) && (strstr($settings['mode'], 'tls'))) $settings['cert_depth'] = 1; if (is_numeric($settings['cert_depth'])) { - $cert = lookup_cert($settings['certref']); - /* XXX: Seems not used at all! */ - $servercn = urlencode(cert_get_cn($cert['crt'])); - $conf .= "tls-verify \"/usr/local/sbin/ovpn_auth_verify tls '{$servercn}' {$settings['cert_depth']}\"\n"; + if (($mode == 'client') && empty($settings['certref'])) + $cert = ""; + else { + $cert = lookup_cert($settings['certref']); + /* XXX: Seems not used at all! */ + $servercn = urlencode(cert_get_cn($cert['crt'])); + $conf .= "tls-verify \"/usr/local/sbin/ovpn_auth_verify tls '{$servercn}' {$settings['cert_depth']}\"\n"; + } } // The local port to listen on @@ -722,9 +727,12 @@ function openvpn_reconfigure($mode, $settings) { case 'server_user': $ca = lookup_ca($settings['caref']); openvpn_add_keyfile($ca['crt'], $conf, $mode_id, "ca"); - $cert = lookup_cert($settings['certref']); - openvpn_add_keyfile($cert['crt'], $conf, $mode_id, "cert"); - openvpn_add_keyfile($cert['prv'], $conf, $mode_id, "key"); + + if (!empty($settings['certref'])) { + $cert = lookup_cert($settings['certref']); + openvpn_add_keyfile($cert['crt'], $conf, $mode_id, "cert"); + openvpn_add_keyfile($cert['prv'], $conf, $mode_id, "key"); + } if ($mode == 'server') $conf .= "dh {$g['etc_path']}/dh-parameters.{$settings['dh_length']}\n"; if (!empty($settings['crlref'])) { diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index 99385f1..9d521ed 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -254,7 +254,7 @@ function is_freebsd_pkg_installed($pkg) { if(!$pkg) return; $output = ""; - exec("/usr/local/sbin/pbi_info " . escapeshellarg($pkg), $output, $retval); + $_gb = exec("/usr/local/sbin/pbi_info " . escapeshellarg($pkg) . ' 2>/dev/null', $output, $retval); return (intval($retval) == 0); } @@ -524,11 +524,32 @@ function pkg_fetch_recursive($pkgname, $filename, $dependlevel = 0, $base_url = $result = exec("/usr/local/sbin/pbi_add " . $pkgstaging . " -f -v {$no_checksig} " . escapeshellarg($fetchto) . " 2>&1", $pkgaddout, $rc); pkg_debug($pkgname . " " . print_r($pkgaddout, true) . "\n"); if ($rc == 0) { - $links = get_pbi_binaries(escapeshellarg(preg_replace('/\.pbi$/','',$filename))); + $pbi_name = preg_replace('/\.pbi$/','',$filename); + + $gb = exec("/usr/local/sbin/pbi_info {$pbi_name} | /usr/bin/awk '/Prefix/ {print $2}'", $pbi_prefix); + $pbi_prefix = $pbi_prefix[0]; + + $links = get_pbi_binaries(escapeshellarg($pbi_name)); foreach($links as $link) { @unlink("/usr/local/{$link['link_name']}"); @symlink("{$link['target']}","/usr/local/{$link['link_name']}"); } + + $extra_links = array( + array("target" => "bin", "link_name" => "sbin"), + array("target" => "local/lib", "link_name" => "lib"), + array("target" => "local/libexec", "link_name" => "libexec"), + array("target" => "local/share", "link_name" => "share"), + array("target" => "local/etc", "link_name" => "etc") + ); + + foreach ($extra_links as $link) { + if (!file_exists($pbi_prefix . "/" . $link['target'])) + continue; + @rmdir("{$pbi_prefix}/{$link['link_name']}"); + unlink_if_exists("{$pbi_prefix}/{$link['link_name']}"); + @symlink("{$pbi_prefix}/{$link['target']}", "{$pbi_prefix}/{$link['link_name']}"); + } pkg_debug("pbi_add successfully completed.\n"); } else { if (is_array($pkgaddout)) diff --git a/etc/inc/service-utils.inc b/etc/inc/service-utils.inc index 7c05176..362af4d 100644 --- a/etc/inc/service-utils.inc +++ b/etc/inc/service-utils.inc @@ -515,7 +515,7 @@ function service_control_start($name, $extras) { services_radvd_configure(); break; case 'captiveportal': - $zone = $extras['zone']; + $zone = htmlspecialchars($extras['zone']); captiveportal_init_webgui_zonename($zone); break; case 'ntpd': @@ -553,9 +553,9 @@ function service_control_start($name, $extras) { send_event("service restart sshd"); break; case 'openvpn': - $vpnmode = isset($extras['vpnmode']) ? $extras['vpnmode'] : $extras['mode']; + $vpnmode = isset($extras['vpnmode']) ? htmlspecialchars($extras['vpnmode']) : htmlspecialchars($extras['mode']); if (($vpnmode == "server") || ($vpnmode == "client")) { - $id = isset($extras['vpnid']) ? $extras['vpnid'] : $extras['id']; + $id = isset($extras['vpnid']) ? htmlspecialchars($extras['vpnid']) : htmlspecialchars($extras['id']); $configfile = "{$g['varetc_path']}/openvpn/{$vpnmode}{$id}.conf"; if (file_exists($configfile)) openvpn_restart_by_vpnid($vpnmode, $id); @@ -577,7 +577,7 @@ function service_control_stop($name, $extras) { killbypid("{$g['varrun_path']}/radvd.pid"); break; case 'captiveportal': - $zone = $extras['zone']; + $zone = htmlspecialchars($extras['zone']); killbypid("{$g['varrun_path']}/lighty-{$zone}-CaptivePortal.pid"); killbypid("{$g['varrun_path']}/lighty-{$zone}-CaptivePortal-SSL.pid"); break; @@ -624,9 +624,9 @@ function service_control_stop($name, $extras) { exec("/usr/local/sbin/ipsec stop"); break; case 'openvpn': - $vpnmode = $extras['vpnmode']; + $vpnmode = htmlspecialchars($extras['vpnmode']); if (($vpnmode == "server") or ($vpnmode == "client")) { - $id = $extras['id']; + $id = htmlspecialchars($extras['id']); $pidfile = "{$g['varrun_path']}/openvpn_{$vpnmode}{$id}.pid"; killbypid($pidfile); } @@ -648,7 +648,7 @@ function service_control_restart($name, $extras) { services_radvd_configure(); break; case 'captiveportal': - $zone = $extras['zone']; + $zone = htmlspecialchars($extras['zone']); killbypid("{$g['varrun_path']}/lighty-{$zone}-CaptivePortal.pid"); killbypid("{$g['varrun_path']}/lighty-{$zone}-CaptivePortal-SSL.pid"); captiveportal_init_webgui_zonename($zone); @@ -692,9 +692,9 @@ function service_control_restart($name, $extras) { send_event("service restart sshd"); break; case 'openvpn': - $vpnmode = $extras['vpnmode']; + $vpnmode = htmlspecialchars($extras['vpnmode']); if ($vpnmode == "server" || $vpnmode == "client") { - $id = $extras['id']; + $id = htmlspecialchars($extras['id']); $configfile = "{$g['varetc_path']}/openvpn/{$vpnmode}{$id}.conf"; if (file_exists($configfile)) openvpn_restart_by_vpnid($vpnmode, $id); diff --git a/etc/inc/system.inc b/etc/inc/system.inc index 84f78db..1e2657a 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -457,14 +457,14 @@ function system_routing_configure($interface = "") { if ($dont_add_route == false ) { if (!empty($interface) && $interface != $interfacegw) ; - else if (($interfacegw <> "bgpd") && (is_ipaddrv4($gatewayip))) { + else if (is_ipaddrv4($gatewayip)) { log_error("ROUTING: setting default route to $gatewayip"); mwexec("/sbin/route change -inet default " . escapeshellarg($gatewayip)); } if (!empty($interface) && $interface != $interfacegwv6) ; - else if (($interfacegwv6 <> "bgpd") && (is_ipaddrv6($gatewayipv6))) { + else if (is_ipaddrv6($gatewayipv6)) { $ifscope = ""; if (is_linklocal($gatewayipv6)) $ifscope = "%{$defaultifv6}"; diff --git a/etc/inc/unbound.inc b/etc/inc/unbound.inc index aeaf0fc..b5de82f 100644 --- a/etc/inc/unbound.inc +++ b/etc/inc/unbound.inc @@ -45,7 +45,7 @@ function unbound_optimization() { * Set the number of threads equal to number of CPUs. * Use 1 to disable threading, if for some reason this sysctl fails. */ - $numprocs = intval(trim(`/sbin/sysctl kern.smp.cpus | /usr/bin/cut -d" " -f2`)); + $numprocs = intval(trim(exec('/sbin/sysctl -n kern.smp.cpus'))); if ($numprocs > 0) $optimization['number_threads'] = "num-threads: {$numprocs}"; else @@ -670,4 +670,4 @@ function unbound_hosts_generate() { unbound_control("reload"); } -?>
\ No newline at end of file +?> diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc index c33deb1..7bf5505 100644 --- a/etc/inc/upgrade_config.inc +++ b/etc/inc/upgrade_config.inc @@ -3333,4 +3333,13 @@ function upgrade_106_to_107() { } } +function upgrade_107_to_108() { + global $config; + + if (isset($config['system']['webgui']['noautocomplete'])) + unset($config['system']['webgui']['noautocomplete']); + else + $config['system']['webgui']['loginautocomplete'] = true; +} + ?> diff --git a/etc/phpshellsessions/gitsync b/etc/phpshellsessions/gitsync index 17f9b09..58f5ba5 100644 --- a/etc/phpshellsessions/gitsync +++ b/etc/phpshellsessions/gitsync @@ -321,7 +321,6 @@ exec("cd ${CODIR}/pfSenseGITREPO/pfSenseGITREPO && find . -name CVS -exec rm -rf exec("cd ${CODIR}/pfSenseGITREPO/pfSenseGITREPO && find . -name pfSense.tgz -exec rm {} \; 2>/dev/null"); // Remove files that we do not want to overwrite the system with -exec("rm ${CODIR}/pfSenseGITREPO/pfSenseGITREPO/usr/local/www/trigger_initial_wizard 2>/dev/null"); exec("rm ${CODIR}/pfSenseGITREPO/pfSenseGITREPO/etc/crontab 2>/dev/null"); exec("rm ${CODIR}/pfSenseGITREPO/pfSenseGITREPO/etc/master.passwd 2>/dev/null"); exec("rm ${CODIR}/pfSenseGITREPO/pfSenseGITREPO/etc/passwd 2>/dev/null"); @@ -443,6 +443,15 @@ echo "done." /bin/chmod a+rw /tmp/. +# Check for GEOM mirrors +GMIRROR_STATUS=`/sbin/gmirror status` +if [ "${GMIRROR_STATUS}" != "" ]; then + # Using a flag file at bootup saves an expensive exec/check on each page load. + /usr/bin/touch /var/run/gmirror_active + # Setup monitoring/notifications + /usr/local/bin/minicron 60 /var/run/gmirror_status_check.pid /usr/local/sbin/gmirror_status_check.php +fi + echo "Bootup complete" /usr/local/bin/beep.sh start 2>&1 >/dev/null diff --git a/etc/rc.expireaccounts b/etc/rc.expireaccounts index 5058ac5..53e3874 100755 --- a/etc/rc.expireaccounts +++ b/etc/rc.expireaccounts @@ -45,7 +45,7 @@ continue; echo "1\n"; echo "User {$user['name']} expires {$user['expires']}\n"; - if(!$user['expires']) + if(!$user['expires'] || isset($user['disabled'])) continue; echo "1\n"; if(strtotime("-1 day") > strtotime($user['expires'])) { diff --git a/etc/rc.firmware b/etc/rc.firmware index 3acb1c1..5350e6a 100755 --- a/etc/rc.firmware +++ b/etc/rc.firmware @@ -428,6 +428,7 @@ pfSenseupgrade) /etc/rc.notify_message -e -g -m "Firmware upgrade in progress..." # backup config + [ -d /tmp/configbak ] && rm -rf /tmp/configbak /bin/mkdir -p /tmp/configbak cp -Rp /conf/* /tmp/configbak 2>/dev/null diff --git a/etc/rc.initial.firmware_update b/etc/rc.initial.firmware_update index 6011622..1deff88 100755 --- a/etc/rc.initial.firmware_update +++ b/etc/rc.initial.firmware_update @@ -46,6 +46,7 @@ echo "Q) Quit\n"; echo "\nPlease select an option to continue: "; +$pkg_interface = 'console'; $command = strtoupper(chop(fgets($fp))); switch ($command) { @@ -69,28 +70,20 @@ switch ($command) { if($status) { conf_mount_rw(); mark_subsystem_dirty('firmware'); - if(file_exists("/root/firmware.tgz")) - unlink("/root/firmware.tgz"); - echo "\nFetching file size...\n"; - $file_size = exec("fetch -s \"$url\""); - $file_size = trim($file_size, "\r"); - echo "\nFile size: $file_size\n"; - echo "\nFetching file...\n"; - exec("fetch -1 -w15 -a -v -o /root/firmware.tgz \"$url\""); - if($file_size <> filesize("/root/firmware.tgz")) { - echo "\nFile size mismatch. Upgrade cancelled.\n\n"; - fclose($fp); - die; - } + unlink_if_exists("/root/firmware.tgz"); + echo "\nFetching file... "; + download_file_with_progress_bar($url, '/root/firmware.tgz'); if(!file_exists("/root/firmware.tgz")) { echo "Something went wrong during file transfer. Exiting.\n\n"; fclose($fp); + clear_subsystem_dirty('firmware'); die; } $status = does_url_exist("$url.sha256"); if($status) { - echo "\nFetching sha256...\n"; - exec("fetch -1 -w15 -a -v -o /root/firmware.tgz.sha256 \"$url.sha256\""); + echo "\nFetching sha256... "; + download_file_with_progress_bar($url . ".sha256", '/root/firmware.tgz.sha256'); + echo "\n"; } else { echo "\n\nWARNING.\n"; echo "\nCould not locate a sha256 file. We cannot verify the download once completed.\n\n"; @@ -103,12 +96,13 @@ switch ($command) { echo "Downloaded file sha256: $file_sha256\n"; if($source_sha256 <> $file_sha256) { echo "\n\nsha256 checksum does not match. Cancelling upgrade.\n\n"; - exec("rm -f /root/*.sha256"); + unlink_if_exists("/root/firmware.tgz.sha256"); fclose($fp); + clear_subsystem_dirty('firmware'); die -1; } echo "\nsha256 checksum matches.\n"; - exec("rm -f /root/*.sha256"); + unlink_if_exists("/root/firmware.tgz.sha256"); } if(strstr($url,"bdiff")) { echo "Binary DIFF upgrade file detected...\n"; @@ -120,6 +114,7 @@ switch ($command) { $type = "normal"; } do_upgrade("/root/firmware.tgz", $type); + clear_subsystem_dirty('firmware'); exit; } case "2": @@ -136,6 +131,7 @@ switch ($command) { if(file_exists($path)) { mark_subsystem_dirty('firmware'); do_upgrade($path, $type); + clear_subsystem_dirty('firmware'); } else { echo "\nCould not find file.\n\n"; fclose($fp); @@ -43,31 +43,40 @@ conf_mount_rw(); } + $keys = array( + 'ssh_host_key', + 'ssh_host_key.pub', + 'ssh_host_dsa_key', + 'ssh_host_dsa_key.pub', + 'ssh_host_rsa_key', + 'ssh_host_rsa_key.pub', + 'ssh_host_ecdsa_key', + 'ssh_host_ecdsa_key.pub', + 'ssh_host_ed25519_key', + 'ssh_host_ed25519_key.pub' + ); + /* restore ssh data for nanobsd platform */ - if($g['platform'] == "nanobsd" and file_exists("/conf/sshd/ssh_host_key")) { - if(!file_exists("/etc/ssh/ssh_host_key.pub")) { - echo "Restoring SSH from /conf/sshd/"; - exec("/bin/cp -p /conf/sshd/* /etc/ssh/"); - - /* make sure host private key permissions aren't too open so sshd won't complain */ - $files_to_check = array('ssh_host_dsa_key','ssh_host_key','ssh_host_rsa_key'); - foreach($files_to_check as $f2c) { - if(file_exists("/etc/ssh/{$f2c}")) - chmod("/etc/ssh/{$f2c}", 0600); - } - unset($files_to_check); + if($g['platform'] == "nanobsd" and file_exists("/conf/sshd/ssh_host_key") and !file_exists("/etc/ssh/ssh_host_key.pub")) { + echo "Restoring SSH from /conf/sshd/"; + exec("/bin/cp -p /conf/sshd/* /etc/ssh/"); + + /* make sure host private key permissions aren't too open so sshd won't complain */ + foreach($keys as $f2c) { + if(file_exists("/etc/ssh/{$f2c}")) + chmod("/etc/ssh/{$f2c}", 0600); } } /* if any of these files are 0 bytes then they are corrupted. * remove them */ - $files_to_check = array('ssh_host_dsa_key','ssh_host_dsa_key.pub','ssh_host_key','ssh_host_key.pub','ssh_host_rsa_key','ssh_host_rsa_key.pub','/root/.ssh/authorized_keys'); - foreach($files_to_check as $f2c) { - if (file_exists("/etc/ssh/{$f2c}") && filesize("/etc/ssh/{$f2c}") == 0) - mwexec("rm /etc/ssh/ssh_host*", true); + foreach($keys as $f2c) { + if (file_exists("/etc/ssh/{$f2c}") && filesize("/etc/ssh/{$f2c}") == 0) { + unlink_if_exists('/etc/ssh/ssh_host*'); + break; + } } - unset($files_to_check); if (!is_dir("/var/empty")) { /* make ssh home directory */ @@ -127,6 +136,7 @@ if($config['ssh']['dsa_key'] <> "") { unset($config['ssh']['dsa_key']); unset($config['ssh']['ecdsa_key']); + unset($config['ssh']['ed25519_key']); unset($config['ssh']['rsa_key']); unset($config['ssh']['rsa1_key']); unset($config['ssh']['dsa']); @@ -138,28 +148,30 @@ /* are we already running? if so exit */ if(is_subsystem_dirty('sshdkeys')) { + unset($keys); return; } // Check for all needed key files. If any are missing, the keys need to be regenerated. - $files_to_check = array('ssh_host_dsa_key','ssh_host_dsa_key.pub','ssh_host_key','ssh_host_key.pub','ssh_host_rsa_key','ssh_host_rsa_key.pub', 'ssh_host_ecdsa_key', 'ssh_host_ecdsa_key.pub'); $generate_keys = false; - foreach ($files_to_check as $f2c) { + foreach ($keys as $f2c) { if (!file_exists("/etc/ssh/{$f2c}")) { $generate_keys = true; + break; } } - unset($files_to_check); + if ($generate_keys) { /* remove previous keys and regen later */ file_notice("SSH", "{$g['product_name']} has started creating your SSH keys. SSH Startup will be delayed. Please note that reloading the filter rules and changes will be delayed until this operation is completed.", "SSH KeyGen", ""); - mwexec("rm /etc/ssh/ssh_host_*", true); + unlink_if_exists('/etc/ssh/ssh_host_*'); mark_subsystem_dirty('sshdkeys'); echo " Generating Keys:\n"; $_gb = exec("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t rsa1 -N '' -f $sshConfigDir/ssh_host_key"); $_gb = exec("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t rsa -N '' -f $sshConfigDir/ssh_host_rsa_key"); $_gb = exec("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t dsa -N '' -f $sshConfigDir/ssh_host_dsa_key"); $_gb = exec("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t ecdsa -N '' -f $sshConfigDir/ssh_host_ecdsa_key"); + $_gb = exec("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t ed25519 -N '' -f $sshConfigDir/ssh_host_ed25519_key"); clear_subsystem_dirty('sshdkeys'); file_notice("SSH", "{$g['product_name']} has completed creating your SSH keys. SSH is now started.", "SSH Startup", ""); } @@ -168,7 +180,7 @@ $sshd_pid = exec("ps ax | egrep '/usr/sbin/[s]shd' | awk '{print $1}'"); if($sshd_pid <> "") { echo "stopping ssh process $sshd_pid \n"; - mwexec("kill $sshd_pid"); + @posix_kill($sshd_pid, SIGTERM); } /* Launch new server process */ $status = mwexec("/usr/sbin/sshd"); @@ -182,9 +194,9 @@ // NanoBSD if($g['platform'] == "nanobsd") { if(!is_dir("/conf/sshd")) - exec("mkdir /conf/sshd"); + mkdir("/conf/sshd", 0750); $_gb = exec("/bin/cp -p /etc/ssh/ssh_host* /conf/sshd"); } conf_mount_ro(); - + unset($keys); ?> diff --git a/sbin/dhclient-script b/sbin/dhclient-script index 8421bfd..0f393a7 100755 --- a/sbin/dhclient-script +++ b/sbin/dhclient-script @@ -27,13 +27,14 @@ ROUTE=/sbin/route SED=/usr/bin/sed ARP=/usr/sbin/arp IFCONFIG=/sbin/ifconfig +PFCTL=/sbin/pfctl LOCALHOST=127.0.0.1 if [ -x /usr/bin/logger ]; then LOGGER="/usr/bin/logger -s -p user.notice -t dhclient" else - LOGGER=echo + LOGGER="echo" fi # @@ -42,11 +43,8 @@ fi check_hostname() { current_hostname=`$HOSTNAME` - if [ -z "$current_hostname" ]; then - $LOGGER "New Hostname ($interface): $new_host_name" - $HOSTNAME $new_host_name - elif [ "$current_hostname" = "$old_host_name" -a \ - "$new_host_name" != "$old_host_name" ]; then + if [ -z "$current_hostname" -o \ + "$current_hostname" != "$new_host_name" ]; then $LOGGER "New Hostname ($interface): $new_host_name" $HOSTNAME $new_host_name fi @@ -60,28 +58,30 @@ arp_flush() { delete_old_states() { $LOGGER "Starting delete_old_states()" + _FLUSHED=0 # If the IP changed, remove states from the old one if [ -f /var/db/${interface}_ip ]; then - OLD_IP = `cat /var/db/${interface}_ip` + OLD_IP=`cat /var/db/${interface}_ip` $LOGGER "Comparing IPs: Old: ${OLD_IP} New: ${new_ip_address}" if [ -n "${OLD_IP}" ] && [ "${OLD_IP}" != "${new_ip_address}" ]; then $LOGGER "Removing states from old IP '${OLD_IP}' (new IP '${new_ip_address}')" - /sbin/pfctl -i $interface -Fs - pfctl -K ${OLD_IP}/32 + ${PFCTL} -i $interface -Fs + ${PFCTL} -K ${OLD_IP}/32 + _FLUSHED=1 fi fi # Delete states through old gateway if it's not the same + OLD_ROUTER="" if [ -n "${old_routers}" ]; then - OLD_ROUTER = $old_routers - fi - if [ -z "${OLD_ROUTER}" ] && [ -f /tmp/${interface}_router ]; then - OLD_ROUTER = `cat /tmp/${interface}_router` + OLD_ROUTER=$old_routers + elif [ -f /tmp/${interface}_router ]; then + OLD_ROUTER=`cat /tmp/${interface}_router` fi - if [ -n "${OLD_ROUTER}" ]; then + if [ ${_FLUSHED} -eq 0 -a -n "${OLD_ROUTER}" ]; then $LOGGER "Comparing Routers: Old: ${OLD_ROUTER} New: ${new_routers}" if [ "${OLD_ROUTER}" != "${new_routers}" ]; then $LOGGER "Removing states through old gateway '${OLD_ROUTER}' (new gateway '${new_routers}')" - /sbin/pfctl -i $interface -Fs -G ${OLD_ROUTER} + ${PFCTL} -i $interface -Fs fi fi } diff --git a/usr/local/pkg/openntpd.inc b/usr/local/pkg/openntpd.inc index c4914b8..dcbb50a 100644 --- a/usr/local/pkg/openntpd.inc +++ b/usr/local/pkg/openntpd.inc @@ -21,7 +21,7 @@ EOD; function openntpd_get_iface_ip($iface) { $iface = convert_friendly_interface_to_real_interface_name($iface); - $line = trim(shell_exec("ifconfig $iface | grep inet | grep -v inet6")); + $line = trim(shell_exec("ifconfig " . escapeshellarg($iface) . " | grep inet | grep -v inet6")); list($dummy, $ip, $dummy2, $dummy3) = explode(' ', $line); return $ip; diff --git a/usr/local/sbin/gmirror_status_check.php b/usr/local/sbin/gmirror_status_check.php new file mode 100644 index 0000000..88c186f --- /dev/null +++ b/usr/local/sbin/gmirror_status_check.php @@ -0,0 +1,92 @@ +#!/usr/local/bin/php -f +<?php +/* + gmirror_status_check.php + Copyright (C) 2014 Jim Pingle + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INClUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +/* + pfSense_BUILDER_BINARIES: /sbin/gmirror /sbin/geom /usr/bin/grep /usr/bin/egrep /usr/bin/cut /usr/bin/head + pfSense_BUILDER_BINARIES: /sbin/mount /usr/bin/awk /usr/bin/sed + pfSense_MODULE: gmirror +*/ + +require_once("config.inc"); +require_once("notices.inc"); +require_once("globals.inc"); +require_once("gmirror.inc"); + +global $g; +$status_file = "{$g['varrun_path']}/gmirror.status"; + +$mirror_status = gmirror_get_status(); +$mirror_list = array_keys($mirror_status); +sort($mirror_list); +$notices = array(); + +// Check for gmirror.status +if (file_exists($status_file)) { + // If it exists, read status in + $previous_mirror_status = unserialize(file_get_contents($status_file)); + $previous_mirror_list = array_keys($previous_mirror_status); + sort($previous_mirror_list); + if (count($previous_mirror_status) > 0) { + // Check list of current mirrors vs old mirrors, notify if one has appeared/disappeared + if ($mirror_list != $previous_mirror_list) + $notices[] = sprintf(gettext("List of mirrors changed. Old: (%s) New: (%s)"), implode(", ", $previous_mirror_list), implode(", ", $mirror_list)); + + // For each mirror, check the mirror status, notify if changed + foreach ($mirror_list as $mirror) { + if (is_array($previous_mirror_status[$mirror])) { + // Notify if the status changed + if ($mirror_status[$mirror]['status'] != $previous_mirror_status[$mirror]['status']) { + $notices[] = sprintf(gettext("Mirror %s status changed from %s to %s."), $mirror, $previous_mirror_status[$mirror]['status'], $mirror_status[$mirror]['status']); + } + // Notify if the drive count changed + if (count($mirror_status[$mirror]['components']) != count($previous_mirror_status[$mirror]['components'])) { + // Notify if the consumer count changed. + $notices[] = sprintf(gettext("Mirror %s consumer count changed from %d to %d."), $mirror, count($previous_mirror_status[$mirror]['components']), count($mirror_status[$mirror]['components'])); + } + if (strtoupper($mirror_status[$mirror]['status']) == "DEGRADED") { + // Check the drive status as it may be different. + asort($mirror_status[$mirror]['components']); + asort($previous_mirror_status[$mirror]['components']); + if ($mirror_status[$mirror]['components'] != $previous_mirror_status[$mirror]['components']) + $notices[] = sprintf(gettext("Mirror %s drive status changed. Old: (%s) New: (%s)"), + $mirror, + implode(", ", $previous_mirror_status[$mirror]['components']), + implode(", ", $mirror_status[$mirror]['components'])); + } + } + } + } +} +if (count($notices)) { + file_notice("gmirror", implode("\n ", $notices), "GEOM Mirror Status Change", 1); +} +// Write out current status if changed +if ($mirror_status != $previous_mirror_status) + file_put_contents($status_file, serialize($mirror_status)); + +?>
\ No newline at end of file diff --git a/usr/local/www/crash_reporter.php b/usr/local/www/crash_reporter.php index e7834c6..1b3d40b 100644 --- a/usr/local/www/crash_reporter.php +++ b/usr/local/www/crash_reporter.php @@ -65,17 +65,13 @@ function upload_crash_report($files) { } function output_crash_reporter_html($crash_reports) { - echo "<strong>" . gettext("Unfortunately we have detected a programming bug.") . "</strong></p>"; - echo gettext("Would you like to submit the programming debug logs to the pfSense developers for inspection?") . "</p>"; - echo "<p>"; - echo "<i>" . gettext("Please double check the contents to ensure you are comfortable sending this information before clicking Yes.") . "</i><br />"; - echo "<p>"; - echo gettext("Contents of crash reports") . ":<br />"; - echo "<textarea readonly rows='40' cols='65' name='crashreports'>{$crash_reports}</textarea>"; - echo "<p/>"; - echo "<input name=\"Submit\" type=\"submit\" class=\"formbtn\" value=\"" . gettext("Yes") . "\">" . gettext(" - Submit this to the developers for inspection"); - echo "<p/><input name=\"Submit\" type=\"submit\" class=\"formbtn\" value=\"" . gettext("No") . "\">" . gettext(" - Just delete the crash report and take me back to the Dashboard"); - echo "<p/>"; + echo "<p><strong>" . gettext("Unfortunately we have detected a programming bug.") . "</strong></p>"; + echo "<p>" . gettext("Would you like to submit the programming debug logs to the pfSense developers for inspection?") . "</p>"; + echo "<p><i>" . gettext("Please double check the contents to ensure you are comfortable sending this information before clicking Yes.") . "</i></p>"; + echo "<p>" . gettext("Contents of crash reports") . ":<br />"; + echo "<textarea readonly=\"readonly\" rows=\"40\" cols=\"65\" name=\"crashreports\">{$crash_reports}</textarea></p>"; + echo "<p><input name=\"Submit\" type=\"submit\" class=\"formbtn\" value=\"" . gettext("Yes") . "\" />" . gettext(" - Submit this to the developers for inspection") . "</p>"; + echo "<p><input name=\"Submit\" type=\"submit\" class=\"formbtn\" value=\"" . gettext("No") . "\" />" . gettext(" - Just delete the crash report and take me back to the Dashboard") . "</p>"; echo "</form>"; } @@ -108,7 +104,7 @@ exec("/usr/bin/grep -vi warning /tmp/PHP_errors.log", $php_errors); copy("/tmp/PHP_errors.log", "/var/crash/PHP_errors.log"); exec("/usr/bin/gzip /var/crash/*"); $files_to_upload = glob("/var/crash/*"); - echo "<p/>"; + echo "<br/>"; echo gettext("Uploading..."); ob_flush(); flush(); @@ -117,9 +113,9 @@ exec("/usr/bin/grep -vi warning /tmp/PHP_errors.log", $php_errors); array_map('unlink', glob("/var/crash/*")); // Erase the contents of the PHP error log fclose(fopen("/tmp/PHP_errors.log", 'w')); - echo "<p/>"; + echo "<br/>"; print_r($resp); - echo "<p/><a href='/'>" . gettext("Continue") . "</a>" . gettext(" and delete crash report files from local disk."); + echo "<p><a href=\"/\">" . gettext("Continue") . "</a>" . gettext(" and delete crash report files from local disk.") . "</p>"; } else { echo "Could not find any crash files."; } @@ -127,7 +123,7 @@ exec("/usr/bin/grep -vi warning /tmp/PHP_errors.log", $php_errors); array_map('unlink', glob("/var/crash/*")); // Erase the contents of the PHP error log fclose(fopen("/tmp/PHP_errors.log", 'w')); - Header("Location: /"); + header("Location: /"); exit; } else { $crash_files = glob("/var/crash/*"); diff --git a/usr/local/www/csrf/csrf-magic.js b/usr/local/www/csrf/csrf-magic.js index d776b6a..d358b0f 100644 --- a/usr/local/www/csrf/csrf-magic.js +++ b/usr/local/www/csrf/csrf-magic.js @@ -142,25 +142,30 @@ if (window.XMLHttpRequest && window.XMLHttpRequest.prototype && '\v' != 'v') { } return jQuery.csrf_ajax( s ); } - } else if (window.Prototype) { + } + if (window.Prototype) { // This works for script.aculo.us too Ajax.csrf_getTransport = Ajax.getTransport; Ajax.getTransport = function() { return new CsrfMagic(Ajax.csrf_getTransport()); } - } else if (window.MooTools) { + } + if (window.MooTools) { Browser.csrf_Request = Browser.Request; Browser.Request = function () { return new CsrfMagic(Browser.csrf_Request()); } - } else if (window.YAHOO) { + } + if (window.YAHOO) { + // old YUI API YAHOO.util.Connect.csrf_createXhrObject = YAHOO.util.Connect.createXhrObject; YAHOO.util.Connect.createXhrObject = function (transaction) { obj = YAHOO.util.Connect.csrf_createXhrObject(transaction); obj.conn = new CsrfMagic(obj.conn); return obj; } - } else if (window.Ext) { + } + if (window.Ext) { // Ext can use other js libraries as loaders, so it has to come last // Ext's implementation is pretty identical to Yahoo's, but we duplicate // it for comprehensiveness's sake. @@ -170,7 +175,9 @@ if (window.XMLHttpRequest && window.XMLHttpRequest.prototype && '\v' != 'v') { obj.conn = new CsrfMagic(obj.conn); return obj; } - } else if (window.dojo) { + } + if (window.dojo) { + // NOTE: this doesn't work with latest dojo dojo.csrf__xhrObj = dojo._xhrObj; dojo._xhrObj = function () { return new CsrfMagic(dojo.csrf__xhrObj()); diff --git a/usr/local/www/csrf/csrf-magic.php b/usr/local/www/csrf/csrf-magic.php index fc02dea..58f4eba 100644 --- a/usr/local/www/csrf/csrf-magic.php +++ b/usr/local/www/csrf/csrf-magic.php @@ -53,6 +53,8 @@ $GLOBALS['csrf']['rewrite-js'] = false; * will become invalid. */ $GLOBALS['csrf']['secret'] = ''; +// nota bene: library code should use csrf_get_secret() and not access +// this global directly /** * Set this to false to disable csrf-magic's output handler, and therefore, @@ -129,7 +131,7 @@ $GLOBALS['csrf']['xhtml'] = true; // FUNCTIONS: // Don't edit this! -$GLOBALS['csrf']['version'] = '1.0.1'; +$GLOBALS['csrf']['version'] = '1.0.4'; /** * Rewrites <form> on the fly to add CSRF tokens to them. This can also @@ -240,12 +242,40 @@ function csrf_get_tokens() { return 'invalid'; } +function csrf_flattenpost($data) { + $ret = array(); + foreach($data as $n => $v) { + $ret = array_merge($ret, csrf_flattenpost2(1, $n, $v)); + } + return $ret; +} +function csrf_flattenpost2($level, $key, $data) { + if(!is_array($data)) return array($key => $data); + $ret = array(); + foreach($data as $n => $v) { + $nk = $level >= 1 ? $key."[$n]" : "[$n]"; + $ret = array_merge($ret, csrf_flattenpost2($level+1, $nk, $v)); + } + return $ret; +} + /** * @param $tokens is safe for HTML consumption */ function csrf_callback($tokens) { + // (yes, $tokens is safe to echo without escaping) header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden'); - echo "<html><head><title>CSRF check failed</title></head><body>CSRF check failed. Either your session has expired, this page has been inactive too long, or you need to enable cookies.<br />Debug: ".$tokens."</body></html> + $data = ''; + foreach (csrf_flattenpost($_POST) as $key => $value) { + if ($key == $GLOBALS['csrf']['input-name']) continue; + $data .= '<input type="hidden" name="'.htmlspecialchars($key).'" value="'.htmlspecialchars($value).'" />'; + } + echo "<html><head><title>CSRF check failed</title></head> + <body> + <p>CSRF check failed. Your form session may have expired, or you may not have + cookies enabled.</p> + <form method='post' action=''>$data<input type='submit' value='Try again' /></form> + <p>Debug: $tokens</p></body></html> "; } @@ -362,7 +392,7 @@ function csrf_generate_secret($len = 32) { */ function csrf_hash($value, $time = null) { if (!$time) $time = time(); - return sha1($GLOBALS['csrf']['secret'] . $value . $time) . ',' . $time; + return sha1(csrf_get_secret() . $value . $time) . ',' . $time; } // Load user configuration diff --git a/usr/local/www/diag_dns.php b/usr/local/www/diag_dns.php index e00a6fc..bec923a 100644 --- a/usr/local/www/diag_dns.php +++ b/usr/local/www/diag_dns.php @@ -38,16 +38,17 @@ require("guiconfig.inc"); if ($_GET['host']) $_POST = $_GET; -if($_GET['createalias'] == "true") { - $host = trim($_POST['host']); +$host = trim($_POST['host'], " \t\n\r\0\x0B[];\"'"); +$host_esc = escapeshellarg($host); + +if($_GET['createalias'] == "true" && (is_hostname($host) || is_ipaddr($host))) { if($_GET['override']) $override = true; $a_aliases = &$config['aliases']['alias']; $type = "hostname"; $resolved = gethostbyname($host); if($resolved) { - $host = trim($_POST['host']); - $drill=`/usr/bin/drill "$host" A | grep "$host" | grep -v ";" | awk '{ print $5 }'`; + $drill=`/usr/bin/drill "{$host_esc}" A | grep "{$host_esc}" | grep -v ";" | awk '{ print $5 }'`; $resolved = explode("\n", $drill); $isfirst = true; foreach($resolved as $re) { @@ -93,8 +94,6 @@ if ($_POST) { $reqdfieldsn = explode(",", "Host"); do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); - $host = trim($_POST['host'], " \t\n\r\0\x0B[]"); - $host_esc = escapeshellarg($host); if (!is_hostname($host) && !is_ipaddr($host)) { $input_errors[] = gettext("Host must be a valid hostname or IP address."); @@ -130,7 +129,7 @@ if ($_POST) { $type = "hostname"; $resolved = gethostbyname($host); if($resolved) { - $drill=`/usr/bin/drill $host_esc A | grep $host_esc | grep -v ";" | awk '{ print $5 }'`; + $drill=`/usr/bin/drill {$host_esc} A | grep {$host_esc} | grep -v ";" | awk '{ print $5 }'`; $resolved = explode("\n", $drill); } $hostname = $host; @@ -186,11 +185,11 @@ include("head.inc"); ?> <?=$mandfldhtml;?> <table summary="results"> <tr><td valign="top"> - <input name="host" type="text" class="formfld" id="host" size="20" value="<?=htmlspecialchars($host);?>" /> + <input name="host" type="text" class="formfld" id="host" size="20" value="<?=htmlspecialchars($host);?>" /> = </td> <td> <?php if ($resolved && $type) { ?> - = <font size="+1"> + <font size="+1"> <?php $found = 0; if(is_array($resolved)) { @@ -224,13 +223,13 @@ include("head.inc"); ?> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Resolution time per server");?></td> <td width="78%" class="vtable"> - <table width="170" border="1" cellpadding="2" style="border-width: 1px 1px 1px 1px; border-collapse: collapse;" summary="resolution time"> + <table width="170" border="0" cellpadding="6" cellspacing="0" summary="resolution time"> <tr> - <td> - <b><?=gettext("Server");?></b> + <td class="listhdrr"> + <?=gettext("Server");?> </td> - <td> - <b><?=gettext("Query time");?></b> + <td class="listhdrr"> + <?=gettext("Query time");?> </td> </tr> <?php @@ -238,10 +237,10 @@ include("head.inc"); ?> foreach($dns_speeds as $qt): ?> <tr> - <td> + <td class="listlr"> <?=$qt['dns_server']?> </td> - <td> + <td class="listr"> <?=$qt['query_time']?> </td> </tr> diff --git a/usr/local/www/diag_dump_states.php b/usr/local/www/diag_dump_states.php index b6771aa..0119afa 100755 --- a/usr/local/www/diag_dump_states.php +++ b/usr/local/www/diag_dump_states.php @@ -40,6 +40,7 @@ ##|-PRIV require_once("guiconfig.inc"); +require_once("interfaces.inc"); /* handle AJAX operations */ if($_GET['action']) { @@ -50,7 +51,7 @@ if($_GET['action']) { } else { echo gettext("invalid input"); } - exit; + return; } } @@ -59,9 +60,14 @@ if ($_GET['filter'] && ($_GET['killfilter'] == "Kill")) { $tokill = escapeshellarg($_GET['filter'] . "/32"); } elseif (is_subnet($_GET['filter'])) { $tokill = escapeshellarg($_GET['filter']); + } else { + // Invalid filter + $tokill = ""; + } + if (!empty($tokill)) { + $retval = mwexec("/sbin/pfctl -k {$tokill} -k 0/0"); + $retval = mwexec("/sbin/pfctl -k 0.0.0.0/0 -k {$tokill}"); } - $retval = mwexec("/sbin/pfctl -k {$tokill} -k 0/0"); - $retval = mwexec("/sbin/pfctl -k 0.0.0.0/0 -k {$tokill}"); } $pgtitle = array(gettext("Diagnostics"),gettext("Show States")); @@ -98,7 +104,7 @@ include("head.inc"); return; } - jQuery('tr[name="r:' + values[1] + ":" + values[2] + '"]').each( + jQuery('tr[id="r:' + values[1] + ":" + values[2] + '"]').each( function(index,row) { jQuery(row).fadeOut(1000); } ); } @@ -155,7 +161,8 @@ include("head.inc"); <table class="tabcont sortable" width="100%" border="0" cellspacing="0" cellpadding="0" summary="results"> <thead> <tr> - <th class="listhdrr" width="10%"><?=gettext("Proto");?></th> + <th class="listhdrr" width="5%"><?=gettext("Int");?></th> + <th class="listhdrr" width="5%"><?=gettext("Proto");?></th> <th class="listhdrr" width="65"><?=gettext("Source -> Router -> Destination");?></th> <th class="listhdr" width="24%"><?=gettext("State");?></th> <th class="list sort_ignore" width="1%"></th> @@ -165,18 +172,22 @@ include("head.inc"); <?php $row = 0; /* get our states */ -$grepline = ($_GET['filter']) ? "| grep " . escapeshellarg(htmlspecialchars($_GET['filter'])) : ""; +$grepline = ($_GET['filter']) ? "| /usr/bin/egrep " . escapeshellarg(htmlspecialchars($_GET['filter'])) : ""; $fd = popen("/sbin/pfctl -s state {$grepline}", "r" ); while ($line = chop(fgets($fd))) { if($row >= 10000) break; $line_split = preg_split("/\s+/", $line); - $type = array_shift($line_split); + + $iface = array_shift($line_split); $proto = array_shift($line_split); $state = array_pop($line_split); $info = implode(" ", $line_split); + // We may want to make this optional, with a large state table, this could get to be expensive. + $iface = convert_real_interface_to_friendly_descr($iface); + /* break up info and extract $srcip and $dstip */ $ends = preg_split("/\<?-\>?/", $info); $parts = explode(":", $ends[0]); @@ -186,7 +197,8 @@ while ($line = chop(fgets($fd))) { ?> <tr valign="top" id="r:<?= $srcip ?>:<?= $dstip ?>"> - <td class="listlr"><?= $proto ?></td> + <td class="listlr"><?= $iface ?></td> + <td class="listr"><?= $proto ?></td> <td class="listr"><?= $info ?></td> <td class="listr"><?= $state ?></td> <td class="list"> diff --git a/usr/local/www/diag_gmirror.php b/usr/local/www/diag_gmirror.php new file mode 100644 index 0000000..f200991 --- /dev/null +++ b/usr/local/www/diag_gmirror.php @@ -0,0 +1,346 @@ +<?php +/* + diag_gmirror.php + Copyright (C) 2014 Jim Pingle + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INClUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +/* + pfSense_BUILDER_BINARIES: /sbin/gmirror /sbin/geom /usr/bin/grep /usr/bin/egrep /usr/bin/cut /usr/bin/head + pfSense_BUILDER_BINARIES: /sbin/mount /usr/bin/awk /usr/bin/sed + pfSense_MODULE: gmirror +*/ + +##|+PRIV +##|*IDENT=page-diagnostics-gmirror +##|*NAME=Diagnostics: GEOM Mirrors +##|*DESCR=Allow access to the 'Diagnostics: GEOM Mirrors' page. +##|*MATCH=diag_gmirror.php* +##|-PRIV + +require_once("guiconfig.inc"); +require_once("config.inc"); +require_once("gmirror.inc"); + +$pgtitle = array(gettext("Diagnostics"), gettext("GEOM Mirrors")); + +include("head.inc"); + +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="<?=$jsevents["body"]["onload"];?>"> + +<?php include("fbegin.inc"); ?> + +<?PHP +$action_list = array( + "forget" => gettext("Forget all formerly connected consumers"), + "clear" => gettext("Remove metadata from disk"), + "insert" => gettext("Insert consumer into mirror"), + "remove" => gettext("Remove consumer from mirror"), + "activate" => gettext("Reactivate consumer on mirror"), + "deactivate" => gettext("Deactivate consumer from mirror"), + "rebuild" => gettext("Force rebuild of mirror consumer"), +); + +/* User tried to pass a bogus action */ +if (!empty($_REQUEST['action']) && !array_key_exists($_REQUEST['action'], $action_list)) { + header("Location: diag_gmirror.php"); + return; +} + +if ($_POST) { + if (!isset($_POST['confirm']) || ($_POST['confirm'] != gettext("Confirm"))) { + header("Location: diag_gmirror.php"); + return; + } + $input_errors = ""; + + if (($_POST['action'] != "clear") && !is_valid_mirror($_POST['mirror'])) + $input_errors[] = gettext("You must supply a valid mirror name."); + + if (!empty($_POST['consumer']) && !is_valid_consumer($_POST['consumer'])) + $input_errors[] = gettext("You must supply a valid consumer name"); + + /* Additional action-specific validation that hasn't already been tested */ + switch ($_POST['action']) { + case "insert": + if (!is_consumer_unused($_POST['consumer'])) + $input_errors[] = gettext("Consumer is already in use and cannot be inserted. Remove consumer from existing mirror first."); + if (gmirror_consumer_has_metadata($_POST['consumer'])) + $input_errors[] = gettext("Consumer has metadata from an existing mirror. Clear metadata before inserting consumer."); + $mstat = gmirror_get_status_single($_POST['mirror']); + if (strtoupper($mstat) != "COMPLETE") + $input_errors[] = gettext("Mirror is not in a COMPLETE state, cannot insert consumer. Forget disconnected disks or wait for rebuild to finish."); + break; + case "clear": + if (!is_consumer_unused($_POST['consumer'])) + $input_errors[] = gettext("Consumer is in use and cannot be cleared. Deactivate disk first."); + if (!gmirror_consumer_has_metadata($_POST['consumer'])) + $input_errors[] = gettext("Consumer has no metadata to clear."); + break; + case "activate": + if (is_consumer_in_mirror($_POST['consumer'], $_POST['mirror'])) + $input_errors[] = gettext("Consumer is already present on specified mirror."); + if (!gmirror_consumer_has_metadata($_POST['consumer'])) + $input_errors[] = gettext("Consumer has no metadata and cannot be reactivated."); + + break; + case "remove": + case "deactivate": + case "rebuild": + if (!is_consumer_in_mirror($_POST['consumer'], $_POST['mirror'])) + $input_errors[] = gettext("Consumer must be present on the specified mirror."); + break; + } + +$result = 0; + if (empty($input_errors)) { + switch ($_POST['action']) { + case "forget": + $result = gmirror_forget_disconnected($_POST['mirror']); + break; + case "clear": + $result = gmirror_clear_consumer($_POST['consumer']); + break; + case "insert": + $result = gmirror_insert_consumer($_POST['mirror'], $_POST['consumer']); + break; + case "remove": + $result = gmirror_remove_consumer($_POST['mirror'], $_POST['consumer']); + break; + case "activate": + $result = gmirror_activate_consumer($_POST['mirror'], $_POST['consumer']); + break; + case "deactivate": + $result = gmirror_deactivate_consumer($_POST['mirror'], $_POST['consumer']); + break; + case "rebuild": + $result = gmirror_force_rebuild($_POST['mirror'], $_POST['consumer']); + break; + } + $redir = "Location: diag_gmirror.php"; + if ($result != 0) { + $redir .= "?error=" . urlencode($result); + } + /* If we reload the page too fast, the gmirror information may be missing or not up-to-date. */ + sleep(3); + header($redir); + return; + } +} + +$mirror_status = gmirror_get_status(); +$mirror_list = gmirror_get_mirrors(); +$unused_disks = gmirror_get_disks(); +$unused_consumers = array(); +foreach ($unused_disks as $disk) { + if (is_consumer_unused($disk)) + $unused_consumers = array_merge($unused_consumers, gmirror_get_all_unused_consumer_sizes_on_disk($disk)); +} + +if ($input_errors) + print_input_errors($input_errors); +if ($_GET["error"] && ($_GET["error"] != 0)) + print_info_box(gettext("There was an error performing the chosen mirror operation. Check the System Log for details.")); + +?> +<form action="diag_gmirror.php" method="POST" id="gmirror_form" name="gmirror_form"> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td id="mainarea"> + <div class="tabcont"> + <span class="vexpl"> + <span class="red"> + <strong><?=gettext("NOTE:")?> </strong> + </span> + <?=gettext("The options on this page are intended for use by advanced users only. This page is for managing existing mirrors, not creating new mirrors.")?> + <br /> + </span> + <p/> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + +<?PHP if ($_GET["action"]): ?> + <tr> + <td colspan="2" valign="top" class="listtopic"><?PHP echo gettext("Confirm Action"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"> </td> + <td width="78%" class="vtable"> + <strong><?PHP echo gettext("Please confirm the selected action"); ?></strong>: + <br /> + <br /><strong><?PHP echo gettext("Action"); ?>:</strong> <?PHP echo $action_list[$_GET["action"]]; ?> + <input type="hidden" name="action" value="<?PHP echo htmlspecialchars($_GET["action"]); ?>" /> + <?PHP if (!empty($_GET["mirror"])): ?> + <br /><strong><?PHP echo gettext("Mirror"); ?>:</strong> <?PHP echo htmlspecialchars($_GET["mirror"]); ?> + <input type="hidden" name="mirror" value="<?PHP echo htmlspecialchars($_GET["mirror"]); ?>" /> + <?PHP endif; ?> + <?PHP if (!empty($_GET["consumer"])): ?> + <br /><strong><?PHP echo gettext("Consumer"); ?>:</strong> <?PHP echo htmlspecialchars($_GET["consumer"]); ?> + <input type="hidden" name="consumer" value="<?PHP echo htmlspecialchars($_GET["consumer"]); ?>" /> + <?PHP endif; ?> + <br /> + <br /><input type="submit" name="confirm" value="<?PHP echo gettext("Confirm"); ?>" /> + </td> + </tr> +<?PHP else: ?> + <tr> + <td colspan="2" valign="top" class="listtopic"><?PHP echo gettext("GEOM Mirror information"); ?></td> + </tr> + + <tr> + <td width="22%" valign="top" class="vncell"><?PHP echo gettext("Mirror Status"); ?></td> + <td width="78%" class="vtable"> + + <table width="100%" border="0" cellspacing="0" cellpadding="0" summary="gmirror status"> + <tbody id="gmirror_status_table"> + <?PHP if (count($mirror_status) > 0): ?> + <tr> + <td width="30%" class="vncellt"><?PHP echo gettext("Name"); ?></td> + <td width="30%" class="vncellt"><?PHP echo gettext("Status"); ?></td> + <td width="40%" class="vncellt"><?PHP echo gettext("Component"); ?></td> + </tr> + <?PHP foreach ($mirror_status as $mirror => $name): + $components = count($name["components"]); ?> + <tr> + <td width="30%" rowspan="<?PHP echo $components; ?>" class="listr"> + <?PHP echo htmlspecialchars($name['name']); ?> + <br />Size: <?PHP echo gmirror_get_mirror_size($name['name']); ?> + </td> + <td width="30%" rowspan="<?PHP echo $components; ?>" class="listr"> + <?PHP echo htmlspecialchars($name['status']); ?> + <?PHP if (strtoupper($name['status']) == "DEGRADED"): ?> + <br /><a href="diag_gmirror.php?action=forget&mirror=<?PHP echo htmlspecialchars($name['name']); ?>">[<?PHP echo gettext("Forget Disconnected Disks"); ?>]</a> + <?PHP endif; ?> + </td> + <td width="40%" class="listr"> + <?PHP echo $name['components'][0]; ?> + <?PHP list($cname, $cstatus) = explode(" ", $name['components'][0], 2); ?> + <br /> + <?PHP if ((strtoupper($name['status']) == "COMPLETE") && (count($name["components"]) > 1)): ?> + <a href="diag_gmirror.php?action=rebuild&consumer=<?PHP echo htmlspecialchars($cname); ?>&mirror=<?PHP echo htmlspecialchars($name['name']); ?>">[<?PHP echo gettext("Rebuild"); ?>]</a> + <a href="diag_gmirror.php?action=deactivate&consumer=<?PHP echo htmlspecialchars($cname); ?>&mirror=<?PHP echo htmlspecialchars($name['name']); ?>">[<?PHP echo gettext("Deactivate"); ?>]</a> + <a href="diag_gmirror.php?action=remove&consumer=<?PHP echo htmlspecialchars($cname); ?>&mirror=<?PHP echo htmlspecialchars($name['name']); ?>">[<?PHP echo gettext("Remove"); ?>]</a> + <?PHP endif; ?> + </td> + </tr> + <?PHP if (count($name["components"]) > 1): + $morecomponents = array_slice($name["components"], 1); ?> + <?PHP foreach ($morecomponents as $component): ?> + <tr> + <td width="40%" class="listr"> + <?PHP echo $component; ?> + <?PHP list($cname, $cstatus) = explode(" ", $component, 2); ?> + <br /> + <?PHP if ((strtoupper($name['status']) == "COMPLETE") && (count($name["components"]) > 1)): ?> + <a href="diag_gmirror.php?action=rebuild&consumer=<?PHP echo htmlspecialchars($cname); ?>&mirror=<?PHP echo htmlspecialchars($name['name']); ?>">[<?PHP echo gettext("Rebuild"); ?>]</a> + <a href="diag_gmirror.php?action=deactivate&consumer=<?PHP echo htmlspecialchars($cname); ?>&mirror=<?PHP echo htmlspecialchars($name['name']); ?>">[<?PHP echo gettext("Deactivate"); ?>]</a> + <a href="diag_gmirror.php?action=remove&consumer=<?PHP echo htmlspecialchars($cname); ?>&mirror=<?PHP echo htmlspecialchars($name['name']); ?>">[<?PHP echo gettext("Remove"); ?>]</a> + <?PHP endif; ?> + </td> + </tr> + <?PHP endforeach; ?> + <?PHP endif; ?> + <?PHP endforeach; ?> + <?PHP else: ?> + <tr><td colspan="3" class="listr"><?PHP echo gettext("No Mirrors Found"); ?></td></tr> + <?PHP endif; ?> + </tbody> + </table> + <br /><?PHP echo gettext("Some disk operations may only be performed when there are multiple consumers present in a mirror."); ?> + </td> + </tr> + + <tr> + <td colspan="2" valign="top" class="listtopic"><?PHP echo gettext("Consumer information"); ?></td> + </tr> + + <tr> + <td width="22%" valign="top" class="vncell"><?PHP echo gettext("Available Consumers"); ?></td> + <td width="78%" class="vtable"> + + <table width="100%" border="0" cellspacing="0" cellpadding="0" summary="consumer list"> + <tbody id="consumer_list"> + <?PHP if (count($unused_consumers) > 0): ?> + <tr> + <td width="30%" class="vncellt"><?PHP echo gettext("Name"); ?></td> + <td width="30%" class="vncellt"><?PHP echo gettext("Size"); ?></td> + <td width="40%" class="vncellt"><?PHP echo gettext("Add to Mirror"); ?></td> + </tr> + <?PHP foreach ($unused_consumers as $consumer): ?> + <tr> + <td width="30%" class="listr"> + <?PHP echo htmlspecialchars($consumer['name']); ?> + </td> + <td width="30%" class="listr"><?PHP echo htmlspecialchars($consumer['size']); ?> <?PHP echo htmlspecialchars($consumer['humansize']); ?></td> + <td width="40%" class="listr"> + <?PHP $oldmirror = gmirror_get_consumer_metadata_mirror($consumer['name']); + if ($oldmirror): ?> + <a href="diag_gmirror.php?action=activate&consumer=<?PHP echo htmlspecialchars($consumer['name']); ?>&mirror=<?PHP echo htmlspecialchars($oldmirror); ?>">[<?PHP echo gettext("Reactivate on:"); ?> <?PHP echo htmlspecialchars($oldmirror); ?>]</a> + <br /><a href="diag_gmirror.php?action=clear&consumer=<?PHP echo htmlspecialchars($consumer['name']); ?>">[<?PHP echo gettext("Remove metadata from disk"); ?>]</a> + <?PHP else: ?> + <?PHP foreach ($mirror_list as $mirror): + $mirror_size = gmirror_get_mirror_size($mirror); + $consumer_size = gmirror_get_unused_consumer_size($consumer['name']); + ?> + <?PHP if ($consumer_size > $mirror_size): ?> + <a href="diag_gmirror.php?action=insert&consumer=<?PHP echo htmlspecialchars($consumer['name']); ?>&mirror=<?PHP echo htmlspecialchars($mirror); ?>"><?PHP echo htmlspecialchars($mirror); ?></a> + <?PHP endif; ?> + <?PHP endforeach; ?> + <?PHP endif; ?> + </td> + </tr> + <?PHP endforeach; ?> + <?PHP else: ?> + <tr><td colspan="3" class="listr"><?PHP echo gettext("No unused consumers found"); ?></td></tr> + <?PHP endif; ?> + </tbody> + </table> + <br /><?PHP echo gettext("Consumers may only be added to a mirror if they are larger than the size of the mirror."); ?> + </td> + </tr> + <tr> + <td colspan="2" valign="top" class=""> </td> + </tr> + <tr> + <td colspan="2" valign="top" class=""><?PHP echo gettext("To repair a failed mirror, first perform a 'Forget' command on the mirror, followed by an 'insert' action on the new consumer."); ?></td> + </tr> +<?PHP endif;?> + </table> + </div> + </td> + </tr> +</table> +</form> +<?php require("fend.inc"); ?> +</body> +</html> + +<?php + +// Clear the loading indicator +echo "<script type=\"text/javascript\">"; +echo "jQuery('#loading').html('');"; +echo "</script>"; + +?> diff --git a/usr/local/www/diag_ipsec.php b/usr/local/www/diag_ipsec.php index 02291e8..ad6c463 100644 --- a/usr/local/www/diag_ipsec.php +++ b/usr/local/www/diag_ipsec.php @@ -116,7 +116,7 @@ $status = ipsec_smp_dump_status(); ?> <tr> <td class="listlr"> - <?php echo htmlspecialchars($ikesa['peerconfig']);?> + <?php echo htmlspecialchars(ipsec_get_descr_by_peerconfig($ikesa['peerconfig']));?> </td> <td class="listr"> <?php if (!is_array($ikesa['local'])) @@ -220,7 +220,7 @@ $status = ipsec_smp_dump_status(); echo htmlspecialchars($childsa['remote']['spi']); ?> </td> - <td class="listlr nowrap"> + <td class="listr nowrap"> <?php if (is_array($childsa['remote']) && is_array($childsa['remote']['networks']) && is_array($childsa['remote']['networks']['network'])) { foreach ($childsa['remote']['networks']['network'] as $rnets) { echo htmlspecialchars($rnets) . "<br />"; diff --git a/usr/local/www/diag_pkglogs.php b/usr/local/www/diag_pkglogs.php index 17459c4..b1d65cb 100755 --- a/usr/local/www/diag_pkglogs.php +++ b/usr/local/www/diag_pkglogs.php @@ -73,9 +73,11 @@ if(!$apkg) { // If we aren't looking for a specific package, locate the first pa } } } elseif($apkg) { - $pkgwithlogging = true; $apkgid = get_pkg_id($apkg); - $i = $apkgid; + if ($apkgid != -1) { + $pkgwithlogging = true; + $i = $apkgid; + } } $pgtitle = array(gettext("Status"),gettext("Package logs")); diff --git a/usr/local/www/diag_smart.php b/usr/local/www/diag_smart.php index f024589..2cbc60b 100644 --- a/usr/local/www/diag_smart.php +++ b/usr/local/www/diag_smart.php @@ -85,7 +85,7 @@ function update_email($email) if(!empty($email)) { // Put it in the smartd.conf file - shell_exec("/usr/bin/sed -i old 's/^DEVICESCAN.*/DEVICESCAN -H -m " . $email . "/' /usr/local/etc/smartd.conf"); + shell_exec("/usr/bin/sed -i old 's/^DEVICESCAN.*/DEVICESCAN -H -m " . escapeshellarg($email) . "/' /usr/local/etc/smartd.conf"); } // Nope else diff --git a/usr/local/www/diag_tables.php b/usr/local/www/diag_tables.php index d9c8f84..e181c80 100644 --- a/usr/local/www/diag_tables.php +++ b/usr/local/www/diag_tables.php @@ -91,14 +91,15 @@ exec("/sbin/pfctl -t " . escapeshellarg($tablename) . " -T show", $entries); exec("/sbin/pfctl -sT", $tables); include("head.inc"); -include("fbegin.inc"); - ?> +<body> +<?php include("fbegin.inc"); ?> <?php if ($savemsg) print_info_box($savemsg); ?> -<form method='post'> +<form method="post" action="diag_tables.php"> <script type="text/javascript"> +//<![CDATA[ function method_change(entrytype) { window.location='diag_tables.php?type=' + entrytype; } @@ -114,58 +115,62 @@ include("fbegin.inc"); } }); } +//]]> </script> <?=gettext("Table:");?> -<select id='type' onChange='method_change(jQuery("#type").val());' name='type'> +<select id="type" onchange="method_change(jQuery('#type').val());" name="type"> <?php foreach ($tables as $table) { - echo "<option name='{$table}' value='{$table}'"; + echo "<option value=\"{$table}\""; if ($tablename == $table) - echo " selected "; + echo " selected=\"selected\""; echo ">{$table}</option>\n"; } ?> </select> -<p/> +<br/><br/> -<table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0"> +<table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0" summary="tables"> <tr> <td class="listhdrr"><?=gettext("IP Address");?></td> </tr> <?php $count = 0; foreach($entries as $entryA): ?> <?php $entry = trim($entryA); ?> - <tr id='<?=$entry?>'> + <tr id="<?=$entry?>"> <td> <?php echo $entry; ?> </td> <td> <?php if ( ($tablename != "bogons") && ($tablename != "bogonsv6") ) { ?> - <a onClick='del_entry("<?=htmlspecialchars($entry)?>");'> - <img img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif"> - <?php } ?> + <a onclick="del_entry('<?=htmlspecialchars($entry)?>');"> + <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" alt="delete" /> </a> + <?php } ?> </td> </tr> <?php $count++; endforeach; ?> <?php if($count == 0) if( ($tablename == "bogons") || ($tablename == "bogonsv6") ) - echo "<p/>" . gettext("No entries exist in this table.") . "  " . "<input name='Download' type='submit' class='formbtn' value='" . gettext("Download") . "'> " . gettext(" the latest bogon data."); + echo "<tr><td>" . gettext("No entries exist in this table.") . " " . "<input name=\"Download\" type=\"submit\" class=\"formbtn\" value=\"" . gettext("Download") . "\" /> " . gettext(" the latest bogon data."); else - echo "<p/>" . gettext("No entries exist in this table."); + echo "<tr><td>" . gettext("No entries exist in this table."); ?> <?php if($count > 0) if( ($tablename == "bogons") || ($tablename == "bogonsv6") ) { $last_updated = exec('/usr/bin/grep -i -m 1 -E "^# last updated" /etc/' . escapeshellarg($tablename)); - echo "<p/> <b>$count</b> " . gettext("entries in this table.") . "  " . "<input name='Download' type='submit' class='formbtn' value='" . gettext("Download") . "'> " . gettext(" the latest bogon data.") . "<br />" . "$last_updated"; + echo "<tr><td> <b>$count</b> " . gettext("entries in this table.") . " " . "<input name=\"Download\" type=\"submit\" class=\"formbtn\" value=\"" . gettext("Download") . "\" /> " . gettext(" the latest bogon data.") . "<br />" . "$last_updated"; } else - echo "<p/>" . gettext("Delete") . " <a href='diag_tables.php?deleteall=true&type=" . htmlspecialchars($tablename) . "'>" . gettext("all") . "</a> " . "<b>$count</b> " . gettext("entries in this table."); + echo "<tr><td>" . gettext("Delete") . " <a href=\"diag_tables.php?deleteall=true&type=" . htmlspecialchars($tablename) . "\">" . gettext("all") . "</a> " . "<b>$count</b> " . gettext("entries in this table."); ?> - +</td></tr> </table> +</form> <?php include("fend.inc"); ?> +</body> +</html> diff --git a/usr/local/www/exec.php b/usr/local/www/exec.php index c1eb4bb..1963508 100644 --- a/usr/local/www/exec.php +++ b/usr/local/www/exec.php @@ -103,13 +103,14 @@ include("head.inc"); <?php if (isBlank( $_POST['txtRecallBuffer'] )) { - puts( " var arrRecallBuffer = new Array;" ); + puts( " var arrRecallBuffer = new Array;" ); } else { - puts( " var arrRecallBuffer = new Array(" ); - $arrBuffer = explode( "&", $_POST['txtRecallBuffer'] ); - for ($i=0; $i < (count( $arrBuffer ) - 1); $i++) puts( " '" . htmlspecialchars($arrBuffer[$i]) . "'," ); - puts( " '" . htmlspecialchars($arrBuffer[count( $arrBuffer ) - 1]) . "'" ); - puts( " );" ); + puts( " var arrRecallBuffer = new Array(" ); + $arrBuffer = explode( "&", $_POST['txtRecallBuffer'] ); + for ($i=0; $i < (count( $arrBuffer ) - 1); $i++) + puts( " '" . htmlspecialchars($arrBuffer[$i], ENT_QUOTES | ENT_HTML401) . "'," ); + puts( " '" . htmlspecialchars($arrBuffer[count( $arrBuffer ) - 1], ENT_QUOTES | ENT_HTML401) . "'" ); + puts( " );" ); } ?> diff --git a/usr/local/www/fbegin.inc b/usr/local/www/fbegin.inc index 22cc90b..55d8182 100755 --- a/usr/local/www/fbegin.inc +++ b/usr/local/www/fbegin.inc @@ -154,7 +154,7 @@ if(count($config['interfaces']) > 1) { /* no use for UPnP in single-interface deployments remove to reduce user confusion */ - $services_menu[] = array(gettext("UPnP & NAT-PMP"), "/pkg_edit.php?xml=miniupnpd.xml&id=0"); + $services_menu[] = array(gettext("UPnP & NAT-PMP"), "/pkg_edit.php?xml=miniupnpd.xml"); } $services_menu[] = array(gettext("Wake on LAN"), "/services_wol.php"); $services_menu = msort(array_merge($services_menu, return_ext_menu("Services")),0); @@ -210,6 +210,10 @@ $diagnostics_menu[] = array(gettext("Command Prompt"), "/exec.php"); $diagnostics_menu[] = array(gettext("DNS Lookup"), "/diag_dns.php"); $diagnostics_menu[] = array(gettext("Edit File"), "/edit.php"); $diagnostics_menu[] = array(gettext("Factory Defaults"), "/diag_defaults.php"); + +if(file_exists("/var/run/gmirror_active")) + $diagnostics_menu[] = array(gettext("GEOM Mirrors"), "/diag_gmirror.php" ); + $diagnostics_menu[] = array(gettext("Halt System"), "/halt.php" ); $diagnostics_menu[] = array(gettext("Limiter Info"), "/diag_limiter_info.php" ); $diagnostics_menu[] = array(gettext("NDP Table"), "/diag_ndp.php" ); diff --git a/usr/local/www/firewall_rules.php b/usr/local/www/firewall_rules.php index 01be3f6..1c3b2cd 100644 --- a/usr/local/www/firewall_rules.php +++ b/usr/local/www/firewall_rules.php @@ -118,7 +118,7 @@ if($_REQUEST['dragdroporder']) { } foreach($undo as $dt) $undotxt .= "&dragtable[]={$dt}"; - Header("Location: firewall_rules.php?if=" . $_REQUEST['if'] . "&undodrag=true" . $undotxt); + header("Location: firewall_rules.php?if=" . $_REQUEST['if'] . "&undodrag=true" . $undotxt); exit; } diff --git a/usr/local/www/firewall_schedule_edit.php b/usr/local/www/firewall_schedule_edit.php index 4b361b1..e1901e3 100644 --- a/usr/local/www/firewall_schedule_edit.php +++ b/usr/local/www/firewall_schedule_edit.php @@ -116,6 +116,14 @@ if ($_POST) { $timerangeFound = false; for ($x=0; $x<99; $x++){ if($_POST['schedule' . $x]) { + if (!preg_match('/^[0-9]+:[0-9]+$/', $_POST['starttime' . $x])) { + $input_errors[] = sprintf(gettext("Invalid start time - '%s'"), $_POST['starttime' . $x]); + continue; + } + if (!preg_match('/^[0-9]+:[0-9]+$/', $_POST['stoptime' . $x])) { + $input_errors[] = sprintf(gettext("Invalid start time - '%s'"), $_POST['stoptime' . $x]); + continue; + } $timerangeFound = true; $timeparts = array(); $firstprint = false; diff --git a/usr/local/www/getserviceproviders.php b/usr/local/www/getserviceproviders.php index 0fbd9fb..9171377 100644 --- a/usr/local/www/getserviceproviders.php +++ b/usr/local/www/getserviceproviders.php @@ -74,7 +74,7 @@ function providers_list($country) { } function provider_plan_data($country,$provider,$connection) { - Header("Content-type: application/xml;"); + header("Content-type: application/xml;"); echo "<?xml version=\"1.0\" ?>\n"; echo "<connection>\n"; $serviceproviders = get_country_providers($country); diff --git a/usr/local/www/guiconfig.inc b/usr/local/www/guiconfig.inc index ab3bf0a..975daf0 100644 --- a/usr/local/www/guiconfig.inc +++ b/usr/local/www/guiconfig.inc @@ -52,7 +52,7 @@ if (!$omit_nocacheheaders) { header("Pragma: no-cache"); } -Header("X-Frame-Options: SAMEORIGIN"); +header("X-Frame-Options: SAMEORIGIN"); require_once("authgui.inc"); /* parse the configuration and include all configuration functions */ @@ -260,7 +260,7 @@ function do_input_validation($postdata, $reqdfields, $reqdfieldsn, &$input_error for ($i = 0; $i < count($reqdfields); $i++) { if ($_POST[$reqdfields[$i]] == "" && $_REQUEST[$reqdfields[$i]] == "") { - $input_errors[] = sprintf(gettext("The field %s is required."), $reqfieldsn[$i]); + $input_errors[] = sprintf(gettext("The field %s is required."), $reqdfieldsn[$i]); } } } @@ -612,7 +612,9 @@ function dump_clog($logfile, $tail, $withorig = true, $grepfor = "", $grepinvert $grepline .= " | /usr/bin/egrep " . escapeshellarg(implode("|", $grepfor)); if(is_array($grepinvert)) $grepline .= " | /usr/bin/egrep -v " . escapeshellarg(implode("|", $grepinvert)); - if(file_exists($logfile) && filesize($logfile) == 0) { + if (is_dir($logfile)) { + $logarr = array("File $logfile is a directory."); + } elseif (file_exists($logfile) && filesize($logfile) == 0) { $logarr = array("Log file started."); } else { if($config['system']['disablesyslogclog']) { diff --git a/usr/local/www/installer/index.php b/usr/local/www/installer/index.php index 2c7dd90..9c97c41 100644 --- a/usr/local/www/installer/index.php +++ b/usr/local/www/installer/index.php @@ -1,5 +1,5 @@ <?php -Header("Location: installer.php"); +header("Location: installer.php"); -?>
\ No newline at end of file +?> diff --git a/usr/local/www/installer/installer.php b/usr/local/www/installer/installer.php index b5079c5..985b5f3 100644 --- a/usr/local/www/installer/installer.php +++ b/usr/local/www/installer/installer.php @@ -35,7 +35,7 @@ require("guiconfig.inc"); define('PC_SYSINSTALL', '/usr/sbin/pc-sysinstall/pc-sysinstall/pc-sysinstall.sh'); if($g['platform'] == "pfSense" or $g['platform'] == "nanobsd") { - Header("Location: /"); + header("Location: /"); exit; } @@ -94,7 +94,7 @@ function easy_install($fstype = "UFS+S") { $bootmanager = "bsd"; file_put_contents("/tmp/webInstaller_disk_layout.txt", serialize($disk_setup)); file_put_contents("/tmp/webInstaller_disk_bootmanager.txt", serialize($bootmanager)); - Header("Location: installer.php?state=verify_before_install"); + header("Location: installer.php?state=verify_before_install"); exit; } diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php index 876d30f..127486a 100644 --- a/usr/local/www/interfaces.php +++ b/usr/local/www/interfaces.php @@ -62,7 +62,7 @@ if ($_REQUEST['if']) $if = $_REQUEST['if']; if (empty($ifdescrs[$if])) { - Header("Location: interfaces.php"); + header("Location: interfaces.php"); exit; } diff --git a/usr/local/www/interfaces_bridge_edit.php b/usr/local/www/interfaces_bridge_edit.php index 0a4502c..942e792 100644 --- a/usr/local/www/interfaces_bridge_edit.php +++ b/usr/local/www/interfaces_bridge_edit.php @@ -271,12 +271,14 @@ function show_source_port_range() { <td width="78%" class="vtable"> <select name="members[]" multiple="multiple" class="formselect" size="3"> <?php + $members_array = explode(',', $pconfig['members']); foreach ($ifacelist as $ifn => $ifinfo) { echo "<option value=\"{$ifn}\""; - if (stristr($pconfig['members'], $ifn)) + if (in_array($ifn, $members_array)) echo " selected=\"selected\""; echo ">{$ifinfo}</option>"; } + unset($members_array); ?> </select> <br /> diff --git a/usr/local/www/interfaces_groups.php b/usr/local/www/interfaces_groups.php index d7149cb..3f97dd3 100644 --- a/usr/local/www/interfaces_groups.php +++ b/usr/local/www/interfaces_groups.php @@ -106,10 +106,11 @@ include("head.inc"); <td class="listr" ondblclick="document.location='interfaces_groups_edit.php?id=<?=$i;?>';"> <?php $members_arr = explode(" ", $ifgroupentry['members']); - $iflist = get_configured_interface_with_descr(); + $iflist = get_configured_interface_with_descr(false, true); $memberses_arr = array(); foreach ($members_arr as $memb) $memberses_arr[] = $iflist[$memb] ? $iflist[$memb] : $memb; + unset($iflist); $memberses = implode(", ", $memberses_arr); echo $memberses; if(count($members_arr) < 10) { diff --git a/usr/local/www/interfaces_groups_edit.php b/usr/local/www/interfaces_groups_edit.php index cf57cf3..08ebdb9 100644 --- a/usr/local/www/interfaces_groups_edit.php +++ b/usr/local/www/interfaces_groups_edit.php @@ -58,9 +58,11 @@ if (isset($id) && $a_ifgroups[$id]) { $pconfig['ifname'] = $a_ifgroups[$id]['ifname']; $pconfig['members'] = $a_ifgroups[$id]['members']; $pconfig['descr'] = html_entity_decode($a_ifgroups[$id]['descr']); - } +$iflist = get_configured_interface_with_descr(); +$iflist_disabled = get_configured_interface_with_descr(false, true); + if ($_POST) { unset($input_errors); @@ -74,8 +76,7 @@ if ($_POST) { if (preg_match("/([^a-zA-Z])+/", $_POST['ifname'], $match)) $input_errors[] = gettext("Only letters A-Z are allowed as the group name."); - $ifaces = get_configured_interface_with_descr(); - foreach ($ifaces as $gif => $gdescr) { + foreach ($iflist as $gif => $gdescr) { if ($gdescr == $_POST['ifname'] || $gif == $_POST['ifname']) $input_errors[] = "The specified group name is already used by an interface. Please choose another name."; } @@ -200,7 +201,6 @@ var addRowTo = (function() { <?php $innerHTML="\"<input type='hidden' value='\" + totalrows +\"' name='\" + rowname[i] + \"_row-\" + totalrows + \"' /><select size='1' name='\" + rowname[i] + totalrows + \"'>\" +\""; - $iflist = get_configured_interface_with_descr(); foreach ($iflist as $ifnam => $ifdescr) $innerHTML .= "<option value='{$ifnam}'>{$ifdescr}<\/option>"; $innerHTML .= "<\/select>\";"; @@ -251,7 +251,7 @@ function removeRow(el) { <tr> <td valign="top" class="vncellreq"><?=gettext("Group Name");?></td> <td class="vtable"> - <input class="formfld unknown" name="ifname" id="ifname" value="<?=htmlspecialchars($pconfig['ifname']);?>" /> + <input class="formfld unknown" name="ifname" id="ifname" maxlength="15" value="<?=htmlspecialchars($pconfig['ifname']);?>" /> <br /> <?=gettext("No numbers or spaces are allowed. Only characters in a-zA-Z");?> </td> @@ -288,12 +288,20 @@ function removeRow(el) { <td class="vtable"> <select name="members<?php echo $tracker; ?>" class="formselect" id="members<?php echo $tracker; ?>"> <?php + $found = false; foreach ($iflist as $ifnam => $ifdescr) { echo "<option value=\"{$ifnam}\""; - if ($ifnam == $members) + if ($ifnam == $members) { + $found = true; echo " selected=\"selected\""; + } echo ">{$ifdescr}</option>"; } + + if ($found === false) + foreach ($iflist_disabled as $ifnam => $ifdescr) + if ($ifnam == $members) + echo "<option value=\"{$ifnam}\" selected=\"selected\">{$ifdescr}</option>"; ?> </select> </td> @@ -336,6 +344,10 @@ function removeRow(el) { //]]> </script> -<?php include("fend.inc"); ?> +<?php + unset($iflist); + unset($iflist_disabled); + include("fend.inc"); +?> </body> </html> diff --git a/usr/local/www/pkg.php b/usr/local/www/pkg.php index afa764a..f552f32 100755 --- a/usr/local/www/pkg.php +++ b/usr/local/www/pkg.php @@ -64,7 +64,7 @@ if($xml == "") { } if($pkg['donotsave'] <> "") { - Header("Location: pkg_edit.php?xml=" . $xml); + header("Location: pkg_edit.php?xml=" . $xml); exit; } diff --git a/usr/local/www/pkg_edit.php b/usr/local/www/pkg_edit.php index 8db3eae..816114d 100644 --- a/usr/local/www/pkg_edit.php +++ b/usr/local/www/pkg_edit.php @@ -65,11 +65,14 @@ function domTT_title($title_msg){ $xml = htmlspecialchars($_GET['xml']); if($_POST['xml']) $xml = htmlspecialchars($_POST['xml']); -if($xml == "") { - print_info_box_np(gettext("ERROR: No package defined.")); +$xml_fullpath = realpath('/usr/local/pkg/' . $xml); + +if ($xml == "" || $xml_fullpath === false || + substr($xml_fullpath, 0, strlen('/usr/local/pkg/')) != '/usr/local/pkg/') { + print_info_box_np(gettext("ERROR: No valid package defined.")); die; } else { - $pkg = parse_xml_config_pkg("/usr/local/pkg/" . $xml, "packagegui"); + $pkg = parse_xml_config_pkg($xml_fullpath, "packagegui"); } if($pkg['include_file'] <> "") { @@ -98,7 +101,7 @@ if(!$id && !$_POST) $id = "0"; if(!is_numeric($id)) { - Header("Location: /"); + header("Location: /"); exit; } @@ -258,10 +261,15 @@ else $title = gettext("Package Editor"); $pgtitle = $title; -include("head.inc"); -if ($pkg['custom_php_after_head_command']) +if ($pkg['custom_php_after_head_command']) { + $closehead = false; + include("head.inc"); eval($pkg['custom_php_after_head_command']); + echo "</head>\n"; +} +else + include("head.inc"); ?> diff --git a/usr/local/www/pkg_mgr_install.php b/usr/local/www/pkg_mgr_install.php index a157734..2f5d04c 100644 --- a/usr/local/www/pkg_mgr_install.php +++ b/usr/local/www/pkg_mgr_install.php @@ -105,11 +105,11 @@ if ($_POST) { </tr> <?php if ((empty($_GET['mode']) && $_GET['id']) || (!empty($_GET['mode']) && (!empty($_GET['pkg']) || $_GET['mode'] == 'reinstallall') && ($_GET['mode'] != 'installedinfo' && $_GET['mode'] != 'showlog'))): if (empty($_GET['mode']) && $_GET['id']) { - $pkgname = str_replace(array("<", ">", ";", "&", "'", '"'), "", htmlspecialchars_decode($_GET['id'], ENT_QUOTES | ENT_HTML401)); + $pkgname = str_replace(array("<", ">", ";", "&", "'", '"', '.', '/'), "", htmlspecialchars_decode($_GET['id'], ENT_QUOTES | ENT_HTML401)); $pkgmode = 'installed'; } else if (!empty($_GET['mode']) && !empty($_GET['pkg'])) { - $pkgname = str_replace(array("<", ">", ";", "&", "'", '"'), "", htmlspecialchars_decode($_GET['pkg'], ENT_QUOTES | ENT_HTML401)); - $pkgmode = str_replace(array("<", ">", ";", "&", "'", '"'), "", htmlspecialchars_decode($_GET['mode'], ENT_QUOTES | ENT_HTML401)); + $pkgname = str_replace(array("<", ">", ";", "&", "'", '"', '.', '/'), "", htmlspecialchars_decode($_GET['pkg'], ENT_QUOTES | ENT_HTML401)); + $pkgmode = str_replace(array("<", ">", ";", "&", "'", '"', '.', '/'), "", htmlspecialchars_decode($_GET['mode'], ENT_QUOTES | ENT_HTML401)); } else if ($_GET['mode'] == 'reinstallall') { $pkgmode = 'reinstallall'; } @@ -188,7 +188,7 @@ Rounded("div#mainareapkg","bl br","#FFF","#eeeeee","smooth"); ob_flush(); if ($_GET) { - $pkgname = str_replace(array("<", ">", ";", "&", "'", '"'), "", htmlspecialchars_decode($_GET['pkg'], ENT_QUOTES | ENT_HTML401)); + $pkgname = str_replace(array("<", ">", ";", "&", "'", '"', '.', '/'), "", htmlspecialchars_decode($_GET['pkg'], ENT_QUOTES | ENT_HTML401)); switch($_GET['mode']) { case 'showlog': if (strpos($pkgname, ".")) { @@ -210,7 +210,7 @@ if ($_GET) { break; } } else if ($_POST) { - $pkgid = str_replace(array("<", ">", ";", "&", "'", '"'), "", htmlspecialchars_decode($_POST['id'], ENT_QUOTES | ENT_HTML401)); + $pkgid = str_replace(array("<", ">", ";", "&", "'", '"', '.', '/'), "", htmlspecialchars_decode($_POST['id'], ENT_QUOTES | ENT_HTML401)); /* All other cases make changes, so mount rw fs */ conf_mount_rw(); diff --git a/usr/local/www/services_captiveportal_hostname.php b/usr/local/www/services_captiveportal_hostname.php index 742fe34..960cb43 100644 --- a/usr/local/www/services_captiveportal_hostname.php +++ b/usr/local/www/services_captiveportal_hostname.php @@ -79,8 +79,8 @@ if ($_GET['act'] == "del" && !empty($cpzone)) { pfSense_pipe_action("pipe delete {$ipfw['dnpipe']}"); pfSense_pipe_action("pipe delete " . ($ipfw['dnpipe']+1)); } - pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_DEL, 3, $ip); - pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_DEL, 4, $ip); + pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_XDEL, 3, $ip); + pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_XDEL, 4, $ip); } } diff --git a/usr/local/www/services_captiveportal_ip.php b/usr/local/www/services_captiveportal_ip.php index cf4d764..e87895c 100644 --- a/usr/local/www/services_captiveportal_ip.php +++ b/usr/local/www/services_captiveportal_ip.php @@ -70,8 +70,8 @@ if ($_GET['act'] == "del") { $mask = (!empty($ipent['sn'])) ? $ipent['sn'] : 32; $ipfw = pfSense_ipfw_getTablestats($cpzone, 3, $ipent['ip'], $mask); - pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_DEL, 3, $ipent['ip'], $mask); - pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_DEL, 4, $ipent['ip'], $mask); + pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_XDEL, 3, $ipent['ip'], $mask); + pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_XDEL, 4, $ipent['ip'], $mask); if (is_array($ipfw)) { captiveportal_free_dn_ruleno($ipfw['dnpipe']); @@ -178,4 +178,4 @@ include("head.inc"); </form> <?php include("fend.inc"); ?> </body> -</html>
\ No newline at end of file +</html> diff --git a/usr/local/www/services_dhcp.php b/usr/local/www/services_dhcp.php index 1da9222..d8f0aa5 100644 --- a/usr/local/www/services_dhcp.php +++ b/usr/local/www/services_dhcp.php @@ -44,7 +44,7 @@ require("guiconfig.inc"); require_once("filter.inc"); if(!$g['services_dhcp_server_enable']) { - Header("Location: /"); + header("Location: /"); exit; } diff --git a/usr/local/www/services_dhcp_edit.php b/usr/local/www/services_dhcp_edit.php index 5a41fcf..3213db5 100644 --- a/usr/local/www/services_dhcp_edit.php +++ b/usr/local/www/services_dhcp_edit.php @@ -53,7 +53,7 @@ function staticmaps_sort($ifgui) { require_once('globals.inc'); if(!$g['services_dhcp_server_enable']) { - Header("Location: /"); + header("Location: /"); exit; } diff --git a/usr/local/www/services_dhcpv6.php b/usr/local/www/services_dhcpv6.php index d312f6d..7f56a6c 100644 --- a/usr/local/www/services_dhcpv6.php +++ b/usr/local/www/services_dhcpv6.php @@ -48,7 +48,7 @@ require("guiconfig.inc"); require_once("filter.inc"); if(!$g['services_dhcp_server_enable']) { - Header("Location: /"); + header("Location: /"); exit; } diff --git a/usr/local/www/services_dhcpv6_edit.php b/usr/local/www/services_dhcpv6_edit.php index b189bd1..a13aa37 100644 --- a/usr/local/www/services_dhcpv6_edit.php +++ b/usr/local/www/services_dhcpv6_edit.php @@ -54,7 +54,7 @@ function staticmaps_sort($ifgui) { require_once('globals.inc'); if(!$g['services_dhcp_server_enable']) { - Header("Location: /"); + header("Location: /"); exit; } diff --git a/usr/local/www/services_ntpd.php b/usr/local/www/services_ntpd.php index f3b8c72..d11efc8 100644 --- a/usr/local/www/services_ntpd.php +++ b/usr/local/www/services_ntpd.php @@ -83,6 +83,8 @@ if ($_POST) { if (!empty($_POST["servselect{$i}"])) $config['ntpd']['noselect'].= "{$tserver} "; } } + if (trim($timeservers) == "") + $timeservers = "pool.ntp.org"; $config['system']['timeservers'] = trim($timeservers); if (!empty($_POST['ntporphan']) && ($_POST['ntporphan'] < 17) && ($_POST['ntporphan'] != '12')) diff --git a/usr/local/www/services_router_advertisements.php b/usr/local/www/services_router_advertisements.php index e7d33bd..6686052 100644 --- a/usr/local/www/services_router_advertisements.php +++ b/usr/local/www/services_router_advertisements.php @@ -47,7 +47,7 @@ require("guiconfig.inc"); if(!$g['services_dhcp_server_enable']) { - Header("Location: /"); + header("Location: /"); exit; } diff --git a/usr/local/www/shortcuts/pkg_upnp.inc b/usr/local/www/shortcuts/pkg_upnp.inc index 05402a2..2b068a7 100644 --- a/usr/local/www/shortcuts/pkg_upnp.inc +++ b/usr/local/www/shortcuts/pkg_upnp.inc @@ -3,9 +3,9 @@ global $shortcuts; $shortcuts['upnp'] = array(); -$shortcuts['upnp']['main'] = "pkg_edit.php?xml=miniupnpd.xml&id=0"; +$shortcuts['upnp']['main'] = "pkg_edit.php?xml=miniupnpd.xml"; $shortcuts['upnp']['log'] = "diag_logs_routing.php"; $shortcuts['upnp']['status'] = "status_upnp.php"; $shortcuts['upnp']['service'] = "miniupnpd"; -?>
\ No newline at end of file +?> diff --git a/usr/local/www/status_captiveportal.php b/usr/local/www/status_captiveportal.php index 918f6dc..68e0d13 100644 --- a/usr/local/www/status_captiveportal.php +++ b/usr/local/www/status_captiveportal.php @@ -51,7 +51,7 @@ if (isset($_POST['zone'])) if ($_GET['act'] == "del" && !empty($cpzone)) { captiveportal_disconnect_client($_GET['id']); - Header("Location: status_captiveportal.php?zone={$cpzone}"); + header("Location: status_captiveportal.php?zone={$cpzone}"); exit; } diff --git a/usr/local/www/status_graph.php b/usr/local/www/status_graph.php index ada2fe1..1ee1251 100644 --- a/usr/local/www/status_graph.php +++ b/usr/local/www/status_graph.php @@ -79,7 +79,7 @@ if ($_GET['if']) { } } if ($found === false) { - Header("Location: status_graph.php"); + header("Location: status_graph.php"); exit; } } else { diff --git a/usr/local/www/status_openvpn.php b/usr/local/www/status_openvpn.php index 4d1f46f..726f5d7 100644 --- a/usr/local/www/status_openvpn.php +++ b/usr/local/www/status_openvpn.php @@ -177,10 +177,10 @@ include("head.inc"); ?> <?=$conn['connect_time'];?> </td> <td class="listr"> - <?=$conn['bytes_sent'];?> + <?=format_bytes($conn['bytes_sent']);?> </td> <td class="listr"> - <?=$conn['bytes_recv'];?> + <?=format_bytes($conn['bytes_recv']);?> </td> <td class="list"> <img src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_x.gif" height="17" width="17" border="0" @@ -301,10 +301,10 @@ include("head.inc"); ?> <?=$sk_server['remote_host'];?> </td> <td class="listr"> - <?=$sk_server['bytes_sent'];?> + <?=format_bytes($sk_server['bytes_sent']);?> </td> <td class="listr"> - <?=$sk_server['bytes_recv'];?> + <?=format_bytes($sk_server['bytes_recv']);?> </td> <td class="listr"> <table> @@ -364,10 +364,10 @@ include("head.inc"); ?> <?=$client['remote_host'];?> </td> <td class="listr"> - <?=$client['bytes_sent'];?> + <?=format_bytes($client['bytes_sent']);?> </td> <td class="listr"> - <?=$client['bytes_recv'];?> + <?=format_bytes($client['bytes_recv']);?> </td> <td class="listr" height="12"> <table> @@ -384,7 +384,6 @@ include("head.inc"); ?> </td> </tr> </table> -</form> <?php } @@ -397,7 +396,7 @@ if ((empty($clients)) && (empty($servers)) && (empty($sk_servers))) { echo gettext("No OpenVPN instance defined"); } ?> - +</form> <?php include("fend.inc"); ?> <script type="text/javascript"> diff --git a/usr/local/www/status_queues.php b/usr/local/www/status_queues.php index 00c5d95..04252ee 100644 --- a/usr/local/www/status_queues.php +++ b/usr/local/www/status_queues.php @@ -130,6 +130,7 @@ include("head.inc"); if(!is_array($config['shaper']['queue']) || count($config['shaper']['queue']) < 1) { echo gettext("Traffic shaping is not configured."); include("fend.inc"); + echo "</body></html>"; exit;} ?> <?php if (!$error): ?> diff --git a/usr/local/www/status_rrd_graph_img.php b/usr/local/www/status_rrd_graph_img.php index ef0f9ee..868e3a1 100644 --- a/usr/local/www/status_rrd_graph_img.php +++ b/usr/local/www/status_rrd_graph_img.php @@ -44,6 +44,7 @@ $pgtitle = array(gettext("System"),gettext("RRD Graphs"),gettext("Image viewer") if ($_GET['database']) { $curdatabase = basename($_GET['database']); + $curdatabase = str_replace(array("<", ">", ";", "&", "'", '"'), "", htmlspecialchars_decode($curdatabase, ENT_QUOTES | ENT_HTML401)); } else { $curdatabase = "wan-traffic.rrd"; } @@ -56,7 +57,7 @@ if ($_GET['style']) { /* this is used for temp name */ if ($_GET['graph']) { - $curgraph = $_GET['graph']; + $curgraph = str_replace(array("<", ">", ";", "&", "'", '"', '.', '/'), "", htmlspecialchars_decode($_GET['graph'], ENT_QUOTES | ENT_HTML401)); } else { $curgraph = "custom"; } @@ -64,9 +65,6 @@ if ($_GET['graph']) { $now = time(); if (is_numeric($_GET['start'])) { - if($start < ($now - (3600 * 24 * 365 * 5))) { - $start = $now - (8 * 3600); - } $start = $_GET['start']; } else { $start = $now - (8 * 3600); @@ -332,7 +330,7 @@ if((strstr($curdatabase, "-traffic.rrd")) && (file_exists("$rrddbpath$curdatabas $graphcmd = "$rrdtool graph $rrdtmppath$curdatabase-$curgraph.png "; $graphcmd .= "--start $start --end $end --step $step --vertical-label \"bits/sec\" "; $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; - $graphcmd .= "--title \"`hostname` - {$prettydb} - {$hperiod} - {$havg} average\" "; + $graphcmd .= "--title \"" . php_uname('n') . " - {$prettydb} - {$hperiod} - {$havg} average\" "; $graphcmd .= "--height 200 --width 620 "; $graphcmd .= "DEF:$curif-in_bytes_pass=$rrddbpath$curdatabase:inpass:AVERAGE:step=$step "; $graphcmd .= "DEF:$curif-out_bytes_pass=$rrddbpath$curdatabase:outpass:AVERAGE:step=$step "; @@ -477,7 +475,7 @@ if((strstr($curdatabase, "-traffic.rrd")) && (file_exists("$rrddbpath$curdatabas $graphcmd .= "GPRINT:\"$curif-out6_bits_block:LAST:%7.2lf %Sb/s\" "; $graphcmd .= "GPRINT:\"$curif-bytes_out6_t_block:AVERAGE:%7.2lf %sB o\" "; $graphcmd .= "COMMENT:\"\\n\" "; - $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\" "; + $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\" "; } elseif(strstr($curdatabase, "-throughput.rrd")) { /* define graphcmd for throughput stats */ @@ -486,7 +484,7 @@ elseif(strstr($curdatabase, "-throughput.rrd")) { $graphcmd .= "--start $start --end $end --step $step "; $graphcmd .= "--vertical-label \"bits/sec\" "; $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; - $graphcmd .= "--title \"`hostname` - {$prettydb} - {$hperiod} - {$havg} average\" "; + $graphcmd .= "--title \"" . php_uname('n') . " - {$prettydb} - {$hperiod} - {$havg} average\" "; $graphcmd .= "--height 200 --width 620 "; $iflist = get_configured_interface_list(); @@ -605,7 +603,7 @@ elseif(strstr($curdatabase, "-throughput.rrd")) { $graphcmd .= "GPRINT:\"tput-out_bits_block:LAST:%7.2lf %Sb/s\" "; $graphcmd .= "GPRINT:\"tput-bytes_out_t_block:AVERAGE:%7.2lf %sB o\" "; $graphcmd .= "COMMENT:\"\\n\" "; - $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\" "; + $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\" "; } elseif((strstr($curdatabase, "-packets.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { /* define graphcmd for packets stats */ @@ -613,7 +611,7 @@ elseif((strstr($curdatabase, "-packets.rrd")) && (file_exists("$rrddbpath$curdat $graphcmd .= "--start $start --end $end --step $step "; $graphcmd .= "--vertical-label \"packets/sec\" "; $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; - $graphcmd .= "--title \"`hostname` - {$prettydb} - {$hperiod} - {$havg} average\" "; + $graphcmd .= "--title \"" . php_uname('n') . " - {$prettydb} - {$hperiod} - {$havg} average\" "; $graphcmd .= "--height 200 --width 620 "; $graphcmd .= "DEF:\"$curif-in_pps_pass=$rrddbpath$curdatabase:inpass:AVERAGE:step=$step\" "; $graphcmd .= "DEF:\"$curif-out_pps_pass=$rrddbpath$curdatabase:outpass:AVERAGE:step=$step\" "; @@ -731,7 +729,7 @@ elseif((strstr($curdatabase, "-packets.rrd")) && (file_exists("$rrddbpath$curdat $graphcmd .= "GPRINT:\"$curif-out6_pps_block:LAST:%7.2lf %S pps\" "; $graphcmd .= "GPRINT:\"$curif-pps_out6_t_block:AVERAGE:%7.2lf %s pkts\" "; $graphcmd .= "COMMENT:\"\\n\" "; - $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\" "; + $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\" "; } elseif((strstr($curdatabase, "-wireless.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { /* define graphcmd for packets stats */ @@ -739,7 +737,7 @@ elseif((strstr($curdatabase, "-wireless.rrd")) && (file_exists("$rrddbpath$curda $graphcmd .= "--start $start --end $end --step $step "; $graphcmd .= "--vertical-label \"snr/channel/rate\" "; $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; - $graphcmd .= "--title \"`hostname` - {$prettydb} - {$hperiod} - {$havg} average\" "; + $graphcmd .= "--title \"" . php_uname('n') . " - {$prettydb} - {$hperiod} - {$havg} average\" "; $graphcmd .= "--height 200 --width 620 "; $graphcmd .= "DEF:\"$curif-snr=$rrddbpath$curdatabase:snr:AVERAGE:step=$step\" "; $graphcmd .= "DEF:\"$curif-rate=$rrddbpath$curdatabase:rate:AVERAGE:step=$step\" "; @@ -764,7 +762,7 @@ elseif((strstr($curdatabase, "-wireless.rrd")) && (file_exists("$rrddbpath$curda $graphcmd .= "GPRINT:\"$curif-channel:AVERAGE:%7.2lf \" "; $graphcmd .= "GPRINT:\"$curif-channel:LAST:%7.2lf\" "; $graphcmd .= "COMMENT:\"\\n\" "; - $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\" "; + $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\" "; } elseif((strstr($curdatabase, "-vpnusers.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { /* define graphcmd for vpn users stats */ @@ -772,7 +770,7 @@ elseif((strstr($curdatabase, "-vpnusers.rrd")) && (file_exists("$rrddbpath$curda $graphcmd .= "--start $start --end $end --step $step "; $graphcmd .= "--vertical-label \"users\" "; $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; - $graphcmd .= "--title \"`hostname` - {$prettydb} - {$hperiod} - {$havg} average\" "; + $graphcmd .= "--title \"" . php_uname('n') . " - {$prettydb} - {$hperiod} - {$havg} average\" "; $graphcmd .= "--height 200 --width 620 "; $graphcmd .= "DEF:\"$curif-users=$rrddbpath$curdatabase:users:AVERAGE:step=$step\" "; $graphcmd .= "LINE2:\"$curif-users#{$colorvpnusers[0]}:$curif-users\" "; @@ -783,7 +781,7 @@ elseif((strstr($curdatabase, "-vpnusers.rrd")) && (file_exists("$rrddbpath$curda $graphcmd .= "GPRINT:\"$curif-users:AVERAGE:%7.2lf \" "; $graphcmd .= "GPRINT:\"$curif-users:LAST:%7.2lf \" "; $graphcmd .= "COMMENT:\"\\n\" "; - $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\" "; + $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\" "; } elseif((strstr($curdatabase, "-states.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { /* define graphcmd for states stats */ @@ -791,7 +789,7 @@ elseif((strstr($curdatabase, "-states.rrd")) && (file_exists("$rrddbpath$curdata $graphcmd .= "--start -$seconds -e -$average --step $step "; $graphcmd .= "--vertical-label \"states, ip\" "; $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; - $graphcmd .= "--title \"`hostname` - {$prettydb} - {$hperiod} - {$havg} average\" "; + $graphcmd .= "--title \"" . php_uname('n') . " - {$prettydb} - {$hperiod} - {$havg} average\" "; $graphcmd .= "--height 200 --width 620 "; $graphcmd .= "DEF:\"$curif-pfrate=$rrddbpath$curdatabase:pfrate:AVERAGE:step=$step\" "; $graphcmd .= "DEF:\"$curif-pfstates=$rrddbpath$curdatabase:pfstates:AVERAGE:step=$step\" "; @@ -837,7 +835,7 @@ elseif((strstr($curdatabase, "-states.rrd")) && (file_exists("$rrddbpath$curdata $graphcmd .= "GPRINT:\"$curif-dstip:MAX:%7.2lf %s \" "; $graphcmd .= "GPRINT:\"$curif-dstip:LAST:%7.2lf %s \" "; $graphcmd .= "COMMENT:\"\\n\" "; - $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\" "; + $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\" "; } elseif((strstr($curdatabase, "-processor.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { /* define graphcmd for processor stats */ @@ -845,7 +843,7 @@ elseif((strstr($curdatabase, "-processor.rrd")) && (file_exists("$rrddbpath$curd $graphcmd .= "--start $start --end $end --step $step "; $graphcmd .= "--vertical-label \"utilization, number\" "; $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; - $graphcmd .= "--title \"`hostname` - {$prettydb} - {$hperiod} - {$havg} average\" "; + $graphcmd .= "--title \"" . php_uname('n') . " - {$prettydb} - {$hperiod} - {$havg} average\" "; $graphcmd .= "--height 200 --width 620 "; $graphcmd .= "DEF:\"user=$rrddbpath$curdatabase:user:AVERAGE:step=$step\" "; $graphcmd .= "DEF:\"nice=$rrddbpath$curdatabase:nice:AVERAGE:step=$step\" "; @@ -889,7 +887,7 @@ elseif((strstr($curdatabase, "-processor.rrd")) && (file_exists("$rrddbpath$curd $graphcmd .= "GPRINT:\"processes:MAX:%7.2lf %s \" "; $graphcmd .= "GPRINT:\"processes:LAST:%7.2lf %s \" "; $graphcmd .= "COMMENT:\"\\n\" "; - $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\" "; + $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\" "; } elseif((strstr($curdatabase, "-memory.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { /* define graphcmd for memory usage stats */ @@ -897,7 +895,7 @@ elseif((strstr($curdatabase, "-memory.rrd")) && (file_exists("$rrddbpath$curdata $graphcmd .= "--start $start --end $end --step $step "; $graphcmd .= "--vertical-label \"utilization, percent\" "; $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; - $graphcmd .= "--title \"`hostname` - {$prettydb} - {$hperiod} - {$havg} average\" "; + $graphcmd .= "--title \"" . php_uname('n') . " - {$prettydb} - {$hperiod} - {$havg} average\" "; $graphcmd .= "--height 200 --width 620 "; $graphcmd .= "DEF:\"active=$rrddbpath$curdatabase:active:AVERAGE:step=$step\" "; $graphcmd .= "DEF:\"inactive=$rrddbpath$curdatabase:inactive:AVERAGE:step=$step\" "; @@ -941,7 +939,7 @@ elseif((strstr($curdatabase, "-memory.rrd")) && (file_exists("$rrddbpath$curdata $graphcmd .= "GPRINT:\"wire:MAX:%7.2lf %s \" "; $graphcmd .= "GPRINT:\"wire:LAST:%7.2lf %S \" "; $graphcmd .= "COMMENT:\"\\n\" "; - $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\" "; + $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\" "; } elseif((strstr($curdatabase, "-mbuf.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { /* define graphcmd for mbuf usage stats */ @@ -949,7 +947,7 @@ elseif((strstr($curdatabase, "-mbuf.rrd")) && (file_exists("$rrddbpath$curdataba $graphcmd .= "--start $start --end $end --step $step "; $graphcmd .= "--vertical-label \"utilization, percent\" "; $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; - $graphcmd .= "--title \"`hostname` - {$prettydb} clusters - {$hperiod} - {$havg} average\" "; + $graphcmd .= "--title \"" . php_uname('n') . " - {$prettydb} clusters - {$hperiod} - {$havg} average\" "; $graphcmd .= "--height 200 --width 620 "; $graphcmd .= "DEF:\"current=$rrddbpath$curdatabase:current:AVERAGE:step=$step\" "; $graphcmd .= "DEF:\"cache=$rrddbpath$curdatabase:cache:AVERAGE:step=$step\" "; @@ -985,7 +983,7 @@ elseif((strstr($curdatabase, "-mbuf.rrd")) && (file_exists("$rrddbpath$curdataba $graphcmd .= "GPRINT:\"max:MAX:%7.2lf %s \" "; $graphcmd .= "GPRINT:\"max:LAST:%7.2lf %S \" "; $graphcmd .= "COMMENT:\"\\n\" "; - $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\" "; + $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\" "; } elseif((strstr($curdatabase, "-queues.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { /* define graphcmd for queue stats */ @@ -993,7 +991,7 @@ elseif((strstr($curdatabase, "-queues.rrd")) && (file_exists("$rrddbpath$curdata $graphcmd .= "--start $start --end $end --step $step "; $graphcmd .= "--vertical-label \"bits/sec\" "; $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; - $graphcmd .= "--title \"`hostname` - {$prettydb} - {$hperiod} - {$havg} average\" "; + $graphcmd .= "--title \"" . php_uname('n') . " - {$prettydb} - {$hperiod} - {$havg} average\" "; $graphcmd .= "--height 200 --width 620 "; if ($altq) { $a_queues =& $altq->get_queue_list(); @@ -1014,7 +1012,7 @@ elseif((strstr($curdatabase, "-queues.rrd")) && (file_exists("$rrddbpath$curdata if($t > 7) { $t = 0; } } $graphcmd .= "COMMENT:\"\\n\" "; - $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\" "; + $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\" "; } elseif((strstr($curdatabase, "-queuedrops.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { /* define graphcmd for queuedrop stats */ @@ -1022,7 +1020,7 @@ elseif((strstr($curdatabase, "-queuedrops.rrd")) && (file_exists("$rrddbpath$cur $graphcmd .= "--start $start --end $end --step $step "; $graphcmd .= "--vertical-label \"drops / sec\" "; $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; - $graphcmd .= "--title \"`hostname` - {$prettydb} - {$hperiod} - {$havg} average\" "; + $graphcmd .= "--title \"" . php_uname('n') . " - {$prettydb} - {$hperiod} - {$havg} average\" "; $graphcmd .= "--height 200 --width 620 "; if ($altq) { $a_queues =& $altq->get_queue_list(); @@ -1044,13 +1042,13 @@ elseif((strstr($curdatabase, "-queuedrops.rrd")) && (file_exists("$rrddbpath$cur if($t > 7) { $t = 0; } } $graphcmd .= "COMMENT:\"\\n\" "; - $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\" "; + $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\" "; } elseif((strstr($curdatabase, "-quality.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { /* make a link quality graphcmd, we only have WAN for now, others too follow */ $graphcmd = "$rrdtool graph $rrdtmppath$curdatabase-$curgraph.png \\ --start $start --end $end --step $step \\ - --title \"`hostname` - {$prettydb} - {$hperiod} - {$havg} average\" \\ + --title \"" . php_uname('n') . " - {$prettydb} - {$hperiod} - {$havg} average\" \\ --color SHADEA#eeeeee --color SHADEB#eeeeee \\ --vertical-label \"ms / %\" \\ --height 200 --width 620 \\ @@ -1080,13 +1078,13 @@ elseif((strstr($curdatabase, "-quality.rrd")) && (file_exists("$rrddbpath$curdat GPRINT:loss:LAST:\"\tLast\: %3.1lf %%\\n\" \\ AREA:loss10#$colorqualityloss:\"Packet loss\\n\" \\ LINE1:delay#$colorqualityrtt[5]:\"Delay average\\n\" \\ - COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\""; + COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\""; } elseif((strstr($curdatabase, "spamd.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { /* graph a spamd statistics graph */ $graphcmd = "$rrdtool graph $rrdtmppath$curdatabase-$curgraph.png \\ --start $start --end $end --step $step \\ - --title \"`hostname` - {$prettydb} - {$hperiod} - {$havg} average\" \\ + --title \"" . php_uname('n') . " - {$prettydb} - {$hperiod} - {$havg} average\" \\ --color SHADEA#eeeeee --color SHADEB#eeeeee \\ --vertical-label=\"Conn / Time, sec.\" \\ --height 200 --width 620 --no-gridfit \\ @@ -1119,14 +1117,14 @@ elseif((strstr($curdatabase, "spamd.rrd")) && (file_exists("$rrddbpath$curdataba GPRINT:consmin:MIN:\"Min\\:%6.2lf\\t\" \\ GPRINT:consavg:AVERAGE:\"Avg\\:%6.2lf\\t\" \\ GPRINT:consmax:MAX:\"Max\\:%6.2lf\\n\" \\ - COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\" "; + COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\" "; } elseif((strstr($curdatabase, "-cellular.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { $graphcmd = "$rrdtool graph $rrdtmppath$curdatabase-$curgraph.png "; $graphcmd .= "--start $start --end $end --step $step "; $graphcmd .= "--vertical-label \"signal\" "; $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; - $graphcmd .= "--title \"`hostname` - {$prettydb} - {$hperiod} - {$havg} average\" "; + $graphcmd .= "--title \"" . php_uname('n') . " - {$prettydb} - {$hperiod} - {$havg} average\" "; $graphcmd .= "--height 200 --width 620 "; $graphcmd .= "DEF:\"$curif-rssi=$rrddbpath$curdatabase:rssi:AVERAGE:step=$step\" "; $graphcmd .= "LINE2:\"$curif-rssi#{$colorwireless[0]}:$curif-rssi\" "; @@ -1137,7 +1135,7 @@ elseif((strstr($curdatabase, "-cellular.rrd")) && (file_exists("$rrddbpath$curda $graphcmd .= "GPRINT:\"$curif-rssi:AVERAGE:%7.2lf \" "; $graphcmd .= "GPRINT:\"$curif-rssi:LAST:%7.2lf \" "; $graphcmd .= "COMMENT:\"\\n\" "; - $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\" "; + $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\" "; } elseif((strstr($curdatabase, "-loggedin.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { /* define graphcmd for online Captive Portal users stats */ @@ -1148,7 +1146,7 @@ elseif((strstr($curdatabase, "-loggedin.rrd")) && (file_exists("$rrddbpath$curda $graphcmd .= "--base=1000 "; $graphcmd .= "--lower-limit=0 "; $graphcmd .= "--slope-mode "; - $graphcmd .= "--title \"`hostname` - {$prettydb} - {$hperiod} - {$havg} average\" "; + $graphcmd .= "--title \"" . php_uname('n') . " - {$prettydb} - {$hperiod} - {$havg} average\" "; $graphcmd .= "--height 200 --width 620 "; $graphcmd .= "DEF:\"$curif-loggedinusers=$rrddbpath$curdatabase:loggedinusers:AVERAGE:step=$step\" "; $graphcmd .= "CDEF:\"$curif-totalusers_t=PREV,UN,0,PREV,IF,$curif-loggedinusers,+\" "; @@ -1156,7 +1154,7 @@ elseif((strstr($curdatabase, "-loggedin.rrd")) && (file_exists("$rrddbpath$curda $graphcmd .= "AREA:\"$curif-totalusers_d#{$colorcaptiveportalusers[0]}:Total logged in users\" "; $graphcmd .= "GPRINT:\"$curif-totalusers_d:MAX:%8.0lf \\n\" "; $graphcmd .= "COMMENT:\"\\n\" "; - $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\" "; + $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\" "; } elseif((strstr($curdatabase, "-concurrent.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { /* define graphcmd for online Captive Portal users stats */ @@ -1164,7 +1162,7 @@ elseif((strstr($curdatabase, "-concurrent.rrd")) && (file_exists("$rrddbpath$cur $graphcmd .= "--start $start --end $end --step $step "; $graphcmd .= "--vertical-label \"Captive Portal Users\" "; $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; - $graphcmd .= "--title \"`hostname` - {$prettydb} - {$hperiod} - {$havg} average\" "; + $graphcmd .= "--title \"" . php_uname('n') . " - {$prettydb} - {$hperiod} - {$havg} average\" "; $graphcmd .= "--base=1000 "; $graphcmd .= "--lower-limit=0 "; $graphcmd .= "--slope-mode "; @@ -1178,7 +1176,7 @@ elseif((strstr($curdatabase, "-concurrent.rrd")) && (file_exists("$rrddbpath$cur $graphcmd .= "GPRINT:\"$curif-concurrentusers:AVERAGE:%8.0lf \" "; $graphcmd .= "GPRINT:\"$curif-concurrentusers:MAX:%8.0lf \" "; $graphcmd .= "COMMENT:\"\\n\" "; - $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\" "; + $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\" "; } elseif((strstr($curdatabase, "ntpd.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { /* define graphcmd for ntpd (was: mbuf) usage stats */ @@ -1186,7 +1184,7 @@ elseif((strstr($curdatabase, "ntpd.rrd")) && (file_exists("$rrddbpath$curdatabas $graphcmd .= "--start $start --end $end --step $step "; $graphcmd .= "--vertical-label \"time\" "; $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; - $graphcmd .= "--title \"`hostname` - {$prettydb} - {$hperiod} - {$havg} average\" "; + $graphcmd .= "--title \"" . php_uname('n') . " - {$prettydb} - {$hperiod} - {$havg} average\" "; $graphcmd .= "--height 200 --width 620 "; $graphcmd .= "DEF:\"offset=$rrddbpath$curdatabase:offset:AVERAGE:step=$step\" "; $graphcmd .= "DEF:\"sjit=$rrddbpath$curdatabase:sjit:AVERAGE:step=$step\" "; @@ -1222,7 +1220,7 @@ elseif((strstr($curdatabase, "ntpd.rrd")) && (file_exists("$rrddbpath$curdatabas $graphcmd .= "GPRINT:\"wander:MAX:%7.2lf %s \" "; $graphcmd .= "GPRINT:\"wander:LAST:%7.2lf %S \" "; $graphcmd .= "COMMENT:\"\\n\" "; - $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\" "; + $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t" . strftime('%b %d %H\:%M\:%S %Y') . "\" "; } else { $data = false; @@ -1233,14 +1231,14 @@ else { if (file_exists("$rrdtmppath$curdatabase-$curgraph.png")) { if((time() - filemtime("$rrdtmppath$curdatabase-$curgraph.png")) >= 15 ) { if($data) - exec("$graphcmd 2>&1", $graphcmdoutput, $graphcmdreturn); + $_gb = exec("$graphcmd 2>&1", $graphcmdoutput, $graphcmdreturn); $graphcmdoutput = implode(" ", $graphcmdoutput) . $graphcmd; flush(); usleep(500); } } else { if($data) - exec("$graphcmd 2>&1", $graphcmdoutput, $graphcmdreturn); + $_gb = exec("$graphcmd 2>&1", $graphcmdoutput, $graphcmdreturn); $graphcmdoutput = implode(" ", $graphcmdoutput) . $graphcmd; flush(); usleep(500); @@ -1249,14 +1247,14 @@ if(($graphcmdreturn <> 0) || (! $data)) { log_error(sprintf(gettext('Failed to create graph with error code %1$s, the error is: %2$s'),$graphcmdreturn,$graphcmdoutput)); if(strstr($curdatabase, "queues")) { log_error(sprintf(gettext("failed to create graph from %s%s, removing database"),$rrddbpath,$curdatabase)); - exec("/bin/rm -f $rrddbpath$curif$queues"); + unlink_if_exists($rrddbpath . $curif . $queues); flush(); usleep(500); enable_rrd_graphing(); } if(strstr($curdatabase, "queuesdrop")) { log_error(sprintf(gettext("failed to create graph from %s%s, removing database"),$rrddbpath,$curdatabase)); - exec("/bin/rm -f $rrddbpath$curdatabase"); + unlink_if_exists($rrddbpath . $curdatabase); flush(); usleep(500); enable_rrd_graphing(); diff --git a/usr/local/www/status_services.php b/usr/local/www/status_services.php index 48f9db4..c08f773 100755 --- a/usr/local/www/status_services.php +++ b/usr/local/www/status_services.php @@ -41,16 +41,20 @@ require_once("guiconfig.inc"); require_once("service-utils.inc"); require_once("shortcuts.inc"); -if (!empty($_GET['service'])) { +$service_name = ''; +if (isset($_GET['service'])) + $service_name = htmlspecialchars($_GET['service']); + +if (!empty($service_name)) { switch ($_GET['mode']) { case "restartservice": - $savemsg = service_control_restart($_GET['service'], $_GET); + $savemsg = service_control_restart($service_name, $_GET); break; case "startservice": - $savemsg = service_control_start($_GET['service'], $_GET); + $savemsg = service_control_start($service_name, $_GET); break; case "stopservice": - $savemsg = service_control_stop($_GET['service'], $_GET); + $savemsg = service_control_stop($service_name, $_GET); break; } sleep(5); diff --git a/usr/local/www/system_advanced_admin.php b/usr/local/www/system_advanced_admin.php index b9874c5..d9fd453 100644 --- a/usr/local/www/system_advanced_admin.php +++ b/usr/local/www/system_advanced_admin.php @@ -59,7 +59,7 @@ $pconfig['noantilockout'] = isset($config['system']['webgui']['noantilockout']); $pconfig['nodnsrebindcheck'] = isset($config['system']['webgui']['nodnsrebindcheck']); $pconfig['nohttpreferercheck'] = isset($config['system']['webgui']['nohttpreferercheck']); $pconfig['beast_protection'] = isset($config['system']['webgui']['beast_protection']); -$pconfig['noautocomplete'] = isset($config['system']['webgui']['noautocomplete']); +$pconfig['loginautocomplete'] = isset($config['system']['webgui']['loginautocomplete']); $pconfig['althostnames'] = $config['system']['webgui']['althostnames']; $pconfig['enableserial'] = $config['system']['enableserial']; $pconfig['serialspeed'] = $config['system']['serialspeed']; @@ -178,10 +178,10 @@ if ($_POST) { else unset($config['system']['webgui']['beast_protection']); - if ($_POST['noautocomplete'] == "yes") - $config['system']['webgui']['noautocomplete'] = true; + if ($_POST['loginautocomplete'] == "yes") + $config['system']['webgui']['loginautocomplete'] = true; else - unset($config['system']['webgui']['noautocomplete']); + unset($config['system']['webgui']['loginautocomplete']); if ($_POST['althostnames']) $config['system']['webgui']['althostnames'] = $_POST['althostnames']; @@ -404,12 +404,12 @@ function prot_change() { <tr> <td width="22%" valign="top" class="vncell"><?=gettext("WebGUI Login Autocomplete"); ?></td> <td width="78%" class="vtable"> - <input name="noautocomplete" type="checkbox" id="noautocomplete" value="yes" <?php if ($pconfig['noautocomplete']) echo "checked=\"checked\""; ?> /> - <strong><?=gettext("Disable webConfigurator login autocomplete"); ?></strong> + <input name="loginautocomplete" type="checkbox" id="loginautocomplete" value="yes" <?php if ($pconfig['loginautocomplete']) echo "checked=\"checked\""; ?> /> + <strong><?=gettext("Enable webConfigurator login autocomplete"); ?></strong> <br /> - <?php echo gettext("When this is unchecked, login credentials for the webConfigurator " . + <?php echo gettext("When this is checked, login credentials for the webConfigurator " . "may be saved by the browser. While convenient, some security standards require this to be disabled. " . - "Check this box to disable autocomplete on the login form so that browsers will not prompt to save credentials (NOTE: Some browsers do not respect this option). "); + "Check this box to enable autocomplete on the login form so that browsers will prompt to save credentials (NOTE: Some browsers do not respect this option). "); ?> </td> </tr> diff --git a/usr/local/www/system_firmware_restorefullbackup.php b/usr/local/www/system_firmware_restorefullbackup.php index 2cc57a0..7d635bf 100644 --- a/usr/local/www/system_firmware_restorefullbackup.php +++ b/usr/local/www/system_firmware_restorefullbackup.php @@ -59,9 +59,9 @@ if($_GET['backupnow']) mwexec_bg("/etc/rc.create_full_backup"); if($_GET['downloadbackup']) { - $filename = $_GET['downloadbackup']; + $filename = basename($_GET['downloadbackup']); $path = "/root/{$filename}"; - if(file_exists("/root/{$filename}")) { + if(file_exists($path)) { session_write_close(); ob_end_clean(); session_cache_limiter('public'); diff --git a/usr/local/www/system_gateways_edit.php b/usr/local/www/system_gateways_edit.php index 24936e1..82ab690 100644 --- a/usr/local/www/system_gateways_edit.php +++ b/usr/local/www/system_gateways_edit.php @@ -660,12 +660,6 @@ function enable_change() { echo " selected='selected'"; echo ">" . htmlspecialchars($ifacename) . "</option>"; } - if (is_package_installed("openbgpd") == 1) { - echo "<option value=\"bgpd\""; - if ($pconfig['interface'] == "bgpd") - echo " selected='selected'"; - echo ">" . gettext("Use BGPD") . "</option>"; - } ?> </select><br /> <span class="vexpl"><?=gettext("Choose which interface this gateway applies to."); ?></span> diff --git a/usr/local/www/vpn_openvpn_client.php b/usr/local/www/vpn_openvpn_client.php index 560b3f5..d5b479e 100644 --- a/usr/local/www/vpn_openvpn_client.php +++ b/usr/local/www/vpn_openvpn_client.php @@ -1,20 +1,20 @@ -<?php +<?php /* vpn_openvpn_client.php Copyright (C) 2008 Shrew Soft Inc. - All rights reserved. + All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - + 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - + 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -105,7 +105,7 @@ if($_GET['act']=="edit"){ if (isset($id) && $a_client[$id]) { foreach($simplefields as $stat) $pconfig[$stat] = $a_client[$id][$stat]; - + $pconfig['disable'] = isset($a_client[$id]['disable']); $pconfig['mode'] = $a_client[$id]['mode']; $pconfig['protocol'] = $a_client[$id]['protocol']; @@ -126,7 +126,7 @@ if($_GET['act']=="edit"){ $pconfig['custom_options'] = $a_client[$id]['custom_options']; $pconfig['ns_cert_type'] = $a_client[$id]['ns_cert_type']; $pconfig['dev_mode'] = $a_client[$id]['dev_mode']; - + if ($pconfig['mode'] != "p2p_shared_key") { $pconfig['caref'] = $a_client[$id]['caref']; $pconfig['certref'] = $a_client[$id]['certref']; @@ -229,8 +229,8 @@ if ($_POST) { if (!empty($pconfig['use_shaper']) && (!is_numeric($pconfig['use_shaper']) || ($pconfig['use_shaper'] <= 0))) $input_errors[] = gettext("The bandwidth limit must be a positive numeric value."); - if ($pconfig['autokey_enable']) - $pconfig['shared_key'] = openvpn_create_key(); + if ($pconfig['autokey_enable']) + $pconfig['shared_key'] = openvpn_create_key(); if (!$tls_mode && !$pconfig['autokey_enable']) if (!strstr($pconfig['shared_key'], "-----BEGIN OpenVPN Static key V1-----") || @@ -244,8 +244,8 @@ if ($_POST) { /* If we are not in shared key mode, then we need the CA/Cert. */ if ($pconfig['mode'] != "p2p_shared_key") { - $reqdfields = explode(" ", "caref certref"); - $reqdfieldsn = array(gettext("Certificate Authority"),gettext("Certificate")); + $reqdfields = explode(" ", "caref"); + $reqdfieldsn = array(gettext("Certificate Authority")); } elseif (!$pconfig['autokey_enable']) { /* We only need the shared key filled in if we are in shared key mode and autokey is not selected. */ $reqdfields = array('shared_key'); @@ -253,14 +253,18 @@ if ($_POST) { } do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); - + + if (($pconfig['mode'] != "p2p_shared_key") && empty($pconfig['certref']) && empty($pconfig['auth_user']) && empty($pconfig['auth_pass'])) { + $input_errors[] = gettext("If no Client Certificate is selected, a username and password must be entered."); + } + if (!$input_errors) { $client = array(); - + foreach($simplefields as $stat) update_if_changed($stat, $client[$stat], $_POST[$stat]); - + if ($vpnid) $client['vpnid'] = $vpnid; else @@ -284,17 +288,17 @@ if ($_POST) { $client['mode'] = $pconfig['mode']; $client['custom_options'] = str_replace("\r\n", "\n", $pconfig['custom_options']); - if ($tls_mode) { - $client['caref'] = $pconfig['caref']; - $client['certref'] = $pconfig['certref']; - if ($pconfig['tlsauth_enable']) { - if ($pconfig['autotls_enable']) - $pconfig['tls'] = openvpn_create_key(); - $client['tls'] = base64_encode($pconfig['tls']); - } - } else { - $client['shared_key'] = base64_encode($pconfig['shared_key']); - } + if ($tls_mode) { + $client['caref'] = $pconfig['caref']; + $client['certref'] = $pconfig['certref']; + if ($pconfig['tlsauth_enable']) { + if ($pconfig['autotls_enable']) + $pconfig['tls'] = openvpn_create_key(); + $client['tls'] = base64_encode($pconfig['tls']); + } + } else { + $client['shared_key'] = base64_encode($pconfig['shared_key']); + } $client['crypto'] = $pconfig['crypto']; $client['digest'] = $pconfig['digest']; $client['engine'] = $pconfig['engine']; @@ -314,7 +318,7 @@ if ($_POST) { openvpn_resync('client', $client); write_config(); - + header("Location: vpn_openvpn_client.php"); exit; } @@ -358,10 +362,10 @@ function autokey_change() { function useproxy_changed() { if (jQuery('#proxy_authtype').val() != 'none') { - jQuery('#proxy_authtype_opts').show(); - } else { - jQuery('#proxy_authtype_opts').hide(); - } + jQuery('#proxy_authtype_opts').show(); + } else { + jQuery('#proxy_authtype_opts').hide(); + } } function tlsauth_change() { @@ -402,9 +406,9 @@ if ($savemsg) print_info_box($savemsg); ?> <table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn openvpn client"> - <tr> + <tr> <td class="tabnavtbl"> - <?php + <?php $tab_array = array(); $tab_array[] = array(gettext("Server"), false, "vpn_openvpn_server.php"); $tab_array[] = array(gettext("Client"), true, "vpn_openvpn_client.php"); @@ -414,7 +418,7 @@ if ($savemsg) display_top_tabs($tab_array); ?> </td> - </tr> + </tr> <tr> <td class="tabcont"> @@ -475,21 +479,21 @@ if ($savemsg) </select> </td> </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Device mode");?></td> - <td width="78%" class="vtable"> - <select name='dev_mode' class="formselect"> - <?php - foreach ($openvpn_dev_mode as $mode): - $selected = ""; - if ($pconfig['dev_mode'] == $mode) - $selected = "selected=\"selected\""; - ?> - <option value="<?=$mode;?>" <?=$selected;?>><?=$mode;?></option> - <?php endforeach; ?> - </select> - </td> - </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Device mode");?></td> + <td width="78%" class="vtable"> + <select name='dev_mode' class="formselect"> + <?php + foreach ($openvpn_dev_mode as $mode): + $selected = ""; + if ($pconfig['dev_mode'] == $mode) + $selected = "selected=\"selected\""; + ?> + <option value="<?=$mode;?>" <?=$selected;?>><?=$mode;?></option> + <?php endforeach; ?> + </select> + </td> + </tr> <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td> <td width="78%" class="vtable"> @@ -563,12 +567,12 @@ if ($savemsg) <td width="78%" class="vtable"> <table border="0" cellpadding="2" cellspacing="0" summary="proxy authentication"> <tr> - <td align="right" width="25%"> - <span class="vexpl"> - <?=gettext("Authentication method"); ?> : - </span> - </td> - <td> + <td align="right" width="25%"> + <span class="vexpl"> + <?=gettext("Authentication method"); ?> : + </span> + </td> + <td> <select name="proxy_authtype" id="proxy_authtype" class="formfld select" onchange="useproxy_changed()"> <option value="none" <?php if ($pconfig['proxy_authtype'] == "none") echo "selected=\"selected\""; ?>><?=gettext("none"); ?></option> <option value="basic" <?php if ($pconfig['proxy_authtype'] == "basic") echo "selected=\"selected\""; ?>><?=gettext("basic"); ?></option> @@ -579,27 +583,27 @@ if ($savemsg) </table> <br /> <table border="0" cellpadding="2" cellspacing="0" id="proxy_authtype_opts" style="display:none" summary="proxy authentication options"> - <tr> - <td align="right" width="25%"> - <span class="vexpl"> - <?=gettext("Username"); ?> : - </span> - </td> - <td> - <input name="proxy_user" id="proxy_user" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['proxy_user']);?>" /> - </td> - </tr> - <tr> - <td align="right" width="25%"> - <span class="vexpl"> - <?=gettext("Password"); ?> : - </span> - </td> - <td> - <input name="proxy_passwd" id="proxy_passwd" type="password" class="formfld pwd" size="20" value="<?=htmlspecialchars($pconfig['proxy_passwd']);?>" /> - </td> - </tr> - </table> + <tr> + <td align="right" width="25%"> + <span class="vexpl"> + <?=gettext("Username"); ?> : + </span> + </td> + <td> + <input name="proxy_user" id="proxy_user" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['proxy_user']);?>" /> + </td> + </tr> + <tr> + <td align="right" width="25%"> + <span class="vexpl"> + <?=gettext("Password"); ?> : + </span> + </td> + <td> + <input name="proxy_passwd" id="proxy_passwd" type="password" class="formfld pwd" size="20" value="<?=htmlspecialchars($pconfig['proxy_passwd']);?>" /> + </td> + </tr> + </table> </td> </tr> <tr> @@ -623,9 +627,9 @@ if ($savemsg) "that is not permanently connected to the Internet"); ?>. </td> </tr> - <tr> + <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td> - <td width="78%" class="vtable"> + <td width="78%" class="vtable"> <input name="description" type="text" class="formfld unknown" size="30" value="<?=htmlspecialchars($pconfig['description']);?>" /> <br /> <?=gettext("You may enter a description here for your reference (not parsed)"); ?>. @@ -733,7 +737,6 @@ if ($savemsg) <tr id="tls_cert"> <td width="22%" valign="top" class="vncellreq"><?=gettext("Client Certificate"); ?></td> <td width="78%" class="vtable"> - <?php if (count($a_cert)): ?> <select name='certref' class="formselect"> <?php foreach ($a_cert as $cert): @@ -753,9 +756,10 @@ if ($savemsg) ?> <option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'] . $caname . $inuse . $revoked;?></option> <?php endforeach; ?> + <option value="" <?PHP if (empty($pconfig['certref'])) echo "selected=\"selected\""; ?>>None (Username and Password required)</option> </select> - <?php else: ?> - <b>No Certificates defined.</b> <br />Create one under <a href="system_certmanager.php">System > Cert Manager</a>. + <?php if (!count($a_cert)): ?> + <b>No Certificates defined.</b> <br />Create one under <a href="system_certmanager.php">System > Cert Manager</a> if one is required for this connection. <?php endif; ?> </td> </tr> @@ -979,8 +983,8 @@ if ($savemsg) <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="icons"> <tr> <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> + <td width="78%"> + <input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> <input name="act" type="hidden" value="<?=$act;?>" /> <?php if (isset($id) && $a_client[$id]): ?> <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> @@ -1080,10 +1084,10 @@ useproxy_changed(); /* local utility functions */ function set_checked($var,& $chk) { - if($var) - $chk = "checked=\"checked\""; - else - $chk = ""; + if($var) + $chk = "checked=\"checked\""; + else + $chk = ""; } ?> diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index 60d7732..e840911 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -1340,7 +1340,7 @@ if ($savemsg) <?php endforeach; ?> </select> <br /> - <?=gettext("Compress tunnel packets using the LZO algorithm. Adaptive compression will dynamically disable compression for a period of time if OpenVPN detects that the data in the packets is not being compressed efficiently."); ?>. + <?=gettext("Compress tunnel packets using the LZO algorithm. Adaptive compression will dynamically disable compression for a period of time if OpenVPN detects that the data in the packets is not being compressed efficiently."); ?> </td> </tr> <tr> diff --git a/usr/local/www/widgets/include/gmirror_status.inc b/usr/local/www/widgets/include/gmirror_status.inc deleted file mode 100644 index 8a04d4a..0000000 --- a/usr/local/www/widgets/include/gmirror_status.inc +++ /dev/null @@ -1,85 +0,0 @@ -<?php -/* - gmirror_status.widget.php - Copyright (C) 2009-2010 Jim Pingle - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INClUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -function gmirror_get_status() { - $status = ""; - exec("/sbin/gmirror status -s", $status); - $mirrors = array(); - - /* Empty output = no mirrors found */ - if (count($status) > 0) { - /* Loop through gmirror status output. */ - foreach ($status as $line) { - /* Split the line by whitespace */ - $all = preg_split("/[\s\t]+/", trim($line), 3); - if (count($all) == 3) { - /* If there are three items on a line, it is mirror name, status, and component */ - $currentmirror = $all[0]; - $mirrors[$currentmirror]["name"] = $all[0]; - $mirrors[$currentmirror]["status"] = $all[1]; - if (!is_array($mirrors[$currentmirror]["components"])) - $mirrors[$currentmirror]["components"] = array(); - $mirrors[$currentmirror]["components"][] = $all[2]; - } - } - } - /* Return an hash of mirrors and components */ - return $mirrors; -} - -function gmirror_html_status() { - $mirrors = gmirror_get_status(); - $output = ""; - if (count($mirrors) > 0) { - $output .= "<tr>\n"; - $output .= "<td width=\"40%\" class=\"vncellt\">Name</td>\n"; - $output .= "<td width=\"40%\" class=\"vncellt\">Status</td>\n"; - $output .= "<td width=\"20%\" class=\"vncellt\">Component</td>\n"; - $output .= "</tr>\n"; - foreach ($mirrors as $mirror => $name) { - $components = count($name["components"]); - $output .= "<tr>\n"; - $output .= "<td width=\"40%\" rowspan=\"{$components}\" class=\"listr\">{$name['name']}</td>\n"; - $output .= "<td width=\"40%\" rowspan=\"{$components}\" class=\"listr\">{$name['status']}</td>\n"; - $output .= "<td width=\"20%\" class=\"listr\">{$name['components'][0]}</td>\n"; - $output .= "</tr>\n"; - if (count($name["components"]) > 1) { - $morecomponents = array_slice($name["components"], 1); - foreach ($morecomponents as $component) { - $output .= "<tr>\n"; - $output .= "<td width=\"20%\" class=\"listr\">{$component}</td>\n"; - $output .= "</tr>\n"; - } - } - } - } else { - $output .= "<tr><td colspan=\"3\" class=\"listr\">No Mirrors Found</td></tr>\n"; - } - // $output .= "<tr><td colspan=\"3\" class=\"listr\">Updated at " . date("F j, Y, g:i:s a") . "</td></tr>\n"; - return $output; -} -?>
\ No newline at end of file diff --git a/usr/local/www/widgets/widgets/captive_portal_status.widget.php b/usr/local/www/widgets/widgets/captive_portal_status.widget.php index d773877..4700a5b 100644 --- a/usr/local/www/widgets/widgets/captive_portal_status.widget.php +++ b/usr/local/www/widgets/widgets/captive_portal_status.widget.php @@ -88,7 +88,7 @@ if ($_GET['order']) { usort($cpdb_all, "clientcmp"); } ?> -<table class="sortable" name="sortabletable" id="sortabletable" width="100%" border="0" cellpadding="0" cellspacing="0" summary="captive portal status"> +<table class="sortable" id="sortabletable" width="100%" border="0" cellpadding="0" cellspacing="0" summary="captive portal status"> <tr> <td class="listhdrr"><a href="?order=ip&showact=<?=$_GET['showact'];?>">IP address</a></td> <td class="listhdrr"><a href="?order=mac&showact=<?=$_GET['showact'];?>">MAC address</a></td> diff --git a/usr/local/www/widgets/widgets/carp_status.widget.php b/usr/local/www/widgets/widgets/carp_status.widget.php index 3b52fd8..60d02b6 100644 --- a/usr/local/www/widgets/widgets/carp_status.widget.php +++ b/usr/local/www/widgets/widgets/carp_status.widget.php @@ -74,7 +74,7 @@ $carp_enabled = get_carp_status(); if ($ipaddress){ ?> <?=htmlspecialchars($status);?> <?=htmlspecialchars($ipaddress);}?> -</tr><?php } +</td></tr><?php } } else { ?> <tr><td class="listr">No CARP Interfaces Defined. Click <a href="carp_status.php">here</a> to configure CARP.</td></tr> <?php } ?> diff --git a/usr/local/www/widgets/widgets/dyn_dns_status.widget.php b/usr/local/www/widgets/widgets/dyn_dns_status.widget.php index 6fc9da7..cde52c6 100644 --- a/usr/local/www/widgets/widgets/dyn_dns_status.widget.php +++ b/usr/local/www/widgets/widgets/dyn_dns_status.widget.php @@ -105,7 +105,7 @@ if($_REQUEST['getdyndnsstatus']) { } ?> </td> - <td class="listlr"> + <td class="listr"> <?php $types = explode(",", DYNDNS_PROVIDER_DESCRIPTIONS); $vals = explode(" ", DYNDNS_PROVIDER_VALUES); @@ -127,7 +127,7 @@ if($_REQUEST['getdyndnsstatus']) { echo htmlspecialchars($dyndns['host']); ?> </td> - <td class="listlr"> + <td class="listr"> <div id='dyndnsstatus<?php echo $i; ?>'><?php echo gettext("Checking ..."); ?></div> </td> </tr> diff --git a/usr/local/www/widgets/widgets/gmirror_status.widget.php b/usr/local/www/widgets/widgets/gmirror_status.widget.php index 543daf4..2d040c0 100644 --- a/usr/local/www/widgets/widgets/gmirror_status.widget.php +++ b/usr/local/www/widgets/widgets/gmirror_status.widget.php @@ -28,7 +28,7 @@ $nocsrf = true; require_once("guiconfig.inc"); -require_once("/usr/local/www/widgets/include/gmirror_status.inc"); +require_once("gmirror.inc"); if ($_GET['textonly'] == "true") { header("Cache-Control: no-cache"); diff --git a/usr/local/www/widgets/widgets/installed_packages.widget.php b/usr/local/www/widgets/widgets/installed_packages.widget.php index 0682f92..9c3b237 100644 --- a/usr/local/www/widgets/widgets/installed_packages.widget.php +++ b/usr/local/www/widgets/widgets/installed_packages.widget.php @@ -70,10 +70,10 @@ $updateavailable = false; <td class="listlr"> <?= $pkg['name'] ?> </td> - <td class="listlr"> + <td class="listr"> <?= $pkg['category'] ?> </td> - <td class="listlr"> + <td class="listr"> <?php $latest_package = $currentvers[$pkg['name']]['version']; if($latest_package == false) { diff --git a/usr/local/www/widgets/widgets/load_balancer_status.widget.php b/usr/local/www/widgets/widgets/load_balancer_status.widget.php index 910bba8..2146575 100644 --- a/usr/local/www/widgets/widgets/load_balancer_status.widget.php +++ b/usr/local/www/widgets/widgets/load_balancer_status.widget.php @@ -125,7 +125,7 @@ if (!$nentries) $checked = "checked"; } echo "<tr>"; - echo "<td bgcolor={$bgcolor}> {$server['ip']['addr']}:{$pool['port']} </td><td bgcolor={$bgcolor}> "; + echo "<td bgcolor=\"{$bgcolor}\"> {$server['ip']['addr']}:{$pool['port']} </td><td bgcolor=\"{$bgcolor}\"> "; if($server['ip']['avail']) echo " ({$server['ip']['avail']}) "; echo " </td></tr>"; diff --git a/usr/local/www/widgets/widgets/log.widget.php b/usr/local/www/widgets/widgets/log.widget.php index d2811fd..f3065a3 100644 --- a/usr/local/www/widgets/widgets/log.widget.php +++ b/usr/local/www/widgets/widgets/log.widget.php @@ -1,34 +1,34 @@ <?php /* - $Id$ - Copyright 2007 Scott Dale - Part of pfSense widgets (https://www.pfsense.org) - originally based on m0n0wall (http://m0n0.ch/wall) - - Copyright (C) 2004-2005 T. Lechat <dev@lechat.org>, Manuel Kasper <mk@neon1.net> - and Jonathan Watt <jwatt@jwatt.org>. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. + $Id$ + Copyright 2007 Scott Dale + Part of pfSense widgets (https://www.pfsense.org) + originally based on m0n0wall (http://m0n0.ch/wall) + + Copyright (C) 2004-2005 T. Lechat <dev@lechat.org>, Manuel Kasper <mk@neon1.net> + and Jonathan Watt <jwatt@jwatt.org>. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. */ $nocsrf = true; @@ -40,33 +40,28 @@ require_once("functions.inc"); /* In an effort to reduce duplicate code, many shared functions have been moved here. */ require_once("filter_log.inc"); -if($_POST['filterlogentries']) { - unset($config['widgets']['filterlogentries']); - if( ($_POST['filterlogentries']) and ($_POST['filterlogentries'] != ' ') ) $config['widgets']['filterlogentries'] = $_POST['filterlogentries']; +if(is_numeric($_POST['filterlogentries'])) { + $config['widgets']['filterlogentries'] = $_POST['filterlogentries']; - unset($config['widgets']['filterlogentriesacts']); - if($_POST['actpass']) $config['widgets']['filterlogentriesacts'] .= $_POST['actpass'] . " "; - if($_POST['actblock']) $config['widgets']['filterlogentriesacts'] .= $_POST['actblock'] . " "; - if($_POST['actreject']) $config['widgets']['filterlogentriesacts'] .= $_POST['actreject'] . " "; - if (isset($config['widgets']['filterlogentriesacts'])) $config['widgets']['filterlogentriesacts'] = trim($config['widgets']['filterlogentriesacts']); + $acts = array(); + if ($_POST['actpass']) $acts[] = "Pass"; + if ($_POST['actblock']) $acts[] = "Block"; + if ($_POST['actreject']) $acts[] = "Reject"; - unset($config['widgets']['filterlogentriesinterfaces']); - if( ($_POST['filterlogentriesinterfaces']) and ($_POST['filterlogentriesinterfaces'] != "All") ) $config['widgets']['filterlogentriesinterfaces'] = $_POST['filterlogentriesinterfaces']; - if (isset($config['widgets']['filterlogentriesinterfaces'])) $config['widgets']['filterlogentriesinterfaces'] = trim($config['widgets']['filterlogentriesinterfaces']); + if (!empty($acts)) + $config['widgets']['filterlogentriesacts'] = implode(" ", $acts); + else + unset($config['widgets']['filterlogentriesacts']); + unset($acts); + + if( ($_POST['filterlogentriesinterfaces']) and ($_POST['filterlogentriesinterfaces'] != "All") ) + $config['widgets']['filterlogentriesinterfaces'] = trim($_POST['filterlogentriesinterfaces']); + else + unset($config['widgets']['filterlogentriesinterfaces']); write_config("Saved Filter Log Entries via Dashboard"); - $filename = $_SERVER['HTTP_REFERER']; - if(headers_sent($file, $line)){ - echo "<script type=\"text/javascript\">\n"; - echo "//<![CDATA[\n"; - echo "window.location.href=\"" . $filename . "\";\n"; - echo "//]]>\n"; - echo "</script>\n"; - echo "<noscript>\n"; - echo "<meta http-equiv=\"refresh\" content=\"0;url=" . $filename . "\" />\n"; - echo "</noscript>\n"; - } Header("Location: /"); + exit(0); } $nentries = isset($config['widgets']['filterlogentries']) ? $config['widgets']['filterlogentries'] : 5; @@ -76,9 +71,10 @@ $nentries = isset($config['widgets']['filterlogentries']) ? $config['widgets'][' $nentriesacts = isset($config['widgets']['filterlogentriesacts']) ? $config['widgets']['filterlogentriesacts'] : 'All'; $nentriesinterfaces = isset($config['widgets']['filterlogentriesinterfaces']) ? $config['widgets']['filterlogentriesinterfaces'] : 'All'; -$filterfieldsarray = array("act", "interface"); -$filterfieldsarray['act'] = $nentriesacts; -$filterfieldsarray['interface'] = $nentriesinterfaces; +$filterfieldsarray = array( + "act" => $nentriesacts, + "interface" => $nentriesinterfaces +); $filter_logfile = "{$g['varlog_path']}/filter.log"; $filterlog = conv_log_filter($filter_logfile, $nentries, 50, $filterfieldsarray); //Get log entries @@ -111,7 +107,7 @@ function format_log_line(row) { '<td class="listMRr ellipsis" title="' + row[1] + '">' + row[1].slice(0,-3) + '<\/td>' + '<td class="listMRr ellipsis" title="' + row[2] + '">' + row[2] + '<\/td>' + '<td class="listMRr ellipsis" title="' + row[3] + '">' + row[3] + '<\/td>' + - '<td class="listMRr ellipsis" title="' + row[4] + '">' + row[4] + '<\/td>'; + '<td class="listMRr ellipsis" title="' + row[4] + '">' + row[4] + '<\/td>'; var nentriesacts = "<?php echo $nentriesacts; ?>"; var nentriesinterfaces = "<?php echo $nentriesinterfaces; ?>"; @@ -139,7 +135,7 @@ function format_log_line(row) { </select> <?php - $Include_Act = explode(",", str_replace(" ", ",", $nentriesacts)); + $Include_Act = explode(" ", $nentriesacts); if ($nentriesinterfaces == "All") $nentriesinterfaces = ""; ?> <input id="actpass" name="actpass" type="checkbox" value="Pass" <?php if (in_arrayi('Pass', $Include_Act)) echo "checked=\"checked\""; ?> /> Pass @@ -149,14 +145,19 @@ function format_log_line(row) { Interfaces: <select id="filterlogentriesinterfaces" name="filterlogentriesinterfaces" class="formselect"> <option value="All">ALL</option> - <?php - $interfaces = get_configured_interface_with_descr(); - foreach ($interfaces as $iface => $ifacename): ?> - <option value="<?=$iface;?>" <?php if ($nentriesinterfaces == $iface) echo "selected=\"selected\"";?>> - <?=htmlspecialchars($ifacename);?> - </option> - <?php endforeach; ?> - </select> +<?php + $interfaces = get_configured_interface_with_descr(); + foreach ($interfaces as $iface => $ifacename): +?> + <option value="<?=$iface;?>" <?php if ($nentriesinterfaces == $iface) echo "selected=\"selected\"";?>> + <?=htmlspecialchars($ifacename);?> + </option> +<?php + endforeach; + unset($interfaces); + unset($Include_Act); +?> + </select> <input id="submita" name="submita" type="submit" class="formbtn" value="Save" /> </form> diff --git a/usr/local/www/widgets/widgets/picture.widget.php b/usr/local/www/widgets/widgets/picture.widget.php index b776501..d986df1 100644 --- a/usr/local/www/widgets/widgets/picture.widget.php +++ b/usr/local/www/widgets/widgets/picture.widget.php @@ -61,7 +61,7 @@ if($_POST) { $config['widgets']['picturewidget'] = base64_encode($data); $config['widgets']['picturewidget_filename'] = $_FILES['pictfile']['name']; write_config("Picture widget saved via Dashboard."); - Header("Location: /index.php"); + header("Location: /index.php"); exit; } } diff --git a/usr/local/www/widgets/widgets/rss.widget.php b/usr/local/www/widgets/widgets/rss.widget.php index a149907..eecda05 100644 --- a/usr/local/www/widgets/widgets/rss.widget.php +++ b/usr/local/www/widgets/widgets/rss.widget.php @@ -33,12 +33,12 @@ require_once("pfsense-utils.inc"); require_once("functions.inc"); if($_POST['rssfeed']) { - $config['widgets']['rssfeed'] = str_replace("\n", ",", $_POST['rssfeed']); - $config['widgets']['rssmaxitems'] = str_replace("\n", ",", $_POST['rssmaxitems']); - $config['widgets']['rsswidgetheight'] = $_POST['rsswidgetheight']; - $config['widgets']['rsswidgettextlength'] = $_POST['rsswidgettextlength']; + $config['widgets']['rssfeed'] = str_replace("\n", ",", htmlspecialchars($_POST['rssfeed'], ENT_QUOTES | ENT_HTML401)); + $config['widgets']['rssmaxitems'] = str_replace("\n", ",", htmlspecialchars($_POST['rssmaxitems'], ENT_QUOTES | ENT_HTML401)); + $config['widgets']['rsswidgetheight'] = htmlspecialchars($_POST['rsswidgetheight'], ENT_QUOTES | ENT_HTML401); + $config['widgets']['rsswidgettextlength'] = htmlspecialchars($_POST['rsswidgettextlength'], ENT_QUOTES | ENT_HTML401); write_config("Saved RSS Widget feed via Dashboard"); - Header("Location: /"); + header("Location: /"); } // Use saved feed and max items @@ -48,10 +48,10 @@ if($config['widgets']['rssfeed']) if($config['widgets']['rssmaxitems']) $max_items = $config['widgets']['rssmaxitems']; -if($config['widgets']['rsswidgetheight']) +if(is_numeric($config['widgets']['rsswidgetheight'])) $rsswidgetheight = $config['widgets']['rsswidgetheight']; -if($config['widgets']['rsswidgettextlength']) +if(is_numeric($config['widgets']['rsswidgettextlength'])) $rsswidgettextlength = $config['widgets']['rsswidgettextlength']; // Set a default feed if none exists diff --git a/usr/local/www/widgets/widgets/services_status.widget.php b/usr/local/www/widgets/widgets/services_status.widget.php index dfe172b..ec68a65 100644 --- a/usr/local/www/widgets/widgets/services_status.widget.php +++ b/usr/local/www/widgets/widgets/services_status.widget.php @@ -41,7 +41,7 @@ require_once("/usr/local/www/widgets/include/services_status.inc"); $services = get_services(); if(isset($_POST['servicestatusfilter'])) { - $config['widgets']['servicestatusfilter'] = $_POST['servicestatusfilter']; + $config['widgets']['servicestatusfilter'] = htmlspecialchars($_POST['servicestatusfilter'], ENT_QUOTES | ENT_HTML401); write_config("Saved Service Status Filter via Dashboard"); header("Location: ../../index.php"); } diff --git a/usr/local/www/widgets/widgets/traffic_graphs.widget.php b/usr/local/www/widgets/widgets/traffic_graphs.widget.php index 768a0a2..2dedc2d 100644 --- a/usr/local/www/widgets/widgets/traffic_graphs.widget.php +++ b/usr/local/www/widgets/widgets/traffic_graphs.widget.php @@ -111,7 +111,7 @@ if (isset($a_config["scale_type"])) { <?php } ?> Default AutoScale: <?php - $scale_type_up="checked"; + $scale_type_up="checked=\"checked\""; $scale_type_follow=""; if (isset($config["widgets"]["trafficgraphs"]["scale_type"])) { $selected_radio = $config["widgets"]["trafficgraphs"]["scale_type"]; @@ -123,15 +123,15 @@ if (isset($a_config["scale_type"])) { } } ?> - <input name="scale_type" class="radio" type="radio" id="scale_type" value="up" <?php echo $scale_type_up; ?> onchange="updateGraphDisplays();" /> <span>up</span> - <input name="scale_type" class="radio" type="radio" id="scale_type" value="follow" <?php echo $scale_type_follow; ?> onchange="updateGraphDisplays();" /> <span>follow</span><br /><br /> + <input name="scale_type_up" class="radio" type="radio" id="scale_type_up" value="up" <?php echo $scale_type_up; ?> onchange="updateGraphDisplays();" /> <span>up</span> + <input name="scale_type_follow" class="radio" type="radio" id="scale_type_follow" value="follow" <?php echo $scale_type_follow; ?> onchange="updateGraphDisplays();" /> <span>follow</span><br /><br /> Refresh Interval: <select name="refreshinterval" class="formfld" id="refreshinterval" onchange="updateGraphDisplays();"> <?php for ($i = 1; $i <= 10; $i += 1) { ?> <option value="<?= $i ?>" <?php if ($refreshinterval == $i) echo "selected=\"selected\"";?>><?= $i ?></option> <?php } ?> </select> Seconds<br /> <b>Note:</b> changing this setting will increase CPU utilization<br /><br /> - <input id="submit" name="submit" type="submit" onclick="return updatePref();" class="formbtn" value="Save Settings" /> + <input id="submit_settings" name="submit_settings" type="submit" onclick="return updatePref();" class="formbtn" value="Save Settings" /> </form> </div> diff --git a/usr/local/www/widgets/widgets/wake_on_lan.widget.php b/usr/local/www/widgets/widgets/wake_on_lan.widget.php index c5483b1..c354675 100644 --- a/usr/local/www/widgets/widgets/wake_on_lan.widget.php +++ b/usr/local/www/widgets/widgets/wake_on_lan.widget.php @@ -39,9 +39,9 @@ else <table width="100%" border="0" cellpadding="0" cellspacing="0" summary="wol status"> <tr> <?php - echo '<td class="widgetsubheader" align="center"><b>' . gettext("Computer / Device") . '</b></td>'; - echo '<td class="widgetsubheader" align="center"><b>' . gettext("Interface") . '</b></td>'; - echo '<td class="widgetsubheader" align="center"><b>' . gettext("Status") . '</b></td>'; + echo '<td class="widgetsubheader" align="center">' . gettext("Computer / Device") . '</td>'; + echo '<td class="widgetsubheader" align="center">' . gettext("Interface") . '</td>'; + echo '<td class="widgetsubheader" align="center">' . gettext("Status") . '</td>'; ?> <td class="widgetsubheader"> </td> </tr> @@ -70,7 +70,7 @@ if (count($wolcomputers) > 0) { echo "</td></tr>\n"; } } else { - echo "<tr><td colspan=\"3\" align=\"center\">" . gettext("No saved WoL addresses") . ".</td></tr>\n"; + echo "<tr><td colspan=\"4\" align=\"center\">" . gettext("No saved WoL addresses") . ".</td></tr>\n"; } ?> </table> diff --git a/usr/local/www/wizards/setup_wizard.xml b/usr/local/www/wizards/setup_wizard.xml index 46aa7b7..e69dbaf 100644 --- a/usr/local/www/wizards/setup_wizard.xml +++ b/usr/local/www/wizards/setup_wizard.xml @@ -483,7 +483,7 @@ $config['interfaces']['wan']['ipaddr'] = $_POST['selectedtype']; write_config(); if(!$config['interfaces']['lan']) - Header("Location: /wizard.php?xml=setup_wizard.xml&stepid=5&next=Next"); + header("Location: /wizard.php?xml=setup_wizard.xml&stepid=5&next=Next"); } ]]> </stepsubmitbeforesave> @@ -631,7 +631,7 @@ <stepbeforeformdisplay> <![CDATA[ if($g['product_name'] <> 'pfSense') { - Header("Location: " . fixup_string("\$myurl")); + header("Location: " . fixup_string("\$myurl")); exit; } ]]> |
