diff options
| author | Phil Davis <phil.davis@inf.org> | 2015-05-11 12:06:17 +0545 |
|---|---|---|
| committer | Phil Davis <phil.davis@inf.org> | 2015-05-11 12:06:17 +0545 |
| commit | 37ba954df7f60273dbeb6be02c222b57507367de (patch) | |
| tree | 010b33c5a9acc46b43ebd51e1976b0bd31b06f90 /usr/local/www/firewall_nat_1to1_edit.php | |
| parent | d0c28e66a81bb06183b09514c6d1aa87e9c4deb0 (diff) | |
| download | pfsense-37ba954df7f60273dbeb6be02c222b57507367de.zip pfsense-37ba954df7f60273dbeb6be02c222b57507367de.tar.gz | |
Code style Firewall NAT
Diffstat (limited to 'usr/local/www/firewall_nat_1to1_edit.php')
| -rw-r--r-- | usr/local/www/firewall_nat_1to1_edit.php | 119 |
1 files changed, 74 insertions, 45 deletions
diff --git a/usr/local/www/firewall_nat_1to1_edit.php b/usr/local/www/firewall_nat_1to1_edit.php index 783e4bf..5964c5d 100644 --- a/usr/local/www/firewall_nat_1to1_edit.php +++ b/usr/local/www/firewall_nat_1to1_edit.php @@ -55,21 +55,25 @@ foreach ($ifdisp as $kif => $kdescr) { $specialsrcdst[] = "{$kif}ip"; } -if (!is_array($config['nat']['onetoone'])) +if (!is_array($config['nat']['onetoone'])) { $config['nat']['onetoone'] = array(); +} $a_1to1 = &$config['nat']['onetoone']; -if (is_numericint($_GET['id'])) +if (is_numericint($_GET['id'])) { $id = $_GET['id']; -if (isset($_POST['id']) && is_numericint($_POST['id'])) +} +if (isset($_POST['id']) && is_numericint($_POST['id'])) { $id = $_POST['id']; +} $after = $_GET['after']; -if (isset($_POST['after'])) +if (isset($_POST['after'])) { $after = $_POST['after']; +} -if (isset($_GET['dup'])) { +if (isset($_GET['dup'])) { $id = $_GET['dup']; $after = $_GET['dup']; } @@ -86,30 +90,34 @@ if (isset($id) && $a_1to1[$id]) { $pconfig['dstbeginport'], $pconfig['dstendport']); $pconfig['interface'] = $a_1to1[$id]['interface']; - if (!$pconfig['interface']) + if (!$pconfig['interface']) { $pconfig['interface'] = "wan"; + } $pconfig['external'] = $a_1to1[$id]['external']; $pconfig['descr'] = $a_1to1[$id]['descr']; $pconfig['natreflection'] = $a_1to1[$id]['natreflection']; -} else +} else { $pconfig['interface'] = "wan"; +} -if (isset($_GET['dup'])) +if (isset($_GET['dup'])) { unset($id); +} if ($_POST) { unset($input_errors); $pconfig = $_POST; - /* run through $_POST items encoding HTML entties so that the user + /* run through $_POST items encoding HTML entities so that the user * cannot think he is slick and perform a XSS attack on the unwilling */ foreach ($_POST as $key => $value) { $temp = str_replace(">", "", $value); $newpost = htmlentities($temp); - if($newpost <> $temp) + if ($newpost <> $temp) { $input_errors[] = sprintf(gettext("Invalid characters detected (%s). Please remove invalid characters and save again."),$temp); + } } /* input validation */ @@ -126,12 +134,15 @@ if ($_POST) { do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); - if ($_POST['external']) + if ($_POST['external']) { $_POST['external'] = trim($_POST['external']); - if ($_POST['src']) + } + if ($_POST['src']) { $_POST['src'] = trim($_POST['src']); - if ($_POST['dst']) + } + if ($_POST['dst']) { $_POST['dst'] = trim($_POST['dst']); + } if (is_specialnet($_POST['srctype'])) { $_POST['src'] = $_POST['srctype']; @@ -151,12 +162,14 @@ if ($_POST) { } /* For external, user can enter only ip's */ - if (($_POST['external'] && !is_ipaddr($_POST['external']))) + if (($_POST['external'] && !is_ipaddr($_POST['external']))) { $input_errors[] = gettext("A valid external subnet must be specified."); + } /* For dst, if user enters an alias and selects "network" then disallow. */ - if ($_POST['dsttype'] == "network" && is_alias($_POST['dst']) ) + if ($_POST['dsttype'] == "network" && is_alias($_POST['dst'])) { $input_errors[] = gettext("You must specify single host or alias for alias entries."); + } /* For src, user can enter only ip's or networks */ if (!is_specialnet($_POST['srctype'])) { @@ -180,8 +193,9 @@ if ($_POST) { /* check for overlaps with other 1:1 */ foreach ($a_1to1 as $natent) { - if (isset($id) && ($a_1to1[$id]) && ($a_1to1[$id] === $natent)) + if (isset($id) && ($a_1to1[$id]) && ($a_1to1[$id] === $natent)) { continue; + } if (check_subnets_overlap($_POST['internal'], $_POST['subnet'], $natent['internal'], $natent['subnet'])) { //$input_errors[] = "Another 1:1 rule overlaps with the specified internal subnet."; @@ -203,22 +217,25 @@ if ($_POST) { pconfig_to_address($natent['destination'], $_POST['dst'], $_POST['dstmask'], $_POST['dstnot']); - if ($_POST['natreflection'] == "enable" || $_POST['natreflection'] == "disable") + if ($_POST['natreflection'] == "enable" || $_POST['natreflection'] == "disable") { $natent['natreflection'] = $_POST['natreflection']; - else + } else { unset($natent['natreflection']); + } - if (isset($id) && $a_1to1[$id]) + if (isset($id) && $a_1to1[$id]) { $a_1to1[$id] = $natent; - else { - if (is_numeric($after)) + } else { + if (is_numeric($after)) { array_splice($a_1to1, $after+1, 0, array($natent)); - else + } else { $a_1to1[] = $natent; + } } - if (write_config()) + if (write_config()) { mark_subsystem_dirty('natconf'); + } header("Location: firewall_nat_1to1.php"); exit; } @@ -275,8 +292,9 @@ function typesel_change() { <?php include("fbegin.inc"); -if ($input_errors) +if ($input_errors) { print_input_errors($input_errors); +} ?> <form action="firewall_nat_1to1_edit.php" method="post" name="iform" id="iform"> <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="firewall nat 1to1 edit"> @@ -296,29 +314,39 @@ if ($input_errors) <td width="78%" class="vtable"> <select name="interface" class="formselect"> <?php - foreach ($ifdisp as $if => $ifdesc) - if(have_ruleint_access($if)) + foreach ($ifdisp as $if => $ifdesc) { + if (have_ruleint_access($if)) { $interfaces[$if] = $ifdesc; + } + } - if ($config['l2tp']['mode'] == "server") - if(have_ruleint_access("l2tp")) + if ($config['l2tp']['mode'] == "server") { + if (have_ruleint_access("l2tp")) { $interfaces['l2tp'] = "L2TP VPN"; + } + } - if ($config['pptpd']['mode'] == "server") - if(have_ruleint_access("pptp")) + if ($config['pptpd']['mode'] == "server") { + if (have_ruleint_access("pptp")) { $interfaces['pptp'] = "PPTP VPN"; + } + } - if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) + if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) { $interfaces['pppoe'] = "PPPoE Server"; + } /* add ipsec interfaces */ - if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) - if(have_ruleint_access("enc0")) + if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) { + if (have_ruleint_access("enc0")) { $interfaces["enc0"] = "IPsec"; + } + } /* add openvpn/tun interfaces */ - if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) + if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) { $interfaces["openvpn"] = "OpenVPN"; + } foreach ($interfaces as $iface => $ifacename): ?> @@ -329,8 +357,9 @@ if ($input_errors) endforeach; ?> </select><br /> - <span class="vexpl"><?=gettext("Choose which interface this rule applies to"); ?>.<br /> - <?=gettext("Hint: in most cases, you'll want to use WAN here"); ?>.</span></td> + <span class="vexpl"><?=gettext("Choose which interface this rule applies to"); ?>.<br /> + <?=gettext("Hint: in most cases, you'll want to use WAN here"); ?>.</span> + </td> </tr> <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("External subnet IP"); ?></td> @@ -367,23 +396,23 @@ if ($input_errors) </option> <option value="network" <?php if (!$sel) echo "selected=\"selected\""; ?>><?=gettext("Network"); ?></option> <?php - if(have_ruleint_access("pptp")): + if (have_ruleint_access("pptp")): ?> <option value="pptp" <?php if ($pconfig['src'] == "pptp") { echo "selected=\"selected\""; } ?>><?=gettext("PPTP clients"); ?></option> <?php endif; - if(have_ruleint_access("pppoe")): + if (have_ruleint_access("pppoe")): ?> <option value="pppoe" <?php if ($pconfig['src'] == "pppoe") { echo "selected=\"selected\""; } ?>><?=gettext("PPPoE clients"); ?></option> <?php endif; - if(have_ruleint_access("l2tp")): + if (have_ruleint_access("l2tp")): ?> <option value="l2tp" <?php if ($pconfig['src'] == "l2tp") { echo "selected=\"selected\""; } ?>><?=gettext("L2TP clients"); ?></option> <?php endif; foreach ($ifdisp as $ifent => $ifdesc): - if(have_ruleint_access($ifent)): + if (have_ruleint_access($ifent)): ?> <option value="<?=$ifent;?>" <?php if ($pconfig['src'] == $ifent) { echo "selected=\"selected\""; } ?>> <?=htmlspecialchars($ifdesc);?> <?=gettext("net"); ?> @@ -406,7 +435,7 @@ if ($input_errors) <?php for ($i = 31; $i > 0; $i--): ?> - <option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo "selected=\"selected\""; ?>><?=$i;?></option> + <option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo "selected=\"selected\""; ?>><?=$i;?></option> <?php endfor; ?> @@ -442,21 +471,21 @@ if ($input_errors) <?=gettext("Network"); ?> </option> <?php - if(have_ruleint_access("pptp")): + if (have_ruleint_access("pptp")): ?> <option value="pptp" <?php if ($pconfig['dst'] == "pptp") { echo "selected=\"selected\""; } ?>> <?=gettext("PPTP clients"); ?> </option> <?php endif; - if(have_ruleint_access("pppoe")): + if (have_ruleint_access("pppoe")): ?> <option value="pppoe" <?php if ($pconfig['dst'] == "pppoe") { echo "selected=\"selected\""; } ?>> <?=gettext("PPPoE clients"); ?> </option> <?php endif; - if(have_ruleint_access("l2tp")): + if (have_ruleint_access("l2tp")): ?> <option value="l2tp" <?php if ($pconfig['dst'] == "l2tp") { echo "selected=\"selected\""; } ?>> <?=gettext("L2TP clients"); ?> @@ -465,7 +494,7 @@ if ($input_errors) endif; foreach ($ifdisp as $if => $ifdesc): - if(have_ruleint_access($if)): + if (have_ruleint_access($if)): ?> <option value="<?=$if;?>" <?php if ($pconfig['dst'] == $if) { echo "selected=\"selected\""; } ?>><?=htmlspecialchars($ifdesc);?> <?=gettext("net"); ?> |
