Change is_port() to only validate a single port, we have is_portrange() for specific cases. Make necessary adjustments after check all is_port() calls. It fixes #3857

3 files changed, 9 insertions, 12 deletions

diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index e325e56..38680f7 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -506,7 +506,7 @@ function filter_generate_nested_alias($name, $alias, &$aliasnesting, &$aliasaddr
 			else if(!isset($aliasnesting[$address]))
 				$tmpline = filter_generate_nested_alias($name, $aliastable[$address], $aliasnesting, $aliasaddrnesting);
 		} else if(!isset($aliasaddrnesting[$address])) {
-			if (!is_ipaddr($address) && !is_subnet($address) && !is_port($address) && is_hostname($address)) {
+			if (!is_ipaddr($address) && !is_subnet($address) && !is_port($address) && !is_portrange($address) && is_hostname($address)) {
 				if (!isset($filterdns["{$address}{$name}"]))
 					$filterdns["{$address}{$name}"] = "pf {$address} {$name}\n";
 				continue;
diff --git a/etc/inc/util.inc b/etc/inc/util.inc
index 402ef3e..e672970 100644
--- a/etc/inc/util.inc
+++ b/etc/inc/util.inc
@@ -677,15 +677,12 @@ function is_validaliasname($name) {
 
 /* returns true if $port is a valid TCP/UDP port */
 function is_port($port) {
-	$tmpports = explode(":", $port);
-	foreach($tmpports as $tmpport) {
-		if (getservbyname($tmpport, "tcp") || getservbyname($tmpport, "udp"))
-			continue;
-		if (!ctype_digit($tmpport))
-			return false;
-		else if ((intval($tmpport) < 1) || (intval($tmpport) > 65535))
-			return false;
-	}
+	if (getservbyname($port, "tcp") || getservbyname($port, "udp"))
+		return true;
+	if (!ctype_digit($port))
+		return false;
+	else if ((intval($port) < 1) || (intval($port) > 65535))
+		return false;
 	return true;
 }
 
@@ -1255,7 +1252,7 @@ function alias_expand($name) {
 
 	if (isset($aliastable[$name]))
 		return "\${$name}";
-	else if (is_ipaddr($name) || is_subnet($name) || is_port($name))
+	else if (is_ipaddr($name) || is_subnet($name) || is_port($name) || is_portrange($name))
 		return "{$name}";
 	else
 		return null;
diff --git a/usr/local/www/firewall_aliases_edit.php b/usr/local/www/firewall_aliases_edit.php
index 3479e8d..fc35612 100755
--- a/usr/local/www/firewall_aliases_edit.php
+++ b/usr/local/www/firewall_aliases_edit.php
@@ -294,7 +294,7 @@ if ($_POST) {
 						      preg_match("/urltable/i", alias_get_type($_POST["address{$x}"]))))
 							$wrongaliases .= " " . $_POST["address{$x}"];
 				} else if ($_POST['type'] == "port") {
-					if (!is_port($_POST["address{$x}"]))
+					if (!is_port($_POST["address{$x}"]) && !is_portrange($_POST["address{$x}"]))
 						$input_errors[] = $_POST["address{$x}"] . " " . gettext("is not a valid port or alias.");
 				} else if ($_POST['type'] == "host" || $_POST['type'] == "network") {
 					if (is_subnet($_POST["address{$x}"]) || (!is_ipaddr($_POST["address{$x}"])