diff options
Diffstat (limited to 'usr')
30 files changed, 240 insertions, 62 deletions
diff --git a/usr/local/sbin/cleargmirror.sh b/usr/local/sbin/cleargmirror.sh new file mode 100755 index 0000000..a00cc93 --- /dev/null +++ b/usr/local/sbin/cleargmirror.sh @@ -0,0 +1,26 @@ +#!/bin/sh + +clear_disk() { + local _disk="${1}" + local _mirror=$(/sbin/gmirror dump ${_disk} 2>/dev/null | sed '/name: /!d; s,^.*: ,,') + + if [ -n "${_mirror}" ]; then + /sbin/gmirror destroy -f ${_mirror} >/dev/null 2>&1 + fi + /sbin/gmirror clear ${_disk} >/dev/null 2>&1 +} + +mirror="${1}" +disk1="${2}" +disk2="${3}" + +if [ -z "${mirror}" -o -z "${disk1}" -o -z "${disk2}" ]; then + echo "You must specify mirror name, and disks that should be cleared" + exit 1 +fi + +/sbin/gmirror destroy -f ${mirror} >/dev/null 2>&1 +clear_disk ${disk1} +clear_disk ${disk2} + +exit 0 diff --git a/usr/local/sbin/cleargpt.sh b/usr/local/sbin/cleargpt.sh new file mode 100755 index 0000000..07d530a --- /dev/null +++ b/usr/local/sbin/cleargpt.sh @@ -0,0 +1,13 @@ +#!/bin/sh +DISK=$1 +if [ "$DISK" = "" ]; then + echo "You must specify the disk that should be formatted/cleared." + exit 1 +fi +for PART in `/sbin/gpart show $DISK | grep -v '=>' | awk '{ print $3 }'`; do + if [ "$PART" != "" ]; then + /sbin/gpart delete -i $PART $DISK >/dev/null + fi +done +/sbin/gpart destroy $DISK >/dev/null +exit 0 diff --git a/usr/local/www/bandwidth_by_ip.php b/usr/local/www/bandwidth_by_ip.php index 74697e6..59cd367 100755 --- a/usr/local/www/bandwidth_by_ip.php +++ b/usr/local/www/bandwidth_by_ip.php @@ -55,16 +55,40 @@ else // get the desired format for displaying the host name or IP $hostipformat = $_GET['hostipformat']; $iplookup = array(); -// If hostname display is requested and the DNS forwarder does not already have DHCP static names registered, -// then load the DHCP static mappings into an array keyed by IP address. -if (($hostipformat != "") && ((!isset($config['dnsmasq']['enable']) || !isset($config['dnsmasq']['regdhcpstatic'])) - || (!isset($config['unbound']['enable']) || !isset($config['unbound']['regdhcpstatic'])))) { +// If hostname, description or FQDN is requested then load the locally-known IP address - host/description mappings into an array keyed by IP address. +if ($hostipformat != "") { if (is_array($config['dhcpd'])) { foreach ($config['dhcpd'] as $ifdata) { if (is_array($ifdata['staticmap'])) { foreach ($ifdata['staticmap'] as $hostent) { if (($hostent['ipaddr'] != "") && ($hostent['hostname'] != "")) { - $iplookup[$hostent['ipaddr']] = $hostent['hostname']; + if ($hostipformat == "descr" && $hostent['descr'] != "") { + $iplookup[$hostent['ipaddr']] = $hostent['descr']; + } else { + $iplookup[$hostent['ipaddr']] = $hostent['hostname']; + if ($hostipformat == "fqdn") { + $iplookup[$hostent['ipaddr']] .= "." . $config['system']['domain']; + } + } + } + } + } + } + } + // Add any DNS host override data keyed by IP address. + foreach (array('dnsmasq', 'unbound') as $dns_type) { + if (isset($config[$dns_type]['enable'])) { + if (is_array($config[$dns_type]['hosts'])) { + foreach ($config[$dns_type]['hosts'] as $hostent) { + if (($hostent['ip'] != "") && ($hostent['host'] != "")) { + if ($hostipformat == "descr" && $hostent['descr'] != "") { + $iplookup[$hostent['ip']] = $hostent['descr']; + } else { + $iplookup[$hostent['ip']] = $hostent['host']; + if ($hostipformat == "fqdn") { + $iplookup[$hostent['ip']] .= "." . $hostent['domain']; + } + } } } } @@ -87,19 +111,23 @@ for ($x=2; $x<12; $x++){ (($filter == "local") && (ip_in_subnet($infoarray[0], $intsubnet))) || (($filter == "remote") && (!ip_in_subnet($infoarray[0], $intsubnet)))) { if ($hostipformat == "") { + // pass back just the raw IP address $addrdata = $infoarray[0]; } else { - // $hostipformat is "hostname" or "fqdn" - $addrdata = gethostbyaddr($infoarray[0]); - if ($addrdata == $infoarray[0]) { - // gethostbyaddr() gave us back the IP address, so try the static mapping array - if ($iplookup[$infoarray[0]] != "") - $addrdata = $iplookup[$infoarray[0]]; + // $hostipformat is one of "hostname", "descr" or "fqdn" - we want a text representation if we can get it. + if ($iplookup[$infoarray[0]] != "") { + // We have a local entry, so use it. + $addrdata = $iplookup[$infoarray[0]]; } else { - if ($hostipformat == "hostname") { - // Only pass back the first part of the name, not the FQDN. - $name_array = explode(".", $addrdata); - $addrdata = $name_array[0]; + // Try to reverse lookup the IP address. + $addrdata = gethostbyaddr($infoarray[0]); + if ($addrdata != $infoarray[0]) { + // Reverse lookup returned something other than the IP address (FQDN, we hope!) + if ($hostipformat != "fqdn") { + // The user does not want the whole FQDN, so only pass back the first part of the name. + $name_array = explode(".", $addrdata); + $addrdata = $name_array[0]; + } } } } diff --git a/usr/local/www/diag_authentication.php b/usr/local/www/diag_authentication.php index df68560..24d567e 100644 --- a/usr/local/www/diag_authentication.php +++ b/usr/local/www/diag_authentication.php @@ -55,9 +55,10 @@ if ($_POST) { $input_errors[] = gettext("A username and password must be specified."); if (!$input_errors) { - if (authenticate_user($_POST['username'], $_POST['passwordfld'], $authcfg)) { + $attributes = array(); + if (authenticate_user($_POST['username'], $_POST['passwordfld'], $authcfg, $attributes)) { $savemsg = gettext("User") . ": " . $_POST['username'] . " " . gettext("authenticated successfully."); - $groups = getUserGroups($_POST['username'], $authcfg); + $groups = getUserGroups($_POST['username'], $authcfg, $attributes); $savemsg .= "<br />" . gettext("This user is a member of these groups") . ": <br />"; foreach ($groups as $group) $savemsg .= "{$group} "; @@ -98,7 +99,7 @@ include("head.inc"); if ($auth_server['name'] == $pconfig['authmode']) $selected = "selected=\"selected\""; ?> - <option value="<?=$auth_server['name'];?>" <?=$selected;?>><?=$auth_server['name'];?></option> + <option value="<?=htmlspecialchars($auth_server['name']);?>" <?=$selected;?>><?=htmlspecialchars($auth_server['name']);?></option> <?php endforeach; ?> </select> </td> diff --git a/usr/local/www/diag_dump_states.php b/usr/local/www/diag_dump_states.php index f41a4fd..6bf3f8f 100755 --- a/usr/local/www/diag_dump_states.php +++ b/usr/local/www/diag_dump_states.php @@ -195,11 +195,35 @@ while ($line = chop(fgets($fd))) { /* break up info and extract $srcip and $dstip */ $ends = preg_split("/\<?-\>?/", $info); - $parts = explode(":", $ends[0]); - $srcip = trim($parts[0]); - $parts = explode(":", $ends[count($ends) - 1]); - $dstip = trim($parts[0]); - + if (strstr($info, "[")) { + // IPv6 + $parts = explode("[", $ends[0]); + if (strstr($info, "->")) { + $srcip = trim($parts[0]); + } else { + $dstip = trim($parts[0]); + } + $parts = explode("[", $ends[count($ends) - 1]); + if (strstr($info, "->")) { + $dstip = trim($parts[0]); + } else { + $srcip = trim($parts[0]); + } + } else { + // IPv4 + $parts = explode(":", $ends[0]); + if (strstr($info, "->")) { + $srcip = trim($parts[0]); + } else { + $dstip = trim($parts[0]); + } + $parts = explode(":", $ends[count($ends) - 1]); + if (strstr($info, "->")) { + $dstip = trim($parts[0]); + } else { + $srcip = trim($parts[0]); + } + } ?> <tr valign="top" id="r:<?= $srcip ?>:<?= $dstip ?>"> <td class="listlr"><?= $iface ?></td> diff --git a/usr/local/www/diag_testport.php b/usr/local/www/diag_testport.php index b64075e..902e1e2 100644 --- a/usr/local/www/diag_testport.php +++ b/usr/local/www/diag_testport.php @@ -201,7 +201,15 @@ include("head.inc"); ?> /* Attempt to determine the interface address, if possible. Else try both. */ if (is_ipaddrv4($host)) { - $ifaddr = ($sourceip == "any") ? "" : get_interface_ip($sourceip); + if ($sourceip == "any") { + $ifaddr = ""; + } else { + if (is_ipaddr($sourceip)) { + $ifaddr = $sourceip; + } else { + $ifaddr = get_interface_ip($sourceip); + } + } $nc_args .= " -4"; } elseif (is_ipaddrv6($host)) { if ($sourceip == "any") diff --git a/usr/local/www/firewall_aliases.php b/usr/local/www/firewall_aliases.php index d4efcf5..7e9ce20 100644 --- a/usr/local/www/firewall_aliases.php +++ b/usr/local/www/firewall_aliases.php @@ -106,7 +106,7 @@ if ($_GET['act'] == "del") { // Static routes find_alias_reference(array('staticroutes', 'route'), array('network'), $alias_name, $is_alias_referenced, $referenced_by); if($is_alias_referenced == true) { - $savemsg = sprintf(gettext("Cannot delete alias. Currently in use by %s"), $referenced_by); + $savemsg = sprintf(gettext("Cannot delete alias. Currently in use by %s"), htmlspecialchars($referenced_by)); } else { unset($a_aliases[$_GET['id']]); if (write_config()) { diff --git a/usr/local/www/firewall_nat_out_edit.php b/usr/local/www/firewall_nat_out_edit.php index eb99406..4d65967 100644 --- a/usr/local/www/firewall_nat_out_edit.php +++ b/usr/local/www/firewall_nat_out_edit.php @@ -172,7 +172,7 @@ if ($_POST) { if($protocol_uses_ports && $_POST['dstport'] <> "" && !(is_portoralias($_POST['dstport']) || is_portrange($_POST['dstport']))) $input_errors[] = gettext("You must supply either a valid port or port alias for the destination port entry."); - if($protocol_uses_ports && $_POST['natport'] <> "" && !is_port($_POST['natport']) && !isset($_POST['nonat'])) + if($protocol_uses_ports && $_POST['natport'] <> "" && !(is_portoralias($_POST['natport']) || is_portrange($_POST['natport'])) && !isset($_POST['nonat'])) $input_errors[] = gettext("You must supply a valid port for the NAT port entry."); if (($_POST['source_type'] != "any") && ($_POST['source_type'] != "(self)")) { diff --git a/usr/local/www/guiconfig.inc b/usr/local/www/guiconfig.inc index 62de607..b6ed0ad 100644 --- a/usr/local/www/guiconfig.inc +++ b/usr/local/www/guiconfig.inc @@ -246,9 +246,6 @@ $medias = array("auto" => "autoselect", "100full" => "100BASE-TX full-duplex", $wlan_modes = array("bss" => "Infrastructure (BSS)", "adhoc" => "Ad-hoc (IBSS)", "hostap" => "Access Point"); -/* platforms that support firmware updating */ -$fwupplatforms = array('pfSense', 'net45xx', 'net48xx', 'generic-pc', 'embedded', 'wrap', 'nanobsd'); - function do_input_validation($postdata, $reqdfields, $reqdfieldsn, &$input_errors) { /* check for bad control characters */ @@ -1119,7 +1116,7 @@ function alias_info_popup($alias_id){ $alias_objects_with_details .= "<tr><td $close_title width=\"5%\" class=\"vncell\" style=\"background: #FFFFFF;color: #000000;\">{$alias_addresses[$counter]}</td>"; $alias_detail_default = strpos ($alias_details[$counter],"Entry added"); if ($alias_details[$counter] != "" && $alias_detail_default === False) - $alias_objects_with_details .="<td $close_title width=\"95%\" class=\"vncell\" style=\"background: #FFFFFF;color: #000000;\">{$alias_details[$counter]}</td>"; + $alias_objects_with_details .="<td $close_title width=\"95%\" class=\"vncell\" style=\"background: #FFFFFF;color: #000000;\">" . htmlspecialchars($alias_details[$counter]) . "</td>"; else $alias_objects_with_details .="<td $close_title width=\"95%\" class=\"vncell\" style=\"background: #FFFFFF;color: #000000;\"> </td>"; $alias_objects_with_details .= "</tr>"; @@ -1132,7 +1129,7 @@ function alias_info_popup($alias_id){ if ($strlength >= $maxlength) $alias_descr_substr = substr($alias_descr_substr, 0, $maxlength) . "..."; $item_text = ($counter > 1 ? "items" : "item"); - $alias_caption = "{$alias_descr_substr} - {$counter} {$item_text}<a href=\"/firewall_aliases_edit.php?id={$alias_id}\" title=\"".gettext('edit this alias')."\"> edit </a>"; + $alias_caption = htmlspecialchars($alias_descr_substr) . " - {$counter} {$item_text}<a href=\"/firewall_aliases_edit.php?id={$alias_id}\" title=\"".gettext('edit this alias')."\"> edit </a>"; $strlength = strlen ($alias_caption); print "<h1>{$alias_caption}</h1>" . $alias_objects_with_details; } diff --git a/usr/local/www/load_balancer_pool.php b/usr/local/www/load_balancer_pool.php index 46e4e1c..0a81931 100644 --- a/usr/local/www/load_balancer_pool.php +++ b/usr/local/www/load_balancer_pool.php @@ -92,9 +92,11 @@ for ($i = 0; isset($config['load_balancer']['monitor_type'][$i]); $i++) { $mondex[$config['load_balancer']['monitor_type'][$i]['name']] = $i; } for ($i = 0; isset($config['load_balancer']['lbpool'][$i]); $i++) { + $a_pool[$i]['mode'] = htmlspecialchars($a_pool[$i]['mode']); $a_pool[$i]['monitor'] = "<a href=\"/load_balancer_monitor_edit.php?id={$mondex[$a_pool[$i]['monitor']]}\">" . htmlspecialchars($a_pool[$i]['monitor']) . "</a>"; } + $pgtitle = array(gettext("Services"), gettext("Load Balancer"),gettext("Pool")); $shortcut_section = "relayd"; diff --git a/usr/local/www/load_balancer_pool_edit.php b/usr/local/www/load_balancer_pool_edit.php index 457087b..72f36ce 100644 --- a/usr/local/www/load_balancer_pool_edit.php +++ b/usr/local/www/load_balancer_pool_edit.php @@ -74,6 +74,8 @@ if (isset($id) && $a_pool[$id]) { $changedesc = gettext("Load Balancer: Pool:") . " "; $changecount = 0; +$allowed_modes = array("loadbalance", "failover"); + if ($_POST) { $changecount++; @@ -110,6 +112,10 @@ if ($_POST) { if (!empty($_POST['retry']) && !is_port($_POST['retry'])) $input_errors[] = gettext("The retry value must be an integer between 1 and 65535."); + if (!in_array($_POST['mode'], $allowed_modes)) { + $input_errors[] = gettext("The submitted mode is not valid."); + } + if (is_array($_POST['servers'])) { foreach($pconfig['servers'] as $svrent) { if (!is_ipaddr($svrent) && !is_subnetv4($svrent)) { diff --git a/usr/local/www/load_balancer_virtual_server.php b/usr/local/www/load_balancer_virtual_server.php index 04a4d7b..4940864 100644 --- a/usr/local/www/load_balancer_virtual_server.php +++ b/usr/local/www/load_balancer_virtual_server.php @@ -87,6 +87,8 @@ for ($i = 0; isset($config['load_balancer']['lbpool'][$i]); $i++) { } for ($i = 0; isset($config['load_balancer']['virtual_server'][$i]); $i++) { if($a_vs[$i]) { + $a_vs[$i]['mode'] = htmlspecialchars($a_vs[$i]['mode']); + $a_vs[$i]['relay_protocol'] = htmlspecialchars($a_vs[$i]['relay_protocol']); $a_vs[$i]['poolname'] = "<a href=\"/load_balancer_pool_edit.php?id={$poodex[$a_vs[$i]['poolname']]}\">" . htmlspecialchars($a_vs[$i]['poolname']) . "</a>"; if ($a_vs[$i]['sitedown'] != '') { $a_vs[$i]['sitedown'] = "<a href=\"/load_balancer_pool_edit.php?id={$poodex[$a_vs[$i]['sitedown']]}\">" . htmlspecialchars($a_vs[$i]['sitedown']) . "</a>"; diff --git a/usr/local/www/load_balancer_virtual_server_edit.php b/usr/local/www/load_balancer_virtual_server_edit.php index 8e6ffe8..50f59ed 100644 --- a/usr/local/www/load_balancer_virtual_server_edit.php +++ b/usr/local/www/load_balancer_virtual_server_edit.php @@ -69,6 +69,8 @@ if (isset($id) && $a_vs[$id]) { $changedesc = gettext("Load Balancer: Virtual Server:") . " "; $changecount = 0; +$allowed_protocols = array("tcp", "dns"); + if ($_POST) { unset($input_errors); $pconfig = $_POST; @@ -107,6 +109,10 @@ if ($_POST) { else if (is_subnetv4($_POST['ipaddr']) && subnet_size($_POST['ipaddr']) > 64) $input_errors[] = sprintf(gettext("%s is a subnet containing more than 64 IP addresses."), $_POST['ipaddr']); + if (!in_array($_POST['relay_protocol'], $allowed_protocols)) { + $input_errors[] = gettext("The submitted relay protocol is not valid."); + } + if ((strtolower($_POST['relay_protocol']) == "dns") && !empty($_POST['sitedown'])) $input_errors[] = gettext("You cannot select a Fall Back Pool when using the DNS relay protocol."); diff --git a/usr/local/www/pkg_mgr_installed.php b/usr/local/www/pkg_mgr_installed.php index cd86295..2384a2d 100644 --- a/usr/local/www/pkg_mgr_installed.php +++ b/usr/local/www/pkg_mgr_installed.php @@ -147,8 +147,10 @@ include("head.inc"); #check package version $latest_package = $currentvers[$pkg['name']]['version']; if ($latest_package) { + $pkg_compare_result = compare_pkg_versions($pkg['version'], $latest_package); + // we're running a newer version of the package - if(strcmp($pkg['version'], $latest_package) > 0) { + if ($pkg_compare_result > 0) { $tdclass = "listbggrey"; if ($g['disablepackagehistory']) $pkgver = "<a>".gettext("Available") .": ". $latest_package . "<br />"; @@ -157,7 +159,7 @@ include("head.inc"); $pkgver .= gettext("Installed") .": ". $pkg['version']. "</a>"; } // we're running an older version of the package - if(strcmp($pkg['version'], $latest_package) < 0) { + if ($pkg_compare_result < 0) { $tdclass = "listbg"; if ($g['disablepackagehistory']) $pkgver = "<a><font color='#ffffff'>" . gettext("Available") .": ". $latest_package . "</font><br />"; @@ -166,7 +168,7 @@ include("head.inc"); $pkgver .= gettext("Installed") .": ". $pkg['version']."</font></a>"; } // we're running the current version - if(!strcmp($pkg['version'], $latest_package)) { + if ($pkg_compare_result == 0) { $tdclass = "listr"; if ($g['disablepackagehistory']) $pkgver = "<a>{$pkg['version']}</a>"; diff --git a/usr/local/www/status.php b/usr/local/www/status.php index b7c21b4..3e0e8ea 100755 --- a/usr/local/www/status.php +++ b/usr/local/www/status.php @@ -161,6 +161,7 @@ defCmdT("Free Disk Space","/bin/df -hi"); defCmdT("Routing tables","/usr/bin/netstat -nWr"); defCmdT("Mbuf Usage","/usr/bin/netstat -mb"); defCmdT("VMStat", "/usr/bin/vmstat -afimsz"); +defCmdT("Sockets", "/usr/bin/sockstat"); /* Firewall rules and info */ defCmdT("Generated Ruleset","/bin/cat {$g['tmp_path']}/rules.debug"); @@ -184,19 +185,20 @@ defCmdT("pftop Speed","/usr/local/sbin/pftop -w 150 -a -b -v speed"); if (isset($config['captiveportal']) && is_array($config['captiveportal'])) { foreach ($config['captiveportal'] as $cpZone => $cpdata) { if (isset($cpdata['enable'])) - defCmdT("IPFW rules for {$cpdata['zoneid']}", "/sbin/ipfw -x " . escapeshellarg($cpdata['zoneid']) . " show"); + defCmdT("IPFW rules for {$cpdata['zone']}", "/sbin/ipfw -x " . escapeshellarg($cpdata['zoneid']) . " show"); } } /* Configuration Files */ -defCmdT("Contents of /var/run", "/bin/ls /var/run"); -defCmdT("Contents of /conf", "/bin/ls /conf"); +defCmdT("Contents of var run", "/bin/ls /var/run"); +defCmdT("Contents of conf", "/bin/ls /conf"); defCmdT("config.xml","dumpconfigxml"); defCmdT("resolv.conf","/bin/cat /etc/resolv.conf"); defCmdT("DHCP Configuration","/bin/cat /var/dhcpd/etc/dhcpd.conf"); defCmdT("DHCPv6 Configuration","/bin/cat /var/dhcpd/etc/dhcpdv6.conf"); defCmdT("strongSwan config","/bin/cat /var/etc/ipsec/strongswan.conf"); defCmdT("IPsec config","/bin/cat /var/etc/ipsec/ipsec.conf"); +defCmdT("IPsec Status","/usr/local/sbin/ipsec statusall"); defCmdT("SPD","/sbin/setkey -DP"); defCmdT("SAD","/sbin/setkey -D"); if (file_exists("/cf/conf/upgrade_log.txt")) { @@ -218,11 +220,13 @@ if (file_exists("/var/etc/filterdns.conf")) { defCmdT("Filter DNS Daemon Config", "/bin/cat /var/etc/filterdns.conf"); } if(isset($config['system']['usefifolog'])) { - defCmdT("last 200 system log entries","/usr/sbin/fifolog_reader /var/log/system.log 2>&1 | tail -n 200"); + defCmdT("last 500 system log entries","/usr/sbin/fifolog_reader /var/log/system.log 2>&1 | tail -n 500"); defCmdT("last 50 filter log entries","/usr/sbin/fifolog_reader /var/log/filter.log 2>&1 | tail -n 50"); + defCmdT("last 100 IPsec log entries","/usr/sbin/fifolog_reader /var/log/ipsec.log 2>&1 | tail -n 100"); } else { - defCmdT("last 200 system log entries","/usr/local/sbin/clog /var/log/system.log 2>&1 | tail -n 200"); + defCmdT("last 500 system log entries","/usr/local/sbin/clog /var/log/system.log 2>&1 | tail -n 500"); defCmdT("last 50 filter log entries","/usr/local/sbin/clog /var/log/filter.log 2>&1 | tail -n 50"); + defCmdT("last 100 IPsec log entries","/usr/local/sbin/clog /var/log/ipsec.log 2>&1 | tail -n 100"); } if (file_exists("/tmp/PHP_errors.log")) { defCmdT("PHP Error Log", "/bin/cat /tmp/PHP_errors.log"); diff --git a/usr/local/www/status_captiveportal_test.php b/usr/local/www/status_captiveportal_test.php index 4caafb4..ddb5b43 100644 --- a/usr/local/www/status_captiveportal_test.php +++ b/usr/local/www/status_captiveportal_test.php @@ -108,10 +108,10 @@ if ($_POST) { foreach ($test_results as $result) { if (strpos($result, " good ") || strpos($result, " granted ")) { echo "<tr><td bgcolor=\"#D9DEE8\"><img src=\"/themes/{$g['theme']}/images/icons/icon_pass.gif\" alt=\"pass\" /></td>"; - echo "<td bgcolor=\"#D9DEE8\">$result</td></tr>"; + echo "<td bgcolor=\"#D9DEE8\">" . htmlspecialchars($result) . "</td></tr>"; } else { echo "<tr><td bgcolor=\"#FFD9D1\"><img src=\"/themes/{$g['theme']}/images/icons/icon_block.gif\" alt=\"block\" /></td>"; - echo "<td bgcolor=\"#FFD9D1\">$result</td></tr>"; + echo "<td bgcolor=\"#FFD9D1\">" . htmlspecialchars($result) . "</td></tr>"; } } echo "</table>"; diff --git a/usr/local/www/status_graph.php b/usr/local/www/status_graph.php index 3c8ba8f..832b068 100644 --- a/usr/local/www/status_graph.php +++ b/usr/local/www/status_graph.php @@ -230,6 +230,7 @@ foreach ($ifdescrs as $ifn => $ifd) { <select id="hostipformat" name="hostipformat" class="formselect" style="z-index: -10;" onchange="document.form1.submit()"> <option value="">IP Address</option> <option value="hostname"<?php if ($curhostipformat == "hostname") echo " selected";?>>Host Name</option> + <option value="descr"<?php if ($curhostipformat == "descr") echo " selected=\"selected\"";?>>Description</option> <option value="fqdn"<?php if ($curhostipformat == "fqdn") echo " selected=\"selected\"";?>>FQDN</option> </select> </form> diff --git a/usr/local/www/status_lb_pool.php b/usr/local/www/status_lb_pool.php index 6e689a3..140a18a 100644 --- a/usr/local/www/status_lb_pool.php +++ b/usr/local/www/status_lb_pool.php @@ -209,7 +209,7 @@ if ($_POST) { <?php echo $pool['monitor']; ?> </td> <td class="listbg" > - <?=$pool['descr'];?> + <?=htmlspecialchars($pool['descr']);?> </td> </tr> <?php endforeach; ?> diff --git a/usr/local/www/status_lb_vs.php b/usr/local/www/status_lb_vs.php index 62ae530..952aea7 100644 --- a/usr/local/www/status_lb_vs.php +++ b/usr/local/www/status_lb_vs.php @@ -132,7 +132,7 @@ include("head.inc"); ?> </td> <td class="listbg" > - <?=$vsent['descr'];?> + <?=htmlspecialchars($vsent['descr']);?> </td> </tr> <?php $i++; endforeach; ?> diff --git a/usr/local/www/status_openvpn.php b/usr/local/www/status_openvpn.php index 492eded..427115a 100644 --- a/usr/local/www/status_openvpn.php +++ b/usr/local/www/status_openvpn.php @@ -147,7 +147,7 @@ include("head.inc"); ?> <table style="padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px" width="100%" border="0" cellpadding="0" cellspacing="0" summary="status openvpn"> <tr> <td colspan="6" class="listtopic"> - <?=$server['name'];?> <?=gettext("Client connections"); ?> + <?=htmlspecialchars($server['name']);?> <?=gettext("Client connections"); ?> </td> </tr> <tr> @@ -217,7 +217,7 @@ include("head.inc"); ?> <table style="display: none; padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px" width="100%" border="0" cellpadding="0" cellspacing="0" id="tabroute-<?= $i ?>" summary="routing table"> <tr> <td colspan="6" class="listtopic"> - <?=$server['name'];?> <?=gettext("Routing Table"); ?> + <?=htmlspecialchars($server['name']);?> <?=gettext("Routing Table"); ?> </td> </tr> <tr> @@ -286,7 +286,7 @@ include("head.inc"); ?> <?php foreach ($sk_servers as $sk_server): ?> <tr id="<?php echo "r:{$sk_server['port']}:{$sk_server['vpnid']}"; ?>"> <td class="listlr"> - <?=$sk_server['name'];?> + <?=htmlspecialchars($sk_server['name']);?> </td> <td class="listr"> <?=$sk_server['status'];?> @@ -349,7 +349,7 @@ include("head.inc"); ?> <?php foreach ($clients as $client): ?> <tr id="<?php echo "r:{$client['port']}:{$client['vpnid']}"; ?>"> <td class="listlr"> - <?=$client['name'];?> + <?=htmlspecialchars($client['name']);?> </td> <td class="listr"> <?=$client['status'];?> diff --git a/usr/local/www/status_rrd_graph.php b/usr/local/www/status_rrd_graph.php index e64cf72..a4aec6d 100644 --- a/usr/local/www/status_rrd_graph.php +++ b/usr/local/www/status_rrd_graph.php @@ -409,7 +409,7 @@ function get_dates($curperiod, $graph) { <table width="100%" border="0" cellpadding="0" cellspacing="0" summary="rrd graphs"> <tr> <td> - <input type="hidden" name="cat" value="<?php echo "$curcat"; ?>" /> + <input type="hidden" name="cat" value="<?php echo htmlspecialchars($curcat); ?>" /> <?php $tab_array = array(); if($curcat == "system") { $tabactive = True; } else { $tabactive = False; } diff --git a/usr/local/www/system_authservers.php b/usr/local/www/system_authservers.php index a58ef0e..8e5d03c 100644 --- a/usr/local/www/system_authservers.php +++ b/usr/local/www/system_authservers.php @@ -97,6 +97,7 @@ if ($act == "edit") { $pconfig['ldap_caref'] = $a_server[$id]['ldap_caref']; $pconfig['ldap_host'] = $a_server[$id]['host']; $pconfig['ldap_port'] = $a_server[$id]['ldap_port']; + $pconfig['ldap_timeout'] = $a_server[$id]['ldap_timeout']; $pconfig['ldap_urltype'] = $a_server[$id]['ldap_urltype']; $pconfig['ldap_protver'] = $a_server[$id]['ldap_protver']; $pconfig['ldap_scope'] = $a_server[$id]['ldap_scope']; @@ -109,8 +110,10 @@ if ($act == "edit") { $pconfig['ldap_attr_user'] = $a_server[$id]['ldap_attr_user']; $pconfig['ldap_attr_group'] = $a_server[$id]['ldap_attr_group']; $pconfig['ldap_attr_member'] = $a_server[$id]['ldap_attr_member']; + $pconfig['ldap_attr_groupobj'] = $a_server[$id]['ldap_attr_groupobj']; $pconfig['ldap_utf8'] = isset($a_server[$id]['ldap_utf8']); $pconfig['ldap_nostrip_at'] = isset($a_server[$id]['ldap_nostrip_at']); + $pconfig['ldap_rfc2307'] = isset($a_server[$id]['ldap_rfc2307']); if (!$pconfig['ldap_binddn'] || !$pconfig['ldap_bindpw']) $pconfig['ldap_anon'] = true; @@ -217,8 +220,12 @@ if ($_POST) { if (auth_get_authserver($pconfig['name']) && !isset($id)) $input_errors[] = gettext("An authentication server with the same name already exists."); - if (($pconfig['type'] == "radius") && isset($_POST['radius_timeout']) && !empty($_POST['radius_timeout']) && (!is_numeric($_POST['radius_timeout']) || (is_numeric($_POST['radius_timeout']) && ($_POST['radius_timeout'] <= 0)))) - $input_errors[] = gettext("RADIUS Timeout value must be numeric and positive."); + if (($pconfig['type'] == "ldap") || ($pconfig['type'] == "radius")) { + $to_field = "{$pconfig['type']}_timeout"; + if (isset($_POST[$to_field]) && !empty($_POST[$to_field]) && (!is_numeric($_POST[$to_field]) || (is_numeric($_POST[$to_field]) && ($_POST[$to_field] <= 0)))) { + $input_errors[] = sprintf(gettext("%s Timeout value must be numeric and positive."), strtoupper($pconfig['type'])); + } + } /* if this is an AJAX caller then handle via JSON */ if (isAjax() && is_array($input_errors)) { @@ -251,6 +258,9 @@ if ($_POST) { $server['ldap_attr_user'] = $pconfig['ldap_attr_user']; $server['ldap_attr_group'] = $pconfig['ldap_attr_group']; $server['ldap_attr_member'] = $pconfig['ldap_attr_member']; + + $server['ldap_attr_groupobj'] = empty($pconfig['ldap_attr_groupobj']) ? "posixGroup" : $pconfig['ldap_attr_groupobj']; + if ($pconfig['ldap_utf8'] == "yes") $server['ldap_utf8'] = true; else @@ -260,6 +270,11 @@ if ($_POST) { else unset($server['ldap_nostrip_at']); + if ($pconfig['ldap_rfc2307'] == "yes") { + $server['ldap_rfc2307'] = true; + } else { + unset($server['ldap_rfc2307']); + } if (!$pconfig['ldap_anon']) { $server['ldap_binddn'] = $pconfig['ldap_binddn']; @@ -268,6 +283,13 @@ if ($_POST) { unset($server['ldap_binddn']); unset($server['ldap_bindpw']); } + + if ($pconfig['ldap_timeout']) { + $server['ldap_timeout'] = $pconfig['ldap_timeout']; + } else { + $server['ldap_timeout'] = 25; + } + } if ($server['type'] == "radius") { @@ -398,6 +420,7 @@ function radius_srvcschange(){ function select_clicked() { if (document.getElementById("ldap_port").value == '' || + document.getElementById("ldap_timeout").value == '' || document.getElementById("ldap_host").value == '' || document.getElementById("ldap_scope").value == '' || document.getElementById("ldap_basedn").value == '' || @@ -566,6 +589,13 @@ function select_clicked() { </td> </tr> <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Server Timeout");?></td> + <td width="78%" class="vtable"> + <input name="ldap_timeout" type="text" class="formfld unknown" id="ldap_timeout" size="5" value="<?=htmlspecialchars($pconfig['ldap_timeout']);?>"/> + <br /><?= gettext("Timeout for LDAP operations (seconds). Default: 25"); ?> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Search scope");?></td> <td width="78%" class="vtable"> <table border="0" cellspacing="0" cellpadding="2" summary="search scope"> @@ -696,6 +726,28 @@ function select_clicked() { </td> </tr> <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("RFC2307 Groups");?></td> + <td width="78%" class="vtable"> + <table border="0" cellspacing="0" cellpadding="2" summary="rfc2307 groups"> + <tr> + <td> + <input name="ldap_rfc2307" type="checkbox" id="ldap_rfc2307" value="yes" <?php if ($pconfig['ldap_rfc2307']) echo "checked=\"checked\""; ?> /> + </td> + <td> + <?=gettext("Check if the LDAP server uses RFC 2307 style group membership where members are listed on the group object rather than using groups listed on user object. Leave unchecked for Active Directory style group membership (RFC 2307bis).");?> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Group Object Class");?></td> + <td width="78%" class="vtable"> + <input name="ldap_attr_groupobj" type="text" class="formfld unknown" id="ldap_attr_groupobj" size="20" value="<?=htmlspecialchars($pconfig['ldap_attr_groupobj']);?>"/> + <br /><?= gettext("Object class used for groups in RFC2307 mode. Typically 'posixGroup' or 'group'. Default: posixGroup"); ?> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncell"><?=gettext("UTF8 Encode");?></td> <td width="78%" class="vtable"> <table border="0" cellspacing="0" cellpadding="2" summary="utf8 encoding"> diff --git a/usr/local/www/system_usermanager.php b/usr/local/www/system_usermanager.php index 0744dbb..13e19c5 100644 --- a/usr/local/www/system_usermanager.php +++ b/usr/local/www/system_usermanager.php @@ -361,7 +361,10 @@ if ($_POST['save']) { $a_user[] = $userent; } + /* Add user to groups so PHP can see the memberships properly or else the user's shell account does not get proper permissions (if applicable) See #5152. */ + local_user_set_groups($userent,$_POST['groups']); local_user_set($userent); + /* Add user to groups again to ensure they are set everywhere, otherwise the user may not appear to be a member of the group. See commit:5372d26d9d25d751d16865ed9d46869d3b0ec5e1. */ local_user_set_groups($userent,$_POST['groups']); write_config(); diff --git a/usr/local/www/system_usermanager_settings.php b/usr/local/www/system_usermanager_settings.php index 8965c69..5945691 100644 --- a/usr/local/www/system_usermanager_settings.php +++ b/usr/local/www/system_usermanager_settings.php @@ -152,7 +152,7 @@ include("head.inc"); if (!isset($pconfig['authmode']) && $auth_server['name'] == "Local Database") $selected = "selected=\"selected\""; ?> - <option value="<?=$auth_server['name'];?>" <?=$selected;?>><?=$auth_server['name'];?></option> + <option value="<?=htmlspecialchars($auth_server['name']);?>" <?=$selected;?>><?=htmlspecialchars($auth_server['name']);?></option> <?php endforeach; ?> diff --git a/usr/local/www/system_usermanager_settings_test.php b/usr/local/www/system_usermanager_settings_test.php index 2dcba45..2ec54b1 100755 --- a/usr/local/www/system_usermanager_settings_test.php +++ b/usr/local/www/system_usermanager_settings_test.php @@ -88,15 +88,15 @@ if (!$authcfg) { echo "<table width='100%'>"; - echo "<tr><td>" . gettext("Attempting connection to") . " " . "<td><center>$auth_server</b></center></td>"; + echo "<tr><td>" . gettext("Attempting connection to") . " " . "<td><center>" . htmlspecialchars($auth_server). "</b></center></td>"; if(ldap_test_connection($authcfg)) { echo "<td><center><font color=green>OK</center></td></tr>"; - echo "<tr><td>" . gettext("Attempting bind to") . " " . "<td><center>$auth_server</b></center></td>"; + echo "<tr><td>" . gettext("Attempting bind to") . " " . "<td><center>" . htmlspecialchars($auth_server). "</b></center></td>"; if(ldap_test_bind($authcfg)) { echo "<td><center><font color=green>OK</center></td></tr>"; - echo "<tr><td>" . gettext("Attempting to fetch Organizational Units from") . " " . "<td><center>$auth_server</b></center></td>"; + echo "<tr><td>" . gettext("Attempting to fetch Organizational Units from") . " " . "<td><center>" . htmlspecialchars($auth_server). "</b></center></td>"; $ous = ldap_get_user_ous(true, $authcfg); if(count($ous)>1) { echo "<td><center><font color=green>OK</center></td></tr>"; diff --git a/usr/local/www/vpn_ipsec_mobile.php b/usr/local/www/vpn_ipsec_mobile.php index 8fed8e9..0c4da17 100644 --- a/usr/local/www/vpn_ipsec_mobile.php +++ b/usr/local/www/vpn_ipsec_mobile.php @@ -393,7 +393,7 @@ function login_banner_change() { $selected = ""; if (in_array($auth_server['name'], $authmodes)) $selected = "selected=\"selected\""; - echo "<option value='{$auth_server['name']}' {$selected}>{$auth_server['name']}</option>\n"; + echo "<option value=\"" . htmlspecialchars($auth_server['name']). "\" {$selected}>" . htmlspecialchars($auth_server['name']). "</option>\n"; } ?> </select> diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php index 1b87df4..b25e52d 100644 --- a/usr/local/www/vpn_ipsec_phase1.php +++ b/usr/local/www/vpn_ipsec_phase1.php @@ -470,10 +470,13 @@ function iketype_change() { function peeridsel_change() { index = document.iform.peerid_type.selectedIndex; value = document.iform.peerid_type.options[index].value; - if (value == 'peeraddress') - document.getElementById('peerid_data').style.visibility = 'hidden'; - else - document.getElementById('peerid_data').style.visibility = 'visible'; + if (value == 'peeraddress') { + document.getElementById('peerid_data').style.visibility = 'hidden'; + } else if (value == 'any') { + document.getElementById('peerid_data').style.visibility = 'hidden'; + } else { + document.getElementById('peerid_data').style.visibility = 'visible'; + } } function methodsel_change() { diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index 801575a..cd978f7 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -810,7 +810,7 @@ if ($savemsg) if (in_array($auth_server_key, $authmodes)) $selected = "selected=\"selected\""; ?> - <option value="<?=$auth_server_key;?>" <?=$selected;?>><?=$auth_server['name'];?></option> + <option value="<?=htmlspecialchars($auth_server_key);?>" <?=$selected;?>><?=htmlspecialchars($auth_server['name']);?></option> <?php endforeach; ?> </select> </td> diff --git a/usr/local/www/widgets/widgets/load_balancer_status.widget.php b/usr/local/www/widgets/widgets/load_balancer_status.widget.php index 098a028..9accedc 100644 --- a/usr/local/www/widgets/widgets/load_balancer_status.widget.php +++ b/usr/local/www/widgets/widgets/load_balancer_status.widget.php @@ -140,7 +140,7 @@ if (!$nentries) </table> </td> <td class="listbg" > - <font color="#FFFFFF"><?=$vsent['descr'];?></font> + <font color="#FFFFFF"><?=htmlspecialchars($vsent['descr']);?></font> </td> </tr> <?php $i++; endforeach; ?> diff --git a/usr/local/www/widgets/widgets/openvpn.widget.php b/usr/local/www/widgets/widgets/openvpn.widget.php index 75ccc3f..fcc327b 100644 --- a/usr/local/www/widgets/widgets/openvpn.widget.php +++ b/usr/local/www/widgets/widgets/openvpn.widget.php @@ -126,7 +126,7 @@ $clients = openvpn_get_active_clients(); <table style="padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td colspan="6" class="listtopic"> - <?=$server['name'];?> Client connections + <?=htmlspecialchars($server['name']);?> Client connections </td> </tr> <tr> |
