Add input validation on the gateway groups page as well, fix the check on the gateways page.

2 files changed, 14 insertions, 9 deletions

diff --git a/usr/local/www/system_gateway_groups_edit.php b/usr/local/www/system_gateway_groups_edit.php
index 60da1cb..cad6867 100755
--- a/usr/local/www/system_gateway_groups_edit.php
+++ b/usr/local/www/system_gateway_groups_edit.php
@@ -76,16 +76,21 @@ if ($_POST) {
 	if (! isset($_POST['name'])) {
 		$input_errors[] = "A valid gateway group name must be specified.";
 	}
+	if (! is_validaliasname($_POST['name'])) {
+		$input_errors[] = "The gateway name must not contain invalid characters.";
+	}
 
-	/* check for overlaps */
-	if(is_array($a_gateway_groups)) {
-		foreach ($a_gateway_groups as $gateway_group) {
-			if (isset($id) && ($a_gateway_groups[$id]) && ($a_gateway_groups[$id] === $gateway_group))
-				continue;
+	if (isset($_POST['name'])) {
+		/* check for overlaps */
+		if(is_array($a_gateway_groups)) {
+			foreach ($a_gateway_groups as $gateway_group) {
+				if (isset($id) && ($a_gateway_groups[$id]) && ($a_gateway_groups[$id] === $gateway_group))
+					continue;
 
-			if ($gateway_group['name'] == $_POST['name']) {
-				$input_errors[] = "A gateway group with this name \"{$_POST['name']}\" already exists.";
-				break;
+				if ($gateway_group['name'] == $_POST['name']) {
+					$input_errors[] = "A gateway group with this name \"{$_POST['name']}\" already exists.";
+					break;
+				}
 			}
 		}
 	}
diff --git a/usr/local/www/system_gateways_edit.php b/usr/local/www/system_gateways_edit.php
index 1e427cf..9863be0 100755
--- a/usr/local/www/system_gateways_edit.php
+++ b/usr/local/www/system_gateways_edit.php
@@ -94,7 +94,7 @@ if ($_POST) {
 		$input_errors[] = "A valid monitor IP address must be specified.";
 	}
 
-	if (! isset($_POST['name'])) {
+	if (isset($_POST['name'])) {
 		/* check for overlaps */
 		foreach ($a_gateways as $gateway) {
 			if (isset($id) && ($a_gateways[$id]) && ($a_gateways[$id] === $gateway))