diff options
author | jim-p <jimp@pfsense.org> | 2011-06-01 09:00:09 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2011-06-01 09:00:09 -0400 |
commit | 58005e521346eea230c564aacf34b0820b9a6123 (patch) | |
tree | 7242c84ccd28d9044a7c0f08f7ecfee952634a65 /usr/local/www/firewall_rules_edit.php | |
parent | e5770bc233d9a6a9a335b02490d7c4607410cd95 (diff) | |
parent | 97c1f2684c5dd225075fec08148f084ff190af0a (diff) | |
download | pfsense-58005e521346eea230c564aacf34b0820b9a6123.zip pfsense-58005e521346eea230c564aacf34b0820b9a6123.tar.gz |
Merge remote branch 'upstream/master'
Conflicts:
conf.default/config.xml
etc/inc/filter.inc
etc/inc/globals.inc
etc/inc/pfsense-utils.inc
etc/inc/upgrade_config.inc
usr/local/www/interfaces.php
Diffstat (limited to 'usr/local/www/firewall_rules_edit.php')
-rwxr-xr-x | usr/local/www/firewall_rules_edit.php | 28 |
1 files changed, 15 insertions, 13 deletions
diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index 542f832..41e537e 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -256,19 +256,6 @@ if ($_POST) { unset($input_errors); $pconfig = $_POST; - /* run through $_POST items encoding HTML entties so that the user - * cannot think he is slick and perform a XSS attack on the unwilling - */ - foreach ($_POST as $key => $value) { - $temp = str_replace(">", "", $value); - - if (isset($_POST['floating']) && $key == "interface") - continue; - $newpost = htmlentities($temp); - if($newpost <> $temp) - $input_errors[] = sprintf(gettext("Invalid characters detected (%s). Please remove invalid characters and save again."),$temp); - } - /* input validation */ $reqdfields = explode(" ", "type proto"); if ( isset($a_filter[$id]['associated-rule-id'])===false ) { @@ -404,6 +391,9 @@ if ($_POST) { $input_errors[] = gettext("If you specify TCP flags that should be set you should specify out of which flags as well."); } + // Allow extending of the firewall edit page and include custom input validation + pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/input_validation"); + if (!$input_errors) { $filterent = array(); $filterent['id'] = $_POST['ruleid']>0?$_POST['ruleid']:''; @@ -551,6 +541,9 @@ if ($_POST) { $filterent['associated-rule-id'] = $a_filter[$id]['associated-rule-id']; } + // Allow extending of the firewall edit page and include custom input validation + pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_write_config"); + if (isset($id) && $a_filter[$id]) $a_filter[$id] = $filterent; else { @@ -561,6 +554,7 @@ if ($_POST) { } filter_rules_sort(); + write_config(); mark_subsystem_dirty('filter'); @@ -603,6 +597,10 @@ include("head.inc"); <tr> <td colspan="2" valign="top" class="listtopic"><?=gettext("Edit Firewall rule");?></td> </tr> +<?php + // Allow extending of the firewall edit page and include custom input validation + pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/htmlphpearly"); +?> <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Action");?></td> <td width="78%" class="vtable"> @@ -1405,6 +1403,10 @@ $i--): ?> </div> </td> </tr> +<?php + // Allow extending of the firewall edit page and include custom input validation + pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/htmlphplate"); +?> <tr> <td width="22%" valign="top"> </td> <td width="78%"> |