diff options
author | Renato Botelho <garga@FreeBSD.org> | 2014-11-18 07:46:56 -0200 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2014-11-18 07:46:56 -0200 |
commit | 8a5265b212bcd4518c9dbb74c30408c89709a1b5 (patch) | |
tree | d6295b60f47c7043e3bbe96d086482662ab15adb | |
parent | a0b72ec3700fae82a0fd42f28b29bdd2bf274ce7 (diff) | |
parent | da66ef4f93161efffa53f62a59bb1cbdf5e1f41b (diff) | |
download | pfsense-8a5265b212bcd4518c9dbb74c30408c89709a1b5.zip pfsense-8a5265b212bcd4518c9dbb74c30408c89709a1b5.tar.gz |
Merge pull request #1332 from phil-davis/patch-3
-rw-r--r-- | etc/inc/util.inc | 13 | ||||
-rw-r--r-- | usr/local/www/services_dhcp_edit.php | 2 | ||||
-rw-r--r-- | usr/local/www/services_dhcpv6_edit.php | 2 | ||||
-rw-r--r-- | usr/local/www/services_dnsmasq_edit.php | 21 | ||||
-rw-r--r-- | usr/local/www/services_unbound_host_edit.php | 24 | ||||
-rw-r--r-- | usr/local/www/system.php | 10 | ||||
-rw-r--r-- | usr/local/www/wizards/setup_wizard.xml | 4 |
7 files changed, 60 insertions, 16 deletions
diff --git a/etc/inc/util.inc b/etc/inc/util.inc index c64a5ed..6a2047b 100644 --- a/etc/inc/util.inc +++ b/etc/inc/util.inc @@ -670,7 +670,18 @@ function is_subnetoralias($subnet) { return is_subnet($subnet); } -/* returns true if $hostname is a valid hostname */ +/* returns true if $hostname is just a valid hostname (top part without any of the domain part) */ +function is_unqualified_hostname($hostname) { + if (!is_string($hostname)) + return false; + + if (preg_match('/^(?:[a-z0-9_]|[a-z0-9_][a-z0-9_\-]*[a-z0-9_])$/i', $hostname)) + return true; + else + return false; +} + +/* returns true if $hostname is a valid hostname, with or without being a fully-qualified domain name. */ function is_hostname($hostname) { if (!is_string($hostname)) return false; diff --git a/usr/local/www/services_dhcp_edit.php b/usr/local/www/services_dhcp_edit.php index 5ad02db..2fb7f17 100644 --- a/usr/local/www/services_dhcp_edit.php +++ b/usr/local/www/services_dhcp_edit.php @@ -171,7 +171,7 @@ if ($_POST) { if (!is_hostname($_POST['hostname'])) { $input_errors[] = gettext("The hostname can only contain the characters A-Z, 0-9 and '-'."); } else { - if (strpos($_POST['hostname'],'.')) { + if (!is_unqualified_hostname($_POST['hostname'])) { $input_errors[] = gettext("A valid hostname is specified, but the domain name part should be omitted"); } } diff --git a/usr/local/www/services_dhcpv6_edit.php b/usr/local/www/services_dhcpv6_edit.php index 6b223fc..e2e2fb1 100644 --- a/usr/local/www/services_dhcpv6_edit.php +++ b/usr/local/www/services_dhcpv6_edit.php @@ -123,7 +123,7 @@ if ($_POST) { if (!is_hostname($_POST['hostname'])) { $input_errors[] = gettext("The hostname can only contain the characters A-Z, 0-9 and '-'."); } else { - if (strpos($_POST['hostname'],'.')) { + if (!is_unqualified_hostname($_POST['hostname'])) { $input_errors[] = gettext("A valid hostname is specified, but the domain name part should be omitted"); } } diff --git a/usr/local/www/services_dnsmasq_edit.php b/usr/local/www/services_dnsmasq_edit.php index 7f6d071..dce311c 100644 --- a/usr/local/www/services_dnsmasq_edit.php +++ b/usr/local/www/services_dnsmasq_edit.php @@ -86,8 +86,15 @@ if ($_POST) { do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); - if (($_POST['host'] && !is_hostname($_POST['host']))) - $input_errors[] = gettext("The hostname can only contain the characters A-Z, 0-9 and '-'."); + if ($_POST['host']) { + if (!is_hostname($_POST['host'])) { + $input_errors[] = gettext("The hostname can only contain the characters A-Z, 0-9 and '-'. It may not start or end with '-'."); + } else { + if (!is_unqualified_hostname($_POST['host'])) { + $input_errors[] = gettext("A valid hostname is specified, but the domain name part should be omitted"); + } + } + } if (($_POST['domain'] && !is_domain($_POST['domain']))) $input_errors[] = gettext("A valid domain must be specified."); @@ -124,8 +131,14 @@ if ($_POST) { var_dump(array('fields' => $aliasreqdfields, 'names' => $aliasreqdfieldsn, 'alias' => $alias)); do_input_validation($_POST, $aliasreqdfields, $aliasreqdfieldsn, $input_errors); - if (($alias['host'] && !is_hostname($alias['host']))) { - $input_errors[] = gettext("Hostnames in alias list can only contain the characters A-Z, 0-9 and '-'."); + if ($alias['host']) { + if (!is_hostname($alias['host'])) { + $input_errors[] = gettext("Hostnames in an alias list can only contain the characters A-Z, 0-9 and '-'. They may not start or end with '-'."); + } else { + if (!is_unqualified_hostname($alias['host'])) { + $input_errors[] = gettext("A valid alias hostname is specified, but the domain name part should be omitted"); + } + } } if (($alias['domain'] && !is_domain($alias['domain']))) { $input_errors[] = gettext("A valid domain must be specified in alias list."); diff --git a/usr/local/www/services_unbound_host_edit.php b/usr/local/www/services_unbound_host_edit.php index 7c3db7d..5ebf9ae 100644 --- a/usr/local/www/services_unbound_host_edit.php +++ b/usr/local/www/services_unbound_host_edit.php @@ -1,7 +1,7 @@ <?php /* $Id$ */ /* - services_unbound_edit_host.php + services_unbound_host_edit.php part of the pfSense project (https://www.pfsense.org) Copyright (C) 2014 Warren Baker (warren@decoy.co.za) Copyright (C) 2013-2014 Electric Sheep Fencing, LP @@ -88,8 +88,15 @@ if ($_POST) { do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); - if (($_POST['host'] && !is_hostname($_POST['host']))) - $input_errors[] = gettext("The hostname can only contain the characters A-Z, 0-9 and '-'."); + if ($_POST['host']) { + if (!is_hostname($_POST['host'])) { + $input_errors[] = gettext("The hostname can only contain the characters A-Z, 0-9, '_' and '-'. It may not start or end with '-'."); + } else { + if (!is_unqualified_hostname($_POST['host'])) { + $input_errors[] = gettext("A valid hostname is specified, but the domain name part should be omitted"); + } + } + } if (($_POST['domain'] && !is_domain($_POST['domain']))) $input_errors[] = gettext("A valid domain must be specified."); @@ -126,8 +133,15 @@ if ($_POST) { var_dump(array('fields' => $aliasreqdfields, 'names' => $aliasreqdfieldsn, 'alias' => $alias)); do_input_validation($_POST, $aliasreqdfields, $aliasreqdfieldsn, $input_errors); - if (($alias['host'] && !is_hostname($alias['host']))) - $input_errors[] = gettext("Hostnames in alias list can only contain the characters A-Z, 0-9 and '-'."); + if ($alias['host']) { + if (!is_hostname($alias['host'])) { + $input_errors[] = gettext("Hostnames in an alias list can only contain the characters A-Z, 0-9 and '-'. They may not start or end with '-'."); + } else { + if (!is_unqualified_hostname($alias['host'])) { + $input_errors[] = gettext("A valid alias hostname is specified, but the domain name part should be omitted"); + } + } + } if (($alias['domain'] && !is_domain($alias['domain']))) $input_errors[] = gettext("A valid domain must be specified in alias list."); } diff --git a/usr/local/www/system.php b/usr/local/www/system.php index 31845c2..1329e8d 100644 --- a/usr/local/www/system.php +++ b/usr/local/www/system.php @@ -109,8 +109,14 @@ if ($_POST) { do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); - if ($_POST['hostname'] && !is_hostname($_POST['hostname'])) { - $input_errors[] = gettext("The hostname may only contain the characters a-z, 0-9 and '-'."); + if ($_POST['hostname']) { + if (!is_hostname($_POST['hostname'])) { + $input_errors[] = gettext("The hostname can only contain the characters A-Z, 0-9 and '-'. It may not start or end with '-'."); + } else { + if (!is_unqualified_hostname($_POST['hostname'])) { + $input_errors[] = gettext("A valid hostname is specified, but the domain name part should be omitted"); + } + } } if ($_POST['domain'] && !is_domain($_POST['domain'])) { $input_errors[] = gettext("The domain may only contain the characters a-z, 0-9, '-' and '.'."); diff --git a/usr/local/www/wizards/setup_wizard.xml b/usr/local/www/wizards/setup_wizard.xml index 0558250..7f56d21 100644 --- a/usr/local/www/wizards/setup_wizard.xml +++ b/usr/local/www/wizards/setup_wizard.xml @@ -3,7 +3,7 @@ <copyright> /* $Id$ */ /* - setup.xml + setup_wizard.xml part of pfSense (https://www.pfsense.org/) Copyright (C) 2004, 2005 Scott Ullrich @@ -121,7 +121,7 @@ </stepbeforeformdisplay> <stepsubmitphpaction> <![CDATA[ - if(empty($_POST['hostname']) || !is_hostname($_POST['hostname'])) { + if(empty($_POST['hostname']) || !is_unqualified_hostname($_POST['hostname'])) { print_info_box_np("Hostname is invalid. Please press back in your browser window and correct."); die; } |