diff options
| author | Ermal <eri@pfsense.org> | 2011-01-24 16:54:25 +0000 |
|---|---|---|
| committer | Ermal <eri@pfsense.org> | 2011-01-24 16:54:25 +0000 |
| commit | 49946455240beb65061922e7e4920cec409111fc (patch) | |
| tree | f5713f6a0979e6436c61437122bd7c1db1cd30b7 /usr/local/www/wizards | |
| parent | 8d9c3f7610953e4519ec578e61961c22d3fe4404 (diff) | |
| download | pfsense-49946455240beb65061922e7e4920cec409111fc.zip pfsense-49946455240beb65061922e7e4920cec409111fc.tar.gz | |
Do proper input validation on traffic shaper wizards to not allow empty fiedls.
Diffstat (limited to 'usr/local/www/wizards')
4 files changed, 87 insertions, 87 deletions
diff --git a/usr/local/www/wizards/traffic_shaper_wizard.inc b/usr/local/www/wizards/traffic_shaper_wizard.inc index 3f1bd92..b684fb6 100644 --- a/usr/local/www/wizards/traffic_shaper_wizard.inc +++ b/usr/local/www/wizards/traffic_shaper_wizard.inc @@ -436,6 +436,9 @@ function step3_stepsubmitphpaction() { global $config; global $stepid, $savemsg; + if (!$_POST['enable']) + return; + if($_POST['address']) { if(!is_ipaddroralias($_POST['address'])) { /* item is not an ip or alias. error out */ @@ -447,24 +450,22 @@ function step3_stepsubmitphpaction() { $steps = intval($config['ezshaper']['step1']['numberofconnections']); for ($i = 0; $i < $steps; $i++) { - if ($_POST["conn{$i}upload"]) { - if (!is_numeric($_POST["conn{$i}upload"])) { - $wannum = $i + 1; - $savemsg = gettext("Upload bandwidth of WAN #{$wannum} is not valid."); - $stepid--; - return; - } - $factor = wizard_get_bandwidthtype_scale($config['ezshaper']['step2']["conn{$i}uploadspeed"]); - $ifbw = $factor * floatval($config['ezshaper']['step2']["conn{$i}upload"]); - $factor = wizard_get_bandwidthtype_scale($_POST["conn{$i}uploadspeed"]); - $input_bw = $factor * floatval($_POST["conn{$i}upload"]); - if ((0.8 * $ifbw) < $input_bw) { - $friendly_interface = $i+1; - $savemsg=gettext("You cannot set the VoIP upload bandwidth on WAN #{$friendly_interface} higher than 80% of the connection."); - $stepid--; - return; - } + if (!is_numeric($_POST["conn{$i}upload"])) { + $wannum = $i + 1; + $savemsg = gettext("Upload bandwidth of WAN #{$wannum} is not valid."); + $stepid--; + return; } + $factor = wizard_get_bandwidthtype_scale($config['ezshaper']['step2']["conn{$i}uploadspeed"]); + $ifbw = $factor * floatval($config['ezshaper']['step2']["conn{$i}upload"]); + $factor = wizard_get_bandwidthtype_scale($_POST["conn{$i}uploadspeed"]); + $input_bw = $factor * floatval($_POST["conn{$i}upload"]); + if ((0.8 * $ifbw) < $input_bw) { + $friendly_interface = $i+1; + $savemsg=gettext("You cannot set the VoIP upload bandwidth on WAN #{$friendly_interface} higher than 80% of the connection."); + $stepid--; + return; + } } $config['ezshaper']['step3']['download'] = $_POST['download']; @@ -515,7 +516,7 @@ function step5_stepsubmitphpaction() { global $stepid, $savemsg; if ( $_POST['enable'] ) { - if (isset($_POST['bandwidth']) && $_POST['bandwidth'] <> "") { + if ($_POST['p2pcatchall']) { if(!is_numeric($_POST['bandwidth'])) { $savemsg="Posted value is not a valid bandwidth."; $stepid--; diff --git a/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc b/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc index 152cef5..b59c5a7 100755 --- a/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc +++ b/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc @@ -450,6 +450,9 @@ function step3_stepsubmitphpaction() { global $config; global $stepid, $savemsg; + if (!$_POST['enable']) + return; + if($_POST['address']) { if(!is_ipaddroralias($_POST['address'])) { /* item is not an ip or alias. error out */ @@ -461,39 +464,35 @@ function step3_stepsubmitphpaction() { $steps = intval($config['ezshaper']['step1']['numberofconnections']); for ($i = 0; $i < $steps; $i++) { - if ($_POST["conn{$i}upload"]) { - if (!is_numeric($_POST["conn{$i}upload"])) { - $savemsg = gettext("Upload bandwidth of connection {$i} is not valid."); - $stepid--; - return; - } - $factor = wizard_get_bandwidthtype_scale($config['ezshaper']['step2']["conn{$i}uploadspeed"]); - $ifbw = $factor * floatval($config['ezshaper']['step2']["conn{$i}upload"]); - $factor = wizard_get_bandwidthtype_scale($_POST["conn{$i}uploadspeed"]); - $input_bw = $factor * floatval($_POST["conn{$i}upload"]); - if ((0.8 * $ifbw) < $input_bw) { - $savemsg=gettext("You cannot set the VoIP upload bandwidth on connection {$i} higher than 80% of the connection."); - $stepid--; - return; - } + if (!is_numeric($_POST["conn{$i}upload"])) { + $savemsg = gettext("Upload bandwidth of connection {$i} is not valid."); + $stepid--; + return; } + $factor = wizard_get_bandwidthtype_scale($config['ezshaper']['step2']["conn{$i}uploadspeed"]); + $ifbw = $factor * floatval($config['ezshaper']['step2']["conn{$i}upload"]); + $factor = wizard_get_bandwidthtype_scale($_POST["conn{$i}uploadspeed"]); + $input_bw = $factor * floatval($_POST["conn{$i}upload"]); + if ((0.8 * $ifbw) < $input_bw) { + $savemsg=gettext("You cannot set the VoIP upload bandwidth on connection {$i} higher than 80% of the connection."); + $stepid--; + return; + } - if ($_POST["local{$i}download"]) { - if (!is_numeric($_POST["local{$i}download"])) { - $savemsg = gettext("Download bandwidth of connection {$i} is not valid."); - $stepid--; - return; - } - $factor = wizard_get_bandwidthtype_scale($config['ezshaper']['step2']["conn{$i}downloadspeed"]); - $ifbw = $factor * floatval($config['ezshaper']['step2']["conn{$i}download"]); - $factor = wizard_get_bandwidthtype_scale($_POST["local{$i}downloadspeed"]); - $input_bw = $factor * floatval($_POST["local{$i}download"]); - if ((0.8 * $ifbw) < $input_bw) { - $savemsg=gettext("You cannot set the VoIP download bandwidth on connection {$i} higher than 80% of the connection."); - $stepid--; - return; - } + if (!is_numeric($_POST["local{$i}download"])) { + $savemsg = gettext("Download bandwidth of connection {$i} is not valid."); + $stepid--; + return; } + $factor = wizard_get_bandwidthtype_scale($config['ezshaper']['step2']["conn{$i}downloadspeed"]); + $ifbw = $factor * floatval($config['ezshaper']['step2']["conn{$i}download"]); + $factor = wizard_get_bandwidthtype_scale($_POST["local{$i}downloadspeed"]); + $input_bw = $factor * floatval($_POST["local{$i}download"]); + if ((0.8 * $ifbw) < $input_bw) { + $savemsg=gettext("You cannot set the VoIP download bandwidth on connection {$i} higher than 80% of the connection."); + $stepid--; + return; + } } for ($i = 0; $i < $steps; $i++) { @@ -543,7 +542,7 @@ function step5_stepsubmitphpaction() { global $stepid, $savemsg; if ( $_POST['enable'] ) { - if (isset($_POST['bandwidth']) && $_POST['bandwidth'] <> "") { + if ($_POST['p2pcatchall']) { if(!is_numeric($_POST['bandwidth'])) { $savemsg="Posted value is not a valid bandwidth."; $stepid--; @@ -560,7 +559,7 @@ function step5_stepsubmitphpaction() { $stepid--; return; } - } + } } } diff --git a/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc b/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc index c63cf77..c6347da 100755 --- a/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc +++ b/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc @@ -480,6 +480,9 @@ function step3_stepsubmitphpaction() { global $config; global $stepid, $savemsg; + if (!$_POST['enable']) + return; + if($_POST['address']) { if(!is_ipaddroralias($_POST['address'])) { /* item is not an ip or alias. error out */ @@ -491,8 +494,7 @@ function step3_stepsubmitphpaction() { $steps = intval($config['ezshaper']['step1']['numberofconnections']); for ($i = 0; $i < $steps; $i++) { - if ($_POST["conn{$i}upload"]) { - if (!is_numeric($_POST["conn{$i}upload"])) { + if (!is_numeric($_POST["conn{$i}upload"])) { $savemsg = gettext("Upload bandwidth of connection {$i} is not valid."); $stepid--; return; @@ -505,27 +507,24 @@ function step3_stepsubmitphpaction() { $savemsg=gettext("You cannot set the VoIP upload bandwidth on connection {$i} higher than 80% of the connection."); $stepid--; return; - } - } + } } $localint = intval($config['ezshaper']['step1']['numberoflocalinterfaces']); for ($i = 0; $i < $localint; $i++) { - if ($_POST["local{$i}download"]) { - if (!is_numeric($_POST["local{$i}download"])) { - $savemsg = gettext("Download bandwidth of connection {$i} is not valid."); - $stepid--; - return; - } - $factor = wizard_get_bandwidthtype_scale($config['ezshaper']['step2']["conn{$i}downloadspeed"]); - $ifbw = $factor * floatval($config['ezshaper']['step2']["conn{$i}download"]); - $factor = wizard_get_bandwidthtype_scale($_POST["local{$i}downloadspeed"]); - $input_bw = $factor * floatval($_POST["local{$i}download"]); - if ((0.8 * $ifbw) < $input_bw) { - $savemsg=gettext("You cannot set the VoIP download bandwidth on connection {$i} higher than 80% of the connection."); - $stepid--; - return; - } + if (!is_numeric($_POST["local{$i}download"])) { + $savemsg = gettext("Download bandwidth of connection {$i} is not valid."); + $stepid--; + return; + } + $factor = wizard_get_bandwidthtype_scale($config['ezshaper']['step2']["conn{$i}downloadspeed"]); + $ifbw = $factor * floatval($config['ezshaper']['step2']["conn{$i}download"]); + $factor = wizard_get_bandwidthtype_scale($_POST["local{$i}downloadspeed"]); + $input_bw = $factor * floatval($_POST["local{$i}download"]); + if ((0.8 * $ifbw) < $input_bw) { + $savemsg=gettext("You cannot set the VoIP download bandwidth on connection {$i} higher than 80% of the connection."); + $stepid--; + return; } } @@ -570,14 +569,14 @@ function step4_stepsubmitphpaction() { /* item is not an ip or alias. error out */ $savemsg=gettext("Address must be a valid IP address or Firewall Alias. Please correct this value to continue."); $stepid--; - } + } } } function step5_stepsubmitphpaction() { global $stepid, $savemsg; if ( $_POST['enable'] ) { - if (isset($_POST['bandwidth']) && $_POST['bandwidth'] <> "") { + if ($_POST['p2pcatchall']) { if(!is_numeric($_POST['bandwidth'])) { $savemsg="Posted value is not a valid bandwidth."; $stepid--; diff --git a/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc b/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc index 731d327..a5de47e 100644 --- a/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc +++ b/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc @@ -284,6 +284,9 @@ function step3_stepsubmitphpaction() { global $config; global $stepid, $savemsg; + if (!$_POST['enable']) + return; + if($_POST['address']) { if(!is_ipaddroralias($_POST['address'])) { /* item is not an ip or alias. error out */ @@ -295,22 +298,20 @@ function step3_stepsubmitphpaction() { $steps = intval($config['ezshaper']['step1']['numberofconnections']); for ($i = 0; $i < $steps; $i++) { - if ($_POST["connupload"]) { - if (!is_numeric($_POST["connupload"])) { - $savemsg = gettext("Upload bandwidth of connection {$i} is not valid."); - $stepid--; - return; - } - $factor = wizard_get_bandwidthtype_scale($config['ezshaper']['step2']["conn{$i}uploadspeed"]); - $ifbw = $factor * floatval($config['ezshaper']['step2']["conn{$i}upload"]); - $factor = wizard_get_bandwidthtype_scale($_POST["conn{$i}uploadspeed"]); - $input_bw = $factor * floatval($_POST["conn{$i}upload"]); - if ((0.8 * $ifbw) < $input_bw) { - $savemsg=gettext("You cannot set the VoIP upload bandwidth on connection {$i} higher than 80% of the connection."); - $stepid--; - return; - } + if (!is_numeric($_POST["connupload"])) { + $savemsg = gettext("Upload bandwidth of connection {$i} is not valid."); + $stepid--; + return; } + $factor = wizard_get_bandwidthtype_scale($config['ezshaper']['step2']["conn{$i}uploadspeed"]); + $ifbw = $factor * floatval($config['ezshaper']['step2']["conn{$i}upload"]); + $factor = wizard_get_bandwidthtype_scale($_POST["conn{$i}uploadspeed"]); + $input_bw = $factor * floatval($_POST["conn{$i}upload"]); + if ((0.8 * $ifbw) < $input_bw) { + $savemsg=gettext("You cannot set the VoIP upload bandwidth on connection {$i} higher than 80% of the connection."); + $stepid--; + return; + } } } @@ -357,7 +358,7 @@ function step5_stepsubmitphpaction() { global $stepid, $savemsg; if ( $_POST['enable'] ) { - if (isset($_POST['bandwidth']) && $_POST['bandwidth'] <> "") { + if ($_POST['p2pcatchall']) { if(!is_numeric($_POST['bandwidth'])) { $savemsg="Posted value is not a valid bandwidth."; $stepid--; |
