diff options
author | jim-p <jimp@pfsense.org> | 2016-06-09 09:25:42 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2016-06-09 09:25:42 -0400 |
commit | 5bef24071ac954b903f5bfb3e34590c485baf68e (patch) | |
tree | 47d3794d2fb8cbd241fe236955bbecff4d59ab58 /src/usr/local/www/system_groupmanager.php | |
parent | 33872ac0c1f63118a4a8e5c9ebe2854d7c867565 (diff) | |
download | pfsense-5bef24071ac954b903f5bfb3e34590c485baf68e.zip pfsense-5bef24071ac954b903f5bfb3e34590c485baf68e.tar.gz |
Add input validation to system_groupmanager.php to prevent invalid members from being submitted. Ticket #6475
Diffstat (limited to 'src/usr/local/www/system_groupmanager.php')
-rw-r--r-- | src/usr/local/www/system_groupmanager.php | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/usr/local/www/system_groupmanager.php b/src/usr/local/www/system_groupmanager.php index fb17f76..9510084 100644 --- a/src/usr/local/www/system_groupmanager.php +++ b/src/usr/local/www/system_groupmanager.php @@ -188,11 +188,17 @@ if (isset($_POST['save'])) { } } - if (strlen($_POST['groupname']) > 16) { $input_errors[] = gettext("The group name is longer than 16 characters."); } + /* Check the POSTed members to ensure they are valid and exist */ + foreach ($_POST['members'] as $newmember) { + if (!is_numeric($newmember) || empty(getUserEntryByUID($newmember))) { + $input_errors[] = gettext("One or more invalid group members was submitted."); + } + } + if (!$input_errors && !(isset($id) && $a_group[$id])) { /* make sure there are no dupes */ foreach ($a_group as $group) { |