lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-14 00:24:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

improve input validations in firewall_aliases_edit.php, closes https://github.com/opnsense/core/issues/1738

Browse Source
This commit is contained in:
Ad Schellevis 2017-07-28 13:52:51 +02:00
parent 2e5ac42ff4
commit 4eded4f07e
1 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/www/firewall_aliases_edit.php
View File

@ -117,8 +117,19 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
// validate data
$country_codes = array_keys(geoip_countries());
foreach ($pconfig['host_url'] as &$detail_entry) {
$ipaddr_count = 0;
$domain_alias_count = 0;
foreach (explode('-', $detail_entry) as $tmpaddr) {
if (is_ipaddr($tmpaddr)) {
$ipaddr_count++;
} elseif (trim($tmpaddr) != "") {
$domain_alias_count++;
}
}
if ($pconfig['type'] == 'host') {
if (!is_domain($detail_entry) && !is_ipaddr($detail_entry) && !is_alias($detail_entry)) {
if ($ipaddr_count > 1) {
$input_errors[] = sprintf(gettext('Entry "%s" seems to contain a list of addresses, please use a network type alias to define ranges.'), $detail_entry) ;
} elseif (!is_domain($detail_entry) && !is_ipaddr($detail_entry) && !is_alias($detail_entry)) {
$input_errors[] = sprintf(gettext('Entry "%s" is not a valid hostname or IP address.'), $detail_entry) ;
}
} elseif ($pconfig['type'] == 'port') {
@ -130,6 +141,11 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
if (!in_array($detail_entry, $country_codes)) {
$input_errors[] = sprintf(gettext('Entry "%s" is not a valid country code.'), $detail_entry) ;
}
} elseif ($pconfig['type'] == 'network') {
if (!is_alias($detail_entry) && !is_ipaddr($detail_entry) && !is_subnet($detail_entry)
&& !($ipaddr_count == 2 && $domain_alias_count == 0)) {
$input_errors[] = sprintf(gettext('Entry "%s" is not a valid network or IP address.'), $detail_entry) ;
}
}
}