diff options
Diffstat (limited to 'config/squid3')
-rwxr-xr-x | config/squid3/34/squid.inc | 50 | ||||
-rw-r--r-- | config/squid3/34/squid.xml | 11 |
2 files changed, 27 insertions, 34 deletions
diff --git a/config/squid3/34/squid.inc b/config/squid3/34/squid.inc index 952d50d8..bf4fcf5d 100755 --- a/config/squid3/34/squid.inc +++ b/config/squid3/34/squid.inc @@ -617,7 +617,7 @@ function squid_deinstall_command() { /* Migrate configuration from god knows which Squid package versions */ /* None of these ever existed with Squid 3.4 package and this cruft should be most likely just removed */ function squid_upgrade_config() { - global $config; + global $config, $pfs_version; /* migrate existing csv config fields */ if (is_array($config['installedpackages']['squidauth']['config'])) { $settingsauth = $config['installedpackages']['squidauth']['config'][0]; @@ -694,6 +694,27 @@ function squid_upgrade_config() { $config['installedpackages']['squidnac']['config'][0]['block_reply_mime_type'] = $settingsnac['block_reply_mime_type']; } + /* XXX: broken Captive Portal patch (Bug #5594) */ + if (isset($config['installedpackages']['squid']['config'][0]['patch_cp'])) { + if ($config['installedpackages']['squid']['config'][0]['patch_cp'] == "on") { + $cp_msg = "Patch Captive Portal feature was removed - see Bug #5594!"; + /* Attempt to restore the backup, remove it after that and unset the config option to avoid running this again in future. */ + $cp_file = '/etc/inc/captiveportal.inc'; + $backup_file = '/root/' . $pfs_version . '.captiveportal.inc.backup'; + if (file_exists($backup_file)) { + copy($backup_file, $cp_file); + $cp_msg .= "Found and restored a previous backup of {$cp_file}. Double-check its contents for sanity!"; + unlink($backup_file); + } else { + $cp_msg .= "Failed to find a backup of {$cp_file}! Get a sane copy of the file from pfSense GitHub repository!"; + } + file_notice("squid", $cp_msg, "Packages", ""); + log_error("[squid] {$cp_msg}"); + unset($cp_msg, $cp_file, $backup_file); + } + unset($config['installedpackages']['squid']['config'][0]['patch_cp']); + } + /* migrate reverse proxy settings */ squid_reverse_upgrade_config(); @@ -2001,33 +2022,6 @@ function squid_generate_rules($type) { global $config, $pfs_version; $squid_conf = $config['installedpackages']['squid']['config'][0]; - //check captive portal option - $cp_file = '/etc/inc/captiveportal.inc'; - $port = ($settings['proxy_port'] ? $settings['proxy_port'] : 3128); - $cp_inc = file($cp_file); - $new_cp_inc = ""; - $found_rule = 0; - foreach ($cp_inc as $line) { - $new_line = $line; - //remove applied squid patch - if (preg_match('/skipto 65314 ip/', $line)) { - $found_rule++; - $new_line = ""; - } - - if (preg_match('/255.255.255.255/', $line) && $squid_conf['patch_cp']) { - $found_rule++; - $new_line .= "\t" . '$cprules .= "add {$rulenum} skipto 65314 ip from any to {$ips} ' . $port . ' in\n";' . "\n"; - $new_line .= "\t" . '$cprules .= "add {$rulenum} skipto 65314 ip from {$ips} ' . $port . ' to any out\n";' . "\n"; - } - $new_cp_inc .= $new_line; - } - if (!file_exists('/root/' . $pfs_version . '.captiveportal.inc.backup')) { - copy($cp_file, '/root/' . $pfs_version . '.captiveportal.inc.backup'); - } - if ($found_rule > 0) { - file_put_contents($cp_file, $new_cp_inc, LOCK_EX); - } // do not install any firewall rules if Squid is disabled or used as reverse proxy only if (!squid_enabled()) { diff --git a/config/squid3/34/squid.xml b/config/squid3/34/squid.xml index 82fe44b8..3538a5fe 100644 --- a/config/squid3/34/squid.xml +++ b/config/squid3/34/squid.xml @@ -42,7 +42,7 @@ ]]> </copyright> <name>squid</name> - <version>0.4.5</version> + <version>0.4.7</version> <title>Proxy Server: General Settings</title> <include_file>/usr/local/pkg/squid.inc</include_file> <menu> @@ -324,15 +324,14 @@ </field> <field> <fielddescr>Patch Captive Portal</fielddescr> - <fieldname>patch_cp</fieldname> <description> <![CDATA[ - Enable this option to force Captive Portal to non transparent proxy users.<br/> - <strong>Note:</strong> You may need to reapply Captive Portal settings after changing this option.<br/> - <strong><span class="errmsg">Warning:</span> This alters /etc/inc/captiveportal.inc file! USE WITH CAUTION!</strong> (A backup is made available under /root directory.) + <strong><span class="errmsg">This feature was removed</span></strong> - see <a href="https://redmine.pfsense.org/issues/5594">Bug #5594</a> for details!<br/> + If you were using this feature, double-check '/etc/inc/captiveportal.inc' content for sanity.<br/> + Get a <a href="https://github.com/pfsense/pfsense/blob/RELENG_2_2/etc/inc/captiveportal.inc">sane copy of the file from pfSense GitHub repository</a> if needed. ]]> </description> - <type>checkbox</type> + <type>info</type> </field> <field> <fielddescr>Resolve DNS IPv4 First</fielddescr> |