diff options
| author | Pierre POMES <pierre.pomes@gmail.com> | 2012-02-19 21:46:12 -0500 |
|---|---|---|
| committer | Pierre POMES <pierre.pomes@gmail.com> | 2012-02-19 21:46:12 -0500 |
| commit | 206aa9fc244e6581e35cbee3df0996a73318d2a9 (patch) | |
| tree | 50c604cac729c6243a557561773578546f4a02e4 | |
| parent | 259f606eb8b186e2b1033036a11467c610188100 (diff) | |
| download | pfsense-206aa9fc244e6581e35cbee3df0996a73318d2a9.zip pfsense-206aa9fc244e6581e35cbee3df0996a73318d2a9.tar.gz | |
Ticket #2205 - Add input validation, keep same logic as 2.0.1 and abore for default values
| -rw-r--r-- | etc/inc/vslb.inc | 18 | ||||
| -rwxr-xr-x | usr/local/www/load_balancer_setting.php | 23 |
2 files changed, 31 insertions, 10 deletions
diff --git a/etc/inc/vslb.inc b/etc/inc/vslb.inc index dfe2705..2659197 100644 --- a/etc/inc/vslb.inc +++ b/etc/inc/vslb.inc @@ -197,14 +197,24 @@ function relayd_configure($kill_first=false) { } } - + $fd = fopen("{$g['varetc_path']}/relayd.conf", "w"); + $conf .= "log updates \n"; + + /* Global timeout and interval settings + if not specified by the user, use a 1000 ms timeout value as in pfsense 2.0.1 and above */ + if (isset($setting['timeout']) && !empty($setting['timeout'])) { + $conf .= "timeout ".$setting['timeout']." \n"; + } else { + $conf .= "timeout 1000 \n"; + } + + if (isset($setting['interval']) && !empty($setting['interval'])) { + $conf .= "interval ".$setting['interval']." \n"; + } /* reindex pools by name as we loop through the pools array */ $pools = array(); - $conf .= "log updates \n"; - $conf .= "timeout ".$setting['timeout']." \n"; - $conf .= "interval ".$setting['interval']." \n"; /* Virtual server pools */ if(is_array($pool_a)) { for ($i = 0; isset($pool_a[$i]); $i++) { diff --git a/usr/local/www/load_balancer_setting.php b/usr/local/www/load_balancer_setting.php index 00444d9..479b2d0 100755 --- a/usr/local/www/load_balancer_setting.php +++ b/usr/local/www/load_balancer_setting.php @@ -61,16 +61,27 @@ if ($_POST) { $savemsg = get_std_save_message($retval); clear_subsystem_dirty('loadbalancer'); } else { + unset($input_errors); $pconfig = $_POST; + + /* input validation */ + if ($_POST['timeout'] && !is_numeric($_POST['timeout'])) { + $input_errors[] = gettext("Timeout must be a numeric value"); + } - $lbsetting['timeout'] = $_POST['timeout']; - $lbsetting['interval'] = $_POST['interval']; + if ($_POST['interval'] && !is_numeric($_POST['interval'])) { + $input_errors[] = gettext("Interval must be a numeric value"); + } - write_config(); - mark_subsystem_dirty('loadbalancer'); + /* update config if user entry is valid */ + if (!$input_errors) { + $lbsetting['timeout'] = $_POST['timeout']; + $lbsetting['interval'] = $_POST['interval']; + + write_config(); + mark_subsystem_dirty('loadbalancer'); + } } - header("Location: load_balancer_setting.php"); - exit; } $pgtitle = array(gettext("Services"),gettext("Load Balancer"),gettext("Settings")); |
