diff options
author | Phil Davis <phil.davis@inf.org> | 2015-07-22 19:36:09 +0545 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2015-07-22 13:24:24 -0500 |
commit | b3bcc72952ec1b425294782525515b2d3ef5a53b (patch) | |
tree | f4688ad8dcaaf6063231816fdf6a7b9ee5944827 /usr/local/www/vpn_ipsec_settings.php | |
parent | 5bded426abd661d79d4ece3960a4f4fa90bce811 (diff) | |
download | pfsense-b3bcc72952ec1b425294782525515b2d3ef5a53b.zip pfsense-b3bcc72952ec1b425294782525515b2d3ef5a53b.tar.gz |
Handle IPsec Advanced Settings save before IPsec is enabled
If the Advanced Settings are saved before any other IPsec is set up then $config['ipsec'] can be just the empty string. As a result you can get:
a) If you select some debug settings then those are not saved. The code to save those settings was only executed when $config['ipsec'] was already an array. Actually the code already did the necessary "if isset() then unset()" stuuf. So I just took the the "if is_array()" away from the code block.
b) Some potential unset() can go wrong with errors like:
Fatal error: Cannot unset string offsets in /usr/local/www/vpn_ipsec_settings.php on line 168
This is corrected by adding more "if (isset())" checks.
Fixes Redmine #4865
Conflicts:
usr/local/www/vpn_ipsec_settings.php
Diffstat (limited to 'usr/local/www/vpn_ipsec_settings.php')
-rw-r--r-- | usr/local/www/vpn_ipsec_settings.php | 30 |
1 files changed, 18 insertions, 12 deletions
diff --git a/usr/local/www/vpn_ipsec_settings.php b/usr/local/www/vpn_ipsec_settings.php index 075cbc9..bf00858 100644 --- a/usr/local/www/vpn_ipsec_settings.php +++ b/usr/local/www/vpn_ipsec_settings.php @@ -118,13 +118,13 @@ if ($_POST) { if (!$input_errors) { - if (is_array($config['ipsec'])) { - foreach ($ipsec_loglevels as $lkey => $ldescr) { - if (empty($_POST["ipsec_{$lkey}"])) { - if (isset($config['ipsec']["ipsec_{$lkey}"])) - unset($config['ipsec']["ipsec_{$lkey}"]); - } else - $config['ipsec']["ipsec_{$lkey}"] = $_POST["ipsec_{$lkey}"]; + foreach ($ipsec_loglevels as $lkey => $ldescr) { + if (empty($_POST["ipsec_{$lkey}"])) { + if (isset($config['ipsec']["ipsec_{$lkey}"])) { + unset($config['ipsec']["ipsec_{$lkey}"]); + } + } else { + $config['ipsec']["ipsec_{$lkey}"] = $_POST["ipsec_{$lkey}"]; } } @@ -164,8 +164,10 @@ if ($_POST) { } /* The wierd logic here is to avoid negative policies when checked #4655 */ - if($_POST['noshuntlaninterfaces'] == "yes") { - unset($config['ipsec']['noshuntlaninterfaces']); + if ($_POST['noshuntlaninterfaces'] == "yes") { + if (isset($config['ipsec']['noshuntlaninterfaces'])) { + unset($config['ipsec']['noshuntlaninterfaces']); + } } else { $config['ipsec']['noshuntlaninterfaces'] = true; } @@ -181,7 +183,7 @@ if ($_POST) { if(!empty($_POST['uniqueids'])) { $config['ipsec']['uniqueids'] = $_POST['uniqueids']; - } else { + } else if (isset($config['ipsec']['uniqueids'])) { unset($config['ipsec']['uniqueids']); } @@ -189,8 +191,12 @@ if ($_POST) { $config['system']['maxmss_enable'] = true; $config['system']['maxmss'] = $_POST['maxmss']; } else { - unset($config['system']['maxmss_enable']); - unset($config['system']['maxmss']); + if (isset($config['system']['maxmss_enable'])) { + unset($config['system']['maxmss_enable']); + } + if (isset($config['system']['maxmss'])) { + unset($config['system']['maxmss']); + } } write_config(); |