diff options
| author | Bill Marquette <billm@pfsense.org> | 2005-09-04 04:53:54 +0000 |
|---|---|---|
| committer | Bill Marquette <billm@pfsense.org> | 2005-09-04 04:53:54 +0000 |
| commit | 93a48ed86af5e5717b2020188736bea2bec34e36 (patch) | |
| tree | ce9b08726417bbbd1e22b8fb0cbf7447062ac5ab | |
| parent | 7b0c0628c888e44ea642db6e101c0e506f9d630c (diff) | |
| download | pfsense-93a48ed86af5e5717b2020188736bea2bec34e36.zip pfsense-93a48ed86af5e5717b2020188736bea2bec34e36.tar.gz | |
(#355) Validate input
| -rwxr-xr-x | usr/local/www/firewall_aliases_edit.php | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/usr/local/www/firewall_aliases_edit.php b/usr/local/www/firewall_aliases_edit.php index 5213095..e980fd3 100755 --- a/usr/local/www/firewall_aliases_edit.php +++ b/usr/local/www/firewall_aliases_edit.php @@ -74,13 +74,21 @@ if ($_POST) { if (($_POST['name'] && !is_validaliasname($_POST['name']))) { $input_errors[] = "The alias name may only consist of the characters a-z, A-Z, 0-9."; } - if (($_POST['address'] && !is_ipaddr($_POST['address']))) { -// XXX: fixup this to detect correct type of data that should be posted. -// $input_errors[] = "A valid address must be specified."; - } - if (($_POST['address_subnet'] && !is_numeric($_POST['address_subnet']))) { - $input_errors[] = "A valid subnet bit count must be specified."; + if ($_POST['type'] == "host") + if (!is_ipaddr($_POST['address'])) { + $input_errors[] = "A valid address must be specified."; + } + if ($_POST['type'] == "network") { + if (!is_ipaddr($_POST['address'])) { + $input_errors[] = "A valid address must be specified."; + } + if (!is_numeric($_POST['address_subnet'])) { + $input_errors[] = "A valid subnet bit count must be specified."; + } } + if ($_POST['type'] == "port") + if (!is_port($_POST['address'])) + $input_errors[] = "The port must be an integer between 1 and 65535."; /* check for name conflicts */ foreach ($a_aliases as $alias) { |
