| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
controls this. Revert "Do not allow autocomplete of the password field to avoid security issues:"
This reverts commit 3dc69d374dcfa39094b0332e2516d3ae68467cfa.
|
| |
|
|
|
|
| |
duplicating code or missing functions. (Fixes forced themes using the wrong theme for login screen)
|
|
|
|
| |
access to
|
| |
|
| |
|
|
|
|
| |
is not accurate for the first page load after a browser has been opened, has to be at least one refresh/post first.
|
|
|
|
|
|
|
|
| |
form telling them so.
Conflicts:
etc/inc/authgui.inc
|
| |
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
etc/inc/easyrule.inc
etc/inc/filter.inc
etc/inc/interfaces.inc
etc/inc/services.inc
etc/inc/xmlrpc_client.inc
usr/local/www/fbegin.inc
usr/local/www/services_dhcp.php
|
| | |
|
| |\
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
etc/inc/interfaces.inc
etc/inc/upgrade_config.inc
etc/inc/vpn.inc
|
| |\ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Conflicts:
etc/inc/auth.inc
etc/inc/config.lib.inc
etc/inc/filter.inc
etc/inc/pfsense-utils.inc
etc/inc/pkg-utils.inc
etc/inc/priv.defs.inc
etc/inc/services.inc
etc/inc/shaper.inc
etc/inc/voucher.inc
etc/inc/vpn.inc
usr/local/www/fbegin.inc
|
| |\ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
Conflicts:
etc/inc/authgui.inc
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
|\ \ \ \ \
| | |_|_|/
| |/| | |
| | | | |
| | | | |
| | | | | |
Conflicts:
etc/inc/vslb.inc
etc/version
|
| | |_|/
| |/| | |
|
|\ \ \ \
| |/ / / |
|
| | | | |
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
and their configured IP address
* Add checkbox to System -> Advanced -> Admin for HTTP_REFERER checks
* Add and enforce HTTP_REFERER check if checkbox is not checked.
This will prevent HTML pages from crafting HTML GETs against the web interface and will prevent firewall admins from being "tricked" into clicking on links that may be harmful to their firewall.
|
|/ / |
|
| | |
|
|/ |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
non-local IP address (one not configured on the system) to warn about potential MITM attacks.
|
|
|
|
| |
Fix quite a few problems down the way.
|
|
|
|
| |
rules edit and firewall nat edit.
|
|
|
|
|
|
| |
and clearing the form and causing all kinds of chaos. Ticket #161"
This reverts commit 6af7c40b296e0f95ec308d41aea55b3306c5e1ee.
|
|
|
|
| |
clearing the form and causing all kinds of chaos. Ticket #161
|
| |
|
| |
|
|
|
|
| |
Simplify get_memory(). Tested on mips/i386
|
| |
|
|
|
|
|
|
|
|
|
| |
* Remove some recursive dependency on some includes
* Remove ^M or \r from files
* Remove some entries from functions.inc to avoid including them twice
* Remove some unneccessary includes from some files
NOTE: There is some more work to be done for pkg-utils.inc to be removed from backend as a dependency.
|
| |
|
|
|
|
|
|
| |
This redirects the users to the first allowed pagge if they do not have access to index.php and errors out only if no page has been assigned to them.
NOTE: It is strange that a user cannot change its password!
|
|
|
|
|
|
|
| |
navigate away from the initial page twice to get somewhere. Remove some
of the cruft that was no longer used. Don't unconditionally redirect a
user to their homepage if another url was specified pre-login. This will
allow admins to create bookmarks to specific pfsense webui pages.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
and pam backing functions have been removed. The basic auth method was
legacy code and the backing functions were redundant with no added value
that I could see. A simplified replacement backing function named
local_backed has been added that authenticates to the local configuration
info which should be identical to system pwdb credentials. Since the
htpassword file is no longer required, sync_webgui_passwords and its
wrapper function system_password_configure have been removed.
The local account management functions were renamed for consistency. A few
minor bugs related to setting local passwords have also been corrected.
|
|
|
|
|
|
|
|
|
|
|
| |
the system password and group databases. This is to provide better support
for centralized user management when local account administration is
preferred.
I also took this opportunity to do some housekeeping. A lot of funtions
that were only being used in one place or not at all were removed. The
user page privelege checks were also simplified in preperation for future
work in this area.
|
|
|
|
| |
Ticket #1707
|
|
|
|
| |
the_wall. Other themes look ugly now (only loginpage) but are usable. Will be fixed within the next day(s).
|
|
|
|
| |
* Allow custom urls that include pkg.php to be saved
|
| |
|
|
|
|
| |
* Make sure $search has data before operating on it
|
|
|
|
| |
Thanks again for him helping us with this project!
|