add input validation for proxy URL, port, user.

Conflicts: usr/local/www/system_advanced_misc.php
author: Chris Buechler <cmb@pfsense.org> 2015-06-14 00:48:55 -0500
committer: Chris Buechler <cmb@pfsense.org> 2015-06-14 02:19:23 -0500
commit: 26b8101b4f2d39e2f342237f7fa11ef9cce4b5f8 (patch)
tree: edbe9789f3aac3de425df3d406cbeff948040bea /usr/local/www/system_advanced_misc.php
parent: 67d9685607eef7c679fda929ad4855be1b2f9dec (diff)
download: pfsense-26b8101b4f2d39e2f342237f7fa11ef9cce4b5f8.zip
pfsense-26b8101b4f2d39e2f342237f7fa11ef9cce4b5f8.tar.gz
1 files changed, 12 insertions, 0 deletions
diff --git a/usr/local/www/system_advanced_misc.php b/usr/local/www/system_advanced_misc.php
index 9d11b86..f6332c7 100644
--- a/usr/local/www/system_advanced_misc.php
+++ b/usr/local/www/system_advanced_misc.php
@@ -118,6 +118,18 @@ if ($_POST) {
 		$input_errors[] = gettext("/var Size must be numeric and should not be less than 60MB.");
 	}
 
+	if (!empty($_POST['proxyport']) && !is_port($_POST['proxyport'])) {
+		$input_errors[] = gettext("Proxy port must be a valid port number, 1-65535.");
+	}
+	
+	if (!empty($_POST['proxyurl']) && !is_fqdn($_POST['proxyurl']) && !is_ipaddr($_POST['proxyurl'])) {
+		$input_errors[] = gettext("Proxy URL must be a valid IP address or FQDN.");
+	}
+	
+	if (!empty($_POST['proxyuser']) && preg_match("/[^a-zA-Z0-9\.\-_@]/", $_POST['proxyuser'])) {
+		$input_errors[] = gettext("The proxy username contains invalid characters.");
+	}
+	
 	if (!$input_errors) {
 
 		if ($_POST['harddiskstandby'] <> "") {
author	Chris Buechler <cmb@pfsense.org>	2015-06-14 00:48:55 -0500
committer	Chris Buechler <cmb@pfsense.org>	2015-06-14 02:19:23 -0500
commit	26b8101b4f2d39e2f342237f7fa11ef9cce4b5f8 (patch)
tree	edbe9789f3aac3de425df3d406cbeff948040bea /usr/local/www/system_advanced_misc.php
parent	67d9685607eef7c679fda929ad4855be1b2f9dec (diff)
download	pfsense-26b8101b4f2d39e2f342237f7fa11ef9cce4b5f8.zip pfsense-26b8101b4f2d39e2f342237f7fa11ef9cce4b5f8.tar.gz