diff options
author | Phil Davis <phil.davis@inf.org> | 2016-12-06 21:32:42 +0545 |
---|---|---|
committer | Renato Botelho <renato@netgate.com> | 2016-12-06 17:54:09 -0200 |
commit | a04cc2c5f1c13715ff839058728893197e05e64b (patch) | |
tree | 878cfb382f2778e704c4881b01751b205938ab31 | |
parent | cc99b29886559b85c0e01c8ee1ab0ac5455fef0e (diff) | |
download | pfsense-a04cc2c5f1c13715ff839058728893197e05e64b.zip pfsense-a04cc2c5f1c13715ff839058728893197e05e64b.tar.gz |
NAT 1:1 edit - preserve user selections on edit-save with input errors
1) Edit a NAT 1:1 rule, change the source and/or destination type to "Network", but do not input any network address/mask.
2) Press Save, input errors are reported telling that the network source and/or destination address/mask is required - good.
However, the source and/or destination type is no longer "Network" - it defaults back to single or any.
To fix, firstly move "$pconfig = $_POST" to after where all the various special things have been done to $_POST - this makes $pconfig have the correctly-massaged stuff that the user $_POSTed.
Then add the special code to srctype_selected() and dsttype_selected() to handle the case when these have been specifically $_POSTed by the user (rather than inferring them from the src/dst vales and the logic in is_specialnet() ).
This is equivalent to the fix for firewall_rules_edit.php at commit https://github.com/pfsense/pfsense/commit/81e2aa253a946b36a92e88f19b8761efe771b7a1
(cherry picked from commit d99ce9ccbfde0b557afb03576d38a17f5c9ed3b9)
-rw-r--r-- | src/usr/local/www/firewall_nat_1to1_edit.php | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/src/usr/local/www/firewall_nat_1to1_edit.php b/src/usr/local/www/firewall_nat_1to1_edit.php index 1c7ba4b..f40a160 100644 --- a/src/usr/local/www/firewall_nat_1to1_edit.php +++ b/src/usr/local/www/firewall_nat_1to1_edit.php @@ -132,7 +132,6 @@ if (isset($_GET['dup'])) { if ($_POST) { unset($input_errors); - $pconfig = $_POST; /* run through $_POST items encoding HTML entities so that the user * cannot think he is slick and perform a XSS attack on the unwilling */ @@ -194,6 +193,8 @@ if ($_POST) { $_POST['dsttype'] = "single"; } + $pconfig = $_POST; + /* For external, user can enter only ip's */ if (($_POST['external'] && !is_ipaddr($_POST['external']))) { $input_errors[] = gettext("A valid external subnet must be specified."); @@ -308,6 +309,11 @@ function build_srctype_list() { function srctype_selected() { global $pconfig; + if ($pconfig['srctype']) { + // The rule type came from the $_POST array, after input errors, so keep it. + return $pconfig['srctype']; + } + $sel = is_specialnet($pconfig['src']); if (!$sel) { @@ -370,6 +376,11 @@ function build_dsttype_list() { function dsttype_selected() { global $pconfig; + if ($pconfig['dsttype']) { + // The rule type came from the $_POST array, after input errors, so keep it. + return $pconfig['dsttype']; + } + $sel = is_specialnet($pconfig['dst']); if (empty($pconfig['dst']) || $pconfig['dst'] == "any") { |