Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Alias name cannot have more than 31 chars, add maxlength here just as an ↵RELENG_2_1_5 | Renato Botelho | 2014-08-25 | 1 | -1/+1 |
| | | | | extra check. Ticket #3827 | ||||
* | Fix text description for interface mismatch, fixes #3820 | Renato Botelho | 2014-08-21 | 1 | -1/+1 |
| | |||||
* | Merge branch 'RELENG_2_1' of git.pfmechanics.com:pfsense/pfsense into RELENG_2_1 | Jared Dillard | 2014-08-20 | 2 | -10/+34 |
|\ | |||||
| * | non-css parts of gold menu | Matt Smith | 2014-08-19 | 2 | -10/+34 |
| | | |||||
* | | fix top nav to fit gold in non-default themes | Jared Dillard | 2014-08-20 | 5 | -7/+6 |
|/ | |||||
* | fix spacing in pfsense_ng topnav | Jared Dillard | 2014-08-19 | 1 | -3/+4 |
| | |||||
* | Ensure this is always an array to avoid a PHP error from foreach. | jim-p | 2014-08-15 | 1 | -1/+5 |
| | |||||
* | Do not reset source and destination port range values when it's an ↵ | Renato Botelho | 2014-08-11 | 1 | -4/+8 |
| | | | | associated rule created by nat port forward. It fixes #3778 | ||||
* | Avoid generating an invalid racoon config if the user specified a mobile ↵ | jim-p | 2014-08-08 | 1 | -1/+1 |
| | | | | pool that is too small. | ||||
* | Require click-through POST confirmation when restoring or deleting a ↵ | jim-p | 2014-08-08 | 1 | -15/+51 |
| | | | | configuation from the backup history page. | ||||
* | Remove javascript alert DNS resolution action from the firewall log view. It ↵ | jim-p | 2014-08-08 | 2 | -9/+0 |
| | | | | was already removed from 2.2, and it's better not to allow a GET action to perform that action. | ||||
* | Do not execute on GET, only pre-fill Host box so the user can press the ↵ | jim-p | 2014-08-08 | 1 | -38/+38 |
| | | | | button to execute. Turn alias creation links into submit buttons for POST. While here, remove some backticks and simplify a little. | ||||
* | Shorten the wait at "reload" in startup wizard to 5 seconds from 60. That's ↵ | Chris Buechler | 2014-08-08 | 1 | -1/+1 |
| | | | | more than adequate for current systems, no need to make people sit there for 1 minute. Many likely click out via the logo and miss the last screen entirely. | ||||
* | Encode interface/VIP descriptions before displaying them on the GRE and GIF ↵ | jim-p | 2014-08-06 | 2 | -2/+5 |
| | | | | | | pages also; While here, the GRE page was missing IP aliases from its list of bind IPs, add it in. | ||||
* | Encode interface/VIP descriptions before displaying them on the NTP daemon ↵ | jim-p | 2014-08-06 | 1 | -1/+1 |
| | | | | settings. | ||||
* | Encode the detail field of an alias entry before displaying its contents ↵ | jim-p | 2014-08-06 | 1 | -1/+1 |
| | | | | back to the user. | ||||
* | Escape the individual dnsmasq advanced/custom options | jim-p | 2014-08-06 | 1 | -1/+1 |
| | |||||
* | Fix input validation logic on diag_testport.php, escape more shell arguments ↵ | jim-p | 2014-08-04 | 1 | -3/+3 |
| | | | | for good measure | ||||
* | Allow hostnames in bulk import since they are valid entries in a network ↵ | jim-p | 2014-07-14 | 1 | -1/+1 |
| | | | | type alias. | ||||
* | Change Cancel button to call history.back() as done in Firewall Rules, the ↵ | Renato Botelho | 2014-07-08 | 1 | -1/+1 |
| | | | | current method has issues with IE 11, it should fix #3728 | ||||
* | Fix #3725: | Renato Botelho | 2014-06-30 | 1 | -3/+3 |
| | | | | | | | - Fix match_filter_field() and also simplify logic - Fix $filterfieldsarray initialization - Avoid to have double spaces on filterfieldsarray['act'] - Fix filter on Firewall Logs | ||||
* | Merge pull request #1208 from razzfazz/nat_add_missing_protocols | Renato Botelho | 2014-06-20 | 1 | -1/+1 |
|\ | |||||
| * | bring protocols on NAT edit page more in line with rule edit page | Daniel Becker | 2014-05-22 | 1 | -1/+1 |
| | | |||||
* | | Remove also . and / from graph | Renato Botelho | 2014-06-19 | 1 | -1/+1 |
| | | |||||
* | | Fix status_rrd_graph_img.php and also improve it: | Renato Botelho | 2014-06-19 | 1 | -36/+37 |
| | | | | | | | | | | | | | | | | - Remove escapeshellarg that broke command line - Only remove dangerous chars to avoid command injection - Replace all `hostname` calls by php_uname('n') - Replace all `date` calls by strftime() - Add $_gb to collect possibly garbage from exec return | ||||
* | | Make sure single quotes are encoded and avoid javascript injection | Renato Botelho | 2014-06-19 | 1 | -2/+2 |
| | | |||||
* | | Use CDATA for javascript | Renato Botelho | 2014-06-19 | 1 | -3/+3 |
| | | |||||
* | | Fix indent and whitespaces | Renato Botelho | 2014-06-19 | 1 | -6/+7 |
| | | |||||
* | | Simplify logic, add some protection to user input parameters | Renato Botelho | 2014-06-18 | 1 | -27/+23 |
| | | |||||
* | | Fix whitespaces and indent | Renato Botelho | 2014-06-18 | 1 | -46/+45 |
| | | |||||
* | | We need to allow subdirectories under /usr/local/pkg, here is the proper fix | Renato Botelho | 2014-06-18 | 1 | -7/+5 |
| | | |||||
* | | Protect servicestatusfilter parameter with htmlspecialchars() | Renato Botelho | 2014-06-17 | 1 | -1/+1 |
| | | |||||
* | | Protect rssfeed parameters with htmlspecialchars() | Renato Botelho | 2014-06-17 | 1 | -6/+6 |
| | | |||||
* | | Avoid directory traversal on restorefullbackup | Renato Botelho | 2014-06-17 | 1 | -2/+2 |
| | | |||||
* | | Fix core dump on viewing invalid package log | Matt Smith | 2014-06-17 | 2 | -3/+7 |
| | | |||||
* | | Remove . and / from pkg name to avoid directory traversal | Renato Botelho | 2014-06-17 | 1 | -5/+5 |
| | | |||||
* | | Remove id=0 from miniupnpd menu and shortcut | Renato Botelho | 2014-06-17 | 2 | -3/+3 |
| | | |||||
* | | Avoid directory traversal when reading package xml files, also check if file ↵ | Renato Botelho | 2014-06-17 | 1 | -1/+6 |
| | | | | | | | | exists before try to read it | ||||
* | | Make sure variables are escaped, also replace exec calls to run rm by ↵ | Renato Botelho | 2014-06-17 | 1 | -4/+4 |
| | | | | | | | | unlink_if_exists() | ||||
* | | Remove useless code, variable is set again on next line | Renato Botelho | 2014-06-17 | 1 | -3/+0 |
| | | |||||
* | | Escape parameters passed to shell_exec() | Renato Botelho | 2014-06-17 | 2 | -2/+2 |
| | | |||||
* | | Be more careful with host parameter and make sure it's escaped when call ↵ | Renato Botelho | 2014-06-17 | 1 | -7/+6 |
| | | | | | | | | shell functions | ||||
* | | Validate starttime and stoptime format | Renato Botelho | 2014-06-17 | 1 | -0/+8 |
| | | |||||
* | | Be more precise to match members of a bridge interface, it should fix #3637 | Renato Botelho | 2014-06-10 | 1 | -1/+3 |
| | | |||||
* | | Do not allow interface group name to be bigger than 15 chars, helps ticket #3208 | Renato Botelho | 2014-06-09 | 1 | -1/+1 |
| | | |||||
* | | Add some protection to parameters that come through _GET | Renato Botelho | 2014-06-06 | 1 | -4/+8 |
| | | |||||
* | | remove openbgpd bits from system_gateways_edit and system.inc. The package | Chris Buechler | 2014-05-30 | 1 | -6/+0 |
| | | | | | | | | | | | | match is case-sensitive and hasn't matched the openbgpd package's name in at least 5 years, so it doesn't do anything. It's far from functional in any useful manner even fixing that issue. | ||||
* | | Unset iflist and iflist_disabled | Renato Botelho | 2014-05-29 | 2 | -1/+6 |
| | | |||||
* | | Show disabled interface when it was already part of interface group, it ↵ | Renato Botelho | 2014-05-29 | 2 | -6/+14 |
|/ | | | | avoids to show a random interface instead and let user to add it by mistake. It should fix #3680 | ||||
* | add guiconfig to widgets not including it. ticket #3498 | Chris Buechler | 2014-05-14 | 2 | -0/+2 |
| |