diff options
| author | jim-p <jimp@pfsense.org> | 2015-03-31 09:26:04 -0400 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2015-03-31 09:27:29 -0400 |
| commit | ddddf255b802e00a3408208f942a5d4049b6fd3a (patch) | |
| tree | 43b23c3fee021db71886f0f27eaf339e4b8825a8 /usr/local/www/load_balancer_pool_edit.php | |
| parent | adf62c63f3dd4b4de7bd65f2a85a4dcc1085914e (diff) | |
| download | pfsense-ddddf255b802e00a3408208f942a5d4049b6fd3a.zip pfsense-ddddf255b802e00a3408208f942a5d4049b6fd3a.tar.gz | |
Fix a few misc encoding issues in load balancer code.
Diffstat (limited to 'usr/local/www/load_balancer_pool_edit.php')
| -rw-r--r-- | usr/local/www/load_balancer_pool_edit.php | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/usr/local/www/load_balancer_pool_edit.php b/usr/local/www/load_balancer_pool_edit.php index f3b0dca..4eaa6f0 100644 --- a/usr/local/www/load_balancer_pool_edit.php +++ b/usr/local/www/load_balancer_pool_edit.php @@ -87,8 +87,11 @@ if ($_POST) { if (($_POST['name'] == $config['load_balancer']['lbpool'][$i]['name']) && ($i != $id)) $input_errors[] = gettext("This pool name has already been used. Pool names must be unique."); - if (strpos($_POST['name'], " ") !== false) - $input_errors[] = gettext("You cannot use spaces in the 'name' field."); + if (preg_match('/[ \/]/', $_POST['name'])) + $input_errors[] = gettext("You cannot use spaces or slashes in the 'name' field."); + + if (strlen($_POST['name']) > 16) + $input_errors[] = gettext("The 'name' field must be 16 characters or less."); if (in_array($_POST['name'], $reserved_table_names)) $input_errors[] = sprintf(gettext("The name '%s' is a reserved word and cannot be used."), $_POST['name']); @@ -200,7 +203,7 @@ function clearcombo(){ <tr align="left"> <td width="22%" valign="top" class="vncellreq"><?=gettext("Name"); ?></td> <td width="78%" class="vtable" colspan="2"> - <input name="name" type="text" <?if(isset($pconfig['name'])) echo "value=\"{$pconfig['name']}\"";?> size="16" maxlength="16" /> + <input name="name" type="text" <?if(isset($pconfig['name'])) echo "value=\"" . htmlspecialchars($pconfig['name']) . "\"";?> size="16" maxlength="16" /> </td> </tr> <tr align="left"> @@ -215,7 +218,7 @@ function clearcombo(){ <tr align="left"> <td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td> <td width="78%" class="vtable" colspan="2"> - <input name="descr" type="text" <?if(isset($pconfig['descr'])) echo "value=\"{$pconfig['descr']}\"";?> size="64" /> + <input name="descr" type="text" <?if(isset($pconfig['descr'])) echo "value=\"" . htmlspecialchars($pconfig['descr']) . "\"";?> size="64" /> </td> </tr> |
