Validate submitted groups when editing a user. Ticket #6475

author: jim-p <jimp@pfsense.org> 2016-06-09 10:05:13 -0400
committer: jim-p <jimp@pfsense.org> 2016-06-09 10:06:37 -0400
commit: e63321a5e9dd0d0224a8ebd7626b65a63fa153bf (patch)
tree: 0f88594efb33811caa2205aa687d0a9eb2a049f3 /src/usr/local/www
parent: 5bef24071ac954b903f5bfb3e34590c485baf68e (diff)
download: pfsense-e63321a5e9dd0d0224a8ebd7626b65a63fa153bf.zip
pfsense-e63321a5e9dd0d0224a8ebd7626b65a63fa153bf.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/src/usr/local/www/system_usermanager.php b/src/usr/local/www/system_usermanager.php
index 3a32396..dd462d6 100644
--- a/src/usr/local/www/system_usermanager.php
+++ b/src/usr/local/www/system_usermanager.php
@@ -213,6 +213,13 @@ if ($_POST['save']) {
 		$input_errors[] = gettext("IPsec Pre-Shared Key contains invalid characters.");
 	}
 
+	/* Check the POSTed groups to ensure they are valid and exist */
+	foreach ($_POST['groups'] as $newgroup) {
+		if (empty(getGroupEntry($newgroup))) {
+			$input_errors[] = gettext("One or more invalid groups was submitted.");
+		}
+	}
+
 	if (isset($id) && $a_user[$id]) {
 		$oldusername = $a_user[$id]['name'];
 	} else {
author	jim-p <jimp@pfsense.org>	2016-06-09 10:05:13 -0400
committer	jim-p <jimp@pfsense.org>	2016-06-09 10:06:37 -0400
commit	e63321a5e9dd0d0224a8ebd7626b65a63fa153bf (patch)
tree	0f88594efb33811caa2205aa687d0a9eb2a049f3 /src/usr/local/www
parent	5bef24071ac954b903f5bfb3e34590c485baf68e (diff)
download	pfsense-e63321a5e9dd0d0224a8ebd7626b65a63fa153bf.zip pfsense-e63321a5e9dd0d0224a8ebd7626b65a63fa153bf.tar.gz