diff options
| author | jim-p <jimp@pfsense.org> | 2017-06-16 15:10:10 -0400 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2017-06-16 15:24:38 -0400 |
| commit | 9c8540ca53f8258a44aaf13100d575b30ae77e65 (patch) | |
| tree | f883dfb4eeeeb3b9b31f76b5300efec3a9a17f04 /src | |
| parent | d0acfddd3afb11cb53aa13a00bf2f89b0a98ae4f (diff) | |
| download | pfsense-9c8540ca53f8258a44aaf13100d575b30ae77e65.zip pfsense-9c8540ca53f8258a44aaf13100d575b30ae77e65.tar.gz | |
Add input validation for interface names on firewall_nat_edit.php and fix encoding of the interface name in dst_change. Fixes #7651
Diffstat (limited to 'src')
| -rw-r--r-- | src/usr/local/www/firewall_nat_edit.php | 62 |
1 files changed, 33 insertions, 29 deletions
diff --git a/src/usr/local/www/firewall_nat_edit.php b/src/usr/local/www/firewall_nat_edit.php index f833b44..15aa65d 100644 --- a/src/usr/local/www/firewall_nat_edit.php +++ b/src/usr/local/www/firewall_nat_edit.php @@ -52,6 +52,34 @@ if (!is_array($config['nat']['rule'])) { $a_nat = &$config['nat']['rule']; +$iflist = get_configured_interface_with_descr(true); + +foreach ($iflist as $if => $ifdesc) { + if (have_ruleint_access($if)) { + $interfaces[$if] = $ifdesc; + } +} + +if ($config['l2tp']['mode'] == "server") { + if (have_ruleint_access("l2tp")) { + $interfaces['l2tp'] = gettext("L2TP VPN"); + } +} + +if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) { + $interfaces['pppoe'] = gettext("PPPoE Server"); +} + +/* add ipsec interfaces */ +if (ipsec_enabled() && have_ruleint_access("enc0")) { + $interfaces["enc0"] = gettext("IPsec"); +} + +/* add openvpn/tun interfaces */ +if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) { + $interfaces["openvpn"] = gettext("OpenVPN"); +} + if (isset($_REQUEST['id']) && is_numericint($_REQUEST['id'])) { $id = $_REQUEST['id']; } @@ -251,6 +279,10 @@ if ($_POST['save']) { $_POST['localip'] = trim($_POST['localip']); } + if (!array_key_exists($_POST['interface'], $interfaces)) { + $input_errors[] = gettext("The submitted interface does not exist."); + } + if (!isset($_POST['nordr']) && ($_POST['localip'] && !is_ipaddroralias($_POST['localip']))) { $input_errors[] = sprintf(gettext("\"%s\" is not a valid redirect target IP address or host alias."), $_POST['localip']); } @@ -667,34 +699,6 @@ $section->addInput(new Form_Checkbox( $pconfig['nordr'] ))->setHelp('This option is rarely needed. Don\'t use this without thorough knowledge of the implications.'); -$iflist = get_configured_interface_with_descr(true); - -foreach ($iflist as $if => $ifdesc) { - if (have_ruleint_access($if)) { - $interfaces[$if] = $ifdesc; - } -} - -if ($config['l2tp']['mode'] == "server") { - if (have_ruleint_access("l2tp")) { - $interfaces['l2tp'] = gettext("L2TP VPN"); - } -} - -if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) { - $interfaces['pppoe'] = gettext("PPPoE Server"); -} - -/* add ipsec interfaces */ -if (ipsec_enabled() && have_ruleint_access("enc0")) { - $interfaces["enc0"] = gettext("IPsec"); -} - -/* add openvpn/tun interfaces */ -if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) { - $interfaces["openvpn"] = gettext("OpenVPN"); -} - $section->addInput(new Form_Select( 'interface', '*Interface', @@ -1210,7 +1214,7 @@ events.push(function() { <?php if (!$_POST) { ?> - dst_change($('#interface').val(),'<?=htmlspecialchars($pconfig['interface'])?>','<?=htmlspecialchars($pconfig['dst'])?>'); + dst_change($('#interface').val(),'<?=htmlspecialchars(addslashes($pconfig['interface']))?>','<?=htmlspecialchars($pconfig['dst'])?>'); <?php } ?> |
