summaryrefslogtreecommitdiffstats
path: root/usr/local/www
Commit message (Collapse)AuthorAgeFilesLines
* Move main pfSense content to src/Renato Botelho2015-08-252435-190814/+0
|
* Get rid of NT-hash crapJim Thompson2015-08-251-1/+0
|
* Fix GUI auth from RADIUS to grab group names from the Class attribute. ↵jim-p2015-08-121-2/+3
| | | | | | Implements #935 The RADIUS server must populate the Class attribute with a string, semicolon-separated, of user groups. Similar to LDAP, local groups must exist with matching names, and privileges are determined by the local matching groups.
* Introduce a new item to $g global, 'product_version' and stop reading ↵Renato Botelho2015-07-316-15/+10
| | | | /etc/version all around
* fix whitespaceChris Buechler2015-07-301-2/+2
|
* Add NUT package help locationJared Dillard2015-07-301-1/+2
|
* Remove bdiff supportRenato Botelho2015-07-301-2/+0
|
* remove more old, unused platform stuffChris Buechler2015-07-301-3/+0
|
* Fix killing of individual states for IPv6. Ticket #4906Chris Buechler2015-07-301-11/+27
|
* fix whitespaceChris Buechler2015-07-301-4/+4
|
* Use the appropriate source and dest IPs for all state types. Ticket #4907Chris Buechler2015-07-301-2/+10
|
* Add "sockstat" output to status.phpjim-p2015-07-291-0/+1
|
* Add 'any' option for peer ID, for mobile IPsec scenarios where you can't or ↵Chris Buechler2015-07-251-1/+3
| | | | | | | don't want to check peer ID. Conflicts: usr/local/www/vpn_ipsec_phase1.php
* Remove "auto", it's just a synonym for IKEv2. Ticket #4873Chris Buechler2015-07-231-3/+3
| | | | | Conflicts: usr/local/www/vpn_ipsec_phase1.php
* include vpn.inc so IPsec CRL reload works. require_once filter.inc inChris Buechler2015-07-231-1/+2
| | | | vpn.inc for callers there that haven't already included it.
* Most of the flowtable bits were removed some time ago, take out the last of ↵Chris Buechler2015-07-231-30/+0
| | | | them too.
* When a CRL is updated, refresh strongswan's CRLs.Chris Buechler2015-07-231-0/+6
|
* Add isset check for strictcrlpolicyPhil Davis2015-07-231-1/+1
| | | To be consistent with the checks in the rest of this code.
* Add IPsec advanced option for strict CRL checkingChris Buechler2015-07-221-0/+16
|
* Handle IPsec Advanced Settings save before IPsec is enabledPhil Davis2015-07-221-12/+16
| | | | | | | | | | If the Advanced Settings are saved before any other IPsec is set up then $config['ipsec'] can be just the empty string. As a result you can get: a) If you select some debug settings then those are not saved. The code to save those settings was only executed when $config['ipsec'] was already an array. Actually the code already did the necessary "if isset() then unset()" stuuf. So I just took the the "if is_array()" away from the code block. b) Some potential unset() can go wrong with errors like: Fatal error: Cannot unset string offsets in /usr/local/www/vpn_ipsec_settings.php on line 168 This is corrected by adding more "if (isset())" checks. Fixes Redmine #4865
* Interfaces widget use more obscure separatorPhil Davis2015-07-222-5/+5
| | | | | when acquiring the interface data. In particular the media information can have commas in it already as reported in Redmine bug #4859
* Add "netstat -ni" to status.phpjim-p2015-07-211-0/+1
|
* Allow pre-filling (but no automatic action) of the download filename on ↵jim-p2015-07-212-2/+3
| | | | exec.php. Setup a link to download the status output.tgz in status.php
* Bug #4551 - consistent usage of Forwarder/Resolver across the WebGUIdoktornotor2015-07-181-1/+1
| | | Clarify that this applies to DNS Resolver as well.
* Bug #4551 - consistent usage of Forwarder/Resolver across the WebGUIdoktornotor2015-07-181-1/+1
| | | Clarify that this applies to DNS Resolver as well.
* Merge pull request #1738 from phil-davis/Static-RoutesRenato Botelho2015-07-184-25/+83
|\
| * Switch logic of $disabled tests system_gatewaysPhil Davis2015-07-181-10/+8
| |
| * Static routes merge "else" and "if" into "else if"Phil Davis2015-07-122-26/+22
| | | | | | | | As suggested by Renato.
| * Fix #4813 validation of enable/disable of gateways and static routesPhil Davis2015-07-054-25/+89
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1) A disabled gateway can always be enabled - no extra validation needed. 2) When disabling an enabled gateway, check to see that the gateway is not used in any gateway group or enabled static route (similar tests to what is already checked before deleting a gateway). 3) A static route can always be disabled - no extra checks needed. 4) When enabling a static route, check that the selected gateway is enabled - you cannot have a static route enabled on a disabled gateway. 5) Do the address family cross-check between static route and gateway even when the static route is disabled - we do not want to save mismatched IP address families in any case. This covers all the cases I can see to ensure that the enable/disable status combinations of Gateways and Static Routes is always valid.
* | Fix Firewall - Aliases GUI inconsistencies for URL Table type aliasesdoktornotor2015-07-171-4/+4
| | | | | | The GUI should show descriptions according to what's selected from the dropdown, but currently does not for URL Table (IPs) and URL Table (Ports) type of aliases.
* | Merge pull request #1758 from phil-davis/patch-2Renato Botelho2015-07-171-4/+4
|\ \
| * | Restrict serial ports glob to cua followed by alphaPhil Davis2015-07-161-3/+3
| | | | | | | | | Improve this a little more to match only alpha after /dev/cua (/dev/cuau for example)
| * | Make serial ports glob cope with many more possibilitiesPhil Davis2015-07-161-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It originally coped with things like cuau1 cuau1.1 Then I made it cope with things like cuau1 cuau11 but it stopped working for cuau1.1 This one copes with: cuau1 cuau1.1 cuau1.11 cuau11 cuau11.1 cuau11.11 That should allow for all sorts of reasonable device name files without matching other stuff in /dev (like cuau1.init cuau1.lock) that we need to ignore. Please think if I have covered the bases here.
* | | Revert "myid_data and peerid_data fields are not relevant with asn1dn."Chris Buechler2015-07-161-5/+1
| | | | | | | | | | | | This reverts commit 0e19c4bba659a5f4d28f9c8b20c80717a90964b9.
* | | myid_data and peerid_data fields are not relevant with asn1dn.Chris Buechler2015-07-161-1/+5
| | | | | | | | | | | | | | | Conflicts: usr/local/www/vpn_ipsec_phase1.php
* | | Remove old, unused NetUtils.jsChris Buechler2015-07-161-114/+0
|/ /
* | Merge pull request #1742 from phil-davis/patch-3Renato Botelho2015-07-151-1/+1
|\ \
| * | Firewall Aliases Import display error message for invalid alias namePhil Davis2015-07-121-1/+1
| | | | | | | | | | | | If you open firewall_aliases_import and enter just an invalid Alias Name (e.g. a$b) and press save or press save with all fields empty, then the screen redraws but the input error(s) is not displayed. This fixes it.
* | | Merge pull request #1743 from phil-davis/patch-4Renato Botelho2015-07-151-0/+1
|\ \ \
| * | | Firewall Aliases Edit ensure input_addresses array existsPhil Davis2015-07-121-0/+1
| |/ / | | | | | | | | | | | | | | | If you click "+" to add an alias, then press Save without entering anything, you get: Warning: Invalid argument supplied for foreach() in /usr/local/www/firewall_aliases_edit.php on line 402 as well as the various messages related to $input_errors. This change ensures that $input_addresses array always exists (even if it has no real entries) so that the foreach() warning does not happen.
* | | Merge pull request #1745 from phil-davis/patch-6Renato Botelho2015-07-151-2/+2
|\ \ \
| * | | Interfaces GIF Edit fix do_input_validationPhil Davis2015-07-131-2/+2
| |/ / | | | | | | Make the required fields be correct and match thier text names, which should each have their own gettext() cal so as to build a proper array at line 81. Basically it was all broken and the errors displayed when field/s were left empty were rubbish.
* | | Merge pull request #1746 from phil-davis/patch-7Renato Botelho2015-07-151-2/+2
|\ \ \
| * | | Interfaces GRE Edit fix required fields textPhil Davis2015-07-131-2/+2
| |/ / | | | | | | | | | The reqdfields had only 4 entries but reqdfieldsn has 5 entries and the field names to text descriptions did not match up. Fixed it.
* | | Merge pull request #1747 from phil-davis/patch-8Renato Botelho2015-07-151-15/+17
|\ \ \
| * | | Interfaces PPPs edit avoid foreach() warningPhil Davis2015-07-131-15/+17
| |/ / | | | | | | | | | If you go to Interfaces, assign, PPPs, press "+" to add an entry, then press Save without entering anything then you get a warning about the foreach() here. The is_array() check fixes it.
* | | Merge pull request #1749 from phil-davis/cancel-refererRenato Botelho2015-07-1535-35/+210
|\ \ \
| * | | Cancel button after input errorPhil Davis2015-07-1335-35/+210
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If there is an input error then the edit page is redrawn showing the input errors. The HTTP_REFERER becomes the current page, rather than the true original referer. Then if you click Cancel the current page is just redrawn. This change makes the code remember the original referer, so if the user enters some invalid data, presses Save, reads the input error messages then presses Cancel they are taken back out to the original page - the same as if Cancel was used before Save.
* | | Merge pull request #1752 from phil-davis/patch-9Chris Buechler2015-07-141-1/+6
|\ \ \
| * | | Fix glob for serial device namesPhil Davis2015-07-141-1/+6
| | | | | | | | | | | | | | | | Removing the "." that was in {,.[0-9]} allows it to match /dev/cuau10 and onward. I added lots of comments on the glob expression, because the format of the glob expression is not the same as an ordinary regex.
OpenPOWER on IntegriCloud