diff options
| author | jim-p <jimp@pfsense.org> | 2012-02-14 13:02:14 -0500 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2012-02-14 13:03:05 -0500 |
| commit | a5a483e05b4db81fde402dfc943408a8b0d51de8 (patch) | |
| tree | ad4c288caced440c156920ebfbf2ac3f3c5eb3e2 /usr/local/www/vpn_ipsec_phase2.php | |
| parent | cf0a2714c23c642d4119b2bb0e6ac887538967eb (diff) | |
| download | pfsense-a5a483e05b4db81fde402dfc943408a8b0d51de8.zip pfsense-a5a483e05b4db81fde402dfc943408a8b0d51de8.tar.gz | |
Reject an interface without a subnet as a network source in the IPsec Phase 2 GUI. Fixes ticket #2201
Diffstat (limited to 'usr/local/www/vpn_ipsec_phase2.php')
| -rw-r--r-- | usr/local/www/vpn_ipsec_phase2.php | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php index 56f377a..1aeb498 100644 --- a/usr/local/www/vpn_ipsec_phase2.php +++ b/usr/local/www/vpn_ipsec_phase2.php @@ -130,6 +130,16 @@ if ($_POST) { break; } + /* Check if the localid_type is an interface, to confirm if it has a valid subnet. */ + if (is_array($config['interfaces'][$pconfig['localid_type']])) { + // Don't let an empty subnet into racoon.conf, it can cause parse errors. Ticket #2201. + $address = get_interface_ip($pconfig['localid_type']); + $netbits = get_interface_subnet($pconfig['localid_type']); + + if (empty($address) || empty($netbits)) + $input_errors[] = gettext("Invalid Local Network.") . " " . convert_friendly_interface_to_friendly_descr($pconfig['localid_type']) . " " . gettext("has no subnet."); + } + switch ($pconfig['remoteid_type']) { case "network": if (($pconfig['remoteid_netbits'] != 0 && !$pconfig['remoteid_netbits']) || !is_numeric($pconfig['remoteid_netbits'])) |
