Captive Portal auth method is required

When creating a new Captive Portal Zone the user can fail to select any of the Authorization Method radio buttons. No default radio button is selected - that is probably good, as the user has to think and click to decide which authorization method they will use.
But the form validation should check that some valid value is POSTed when the CP is enabled.
(cherry picked from commit 0ee22f364ca62b8305ff36447954dacdbc3c3cce)

1 files changed, 6 insertions, 2 deletions

diff --git a/src/usr/local/www/services_captiveportal.php b/src/usr/local/www/services_captiveportal.php
index 3aaff78..27747d9 100644
--- a/src/usr/local/www/services_captiveportal.php
+++ b/src/usr/local/www/services_captiveportal.php
@@ -243,8 +243,8 @@ if ($_POST) {
 
 	/* input validation */
 	if ($_POST['enable']) {
-		$reqdfields = explode(" ", "zone cinterface");
-		$reqdfieldsn = array(gettext("Zone name"), gettext("Interface"));
+		$reqdfields = explode(" ", "zone cinterface auth_method");
+		$reqdfieldsn = array(gettext("Zone name"), gettext("Interface"), gettext("Authentication method"));
 
 		if (isset($_POST['auth_method']) && $_POST['auth_method'] == "radius") {
 			$reqdfields[] = "radius_protocol";
@@ -271,6 +271,10 @@ if ($_POST) {
 			}
 		}
 
+		if ($_POST['auth_method'] && !in_array($_POST['auth_method'], array('none', 'local', 'radius'))) {
+			$input_errors[] = sprintf(gettext("Authentication method %s is invalid."), $_POST['auth_method']);
+		}
+
 		if ($_POST['httpslogin_enable']) {
 			if (!$_POST['certref']) {
 				$input_errors[] = gettext("Certificate must be specified for HTTPS login.");