Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Protect rssfeed parameters with htmlspecialchars() | Renato Botelho | 2014-06-17 | 1 | -6/+6 |
| | |||||
* | Add comment I forgot on last commit | Renato Botelho | 2014-06-17 | 1 | -0/+1 |
| | |||||
* | Re-generate session ID on a successful login to avoid session fixation | Renato Botelho | 2014-06-17 | 1 | -0/+1 |
| | |||||
* | Avoid directory traversal on restorefullbackup | Renato Botelho | 2014-06-17 | 1 | -2/+2 |
| | |||||
* | Fix core dump on viewing invalid package log | Matt Smith | 2014-06-17 | 2 | -3/+7 |
| | |||||
* | Remove . and / from pkg name to avoid directory traversal | Renato Botelho | 2014-06-17 | 1 | -5/+5 |
| | |||||
* | Remove id=0 from miniupnpd menu and shortcut | Renato Botelho | 2014-06-17 | 2 | -3/+3 |
| | |||||
* | Avoid directory traversal when reading package xml files, also check if file ↵ | Renato Botelho | 2014-06-17 | 1 | -1/+6 |
| | | | | exists before try to read it | ||||
* | Make sure variables are escaped, also replace exec calls to run rm by ↵ | Renato Botelho | 2014-06-17 | 1 | -4/+4 |
| | | | | unlink_if_exists() | ||||
* | Remove useless code, variable is set again on next line | Renato Botelho | 2014-06-17 | 1 | -3/+0 |
| | |||||
* | Escape parameters passed to shell_exec() | Renato Botelho | 2014-06-17 | 2 | -2/+2 |
| | |||||
* | Be more careful with host parameter and make sure it's escaped when call ↵ | Renato Botelho | 2014-06-17 | 1 | -7/+6 |
| | | | | shell functions | ||||
* | Validate starttime and stoptime format | Renato Botelho | 2014-06-17 | 1 | -0/+8 |
| | |||||
* | Create some symlinks inside pbi dir to reduce differences between 2.1 and ↵ | Renato Botelho | 2014-06-16 | 1 | -1/+22 |
| | | | | 2.2 and avoid the need to change a lot of PBI scripts | ||||
* | Make the byte counts on OpenVPN status human readable rather than huge ↵ | jim-p | 2014-06-16 | 1 | -6/+6 |
| | | | | unformatted numbers. | ||||
* | Avoid keeping old files from previous sessions on /tmp/configbak | Renato Botelho | 2014-06-13 | 1 | -0/+1 |
| | |||||
* | cf/ dir is removed below, do not need to remove the file here | Renato Botelho | 2014-06-13 | 1 | -1/+0 |
| | |||||
* | Fix path for trigger_initial_wizard | Renato Botelho | 2014-06-13 | 1 | -1/+1 |
| | |||||
* | Merge pull request #1034 from vsquared56/master | Renato Botelho | 2014-06-13 | 1 | -4/+10 |
|\ | |||||
| * | Return full issuer for DN with multiple attribute values | vsquared56 | 2014-03-24 | 1 | -4/+10 |
| | | | | | | e.g. CN=Some Root CA,OU=Certificates Department,OU=(c) Copyright SomeCorp,O=SomeCorp,C=US | ||||
* | | Replace Header() calls by lowercase | Renato Botelho | 2014-06-13 | 22 | -26/+26 |
| | | |||||
* | | Merge pull request #1222 from phil-davis/patch-8 | Renato Botelho | 2014-06-13 | 1 | -4/+18 |
|\ \ | |||||
| * | | Handle firewall log filter regex input better bug #3689 | Phil Davis | 2014-06-03 | 1 | -4/+18 |
| | | | | | | | | | | | | | | | If the user inputs an invalid regex in any of the filter fields, then a page full of "warning" messages appear in the GUI, about whatever is invalid. If for some reason the user wants to match a forward slash somewhere, then they have to realize to escape it, doing "\/" instead of just "/". Be nice to this special case, because the user does not necessarily know that "/" is being used as the delimiter in the preg_match call. Turn "/" into "\/" (when the "\" is not already put in by the user). For other regex issues, suppress the warning output, using "@". When the user inputs some invalid garbage in a filter field, an empty filtered firewall log table will be displayed, rather than screens full of PHP warning output. | ||||
* | | | Merge pull request #1229 from ExolonDX/branch-master_06 | Renato Botelho | 2014-06-13 | 7 | -15/+15 |
|\ \ \ | |||||
| * | | | Tidy up misc. widgets XHTML | Colin Fleming | 2014-06-05 | 7 | -15/+15 |
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | captive_portal_status.widget.php Remove NAME from TABLE tag, not valid in XHTML carp_status.widget.php Add missing closing TD tag dyn_dns_status.widget.php and installed_packages.widgete.php Update TD class to single line load_balancer_status.widget.php Add quotes to missing TD background colour traffic_graphs.widget.php Tidy up HTML Boolean operator Make NAME and ID in INPUT tag unique wake_on_lan.widget.php Remove B tag from "widgetsubheader", alread in CSS Center message across all columns within table | ||||
* | | | Merge pull request #1228 from ExolonDX/branch_master_05 | Renato Botelho | 2014-06-13 | 1 | -2/+7 |
|\ \ \ | |||||
| * | | | Update "pkg_edit.,php" | Colin Fleming | 2014-06-05 | 1 | -2/+7 |
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | "custom_php_after_head_command", if the PHP code also contains JavaScript ("squid_auth.xml" for example) then this will cause HTML errors, as you are not supposed to have anything between the closing HEAD tag and the opening BODY tag. Add the CLOSEHEAD PHP variable, move the include HEAD.INC into the PHP IF statement and manually close the HEAD tab, else just include HEAD.INC | ||||
* | | | Bring the code of captiveportal up to speed with its module counterpart ↵ | Ermal | 2014-06-12 | 3 | -14/+14 |
| | | | | | | | | | | | | requirments | ||||
* | | | Fix i386 default URL for snapshots | Renato Botelho | 2014-06-12 | 1 | -1/+1 |
| | | | |||||
* | | | Do not expire already disabled users, it fixes #3644 | Renato Botelho | 2014-06-12 | 1 | -1/+1 |
| | | | |||||
* | | | Fix #3665, show IPSec tunnel description on status page | Renato Botelho | 2014-06-12 | 2 | -1/+25 |
| | | | |||||
* | | | Fix a typo on variable name | Renato Botelho | 2014-06-12 | 1 | -1/+1 |
| | | | |||||
* | | | Fix td class | Renato Botelho | 2014-06-12 | 1 | -1/+1 |
| | | | |||||
* | | | Fix #3702, make sure tunnel inside IP is set when interface changes | Renato Botelho | 2014-06-11 | 1 | -1/+1 |
| | | | |||||
* | | | remove extra . | Chris Buechler | 2014-06-11 | 1 | -1/+1 |
| | | | |||||
* | | | Be more precise to match members of a bridge interface, it should fix #3637 | Renato Botelho | 2014-06-10 | 1 | -1/+3 |
| | | | |||||
* | | | Fix #3700 and other syntax issues: | Renato Botelho | 2014-06-10 | 2 | -16/+17 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | - Remove -G parameter from pfctl since it doesn't exist anymore - Initialize $old_router - Fix sh syntax on variable assign, it couldn't have space before = - Simplify logic - Avoid flush states twice, if it was done on IP change, don't do it again if router also has changed | ||||
* | | | Do not allow interface group name to be bigger than 15 chars, helps ticket #3208 | Renato Botelho | 2014-06-09 | 1 | -1/+1 |
| | | | |||||
* | | | Add some protection to parameters that come through _GET | Renato Botelho | 2014-06-06 | 2 | -13/+17 |
| | | | |||||
* | | | Fix #3691, use curl instead of fetch to download update files | Renato Botelho | 2014-06-05 | 1 | -17/+13 |
| | | | |||||
* | | | Whitespace fixes | jim-p | 2014-06-04 | 1 | -80/+80 |
| | | | |||||
* | | | Allow the user to select "None" for OpenVPN client certificate, so long as ↵ | jim-p | 2014-06-04 | 2 | -13/+24 |
| | | | | | | | | | | | | they supply and auth user/pass. Ticket #3633 | ||||
* | | | Just use ID here instead. | jim-p | 2014-06-04 | 1 | -2/+2 |
| | | | |||||
* | | | Various fixes to diag_dump_states.php (Add interface column, some extra ↵ | jim-p | 2014-06-04 | 1 | -8/+20 |
| | | | | | | | | | | | | validation safety, etc). Should fix #2121 | ||||
* | | | Silent pbi_info | Renato Botelho | 2014-06-03 | 1 | -1/+1 |
| | | | |||||
* | | | Update csrf-magic to 1.0.4 | Renato Botelho | 2014-06-03 | 2 | -8/+45 |
| | | | |||||
* | | | Reduce possible noise | Renato Botelho | 2014-06-03 | 1 | -1/+1 |
| | | | |||||
* | | | Merge pull request #1226 from ExolonDX/branch_master_04 | Renato Botelho | 2014-06-03 | 1 | -0/+1 |
|\ \ \ | |||||
| * | | | Tidy up "status_queues.php" XHTML | Colin Fleming | 2014-06-03 | 1 | -0/+1 |
| |/ / | | | | | | | | | | | | | Add closing BODY and closing HTML tags if "traffic shaping is not configured." | ||||
* | | | Merge pull request #1225 from ExolonDX/branch_master_03 | Renato Botelho | 2014-06-03 | 1 | -2/+1 |
|\ \ \ |