diff options
author | Pierre POMES <pierre.pomes@gmail.com> | 2012-02-19 21:46:12 -0500 |
---|---|---|
committer | Pierre POMES <pierre.pomes@gmail.com> | 2012-02-19 21:46:12 -0500 |
commit | 206aa9fc244e6581e35cbee3df0996a73318d2a9 (patch) | |
tree | 50c604cac729c6243a557561773578546f4a02e4 /usr/local/www/load_balancer_setting.php | |
parent | 259f606eb8b186e2b1033036a11467c610188100 (diff) | |
download | pfsense-206aa9fc244e6581e35cbee3df0996a73318d2a9.zip pfsense-206aa9fc244e6581e35cbee3df0996a73318d2a9.tar.gz |
Ticket #2205 - Add input validation, keep same logic as 2.0.1 and abore for default values
Diffstat (limited to 'usr/local/www/load_balancer_setting.php')
-rwxr-xr-x | usr/local/www/load_balancer_setting.php | 23 |
1 files changed, 17 insertions, 6 deletions
diff --git a/usr/local/www/load_balancer_setting.php b/usr/local/www/load_balancer_setting.php index 00444d9..479b2d0 100755 --- a/usr/local/www/load_balancer_setting.php +++ b/usr/local/www/load_balancer_setting.php @@ -61,16 +61,27 @@ if ($_POST) { $savemsg = get_std_save_message($retval); clear_subsystem_dirty('loadbalancer'); } else { + unset($input_errors); $pconfig = $_POST; + + /* input validation */ + if ($_POST['timeout'] && !is_numeric($_POST['timeout'])) { + $input_errors[] = gettext("Timeout must be a numeric value"); + } - $lbsetting['timeout'] = $_POST['timeout']; - $lbsetting['interval'] = $_POST['interval']; + if ($_POST['interval'] && !is_numeric($_POST['interval'])) { + $input_errors[] = gettext("Interval must be a numeric value"); + } - write_config(); - mark_subsystem_dirty('loadbalancer'); + /* update config if user entry is valid */ + if (!$input_errors) { + $lbsetting['timeout'] = $_POST['timeout']; + $lbsetting['interval'] = $_POST['interval']; + + write_config(); + mark_subsystem_dirty('loadbalancer'); + } } - header("Location: load_balancer_setting.php"); - exit; } $pgtitle = array(gettext("Services"),gettext("Load Balancer"),gettext("Settings")); |