Phil Davis
efac3a1346
Only include a scheduled rule if it is strictly before the end time
...
The exact moment of the end time is the end of the schedule. We do not want to include a rule when filter_configure_sync wakes up at 00:15:00 etc and is on a not-slow system that processes this code during the interval 00:15:00 to 00:15:01. This should help intermittent issues with schedules not finishing at the appropriate 15-minute boundary. Might help or fix #3558
2014-06-20 10:25:59 -04:00
Renato Botelho
e792ac3632
Remove extra data after space and fix pf rule syntax. It should fix #3688
2014-06-20 10:35:43 -03:00
Renato Botelho
1c9a521b93
Merge pull request #1208 from razzfazz/nat_add_missing_protocols
2014-06-20 09:36:10 -03:00
Renato Botelho
4f380b62d5
Remove also . and / from graph
2014-06-19 13:05:06 -03:00
Renato Botelho
2d1e985d2b
Fix status_rrd_graph_img.php and also improve it:
...
- Remove escapeshellarg that broke command line
- Only remove dangerous chars to avoid command injection
- Replace all `hostname` calls by php_uname('n')
- Replace all `date` calls by strftime()
- Add $_gb to collect possibly garbage from exec return
2014-06-19 12:23:44 -03:00
Renato Botelho
8aca755afe
Make sure single quotes are encoded and avoid javascript injection
2014-06-19 11:29:18 -03:00
Renato Botelho
cedd070513
Use CDATA for javascript
2014-06-19 10:37:56 -03:00
Renato Botelho
559929c2da
Fix indent and whitespaces
2014-06-19 10:37:44 -03:00
Renato Botelho
d1dda49817
Simplify logic, add some protection to user input parameters
2014-06-18 16:39:11 -03:00
Renato Botelho
f1a13a7fce
Fix whitespaces and indent
2014-06-18 15:41:24 -03:00
Renato Botelho
811baa9bf5
We need to allow subdirectories under /usr/local/pkg, here is the proper fix
2014-06-18 13:46:08 -03:00
Renato Botelho
e8abc4a76a
Set 'Disable webConfigurator login autocomplete' as on by default
2014-06-18 07:52:26 -03:00
Renato Botelho
fa73c7cd8b
Always set httponly attribute on cookies
2014-06-18 07:38:12 -03:00
Renato Botelho
ce9d5d7255
Protect servicestatusfilter parameter with htmlspecialchars()
2014-06-17 15:13:42 -03:00
Renato Botelho
860b102acb
Protect rssfeed parameters with htmlspecialchars()
2014-06-17 14:53:50 -03:00
Renato Botelho
3034b37185
Add comment I forgot on last commit
2014-06-17 14:27:45 -03:00
Renato Botelho
ff9b30ec40
Re-generate session ID on a successful login to avoid session fixation
2014-06-17 14:26:50 -03:00
Renato Botelho
62480a449e
Avoid directory traversal on restorefullbackup
2014-06-17 13:47:46 -03:00
Matt Smith
7be297a2ce
Fix core dump on viewing invalid package log
2014-06-17 11:30:53 -05:00
Renato Botelho
1cfe54900a
Remove . and / from pkg name to avoid directory traversal
2014-06-17 11:17:15 -03:00
Renato Botelho
73944f6824
Remove id=0 from miniupnpd menu and shortcut
2014-06-17 10:48:21 -03:00
Renato Botelho
9ddd3418da
Avoid directory traversal when reading package xml files, also check if file exists before try to read it
2014-06-17 10:33:05 -03:00
Renato Botelho
aa27de6e78
Make sure variables are escaped, also replace exec calls to run rm by unlink_if_exists()
2014-06-17 10:19:34 -03:00
Renato Botelho
592abfa4a4
Remove useless code, variable is set again on next line
2014-06-17 10:18:44 -03:00
Renato Botelho
e41ab9aa32
Escape parameters passed to shell_exec()
2014-06-17 09:40:06 -03:00
Renato Botelho
ee4ba9fba1
Be more careful with host parameter and make sure it's escaped when call shell functions
2014-06-17 09:28:35 -03:00
Renato Botelho
54a9da9fce
Validate starttime and stoptime format
2014-06-17 07:34:03 -03:00
Renato Botelho
e7eeb5ceac
Do not expire already disabled users, it fixes #3644
2014-06-12 09:31:12 -03:00
Renato Botelho
f5629ea6b8
Be more precise to match members of a bridge interface, it should fix #3637
2014-06-10 14:21:16 -03:00
Renato Botelho
b2821f7df2
Revert "Revert "Fix #3700 and other syntax issues:""
...
This reverts commit 4cc2ae78d3
.
2014-06-10 11:28:27 -03:00
Renato Botelho
ab3c1e240b
Revert "Fix sh syntax"
...
This reverts commit cd49f9cd5d
.
2014-06-10 11:28:21 -03:00
Renato Botelho
cd49f9cd5d
Fix sh syntax
2014-06-10 10:54:56 -03:00
Renato Botelho
4cc2ae78d3
Revert "Fix #3700 and other syntax issues:"
...
This reverts commit e912bfae18
.
2014-06-10 10:54:24 -03:00
Renato Botelho
e912bfae18
Fix #3700 and other syntax issues:
...
- Remove -G parameter from pfctl since it doesn't exist anymore
- Initialize $old_router
- Fix sh syntax on variable assign, it couldn't have space before =
- Simplify logic
- Avoid flush states twice, if it was done on IP change, don't do it
again if router also has changed
2014-06-10 10:40:33 -03:00
Renato Botelho
6da518fcee
Do not allow interface group name to be bigger than 15 chars, helps ticket #3208
2014-06-09 15:32:24 -03:00
Renato Botelho
ad03afb62a
Escape argument on call to is_process_running too, also remove some unecessary mwexec() calls
2014-06-06 11:54:05 -03:00
Renato Botelho
4cc342453c
Add some protection to parameters that come through _GET
2014-06-06 11:53:21 -03:00
jim-p
cbf16c3020
Escape this before running.
2014-06-06 08:26:26 -04:00
Renato Botelho
3bbc23b80d
Bump version to 2.1.4
2014-06-05 15:36:53 -03:00
Renato Botelho
764ac8c73a
Fix #3691 , use curl instead of fetch to download update files
2014-06-05 08:55:24 -03:00
Matt Smith
466cabedd6
allow ipaliases to be configured on lo0
2014-06-03 13:18:57 -05:00
Chris Buechler
bc76b18eb9
remove openbgpd bits from system_gateways_edit and system.inc. The package
...
match is case-sensitive and hasn't matched the openbgpd package's name in
at least 5 years, so it doesn't do anything. It's far from functional in
any useful manner even fixing that issue.
2014-05-30 19:57:51 -05:00
jim-p
7d363e57a0
client-config-dir is also useful when using OpenVPN's internal DHCP while bridging.
2014-05-30 08:45:43 -04:00
Renato Botelho
268258b5aa
Unset iflist and iflist_disabled
2014-05-29 10:53:28 -03:00
Renato Botelho
22ed6e3eab
Show disabled interface when it was already part of interface group, it avoids to show a random interface instead and let user to add it by mistake. It should fix #3680
2014-05-29 08:53:05 -03:00
Manuel Silvoso
1930a63e81
Convert protocol ssl:// to https:// when creating http headers
2014-05-28 17:48:54 -03:00
Daniel Becker
a4d67bd5f7
bring protocols on NAT edit page more in line with rule edit page
2014-05-22 23:45:49 -07:00
jim-p
d62a265c91
Properly handle this rename, and squelch errors if it fails.
2014-05-21 13:30:23 -04:00
Renato Botelho
8d6c5f6621
Delete all ip aliases when interface is disabled, it should fix #3650
2014-05-21 14:22:11 -03:00
Chris Buechler
38f6f50a84
fix variable typo. ticket #3669
2014-05-20 22:57:38 -05:00