Validate submitted groups when editing a user. Ticket #6475

author: jim-p <jimp@pfsense.org> 2016-06-09 10:05:13 -0400
committer: jim-p <jimp@pfsense.org> 2016-06-09 10:05:13 -0400
commit: b2267ff9d2f1df9dbe1603276c7c67b1ec7ee324 (patch)
tree: f5088f7d182a1ed43613dd26c56a5b13a324f708 /src/usr
parent: 9630ba1faf3945097756f090ee8224edaef0e768 (diff)
download: pfsense-b2267ff9d2f1df9dbe1603276c7c67b1ec7ee324.zip
pfsense-b2267ff9d2f1df9dbe1603276c7c67b1ec7ee324.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/src/usr/local/www/system_usermanager.php b/src/usr/local/www/system_usermanager.php
index 3a32396..dd462d6 100644
--- a/src/usr/local/www/system_usermanager.php
+++ b/src/usr/local/www/system_usermanager.php
@@ -213,6 +213,13 @@ if ($_POST['save']) {
 		$input_errors[] = gettext("IPsec Pre-Shared Key contains invalid characters.");
 	}
 
+	/* Check the POSTed groups to ensure they are valid and exist */
+	foreach ($_POST['groups'] as $newgroup) {
+		if (empty(getGroupEntry($newgroup))) {
+			$input_errors[] = gettext("One or more invalid groups was submitted.");
+		}
+	}
+
 	if (isset($id) && $a_user[$id]) {
 		$oldusername = $a_user[$id]['name'];
 	} else {
author	jim-p <jimp@pfsense.org>	2016-06-09 10:05:13 -0400
committer	jim-p <jimp@pfsense.org>	2016-06-09 10:05:13 -0400
commit	b2267ff9d2f1df9dbe1603276c7c67b1ec7ee324 (patch)
tree	f5088f7d182a1ed43613dd26c56a5b13a324f708 /src/usr
parent	9630ba1faf3945097756f090ee8224edaef0e768 (diff)
download	pfsense-b2267ff9d2f1df9dbe1603276c7c67b1ec7ee324.zip pfsense-b2267ff9d2f1df9dbe1603276c7c67b1ec7ee324.tar.gz