diff options
author | stilez <stilez@users.noreply.github.com> | 2016-12-27 02:11:20 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-12-27 02:11:20 +0000 |
commit | 202e23a81613c5810679e9b119ad4cc53977dbea (patch) | |
tree | b12660848aa54557c728e2684b0ca0c9dd5bb815 /src/usr/local/www/firewall_rules_edit.php | |
parent | 8afd8c0409a9ed246a244e7a1dbdcb2ad627434b (diff) | |
download | pfsense-202e23a81613c5810679e9b119ad4cc53977dbea.zip pfsense-202e23a81613c5810679e9b119ad4cc53977dbea.tar.gz |
Data sanitation - check IP protocol in form data
Code doesn't seem to check that IP protocol is valid (IPv4/6/4+6) or report via $input_errors[] if not. Simple fix. Only spotted recently. Should be fixed whatever else?
Diffstat (limited to 'src/usr/local/www/firewall_rules_edit.php')
-rw-r--r-- | src/usr/local/www/firewall_rules_edit.php | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/usr/local/www/firewall_rules_edit.php b/src/usr/local/www/firewall_rules_edit.php index 79b3fb0..8eac894 100644 --- a/src/usr/local/www/firewall_rules_edit.php +++ b/src/usr/local/www/firewall_rules_edit.php @@ -317,6 +317,10 @@ if ($_POST) { unset($input_errors); + if (!array_key_exists($_POST['ipprotocol'], $icmplookup)) { + $input_errors[] = gettext("The IP protocol is not recognized."); + } + if (isset($a_filter[$id]['associated-rule-id'])) { $_POST['proto'] = $pconfig['proto']; if ($pconfig['proto'] == "icmp") { |