From 0f26fc5a3fd730bf8ab006513389e6ddb1fff516 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Mon, 23 Nov 2015 15:57:33 -0500
Subject: Protect these two vars with htmlspecialchars

I wasn't able to exploit this but given how they are used, seems like it is only a matter of time before someone finds a way.
---
 src/usr/local/www/pkg_mgr_install.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/usr/local/www/pkg_mgr_install.php b/src/usr/local/www/pkg_mgr_install.php
index ba4dc2e..08a6f7f 100644
--- a/src/usr/local/www/pkg_mgr_install.php
+++ b/src/usr/local/www/pkg_mgr_install.php
@@ -389,8 +389,8 @@ if (!empty($_POST['id']) || $_POST['mode'] == "reinstallall"):
 		$start_polling = true;
 	}
 ?>
-	<input type="hidden" name="id" value="<?=$_POST['id']?>" />
-	<input type="hidden" name="mode" value="<?=$_POST['mode']?>" />
+	<input type="hidden" name="id" value="<?=htmlspecialchars($_POST['id'])?>" />
+	<input type="hidden" name="mode" value="<?=htmlspecialchars($_POST['mode'])?>" />
 	<input type="hidden" name="completed" value="true" />
 
 	<div id="countdown" style="text-align: center;"></div>
-- 
cgit v1.1


From 9c96aba446ef00dad8a8283b8219812528713bf1 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Mon, 23 Nov 2015 16:06:32 -0500
Subject: Small adjustments to shortcut icons/text

---
 src/usr/local/www/shortcuts.inc | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/usr/local/www/shortcuts.inc b/src/usr/local/www/shortcuts.inc
index b2d021c..350733d 100644
--- a/src/usr/local/www/shortcuts.inc
+++ b/src/usr/local/www/shortcuts.inc
@@ -124,7 +124,7 @@ function get_shortcut_main_link($shortcut_section, $addspace = true, $service =
 			break;
 	}
 	if (!empty($link) && ($_SERVER['REQUEST_URI'] != "/{$link}")) {
-		return "{$space}<a href=\"{$link}\" title=\"" . gettext("Main page for this section") . "\"><i class=\"fa fa-plus-circle\"></i></a>";
+		return "{$space}<a href=\"{$link}\" title=\"" . gettext("Related settings") . "\"><i class=\"fa fa-sliders\"></i></a>";
 	}
 }
 
@@ -152,7 +152,7 @@ function get_shortcut_status_link($shortcut_section, $addspace = true, $service
 			break;
 	}
 	if (!empty($link)) {
-		return "{$space}<a href=\"{$link}\" title=\"" . gettext("Status of items on this page") . "\"><i class=\"fa fa-cog\"></i></a>";
+		return "{$space}<a href=\"{$link}\" title=\"" . gettext("Related status") . "\"><i class=\"fa fa-cog\"></i></a>";
 	}
 }
 
@@ -160,7 +160,7 @@ function get_shortcut_log_link($shortcut_section, $addspace = true) {
 	global $g, $shortcuts;
 	$space = ($addspace) ? "&nbsp;" : "" ;
 	if (!empty($shortcut_section) && !empty($shortcuts[$shortcut_section]['log'])) {
-		return "{$space}<a href=\"{$shortcuts[$shortcut_section]['log']}\" title=\"" . gettext("Log entries for items on this page") . "\"><i class=\"fa fa-list-alt\"></i></a>";
+		return "{$space}<a href=\"{$shortcuts[$shortcut_section]['log']}\" title=\"" . gettext("Related log entries") . "\"><i class=\"fa fa-list-alt\"></i></a>";
 	}
 }
 
-- 
cgit v1.1


From 98d396835073167efdc6f342e9856d6bb98db08d Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Mon, 23 Nov 2015 16:30:04 -0500
Subject: Fully separate "Apply" and "Save" actions in the DNS Forwarder. Fixes
 #5505

---
 src/usr/local/www/services_dnsmasq.php | 41 +++++++++++++---------------------
 1 file changed, 16 insertions(+), 25 deletions(-)

diff --git a/src/usr/local/www/services_dnsmasq.php b/src/usr/local/www/services_dnsmasq.php
index 9c11d4a..56c4294 100644
--- a/src/usr/local/www/services_dnsmasq.php
+++ b/src/usr/local/www/services_dnsmasq.php
@@ -102,16 +102,21 @@ $a_hosts = &$config['dnsmasq']['hosts'];
 $a_domainOverrides = &$config['dnsmasq']['domainoverrides'];
 
 if ($_POST) {
-	if($_POST['apply']) {
-         // Reload filter (we might need to sync to CARP hosts)
-        $retval = filter_configure();
-        /* Update resolv.conf in case the interface bindings exclude localhost. */
-        system_resolvconf_generate();
-        /* Start or restart dhcpleases when it's necessary */
-        system_dhcpleases_configure();
-        if ($retval == 0) {
-            clear_subsystem_dirty('hosts');
-        }	
+	if ($_POST['apply']) {
+		$retval = 0;
+		$retval = services_dnsmasq_configure();
+		$savemsg = get_std_save_message($retval);
+
+		// Reload filter (we might need to sync to CARP hosts)
+		filter_configure();
+		/* Update resolv.conf in case the interface bindings exclude localhost. */
+		system_resolvconf_generate();
+		/* Start or restart dhcpleases when it's necessary */
+		system_dhcpleases_configure();
+
+		if ($retval == 0) {
+			clear_subsystem_dirty('hosts');
+		}
 	} else {
 		$pconfig = $_POST;
 		unset($input_errors);
@@ -161,21 +166,7 @@ if ($_POST) {
 	
 		if (!$input_errors) {
 			write_config();
-	
-			$retval = 0;
-			$retval = services_dnsmasq_configure();
-			$savemsg = get_std_save_message($retval);
-	
-			// Reload filter (we might need to sync to CARP hosts)
-			filter_configure();
-			/* Update resolv.conf in case the interface bindings exclude localhost. */
-			system_resolvconf_generate();
-			/* Start or restart dhcpleases when it's necessary */
-			system_dhcpleases_configure();
-	
-			if ($retval == 0) {
-				clear_subsystem_dirty('hosts');
-			}
+			mark_subsystem_dirty('hosts');
 		}
 	}
 }
-- 
cgit v1.1


From d71525b31f352d2c6be9eeec24d5f79af4c440a3 Mon Sep 17 00:00:00 2001
From: Renato Botelho <renato@netgate.com>
Date: Tue, 24 Nov 2015 07:32:07 -0200
Subject: Create pkg directories symlinks when using ramdisk, ticket #5493

---
 src/etc/rc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/etc/rc b/src/etc/rc
index 1e2ca6f..88e3578 100755
--- a/src/etc/rc
+++ b/src/etc/rc
@@ -120,7 +120,7 @@ if [ "${PLATFORM}" != "cdrom" ]; then
 		/etc/rc.embedded
 	fi
 
-	if [ -n "${MOVE_PKG_DATA}" ]; then
+	if [ -n "${MOVE_PKG_DATA}" -o "${USE_MFS_TMPVAR}" = "true" ]; then
 		/bin/mkdir -p /var/db /var/cache
 		ln -sf ../../root/var/db/pkg /var/db/pkg
 		ln -sf ../../root/var/cache/pkg /var/cache/pkg
-- 
cgit v1.1


From 9528bc24c027adf88cefe7d9eb5d9b7503d45626 Mon Sep 17 00:00:00 2001
From: Renato Botelho <renato@netgate.com>
Date: Tue, 24 Nov 2015 07:42:43 -0200
Subject: Add cog icon while loading

---
 src/usr/local/www/widgets/widgets/installed_packages.widget.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/usr/local/www/widgets/widgets/installed_packages.widget.php b/src/usr/local/www/widgets/widgets/installed_packages.widget.php
index 17e9439..a74da93 100644
--- a/src/usr/local/www/widgets/widgets/installed_packages.widget.php
+++ b/src/usr/local/www/widgets/widgets/installed_packages.widget.php
@@ -172,7 +172,7 @@ if (empty($installed_packages)): ?>
 <?php else: ?>
 <div class="table-responsive">
 	<table id="pkgtbl" class="table table-striped table-hover table-condensed">
-		<tr><td><?=gettext("Retrieving package data")?></td></tr>
+		<tr><td><?=gettext("Retrieving package data")?>&nbsp;<i class="fa fa-cog fa-spin"</i></td></tr>
 	</table>
 </div>
 <?php endif; ?>
-- 
cgit v1.1


From 3da670d25bb6122aef4c894e63fe5a3bd35dcac8 Mon Sep 17 00:00:00 2001
From: Renato Botelho <renato@netgate.com>
Date: Tue, 24 Nov 2015 07:43:18 -0200
Subject: Move get_pkg_info() call to ajax request to make widget more
 responsive

---
 .../widgets/widgets/installed_packages.widget.php  | 28 ++++++++++++----------
 1 file changed, 15 insertions(+), 13 deletions(-)

diff --git a/src/usr/local/www/widgets/widgets/installed_packages.widget.php b/src/usr/local/www/widgets/widgets/installed_packages.widget.php
index a74da93..5f7e29a 100644
--- a/src/usr/local/www/widgets/widgets/installed_packages.widget.php
+++ b/src/usr/local/www/widgets/widgets/installed_packages.widget.php
@@ -66,12 +66,20 @@ require_once("functions.inc");
 require_once("/usr/local/www/widgets/include/installed_packages.inc");
 require_once("pkg-utils.inc");
 
-$package_list = get_pkg_info();
-$installed_packages = array_filter($package_list, function($v) {
-	return (isset($v['installed']) || isset($v['broken']));
-});
-
 if($_REQUEST && $_REQUEST['ajax']) {
+	$package_list = get_pkg_info();
+	$installed_packages = array_filter($package_list, function($v) {
+		return (isset($v['installed']) || isset($v['broken']));
+	});
+
+	if (empty($installed_packages)) {
+		print("<div class=\"alert alert-warning\" role=\"alert\">\n");
+		print("	<strong>No packages installed.</strong>\n");
+		print("	You can install packages <a href=\"pkg_mgr.php\" class=\"alert-link\">here</a>.\n");
+		print("</div>\n");
+		exit;
+	}
+
 	print("<thead>\n");
 	print(	"<tr>\n");
 	print(		"<th>" . gettext("Name")     . "</th>\n");
@@ -163,19 +171,13 @@ if($_REQUEST && $_REQUEST['ajax']) {
 
 	exit;
 }
+?>
 
-if (empty($installed_packages)): ?>
-<div class="alert alert-warning" role="alert">
-	<strong>No packages installed.</strong>
-	You can install packages <a href="pkg_mgr.php" class="alert-link">here</a>.
-</div>
-<?php else: ?>
 <div class="table-responsive">
 	<table id="pkgtbl" class="table table-striped table-hover table-condensed">
 		<tr><td><?=gettext("Retrieving package data")?>&nbsp;<i class="fa fa-cog fa-spin"</i></td></tr>
 	</table>
 </div>
-<?php endif; ?>
 
 <div style="text-align: center;">
 	<?=gettext("Packages may be added/managed here: ")?> <a href="pkg_mgr_installed.php">System -&gt;Packages</a>
@@ -206,4 +208,4 @@ if (empty($installed_packages)): ?>
 		get_pkg_stats();
 	});
 //]]>
-</script>
\ No newline at end of file
+</script>
-- 
cgit v1.1


From 32d0eedf86b42ea67cacb31540609f058af9de07 Mon Sep 17 00:00:00 2001
From: Renato Botelho <renato@netgate.com>
Date: Tue, 24 Nov 2015 09:36:08 -0200
Subject: Use _exec() to call gitsync

---
 src/usr/local/sbin/pfSense-upgrade | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/usr/local/sbin/pfSense-upgrade b/src/usr/local/sbin/pfSense-upgrade
index 1a60d65..19240cb 100755
--- a/src/usr/local/sbin/pfSense-upgrade
+++ b/src/usr/local/sbin/pfSense-upgrade
@@ -430,8 +430,9 @@ pkg_upgrade() {
 
 		# Repository URL is not mandatory
 		if [ -n "${branch}" ]; then
-			/usr/local/sbin/pfSsh.php playback gitsync \
-				${repositoryurl} ${branch} --upgrading
+			_exec "/usr/local/sbin/pfSsh.php playback gitsync \
+				${repositoryurl} ${branch} --upgrading" \
+				"Running gitsync" mute ignore_result
 		fi
 	fi
 }
-- 
cgit v1.1


From 2ed5fb610146526c6c320820f282464ec9e8db35 Mon Sep 17 00:00:00 2001
From: Phil Davis <phil.davis@inf.org>
Date: Tue, 24 Nov 2015 18:00:42 +0545
Subject: Hide dhcp when staticv4 selected

A classic 1-char fix!
Forum: https://forum.pfsense.org/index.php?topic=102940.0
---
 src/usr/local/www/interfaces.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/usr/local/www/interfaces.php b/src/usr/local/www/interfaces.php
index a0aa609..11b6132 100644
--- a/src/usr/local/www/interfaces.php
+++ b/src/usr/local/www/interfaces.php
@@ -3186,7 +3186,7 @@ events.push(function(){
 				break;
 			}
 			case "staticv4": {
-				$('.dhcpadvanced, .none, dhcp').hide();
+				$('.dhcpadvanced, .none, .dhcp').hide();
 				$('.pppoe, .pptp, .ppp').hide();
 				break;
 			}
-- 
cgit v1.1