diff options
author | jim-p <jimp@pfsense.org> | 2015-09-08 15:15:58 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2015-09-08 15:15:58 -0400 |
commit | 9fb19cab962fd97fa19054c1f5cf0246a08e2978 (patch) | |
tree | 167637fdcd9de048f2164881a81f79b4bb655869 | |
parent | 5a33a6fb8a41a097204939fd696a0e7e6d5b877f (diff) | |
download | pfsense-9fb19cab962fd97fa19054c1f5cf0246a08e2978.zip pfsense-9fb19cab962fd97fa19054c1f5cf0246a08e2978.tar.gz |
Misc encoding/display issues in the Load Balancer code
-rw-r--r-- | usr/local/www/load_balancer_pool.php | 2 | ||||
-rw-r--r-- | usr/local/www/load_balancer_pool_edit.php | 6 | ||||
-rw-r--r-- | usr/local/www/load_balancer_virtual_server.php | 2 | ||||
-rw-r--r-- | usr/local/www/load_balancer_virtual_server_edit.php | 6 | ||||
-rw-r--r-- | usr/local/www/status_lb_pool.php | 2 | ||||
-rw-r--r-- | usr/local/www/status_lb_vs.php | 2 | ||||
-rw-r--r-- | usr/local/www/widgets/widgets/load_balancer_status.widget.php | 2 |
7 files changed, 19 insertions, 3 deletions
diff --git a/usr/local/www/load_balancer_pool.php b/usr/local/www/load_balancer_pool.php index 46e4e1c..0a81931 100644 --- a/usr/local/www/load_balancer_pool.php +++ b/usr/local/www/load_balancer_pool.php @@ -92,9 +92,11 @@ for ($i = 0; isset($config['load_balancer']['monitor_type'][$i]); $i++) { $mondex[$config['load_balancer']['monitor_type'][$i]['name']] = $i; } for ($i = 0; isset($config['load_balancer']['lbpool'][$i]); $i++) { + $a_pool[$i]['mode'] = htmlspecialchars($a_pool[$i]['mode']); $a_pool[$i]['monitor'] = "<a href=\"/load_balancer_monitor_edit.php?id={$mondex[$a_pool[$i]['monitor']]}\">" . htmlspecialchars($a_pool[$i]['monitor']) . "</a>"; } + $pgtitle = array(gettext("Services"), gettext("Load Balancer"),gettext("Pool")); $shortcut_section = "relayd"; diff --git a/usr/local/www/load_balancer_pool_edit.php b/usr/local/www/load_balancer_pool_edit.php index 457087b..72f36ce 100644 --- a/usr/local/www/load_balancer_pool_edit.php +++ b/usr/local/www/load_balancer_pool_edit.php @@ -74,6 +74,8 @@ if (isset($id) && $a_pool[$id]) { $changedesc = gettext("Load Balancer: Pool:") . " "; $changecount = 0; +$allowed_modes = array("loadbalance", "failover"); + if ($_POST) { $changecount++; @@ -110,6 +112,10 @@ if ($_POST) { if (!empty($_POST['retry']) && !is_port($_POST['retry'])) $input_errors[] = gettext("The retry value must be an integer between 1 and 65535."); + if (!in_array($_POST['mode'], $allowed_modes)) { + $input_errors[] = gettext("The submitted mode is not valid."); + } + if (is_array($_POST['servers'])) { foreach($pconfig['servers'] as $svrent) { if (!is_ipaddr($svrent) && !is_subnetv4($svrent)) { diff --git a/usr/local/www/load_balancer_virtual_server.php b/usr/local/www/load_balancer_virtual_server.php index 04a4d7b..4940864 100644 --- a/usr/local/www/load_balancer_virtual_server.php +++ b/usr/local/www/load_balancer_virtual_server.php @@ -87,6 +87,8 @@ for ($i = 0; isset($config['load_balancer']['lbpool'][$i]); $i++) { } for ($i = 0; isset($config['load_balancer']['virtual_server'][$i]); $i++) { if($a_vs[$i]) { + $a_vs[$i]['mode'] = htmlspecialchars($a_vs[$i]['mode']); + $a_vs[$i]['relay_protocol'] = htmlspecialchars($a_vs[$i]['relay_protocol']); $a_vs[$i]['poolname'] = "<a href=\"/load_balancer_pool_edit.php?id={$poodex[$a_vs[$i]['poolname']]}\">" . htmlspecialchars($a_vs[$i]['poolname']) . "</a>"; if ($a_vs[$i]['sitedown'] != '') { $a_vs[$i]['sitedown'] = "<a href=\"/load_balancer_pool_edit.php?id={$poodex[$a_vs[$i]['sitedown']]}\">" . htmlspecialchars($a_vs[$i]['sitedown']) . "</a>"; diff --git a/usr/local/www/load_balancer_virtual_server_edit.php b/usr/local/www/load_balancer_virtual_server_edit.php index 8e6ffe8..50f59ed 100644 --- a/usr/local/www/load_balancer_virtual_server_edit.php +++ b/usr/local/www/load_balancer_virtual_server_edit.php @@ -69,6 +69,8 @@ if (isset($id) && $a_vs[$id]) { $changedesc = gettext("Load Balancer: Virtual Server:") . " "; $changecount = 0; +$allowed_protocols = array("tcp", "dns"); + if ($_POST) { unset($input_errors); $pconfig = $_POST; @@ -107,6 +109,10 @@ if ($_POST) { else if (is_subnetv4($_POST['ipaddr']) && subnet_size($_POST['ipaddr']) > 64) $input_errors[] = sprintf(gettext("%s is a subnet containing more than 64 IP addresses."), $_POST['ipaddr']); + if (!in_array($_POST['relay_protocol'], $allowed_protocols)) { + $input_errors[] = gettext("The submitted relay protocol is not valid."); + } + if ((strtolower($_POST['relay_protocol']) == "dns") && !empty($_POST['sitedown'])) $input_errors[] = gettext("You cannot select a Fall Back Pool when using the DNS relay protocol."); diff --git a/usr/local/www/status_lb_pool.php b/usr/local/www/status_lb_pool.php index 6e689a3..140a18a 100644 --- a/usr/local/www/status_lb_pool.php +++ b/usr/local/www/status_lb_pool.php @@ -209,7 +209,7 @@ if ($_POST) { <?php echo $pool['monitor']; ?> </td> <td class="listbg" > - <?=$pool['descr'];?> + <?=htmlspecialchars($pool['descr']);?> </td> </tr> <?php endforeach; ?> diff --git a/usr/local/www/status_lb_vs.php b/usr/local/www/status_lb_vs.php index 62ae530..952aea7 100644 --- a/usr/local/www/status_lb_vs.php +++ b/usr/local/www/status_lb_vs.php @@ -132,7 +132,7 @@ include("head.inc"); ?> </td> <td class="listbg" > - <?=$vsent['descr'];?> + <?=htmlspecialchars($vsent['descr']);?> </td> </tr> <?php $i++; endforeach; ?> diff --git a/usr/local/www/widgets/widgets/load_balancer_status.widget.php b/usr/local/www/widgets/widgets/load_balancer_status.widget.php index 098a028..9accedc 100644 --- a/usr/local/www/widgets/widgets/load_balancer_status.widget.php +++ b/usr/local/www/widgets/widgets/load_balancer_status.widget.php @@ -140,7 +140,7 @@ if (!$nentries) </table> </td> <td class="listbg" > - <font color="#FFFFFF"><?=$vsent['descr'];?></font> + <font color="#FFFFFF"><?=htmlspecialchars($vsent['descr']);?></font> </td> </tr> <?php $i++; endforeach; ?> |