webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
0e302b1efc06e0aac4e46b1aa0a44610fcb52db7
bpfire/html/cgi-bin
History
Vincent Li 0e302b1efc firewall.cgi: Fixes XSS potential 
commit 21539d63dfcb15f186309b3107f63d455e4008ea
Author: Adolf Belka <adolf.belka@ipfire.org>
Date:   Thu Oct 2 13:10:15 2025 +0200

    firewall.cgi: Fixes XSS potential

    - Related to CVE-2025-50975
    - Fixes PROT
    - ruleremark was already escaped when firewall.cgi was initially merged back in Core
       Update 77.
    - SRC_PORT, TGT_PORT, dnaport, src_addr & tgt_addr are already validated in the code as
       ports or port ranges.
    - std_net_tgt is a string defined in the code and not a variable
    - The variable key ignores any input that is not a digit and subsequently uses the next
       free rulenumber digit

    Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
2025-10-03 18:09:01 +00:00
..
captive
Do not mark CGI files as executable, second round
2022-04-23 19:36:57 +00:00
logs.cgi
xdp-sni UI: XDP TLS/SSL SNI log view from UI
2024-10-09 00:34:07 +00:00
aliases.cgi
aliases: Add support to assign aliases to multiple RED interfaces
2022-07-06 10:01:50 +00:00
atm-status.cgi
Early spring clean: Remove trailing whitespaces, and correct licence headers
2022-02-18 23:54:57 +00:00
backup.cgi
backup.cgi: Read and deliver the requested backup in pieces
2023-05-11 20:07:13 +00:00
captive.cgi
Do not mark CGI files as executable
2022-04-23 19:35:37 +00:00
chpasswd.cgi
Early spring clean: Remove trailing whitespaces, and correct licence headers
2022-02-18 23:54:57 +00:00
connections.cgi
connections.cgi: Update file header
2023-11-24 13:13:16 +00:00
connscheduler.cgi
Early spring clean: Remove trailing whitespaces, and correct licence headers
2022-02-18 23:54:57 +00:00
country.cgi
country.cgi: Fix for copy&paste typo
2021-02-15 13:13:54 +00:00
credits.cgi
UI: adjust credits for BPFire/IPFire support
2024-09-10 03:03:22 +00:00
ddns.cgi
ddns.cgi: Fix sanity check logic.
2021-07-07 09:34:31 +00:00
ddos.cgi
errormessage: use red color for errormessage
2024-06-15 02:14:22 +00:00
dhcp.cgi
LoxiLB: rename UI ipconfig to ipconfigfile
2024-07-09 01:47:46 +00:00
dns.cgi
Do not mark CGI files as executable
2022-04-23 19:35:37 +00:00
dnsforward.cgi
Early spring clean: Remove trailing whitespaces, and correct licence headers
2022-02-18 23:54:57 +00:00
extrahd.cgi
extrahd.cgi: Add support for LVM and MDADM devices
2023-10-01 08:16:17 +00:00
fireinfo.cgi
fireinfo.cgi: Fix kernel version
2021-07-09 12:56:17 +00:00
firewall.cgi
firewall.cgi: Fixes XSS potential
2025-10-03 18:09:01 +00:00
fwhosts.cgi
fwhosts.cgi: Add button spacing on 'Firewall/Firewall Groups' page
2025-07-04 03:31:02 +00:00
getrrdimage.cgi
Drop support for entropy graph
2023-03-13 21:37:39 +00:00
gpl.cgi
Early spring clean: Remove trailing whitespaces, and correct licence headers
2022-02-18 23:54:57 +00:00
guardian.cgi
guardian: Use new system methods
2021-06-10 14:30:53 +01:00
gui.cgi
gui.cgi: Use new system methods
2021-06-10 14:30:53 +01:00
haproxy.cgi
haproxy: add HAProxy UI draft patch
2024-11-06 19:09:21 +00:00
hardwaregraphs.cgi
rrd graphs: Fix indentation after removing graph output
2021-09-05 08:32:17 +00:00
hosts.cgi
Early spring clean: Remove trailing whitespaces, and correct licence headers
2022-02-18 23:54:57 +00:00
ids.cgi
ids.cgi: Remove etag data when deleting a provider.
2022-04-26 05:24:47 +02:00
index.cgi
index.cgi: Show WireGuard status using the function library
2025-07-04 03:48:54 +00:00
ipblocklist.cgi
ipblocklist.cgi: Fix settings checkbox handling
2023-03-11 16:27:32 +00:00
ipinfo.cgi
Hardcode theme to ipfire
2021-04-08 10:11:34 +00:00
iptables.cgi
Early spring clean: Remove trailing whitespaces, and correct licence headers
2022-02-18 23:54:57 +00:00
keepalived.cgi
keepalived UI: add dummy ip for HA state tracking
2024-07-13 02:14:41 +00:00
keepalivedvs.cgi
keepalived vs/rs UI: add virtual/real server UI
2024-07-05 21:46:07 +00:00
location-block.cgi
xdp-geoip: safe call to xdpgeoip init script
2024-10-13 20:59:48 +00:00
loxilb.cgi
loxilb UI: save loxilb configuration
2024-08-25 16:41:31 +00:00
loxilbconfig.cgi
loxilb UI: save loxilb configuration
2024-08-25 16:41:31 +00:00
loxilbfw.cgi
loxilb UI: save loxilb configuration
2024-08-25 16:41:31 +00:00
mac.cgi
Early spring clean: Remove trailing whitespaces, and correct licence headers
2022-02-18 23:54:57 +00:00
mail.cgi
mail.cgi: Fixes bug#13040 - Change multipart/mixed to multipart/alternative
2023-03-04 14:05:42 +00:00
mdstat.cgi
mdstat.cgi: Print mdstat status in pure perl
2021-06-17 20:11:37 +00:00
media.cgi
media.cgi: Added translation for 'inodes'
2022-04-24 19:08:34 +00:00
memory.cgi
rrd graphs: Fix indentation after removing graph output
2021-09-05 08:32:17 +00:00
modem-status.cgi
modem-status: add more ttyUSB and ttyACM ports.
2014-06-06 10:45:59 +02:00
modem.cgi
Early spring clean: Remove trailing whitespaces, and correct licence headers
2022-02-18 23:54:57 +00:00
mpfire.cgi
mpfire.cgi: Use new perl system functions
2021-06-10 14:33:57 +01:00
netexternal.cgi
Early spring clean: Remove trailing whitespaces, and correct licence headers
2022-02-18 23:54:57 +00:00
netinternal.cgi
rrd graphs: Fix indentation after removing graph output
2021-09-05 08:32:17 +00:00
netother.cgi
Do not mark CGI files as executable
2022-04-23 19:35:37 +00:00
netovpnrw.cgi
Do not mark CGI files as executable
2022-04-23 19:35:37 +00:00
netovpnsrv.cgi
Do not mark CGI files as executable
2022-04-23 19:35:37 +00:00
optionsfw.cgi
optionsfw.cgi: Move Firewall Options Drop commands to before the logging section
2024-02-07 11:02:18 +00:00
ovpnmain.cgi
ovpnmain.cgi: Fix for bug#11048 - insecure download icon shown for connections with a password
2023-09-28 09:33:21 +00:00
pakfire.cgi
pakfire: Replace status duplicate code
2022-07-28 13:44:29 +00:00
pppsetup.cgi
pppsetup.cgi: Move authentication above MTU
2022-12-17 17:20:46 +00:00
proxy.cgi
Revert "proxy.cgi: Fix for Bug #12826 'squid >=5 crashes on literal IPv6 addresses'"
2024-01-08 18:34:58 +00:00
qos.cgi
Revert "qos.cgi: Removed last two P2P lines"
2022-04-04 18:09:29 +00:00
remote.cgi
fix remote.cgi code style
2024-03-16 03:26:26 +00:00
routing.cgi
Early spring clean: Remove trailing whitespaces, and correct licence headers
2022-02-18 23:54:57 +00:00
samba.cgi
samba.cgi: Fixes bug#13193 - disables smb1 unix extensions in smb.conf
2023-08-07 09:21:52 +00:00
services.cgi
services.cgi: avoid experimental warnings
2023-02-09 16:39:34 +00:00
shutdown.cgi
shutdown.cgi: Add "reboot with filesystem check" button
2021-09-02 09:11:50 +00:00
speed.cgi
Early spring clean: Remove trailing whitespaces, and correct licence headers
2022-02-18 23:54:57 +00:00
system.cgi
rrd graphs: Fix indentation after removing graph output
2021-09-05 08:32:17 +00:00
time.cgi
Early spring clean: Remove trailing whitespaces, and correct licence headers
2022-02-18 23:54:57 +00:00
tor.cgi
tor.cgi: Fixes deprecated tor option 'ExitNode' to 'ExitNodes'
2023-12-04 22:32:43 +00:00
traffic.cgi
traffic.cgi: Do not use hard-coded red interface name
2023-03-11 16:29:43 +00:00
updatexlrator.cgi
updatexlrator.cgi: Update to naming of variables in css section
2023-03-11 16:30:39 +00:00
urlfilter.cgi
urlfilter.cgi: Fixes bug#10649 - calls urlfilterctrl with remove option if update disabled
2023-09-28 09:39:26 +00:00
vpnmain.cgi
vpnmain.cgi: Add option to regenerate the host certificate
2024-02-07 11:08:51 +00:00
vulnerabilities.cgi
vulnerabilities.cgi: Avoid superfluous line breaks by widening SMT configuration table
2023-08-15 16:48:55 +00:00
wakeonlan.cgi
wakeonlan.cgi: Fix meta refresh tag
2022-04-24 19:13:51 +00:00
webaccess.cgi
Early spring clean: Remove trailing whitespaces, and correct licence headers
2022-02-18 23:54:57 +00:00
wio.cgi
wio: move cgi files to standard IPFire location
2023-05-18 09:47:46 +00:00
wiographs.cgi
wio: move cgi files to standard IPFire location
2023-05-18 09:47:46 +00:00
wireguard.cgi
wireguard: add IP on road warrior interface wg0
2025-07-20 23:40:09 +00:00
wireless.cgi
Early spring clean: Remove trailing whitespaces, and correct licence headers
2022-02-18 23:54:57 +00:00
wirelessclient.cgi
wireless client: Remove option for WEP
2022-02-21 20:56:01 +00:00
wlanap.cgi
wlanap.cgi: fix typo at reading country list
2021-09-24 09:31:52 +00:00
xdpdns.cgi
xdp-dns UI: change running state check
2024-10-05 23:17:26 +00:00
xdpsni.cgi
xdp-sni UI: allow UI to enable/disable XDP SNI
2024-10-22 18:48:33 +00:00
zoneconf.cgi
Early spring clean: Remove trailing whitespaces, and correct licence headers
2022-02-18 23:54:57 +00:00