ui: change generic error trap to exclude upgradestatus messages and prevent multiple instances being created, which prevents the user being spammed faster than he/she can close dialogs.
(cherry picked from commit 6f48d0fa4fa0571bd55479271b7dec716c85d53c)
Services: Unbound DNS: Overrides - One of the major disadvantages of asking for domains and hostnames seperately is that standard fqdn validations don't apply, which is the case here. Adding a dot at the end of a fqdn is valid, having an empty element isn't. We fix the latter by preventing a hostname ending with a dot here. closes https://github.com/opnsense/core/issues/10170
(cherry picked from commit 16ddd5a1c1f4751171de10b036f0f8e04ac3d682)
Firewall: Use save method from ApiMutableModelControllerBase for log command, move rule command and savepoint action (#10201)
* Firewall: Use save method from ApiMutableModelControllerBase for log command, move rule command and savepoint action
* Guard all Savepoint Actions additionally as they can interact directly with the config save inside the model
* Add comment to mark the savepoint feature as currently unused by GUI
* We can enable validation on save since only changed fields are evaluated and log or sequence are not chained into other dependant validations
system: protect popen() with exec_safe()
Shell code execution safety has been widely covered in previous releases
but two popen() calls have eluded that previous scope. The code is a bit
overloaded for historic reasons and trusts the config.xml content, but
it can be manipulated with admin-level access rights through either config
import or XMLRPC sync to contain shell injection which lands on the system
unquoted. Fix this by splitting up composite variable $user_op and quoting
every dynamic argument to make sure there is no vector left to inject a
command.
PR: GHSA-xxp9-93cr-x54p
(cherry picked from commit 3b6f357e26a38079313b926b5a5d2b7171717d54)
