Add input validation to Unbound advanced settings page. Ticket #4050

1 files changed, 40 insertions, 0 deletions

diff --git a/usr/local/www/services_unbound_advanced.php b/usr/local/www/services_unbound_advanced.php
index 279e7a4..5d9a6f6 100644
--- a/usr/local/www/services_unbound_advanced.php
+++ b/usr/local/www/services_unbound_advanced.php
@@ -84,6 +84,7 @@ if (isset($config['unbound']['disable_auto_added_access_control'])) {
 }
 
 if ($_POST) {
+	unset($input_errors);
 	$pconfig = $_POST;
 
 	if ($_POST['apply']) {
@@ -93,6 +94,45 @@ if ($_POST) {
 			clear_subsystem_dirty('unbound');
 		}
 	} else {
+		if (isset($_POST['msgcachesize']) && !in_array($_POST['msgcachesize'], array('4', '10', '20', '50', '100', '250', '512'), true)) {
+			$input_errors[] = "A valid value for Message Cache Size must be specified.";
+		}
+		if (isset($_POST['outgoing_num_tcp']) && !in_array($_POST['outgoing_num_tcp'], array('0', '10', '20', '30', '40', '50'), true)) {
+			$input_errors[] = "A valid value must be specified for Outgoing TCP Buffers.";
+		}
+		if (isset($_POST['outgoing_num_tcp']) && !in_array($_POST['incoming_num_tcp'], array('0', '10', '20', '30', '40', '50'), true)) {
+			$input_errors[] = "A valid value must be specified for Incoming TCP Buffers.";
+		}
+		if (isset($_POST['edns_buffer_size']) && !in_array($_POST['edns_buffer_size'], array('512', '1480', '4096'), true)) {
+			$input_errors[] = "A valid value must be specified for EDNS Buffer Size.";
+		}
+		if (isset($_POST['num_queries_per_thread']) && !in_array($_POST['num_queries_per_thread'], array('512', '1024', '2048'), true)) {
+			$input_errors[] = "A valid value must be specified for Number of queries per thread.";
+		}
+		if (isset($_POST['jostle_timeout']) && !in_array($_POST['jostle_timeout'], array('100', '200', '500', '1000'), true)) {
+			$input_errors[] = "A valid value must be specified for Jostle Timeout.";
+		}
+		if (isset($_POST['cache_max_ttl']) && (!is_numericint($_POST['cache_max_ttl']) || ($_POST['cache_max_ttl'] < 0))) {
+			$input_errors[] = "'Maximum TTL for RRsets and messages' must be a positive integer.";
+		}
+		if (isset($_POST['cache_min_ttl']) && (!is_numericint($_POST['cache_min_ttl']) || ($_POST['cache_min_ttl'] < 0))) {
+			$input_errors[] = "'Minimum TTL for RRsets and messages' must be a positive integer.";
+		}
+		if (isset($_POST['infra_host_ttl']) && !in_array($_POST['infra_host_ttl'], array('60', '120', '300', '600', '900'), true)) {
+			$input_errors[] = "A valid value must be specified for TTL for Host cache entries.";
+		}
+		if (isset($_POST['infra_lame_ttl']) && !in_array($_POST['infra_lame_ttl'], array('60', '120', '300', '600', '900'), true)) {
+			$input_errors[] = "A valid value must be specified for TTL for lame delegation.";
+		}
+		if (isset($_POST['infra_cache_numhosts']) && !in_array($_POST['infra_cache_numhosts'], array('1000', '5000', '10000', '20000', '50000'), true)) {
+			$input_errors[] = "A valid value must be specified for Number of Hosts to cache.";
+		}
+		if (isset($_POST['unwanted_reply_threshold']) && !in_array($_POST['unwanted_reply_threshold'], array('disabled', '5000000', '10000000', '20000000', '40000000', '50000000'), true)) {
+			$input_errors[] = "A valid value must be specified for Unwanted Reply Threshold.";
+		}
+		if (isset($_POST['log_verbosity']) && !in_array($_POST['log_verbosity'], array('0', '1', '2', '3', '4', '5'), true)) {
+			$input_errors[] = "A valid value must be specified for Log level verbosity.";
+		}
 		if (isset($_POST['hideidentity'])) {
 			$config['unbound']['hideidentity'] = true;
 		} else {