diff options
author | Phil Davis <phil.davis@inf.org> | 2017-04-17 13:05:52 +0545 |
---|---|---|
committer | Phil Davis <phil.davis@inf.org> | 2017-04-17 13:05:52 +0545 |
commit | 161cd11371700512acbc84cbd3201bef379fb825 (patch) | |
tree | 5100dc916e1e5115252c5d311afc9328db7c45e2 /src/usr/local/www/system_gateways_edit.php | |
parent | 8a0af41adc9c29ccf7b8dabb3b7658abf46054a6 (diff) | |
download | pfsense-161cd11371700512acbc84cbd3201bef379fb825.zip pfsense-161cd11371700512acbc84cbd3201bef379fb825.tar.gz |
Refactor gateway parameter validation
Diffstat (limited to 'src/usr/local/www/system_gateways_edit.php')
-rw-r--r-- | src/usr/local/www/system_gateways_edit.php | 302 |
1 files changed, 3 insertions, 299 deletions
diff --git a/src/usr/local/www/system_gateways_edit.php b/src/usr/local/www/system_gateways_edit.php index 6c3f46f..1eab79d 100644 --- a/src/usr/local/www/system_gateways_edit.php +++ b/src/usr/local/www/system_gateways_edit.php @@ -35,12 +35,7 @@ if (isset($_POST['referer'])) { $referer = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/system_gateways.php'); } -$a_gateways = return_gateways_array(true, false, true); -$a_gateways_arr = array(); -foreach ($a_gateways as $gw) { - $a_gateways_arr[] = $gw; -} -$a_gateways = $a_gateways_arr; +$a_gateways = return_gateways_array(true, false, true, true); if (!is_array($config['gateways']['gateway_item'])) { $config['gateways']['gateway_item'] = array(); @@ -101,300 +96,9 @@ if ($_POST['save']) { unset($input_errors); - /* input validation */ - $reqdfields = explode(" ", "name interface"); - $reqdfieldsn = array(gettext("Name"), gettext("Interface")); - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); - - if (!isset($_POST['name'])) { - $input_errors[] = "A valid gateway name must be specified."; - } - if (!is_validaliasname($_POST['name'])) { - $input_errors[] = invalidaliasnamemsg($_POST['name'], gettext("gateway")); - } else if (isset($_POST['disabled'])) { - // We have a valid gateway name that the user wants to mark as disabled. - // Check if the gateway name is used in any gateway group. - if (is_array($config['gateways']['gateway_group'])) { - foreach ($config['gateways']['gateway_group'] as $group) { - foreach ($group['item'] as $item) { - $items = explode("|", $item); - if ($items[0] == $_POST['name']) { - $input_errors[] = sprintf(gettext('Gateway "%1$s" cannot be disabled because it is in use on Gateway Group "%2$s"'), $_POST['name'], $group['name']); - } - } - } - } - - // Check if the gateway name is used in any enabled Static Route. - if (is_array($config['staticroutes']['route'])) { - foreach ($config['staticroutes']['route'] as $route) { - if ($route['gateway'] == $_POST['name']) { - if (!isset($route['disabled'])) { - // There is a static route that uses this gateway and is enabled (not disabled). - $input_errors[] = sprintf(gettext('Gateway "%1$s" cannot be disabled because it is in use on Static Route "%2$s"'), $_POST['name'], $route['network']); - } - } - } - } - } - /* skip system gateways which have been automatically added */ - if (($_POST['gateway'] && (!is_ipaddr($_POST['gateway'])) && ($_POST['attribute'] !== "system")) && ($_POST['gateway'] != "dynamic")) { - $input_errors[] = gettext("A valid gateway IP address must be specified."); - } - - if ($_POST['gateway'] && (is_ipaddr($_POST['gateway'])) && !$_REQUEST['isAjax']) { - if (is_ipaddrv4($_POST['gateway'])) { - $parent_ip = get_interface_ip($_POST['interface']); - $parent_sn = get_interface_subnet($_POST['interface']); - if (empty($parent_ip) || empty($parent_sn)) { - $input_errors[] = gettext("Cannot add IPv4 Gateway Address because no IPv4 address could be found on the interface."); - } elseif (!isset($_POST["nonlocalgateway"])) { - $subnets = array(gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn); - $vips = link_interface_to_vips($_POST['interface']); - if (is_array($vips)) { - foreach ($vips as $vip) { - if (!is_ipaddrv4($vip['subnet'])) { - continue; - } - $subnets[] = gen_subnet($vip['subnet'], $vip['subnet_bits']) . "/" . $vip['subnet_bits']; - } - } - - $found = false; - foreach ($subnets as $subnet) { - if (ip_in_subnet($_POST['gateway'], $subnet)) { - $found = true; - break; - } - } - - if ($found === false) { - $input_errors[] = sprintf(gettext("The gateway address %s does not lie within one of the chosen interface's subnets."), $_POST['gateway']); - } - } - } else if (is_ipaddrv6($_POST['gateway'])) { - /* do not do a subnet match on a link local address, it's valid */ - if (!is_linklocal($_POST['gateway'])) { - $parent_ip = get_interface_ipv6($_POST['interface']); - $parent_sn = get_interface_subnetv6($_POST['interface']); - if (empty($parent_ip) || empty($parent_sn)) { - $input_errors[] = gettext("Cannot add IPv6 Gateway Address because no IPv6 address could be found on the interface."); - } elseif (!isset($_POST["nonlocalgateway"])) { - $subnets = array(gen_subnetv6($parent_ip, $parent_sn) . "/" . $parent_sn); - $vips = link_interface_to_vips($_POST['interface']); - if (is_array($vips)) { - foreach ($vips as $vip) { - if (!is_ipaddrv6($vip['subnet'])) { - continue; - } - $subnets[] = gen_subnetv6($vip['subnet'], $vip['subnet_bits']) . "/" . $vip['subnet_bits']; - } - } - - $found = false; - foreach ($subnets as $subnet) { - if (ip_in_subnet($_POST['gateway'], $subnet)) { - $found = true; - break; - } - } - - if ($found === false) { - $input_errors[] = sprintf(gettext("The gateway address %s does not lie within one of the chosen interface's subnets."), $_POST['gateway']); - } - } - } - } - - if (!empty($config['interfaces'][$_POST['interface']]['ipaddr'])) { - if (is_ipaddr($config['interfaces'][$_POST['interface']]['ipaddr']) && (empty($_POST['gateway']) || $_POST['gateway'] == "dynamic")) { - $input_errors[] = gettext("Dynamic gateway values cannot be specified for interfaces with a static IPv4 configuration."); - } - } - if (!empty($config['interfaces'][$_POST['interface']]['ipaddrv6'])) { - if (is_ipaddr($config['interfaces'][$_POST['interface']]['ipaddrv6']) && (empty($_POST['gateway']) || $_POST['gateway'] == "dynamic")) { - $input_errors[] = gettext("Dynamic gateway values cannot be specified for interfaces with a static IPv6 configuration."); - } - } - } - if (($_POST['monitor'] != "") && ($_POST['monitor'] != "dynamic")) { - validateipaddr($_POST['monitor'], IPV4V6, "Monitor IP", $input_errors, false); - } - if (isset($_POST['data_payload']) && is_numeric($_POST['data_payload']) && $_POST['data_payload'] < 0) { - $input_errors[] = gettext("A valid data payload must be specified."); - } - /* only allow correct IPv4 and IPv6 gateway addresses */ - if (($_POST['gateway'] <> "") && is_ipaddr($_POST['gateway']) && $_POST['gateway'] != "dynamic") { - if (is_ipaddrv6($_POST['gateway']) && ($_POST['ipprotocol'] == "inet")) { - $input_errors[] = sprintf(gettext("The IPv6 gateway address '%s' can not be used as a IPv4 gateway."), $_POST['gateway']); - } - if (is_ipaddrv4($_POST['gateway']) && ($_POST['ipprotocol'] == "inet6")) { - $input_errors[] = sprintf(gettext("The IPv4 gateway address '%s' can not be used as a IPv6 gateway."), $_POST['gateway']); - } - } - /* only allow correct IPv4 and IPv6 monitor addresses */ - if (($_POST['monitor'] <> "") && is_ipaddr($_POST['monitor']) && $_POST['monitor'] != "dynamic") { - if (is_ipaddrv6($_POST['monitor']) && ($_POST['ipprotocol'] == "inet")) { - $input_errors[] = sprintf(gettext("The IPv6 monitor address '%s' can not be used on a IPv4 gateway."), $_POST['monitor']); - } - if (is_ipaddrv4($_POST['monitor']) && ($_POST['ipprotocol'] == "inet6")) { - $input_errors[] = sprintf(gettext("The IPv4 monitor address '%s' can not be used on a IPv6 gateway."), $_POST['monitor']); - } - } - - if (isset($_POST['name'])) { - /* check for overlaps */ - foreach ($a_gateways as $gateway) { - if (isset($id) && ($a_gateways[$id]) && ($a_gateways[$id] === $gateway)) { - if ($gateway['name'] != $_POST['name']) { - $input_errors[] = gettext("Changing name on a gateway is not allowed."); - } - continue; - } - if ($_POST['name'] <> "") { - if (($gateway['name'] <> "") && ($_POST['name'] == $gateway['name']) && ($gateway['attribute'] !== "system")) { - $input_errors[] = sprintf(gettext('The gateway name "%s" already exists.'), $_POST['name']); - break; - } - } - if (is_ipaddr($_POST['gateway'])) { - if (($gateway['gateway'] <> "") && ($_POST['gateway'] == $gateway['gateway']) && ($gateway['attribute'] !== "system")) { - $input_errors[] = sprintf(gettext('The gateway IP address "%s" already exists.'), $_POST['gateway']); - break; - } - } - if (is_ipaddr($_POST['monitor'])) { - if (($gateway['monitor'] <> "") && ($_POST['monitor'] == $gateway['monitor']) && ($gateway['attribute'] !== "system")) { - $input_errors[] = sprintf(gettext('The monitor IP address "%s" is already in use. A different monitor IP must be chosen.'), $_POST['monitor']); - break; - } - } - } - } - - /* input validation of dpinger advanced parameters */ - - $latencylow = $dpinger_default['latencylow']; - if ($_POST['latencylow']) { - if (!is_numeric($_POST['latencylow'])) { - $input_errors[] = gettext("The low latency threshold needs to be a numeric value."); - } else if ($_POST['latencylow'] < 1) { - $input_errors[] = gettext("The low latency threshold needs to be positive."); - } else { - $latencylow = $_POST['latencylow']; - } - } - - $latencyhigh = $dpinger_default['latencyhigh']; - if ($_POST['latencyhigh']) { - if (!is_numeric($_POST['latencyhigh'])) { - $input_errors[] = gettext("The high latency threshold needs to be a numeric value."); - } else if ($_POST['latencyhigh'] < 1) { - $input_errors[] = gettext("The high latency threshold needs to be positive."); - } else { - $latencyhigh = $_POST['latencyhigh']; - } - } - - $losslow = $dpinger_default['losslow']; - if ($_POST['losslow']) { - if (!is_numeric($_POST['losslow'])) { - $input_errors[] = gettext("The low Packet Loss threshold needs to be a numeric value."); - } else if ($_POST['losslow'] < 1) { - $input_errors[] = gettext("The low Packet Loss threshold needs to be positive."); - } else if ($_POST['losslow'] >= 100) { - $input_errors[] = gettext("The low Packet Loss threshold needs to be less than 100."); - } else { - $losslow = $_POST['losslow']; - } - } - - $losshigh = $dpinger_default['losshigh']; - if ($_POST['losshigh']) { - if (!is_numeric($_POST['losshigh'])) { - $input_errors[] = gettext("The high Packet Loss threshold needs to be a numeric value."); - } else if ($_POST['losshigh'] < 1) { - $input_errors[] = gettext("The high Packet Loss threshold needs to be positive."); - } else if ($_POST['losshigh'] > 100) { - $input_errors[] = gettext("The high Packet Loss threshold needs to be 100 or less."); - } else { - $losshigh = $_POST['losshigh']; - } - } - - $time_period = $dpinger_default['time_period']; - if ($_POST['time_period']) { - if (!is_numeric($_POST['time_period'])) { - $input_errors[] = gettext("The time period over which results are averaged needs to be a numeric value."); - } else if ($_POST['time_period'] < 1) { - $input_errors[] = gettext("The time period over which results are averaged needs to be positive."); - } else { - $time_period = $_POST['time_period']; - } - } - - $interval = $dpinger_default['interval']; - if ($_POST['interval']) { - if (!is_numeric($_POST['interval'])) { - $input_errors[] = gettext("The probe interval needs to be a numeric value."); - } else if ($_POST['interval'] < 1) { - $input_errors[] = gettext("The probe interval needs to be positive."); - } else { - $interval = $_POST['interval']; - } - } - - $loss_interval = $dpinger_default['loss_interval']; - if ($_POST['loss_interval']) { - if (!is_numeric($_POST['loss_interval'])) { - $input_errors[] = gettext("The loss interval needs to be a numeric value."); - } else if ($_POST['loss_interval'] < 1) { - $input_errors[] = gettext("The loss interval setting needs to be positive."); - } else { - $loss_interval = $_POST['loss_interval']; - } - } - - $alert_interval = $dpinger_default['alert_interval']; - if ($_POST['alert_interval']) { - if (!is_numeric($_POST['alert_interval'])) { - $input_errors[] = gettext("The alert interval needs to be a numeric value."); - } else if ($_POST['alert_interval'] < 1) { - $input_errors[] = gettext("The alert interval setting needs to be positive."); - } else { - $alert_interval = $_POST['alert_interval']; - } - } - - if ($latencylow >= $latencyhigh) { - $input_errors[] = gettext( - "The high latency threshold needs to be greater than the low latency threshold"); - } - - if ($losslow >= $losshigh) { - $input_errors[] = gettext( - "The high packet loss threshold needs to be higher than the low packet loss threshold"); - } - - // If the loss interval is less than latencyhigh, then high latency could never be recorded - // because those high latency packets would be considered as lost. So do not allow that. - if ($latencyhigh > $loss_interval) { - $input_errors[] = gettext("The loss interval needs to be greater than or equal to the high latency threshold."); - } - - // Ensure that the time period is greater than 2 times the probe interval plus the loss interval. - if (($interval * 2 + $loss_interval) >= $time_period) { - $input_errors[] = gettext("The time period needs to be greater than twice the probe interval plus the loss interval."); - } - - // There is no point recalculating the average latency and loss more often than the probe interval. - // So the alert interval needs to be >= probe interval. - if ($interval > $alert_interval) { - $input_errors[] = gettext("The alert interval needs to be greater than or equal to the probe interval."); - } + $input_errors = validate_gateway($_POST, $id); - if (!$input_errors) { + if (count($input_errors) == 0) { $reloadif = ""; $gateway = array(); |