summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChris Buechler <cmb@pfsense.org>2015-12-17 22:10:13 -0600
committerChris Buechler <cmb@pfsense.org>2015-12-17 22:10:13 -0600
commit6d05bb9af71b156b8fe9a3a9502d93e095f457de (patch)
tree2f0a6a71b53e8551bfbfdd1f1b71bcc72c2ac77a
parent07917f7df529dab51e8f6f6d346f5c7610972639 (diff)
downloadpfsense-6d05bb9af71b156b8fe9a3a9502d93e095f457de.zip
pfsense-6d05bb9af71b156b8fe9a3a9502d93e095f457de.tar.gz
add validation to MAC passthrough. Ticket #5655
-rw-r--r--usr/local/www/services_captiveportal_mac_edit.php12
1 files changed, 10 insertions, 2 deletions
diff --git a/usr/local/www/services_captiveportal_mac_edit.php b/usr/local/www/services_captiveportal_mac_edit.php
index 50a28db..4469f2b 100644
--- a/usr/local/www/services_captiveportal_mac_edit.php
+++ b/usr/local/www/services_captiveportal_mac_edit.php
@@ -118,10 +118,18 @@ if ($_POST) {
$input_errors[] = sprintf("%s. [%s]", gettext("A valid MAC address must be specified"), $_POST['mac']);
}
}
- if ($_POST['bw_up'] && !is_numeric($_POST['bw_up']))
+ if ($_POST['bw_up'] && !is_numeric($_POST['bw_up'])) {
$input_errors[] = gettext("Upload speed needs to be an integer");
- if ($_POST['bw_down'] && !is_numeric($_POST['bw_down']))
+ }
+ if ($_POST['bw_up'] && ($_POST['bw_up'] > 999999 || $_POST['bw_up'] < 1)) {
+ $input_errors[] = gettext("Upload speed must be between 1 and 999999");
+ }
+ if ($_POST['bw_down'] && ($_POST['bw_down'] > 999999 || $_POST['bw_down'] < 1)) {
+ $input_errors[] = gettext("Download speed must be between 1 and 999999");
+ }
+ if ($_POST['bw_down'] && !is_numeric($_POST['bw_down'])) {
$input_errors[] = gettext("Download speed needs to be an integer");
+ }
foreach ($a_passthrumacs as $macent) {
if (isset($id) && ($a_passthrumacs[$id]) && ($a_passthrumacs[$id] === $macent))
OpenPOWER on IntegriCloud