Validate submitted groups when editing a user. Ticket #6475

author: jim-p <jimp@pfsense.org> 2016-06-09 10:05:13 -0400
committer: jim-p <jimp@pfsense.org> 2016-06-09 10:06:28 -0400
commit: 6314397f65d1620228599591942054c3704149d6 (patch)
tree: 8beb2520513d1ac65b1e4471527d7c52b89b25aa
parent: 2095e91fa7985da8f86df4a9e6d8f58cc1088487 (diff)
download: pfsense-6314397f65d1620228599591942054c3704149d6.zip
pfsense-6314397f65d1620228599591942054c3704149d6.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/src/usr/local/www/system_usermanager.php b/src/usr/local/www/system_usermanager.php
index 848d326..56cad93 100644
--- a/src/usr/local/www/system_usermanager.php
+++ b/src/usr/local/www/system_usermanager.php
@@ -213,6 +213,13 @@ if ($_POST['save']) {
 		$input_errors[] = gettext("IPsec Pre-Shared Key contains invalid characters.");
 	}
 
+	/* Check the POSTed groups to ensure they are valid and exist */
+	foreach ($_POST['groups'] as $newgroup) {
+		if (empty(getGroupEntry($newgroup))) {
+			$input_errors[] = gettext("One or more invalid groups was submitted.");
+		}
+	}
+
 	if (isset($id) && $a_user[$id]) {
 		$oldusername = $a_user[$id]['name'];
 	} else {
author	jim-p <jimp@pfsense.org>	2016-06-09 10:05:13 -0400
committer	jim-p <jimp@pfsense.org>	2016-06-09 10:06:28 -0400
commit	6314397f65d1620228599591942054c3704149d6 (patch)
tree	8beb2520513d1ac65b1e4471527d7c52b89b25aa
parent	2095e91fa7985da8f86df4a9e6d8f58cc1088487 (diff)
download	pfsense-6314397f65d1620228599591942054c3704149d6.zip pfsense-6314397f65d1620228599591942054c3704149d6.tar.gz