From 4eded4f07efbac6b125ba2f6555b76364f1088e4 Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Fri, 28 Jul 2017 13:52:51 +0200 Subject: [PATCH] improve input validations in firewall_aliases_edit.php, closes https://github.com/opnsense/core/issues/1738 --- src/www/firewall_aliases_edit.php | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/src/www/firewall_aliases_edit.php b/src/www/firewall_aliases_edit.php index 601155f3c..8a38fc367 100644 --- a/src/www/firewall_aliases_edit.php +++ b/src/www/firewall_aliases_edit.php @@ -117,8 +117,19 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { // validate data $country_codes = array_keys(geoip_countries()); foreach ($pconfig['host_url'] as &$detail_entry) { + $ipaddr_count = 0; + $domain_alias_count = 0; + foreach (explode('-', $detail_entry) as $tmpaddr) { + if (is_ipaddr($tmpaddr)) { + $ipaddr_count++; + } elseif (trim($tmpaddr) != "") { + $domain_alias_count++; + } + } if ($pconfig['type'] == 'host') { - if (!is_domain($detail_entry) && !is_ipaddr($detail_entry) && !is_alias($detail_entry)) { + if ($ipaddr_count > 1) { + $input_errors[] = sprintf(gettext('Entry "%s" seems to contain a list of addresses, please use a network type alias to define ranges.'), $detail_entry) ; + } elseif (!is_domain($detail_entry) && !is_ipaddr($detail_entry) && !is_alias($detail_entry)) { $input_errors[] = sprintf(gettext('Entry "%s" is not a valid hostname or IP address.'), $detail_entry) ; } } elseif ($pconfig['type'] == 'port') { @@ -130,6 +141,11 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { if (!in_array($detail_entry, $country_codes)) { $input_errors[] = sprintf(gettext('Entry "%s" is not a valid country code.'), $detail_entry) ; } + } elseif ($pconfig['type'] == 'network') { + if (!is_alias($detail_entry) && !is_ipaddr($detail_entry) && !is_subnet($detail_entry) + && !($ipaddr_count == 2 && $domain_alias_count == 0)) { + $input_errors[] = sprintf(gettext('Entry "%s" is not a valid network or IP address.'), $detail_entry) ; + } } }