diff options
| author | Seth Mos <seth.mos@dds.nl> | 2011-08-24 12:42:16 +0200 |
|---|---|---|
| committer | Seth Mos <seth.mos@dds.nl> | 2011-08-24 12:42:16 +0200 |
| commit | 9e80d14cab8349d737325e59a1d6eb8f6cc7e0d6 (patch) | |
| tree | aa08df0aa5d295b8d7822e4e646cfb5871a03cb6 /usr/local/www/system_gateways_edit.php | |
| parent | bb5a2d0e727dee7d200d0f84dc76ef0c790e0c00 (diff) | |
| download | pfsense-9e80d14cab8349d737325e59a1d6eb8f6cc7e0d6.zip pfsense-9e80d14cab8349d737325e59a1d6eb8f6cc7e0d6.tar.gz | |
Add address family input validation on the Gateways edit page, also prevent adding gateways on interfaces that do not carry that address family.
Fix Ticket #1633
Diffstat (limited to 'usr/local/www/system_gateways_edit.php')
| -rwxr-xr-x | usr/local/www/system_gateways_edit.php | 45 |
1 files changed, 29 insertions, 16 deletions
diff --git a/usr/local/www/system_gateways_edit.php b/usr/local/www/system_gateways_edit.php index c28e5cc..dbdeb39 100755 --- a/usr/local/www/system_gateways_edit.php +++ b/usr/local/www/system_gateways_edit.php @@ -111,33 +111,46 @@ if ($_POST) { } if ($_POST['gateway'] && (is_ipaddr($_POST['gateway'])) && !$_REQUEST['isAjax']) { - if (!empty($config['interfaces'][$_POST['interface']]['ipaddr'])) { - if (is_ipaddr($config['interfaces'][$_POST['interface']]['ipaddr']) && (empty($_POST['gateway']) || $_POST['gateway'] == "dynamic")) - $input_errors[] = gettext("Dynamic gateway values cannot be specified for interfaces with a static ip configuration."); - } - if(is_ipaddrv6($_POST['gateway'])) { - $parent_ip = get_interface_ipv6($_POST['interface']); - } else { + if(is_ipaddrv4($_POST['gateway'])) { $parent_ip = get_interface_ip($_POST['interface']); - } - if (is_ipaddrv4($parent_ip)) { $parent_sn = get_interface_subnet($_POST['interface']); - $subnet = gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn; - if(!ip_in_subnet($_POST['gateway'], $subnet) && !ip_in_interface_alias_subnet($_POST['interface'], $_POST['gateway'])) { - $input_errors[] = sprintf(gettext("The gateway address %1\$s does not lie within the chosen interface's subnet '%2\$s'."), $_POST['gateway'],$subnet); + if(empty($parent_ip) || empty($parent_sn)) { + $input_errors[] = gettext("You can not use a IPv6 Gateway Address on a IPv4 only interface."); + } else { + $subnet = gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn; + if(!ip_in_subnet($_POST['gateway'], $subnet)) + $input_errors[] = sprintf(gettext("The gateway address %1\$s does not lie within the chosen interface's subnet '%2\$s'."), $_POST['gateway'],$subnet); } } - if (is_ipaddrv6($parent_ip)) { + if(is_ipaddrv6($_POST['gateway'])) { + $parent_ip = get_interface_ipv6($_POST['interface']); $parent_sn = get_interface_subnetv6($_POST['interface']); - $subnet = gen_subnetv6($parent_ip, $parent_sn) . "/" . $parent_sn; - if(!ip_in_subnet($_POST['gateway'], $subnet)) { - $input_errors[] = sprintf(gettext("The gateway address %1\$s does not lie within the chosen interface's subnet '%2\$s'."), $_POST['gateway'],$subnet); + if(empty($parent_ip) || empty($parent_sn)) { + $input_errors[] = gettext("You can not use a IPv4 Gateway Address on a IPv6 only interface."); + } else { + $subnet = gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn; + if(!ip_in_subnet($_POST['gateway'], $subnet)) + $input_errors[] = sprintf(gettext("The gateway address %1\$s does not lie within the chosen interface's subnet '%2\$s'."), $_POST['gateway'],$subnet); } } + + if (!empty($config['interfaces'][$_POST['interface']]['ipaddr'])) { + if (is_ipaddr($config['interfaces'][$_POST['interface']]['ipaddr']) && (empty($_POST['gateway']) || $_POST['gateway'] == "dynamic")) + $input_errors[] = gettext("Dynamic gateway values cannot be specified for interfaces with a static IPv4 configuration."); + } + if (!empty($config['interfaces'][$_POST['interface']]['ipaddrv6'])) { + if (is_ipaddr($config['interfaces'][$_POST['interface']]['ipaddrv6']) && (empty($_POST['gateway']) || $_POST['gateway'] == "dynamic")) + $input_errors[] = gettext("Dynamic gateway values cannot be specified for interfaces with a static IPv6 configuration."); + } } if (($_POST['monitor'] <> "") && !is_ipaddr($_POST['monitor']) && $_POST['monitor'] != "dynamic") { $input_errors[] = gettext("A valid monitor IP address must be specified."); } + if (($_POST['monitor'] <> "") && is_ipaddr($_POST['monitor']) && $_POST['monitor'] != "dynamic") { + if(!validate_address_family($_POST['monitor'], $_POST['gateway'])) { + $input_errors[] = gettext("The monitor address '{$_POST['monitor']}' is a different Address Family then gateway '{$_POST['gateway']}'."); + } + } if (isset($_POST['name'])) { /* check for overlaps */ |
