Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Protect servicestatusfilter parameter with htmlspecialchars() | Renato Botelho | 2014-06-17 | 1 | -1/+1 |
| | |||||
* | Protect rssfeed parameters with htmlspecialchars() | Renato Botelho | 2014-06-17 | 1 | -6/+6 |
| | |||||
* | Add comment I forgot on last commit | Renato Botelho | 2014-06-17 | 1 | -0/+1 |
| | |||||
* | Re-generate session ID on a successful login to avoid session fixation | Renato Botelho | 2014-06-17 | 1 | -0/+1 |
| | |||||
* | Avoid directory traversal on restorefullbackup | Renato Botelho | 2014-06-17 | 1 | -2/+2 |
| | |||||
* | Fix core dump on viewing invalid package log | Matt Smith | 2014-06-17 | 2 | -3/+7 |
| | |||||
* | Remove . and / from pkg name to avoid directory traversal | Renato Botelho | 2014-06-17 | 1 | -5/+5 |
| | |||||
* | Remove id=0 from miniupnpd menu and shortcut | Renato Botelho | 2014-06-17 | 2 | -3/+3 |
| | |||||
* | Avoid directory traversal when reading package xml files, also check if file ↵ | Renato Botelho | 2014-06-17 | 1 | -1/+6 |
| | | | | exists before try to read it | ||||
* | Make sure variables are escaped, also replace exec calls to run rm by ↵ | Renato Botelho | 2014-06-17 | 1 | -4/+4 |
| | | | | unlink_if_exists() | ||||
* | Remove useless code, variable is set again on next line | Renato Botelho | 2014-06-17 | 1 | -3/+0 |
| | |||||
* | Escape parameters passed to shell_exec() | Renato Botelho | 2014-06-17 | 2 | -2/+2 |
| | |||||
* | Be more careful with host parameter and make sure it's escaped when call ↵ | Renato Botelho | 2014-06-17 | 1 | -7/+6 |
| | | | | shell functions | ||||
* | Validate starttime and stoptime format | Renato Botelho | 2014-06-17 | 1 | -0/+8 |
| | |||||
* | Do not expire already disabled users, it fixes #3644 | Renato Botelho | 2014-06-12 | 1 | -1/+1 |
| | |||||
* | Be more precise to match members of a bridge interface, it should fix #3637 | Renato Botelho | 2014-06-10 | 1 | -1/+3 |
| | |||||
* | Revert "Revert "Fix #3700 and other syntax issues:"" | Renato Botelho | 2014-06-10 | 2 | -16/+17 |
| | | | | This reverts commit 4cc2ae78d3027c349969437f08a88b1fb88c9de8. | ||||
* | Revert "Fix sh syntax" | Renato Botelho | 2014-06-10 | 1 | -3/+3 |
| | | | | This reverts commit cd49f9cd5d21a6592ba690cd315f19266092bee5. | ||||
* | Fix sh syntax | Renato Botelho | 2014-06-10 | 1 | -3/+3 |
| | |||||
* | Revert "Fix #3700 and other syntax issues:" | Renato Botelho | 2014-06-10 | 2 | -17/+16 |
| | | | | This reverts commit e912bfae186b6b657daf52607f9d027f46be0478. | ||||
* | Fix #3700 and other syntax issues: | Renato Botelho | 2014-06-10 | 2 | -16/+17 |
| | | | | | | | | | - Remove -G parameter from pfctl since it doesn't exist anymore - Initialize $old_router - Fix sh syntax on variable assign, it couldn't have space before = - Simplify logic - Avoid flush states twice, if it was done on IP change, don't do it again if router also has changed | ||||
* | Do not allow interface group name to be bigger than 15 chars, helps ticket #3208 | Renato Botelho | 2014-06-09 | 1 | -1/+1 |
| | |||||
* | Escape argument on call to is_process_running too, also remove some ↵ | Renato Botelho | 2014-06-06 | 1 | -3/+3 |
| | | | | unecessary mwexec() calls | ||||
* | Add some protection to parameters that come through _GET | Renato Botelho | 2014-06-06 | 2 | -13/+17 |
| | |||||
* | Escape this before running. | jim-p | 2014-06-06 | 1 | -1/+1 |
| | |||||
* | Bump version to 2.1.4 | Renato Botelho | 2014-06-05 | 1 | -1/+1 |
| | |||||
* | Fix #3691, use curl instead of fetch to download update files | Renato Botelho | 2014-06-05 | 1 | -17/+13 |
| | |||||
* | allow ipaliases to be configured on lo0 | Matt Smith | 2014-06-03 | 1 | -2/+2 |
| | |||||
* | remove openbgpd bits from system_gateways_edit and system.inc. The package | Chris Buechler | 2014-05-30 | 2 | -8/+2 |
| | | | | | | match is case-sensitive and hasn't matched the openbgpd package's name in at least 5 years, so it doesn't do anything. It's far from functional in any useful manner even fixing that issue. | ||||
* | client-config-dir is also useful when using OpenVPN's internal DHCP while ↵ | jim-p | 2014-05-30 | 1 | -0/+1 |
| | | | | bridging. | ||||
* | Unset iflist and iflist_disabled | Renato Botelho | 2014-05-29 | 2 | -1/+6 |
| | |||||
* | Show disabled interface when it was already part of interface group, it ↵ | Renato Botelho | 2014-05-29 | 2 | -6/+14 |
| | | | | avoids to show a random interface instead and let user to add it by mistake. It should fix #3680 | ||||
* | Convert protocol ssl:// to https:// when creating http headers | Manuel Silvoso | 2014-05-28 | 1 | -1/+1 |
| | |||||
* | Properly handle this rename, and squelch errors if it fails. | jim-p | 2014-05-21 | 1 | -1/+1 |
| | |||||
* | Delete all ip aliases when interface is disabled, it should fix #3650 | Renato Botelho | 2014-05-21 | 1 | -7/+21 |
| | |||||
* | fix variable typo. ticket #3669 | Chris Buechler | 2014-05-20 | 1 | -1/+1 |
| | |||||
* | /etc/version_kernel and /etc/version_base no longer exist, use php_uname to ↵ | jim-p | 2014-05-16 | 1 | -2/+4 |
| | | | | get the info instead. | ||||
* | add guiconfig to widgets not including it. ticket #3498 | Chris Buechler | 2014-05-14 | 2 | -0/+2 |
| | |||||
* | remove text not relevant to Allowed IPs. Ticket #3594 | Chris Buechler | 2014-05-14 | 1 | -18/+2 |
| | |||||
* | Merge pull request #1131 from razzfazz/make_upnp_listen_on_if_optional | Renato Botelho | 2014-05-09 | 2 | -2/+11 |
|\ | |||||
| * | make listening on interface rather than IP optional for miniupnp | Daniel Becker | 2014-05-06 | 2 | -2/+11 |
| | | |||||
* | | Merge pull request #1130 from razzfazz/status_upnp_int_port | Renato Botelho | 2014-05-08 | 1 | -3/+8 |
|\ \ | |||||
| * | | add column for internal port on UPnP status page | Daniel Becker | 2014-05-05 | 1 | -3/+8 |
| | | | |||||
* | | | Fix #3646, Revert part of 082c9d961e and fix highlight selected rules | Renato Botelho | 2014-05-08 | 2 | -17/+17 |
| |/ |/| | |||||
* | | Remove units from burst as it is always specified in bytes. (Per ipfw(8)). | jim-p | 2014-05-06 | 1 | -2/+2 |
|/ | | | | Worked for me in testing, I watched a file briefly burst until and then be clamped down to the limiter's rate. | ||||
* | Merge the forgotten Ticket #3062 patch for CP pipeno leaking issue which ↵ | Ermal | 2014-05-03 | 1 | -1/+6 |
| | | | | leads to the 'Maximum login reached' on CP | ||||
* | Put .hushlogin even here to not be done from tools repo. Maybe some people ↵RELENG_2_1_3 | Ermal | 2014-05-01 | 1 | -0/+0 |
| | | | | would like to have that on rmlist. | ||||
* | Move the sh/profile files here as a more natural place to live in. | Ermal | 2014-05-01 | 2 | -2/+10 |
| | |||||
* | Obsolete old clog binary from /usr/sbin | Renato Botelho | 2014-05-01 | 1 | -0/+1 |
| | |||||
* | Merge pull request #1127 from phil-davis/patch-6 | Ermal | 2014-05-01 | 1 | -2/+2 |
|\ |