- This line is no longer needed with the help button at the top of each WUI page that was
implemented by @Leo
- Sorry for long time for me to get around to finalising this patch but it is done now.
Fixes: bug#12701
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- This updates the updatexlrator.cgi page to the same central use of extraHead from
header.pl and simplifying of css variables where appropriate.
- The variables for the percentage bar will also be able to be used in other cgi pages
with a percent bar.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- After looking at other .cgi files I realised that I had named the variables based on
their dhcp usage only. However colouryellow or color20 etc can be used not only in a
row but also in a cell or a column. Rather than ending up with multiple copies of the
same colour for rows, cells, columns etc I have simplified the variable names to just
the colour. They can then be used in whatever situation is wanted. The rest of the cgi
code will give the view of what structure the colour is being applied to.
- This will limit the number of different css variables defined in the header.pl file
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
If QMI is used the dial in mode has to be set as ppp dialin but the
interface name is red. In such a case the old code tried to display
the stats for the ppp0 interface which is wrong.
This patch fixes this issue by calling the handy function to get
the correct interface name for red.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Checkboxes does not submit any values if they are not checked.
Default them to "off" in such a case.
This fixes the issue not beeing able to disable the logging.
Fixes#12979.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
- Most of the packages being searched for in the system logs section only put hostname into
the logs. However HAProxy puts the FQDN. Reviewing RFC 5424 shows that this is following
the requirements. The preferred order fromn the RFC is
1. FQDN
2. Static IP address
3. hostname
4. Dynamic IP address
5. the NILVALUE
- Most of the programs are using option 3 but option 1 is valid for HAProxy
- The regex change filters out the hostname from the FQDN if an extra 'dot' is present
Fixes: Bug#12922
Suggested-by: Michael <ip.fire@die-fritzens.de>
Tested-by: Michael <ip.fire@die-fritzens.de>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- This is happening due to the use of bgcolor which has been deprecated since HTML4.01 and
is no longer supported in HTML5
- Similar approach used here as was used in the same fix for the dhcp.cgi page
- CSS based approach utilised.
- Partially tested in my vm testbed. The percentage bar works withg no problems.
The table could not be confirmed as in my testbed I don't have updatexlrator running
as my updates are all based on https and not http.
- The table will need to be confirmed by the bug reporter or someone else that uses
updatexlrator
Fixes: Bug#13024
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Thunderbird and Roundcube mail clients presume that any mail with Content Type of
multipart/mixed has an attachment included rather than actually checking for
disposition attachment. This means that any mail with multipart/mixed gets the
attachment icon marked up even though there is no attachment.
- Although this is a problem of the clients involved, in this case the simplest solution
is to change multipart/mixed to multipart/alternative as the Mail Service test mail only
sends text without any attachment or other part.
- Confirmed on my vm testbed
Fixes: Bug#13040
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
- Patch tested out on my production system that has apcupsd running on it. APCUPS was
in the list of options in the system logs and entries from apcupsd were extracted
correctly in the wui.
Fixes: Bug#12950
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- This v2 patch has moved the extraHead variable into header.pl
- This patch marks all IP's that are in the Fixed list but are also in the dynamic range
that has been defined, in red.
- Additional function created to check if an ip address is in a defined range.
- Added an additional key item under the Fixed Leases table for Fixed IP in dynamic range
- Added line to English Language file for this key item.
- ./make lang run before commit.
- Tested in vm testbed and confirmed that any ip address in the Fixed Leases table that
is in the defined dynamic range is highlighted in red
- This uses the css background-color appoach from the first patch in this set.
- This patch only highlights those IP's that overlap in red but does nothing more. So a
user can still create new ones if they want but they will all show up in red.
- This patch flags up if people are doing things that they shouldn't be doing but allows
them to continue doing so without changing anything if they don't want to and so will
not break existing setups.
Fixes: Bug#10629
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Tested-by: Bernhard Bitsch <bbitsch@ipfire.org>
- This v2 version moves the extraHead variable to header.pl as many of the css values
will be used in many other WUI cgi pages so makes sense to not define anew in every
location using the bgcolor or other colour variables.
- I will submit patches to follow the same approach in all other WUI cgi pages once this
has been submitted into next
- bgcolor was deprecated in HTML 4.01 and is not supported by HTML 5
- The orange colour for IP's that are outside the IPFire green and blue subnets does not
work on any browser I am using.
- I used the CSS approach that @Leo used in the Zone Configuration cgi page
- This patch changes all existing bgcolor entries to the css based background-color
- Tested on my vm testbed and confirmed to work. The Orange colour for IP's outside of
the subnet now shows up.
Fixes: Bug#10629
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Tested-by: Bernhard Bitsch <bbitsch@ipfire.org>
- In six places <td class'base'> has been used instead of <td class='base'>
- This patch fixes that error - tested on my vm testbed. Selecting Inspect Element now
shows the corrrect result rather than class 'base' being set to null.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
This has been removed a long time ago and we should probably spend a
little bit more time on keeping the networking code tidy :)
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- On CU172 Testing Build: master/eb9e29f9 when selecting the OpenVPN menu it showed the
Diffie-Hellman info and pressing back took you to the same DH page.
- Tested patch suggestion from Erik on vm testbed and confirmed that it worked.
Suggested-by: Erik Kapfer <erik.kapfer@ipfire.org>
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
* Translate string "Addon" in services.cgi
* Added EN/NL translations
* Correct existing plural DE translation for singular "Add-on"
* Fix usage of the incorrect strings "addon(s)" to correct
hyphenated "add-on(s)" also in other translation strings for
EN/NL/DE
Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
We already moved away from 2048-MODP in Core Update 170. Similarly,
German Federal Office for Information Security (BSI) recommends shifting
away from RSA keys below 3,000 bits by the end of 2022 at the latest.
The only place left in IPFire 2.x where we generate such keys is for
IPsec and OpenVPN host certificates. This patch increases their key
sizes to 4,096 bits as well - CA certificates already have this length.
Existing VPN connections cannot be migrated automatically. However, only
the respective host certificate has to be regenerated - thanks to the CA
certificates' key length being sufficient, there is no need to replace
the entire VPN CA.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
* If a cgi file exists with the same name as an addon, the
displayed service will be a link to that cgi file.
Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
* Add restart action to services.
* Only display available actions for a service:
Start when service is stopped or Stop and Restart when a service
is running.
Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
* Singular 'Service' instead of plural 'Services' as column header of
services table
* Sort list of services
Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
* addonctrl's new functionality to control explicit addon services was
implemented.
* Change 'Addon' column header to 'Addon Service' to be clear that
it's not addons but services listed here.
* Services not matching the name of the addon now display the addon
name between parentheses, so the user knows where the service comes
from.
* When no valid runlevel symlink is found by addonctrl for a service,
the 'enable on boot' checkbox is replaced by a small exclamation point
with alt-text "No valid runlevel symlink was found for the initscript of
this service." to inform user why a service can't be enabled.
* Added German and Dutch translation for above message.
Fixes: Bug#12935
Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Removed remnant from IPCop on URL Filter Logs Export page.
Signed-off-by: Jon Murphy <jon.murphy@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
The email recipient was not correctly validated which allowed for some
stored cross-site scripting vulnerability.
Fixes: #12925 - JVN#15411362 Inquiry on vulnerability found in IPFire
Reported-by: Noriko Totsuka <vuls@jpcert.or.jp>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
https://weakdh.org/imperfect-forward-secrecy-ccs15.pdf (released in
2015) recommends "to use primes of 2048 bits or larger", to which BSI's
techical guideline BSI-TR-02102 (https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR02102/BSI-TR-02102.pdf?__blob=publicationFile&v=5)
concurs. The latter also recommends not to use DH groups comprising of
less than 2000 bits after 2022, and shift to 3000 bit DH groups earlier
as a precaution.
According to RFC 3526, section 8, MODP-1536 provides an estimated
security between 90 and 120 bits, a value that can be reasonably
considered broken today, as it has been so for other types of
cryptographic algorithms already, and per section 2.4 in the
aforementioned paper, breaking 1024-bit DH is considered feasible for
the NSA in 2015, which does not inspire confidence for MODP-1536 in
2022.
Therefore, this patch suggests to mark MODP-1536 as broken, since it
de facto is, and tag MODP-2048 as weak. The latter is also removed from
the default selection, so newly created VPN connections won't use it
anymore, to follow BSI's recommendations of using DH groups >= 3000 bits
in 2022 and later.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
- Use getmetadata function in services.cgi to determine installed
addon services to display. Removing code duplication and intel that
should only be known by pakfire itself.
- Removed hardcoded exclusions:
- squid should show up correctly using the new metadata info
- mdadm is part of core and will never show up here
- alsa, unknown if this problem still exists, but if it is, this
should be handled somewhere else.
Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
- Removed UI code from dblist function and refactor it making it return
a hash representing the pak db for easier handling of this data.
- Moved core update check in dblist to new seperate dbcoreinfo function
making it return a hash with current and possibly available core
version info.
- Update existing calls to dblist
- Bring UI parts previously in dblist to pakfire program itself,
pakfire.cgi and index.cgi with a few small enhancements:
- Translations for 'Core-Update', 'Release', 'Update' and 'Version'
- Add currently installed version numbers to installed paks list in
pakfire.cgi
- Add 'Installed: yes/no' to pakfire list output so people not using
colors have this information too. (Partly fixes Bug #12868)
- Add update available details to pakfire list output if package has
updates available.
Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
