summaryrefslogtreecommitdiffstats
path: root/usr/local/www
diff options
context:
space:
mode:
authorbcyrill <cyrill@bannwart.info>2013-02-02 20:22:15 +0100
committerbcyrill <cyrill@bannwart.info>2013-02-02 20:22:15 +0100
commitf504b290ff2c8dcf0ba363fb3a7f3aaaa435d28c (patch)
tree81489a3bfad9c02667ad6670b98847ba28c6e89f /usr/local/www
parent49b12e444ede8b9da4e85cb594df15793433e7f0 (diff)
downloadpfsense-f504b290ff2c8dcf0ba363fb3a7f3aaaa435d28c.zip
pfsense-f504b290ff2c8dcf0ba363fb3a7f3aaaa435d28c.tar.gz
Fix problems with overlapping 'allowed IP subnets' in CP
Diffstat (limited to 'usr/local/www')
-rwxr-xr-xusr/local/www/services_captiveportal_ip.php15
-rwxr-xr-xusr/local/www/services_captiveportal_ip_edit.php37
2 files changed, 25 insertions, 27 deletions
diff --git a/usr/local/www/services_captiveportal_ip.php b/usr/local/www/services_captiveportal_ip.php
index e0e39d8..410064d 100755
--- a/usr/local/www/services_captiveportal_ip.php
+++ b/usr/local/www/services_captiveportal_ip.php
@@ -67,15 +67,12 @@ if ($_GET['act'] == "del") {
$ipent = $a_allowedips[$_GET['id']];
if (isset($config['captiveportal'][$cpzone]['enable'])) {
- if (!empty($ipent['sn'])) {
- $ipfw = pfSense_ipfw_getTablestats($cpzone, 3, $ipent['ip'], $ipent['sn']);
- pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_DEL, 3, $ipent['ip'], $ipent['sn']);
- pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_DEL, 4, $ipent['ip'], $ipent['sn']);
- } else {
- $ipfw = pfSense_ipfw_getTablestats($cpzone, 3, $ipent['ip']);
- pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_DEL, 3, $ipent['ip']);
- pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_DEL, 4, $ipent['ip']);
- }
+ $mask = (!empty($ipent['sn'])) ? $ipent['sn'] : 32;
+
+ $ipfw = pfSense_ipfw_getTablestats($cpzone, 3, $ipent['ip'], $mask);
+ pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_DEL, 3, $ipent['ip'], $mask);
+ pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_DEL, 4, $ipent['ip'], $mask);
+
if (is_array($ipfw)) {
captiveportal_free_dn_ruleno($ipfw['dnpipe']);
pfSense_pipe_action("pipe delete {$ipfw['dnpipe']}");
diff --git a/usr/local/www/services_captiveportal_ip_edit.php b/usr/local/www/services_captiveportal_ip_edit.php
index 8c8c79e..57201e1 100755
--- a/usr/local/www/services_captiveportal_ip_edit.php
+++ b/usr/local/www/services_captiveportal_ip_edit.php
@@ -95,14 +95,17 @@ if ($_POST) {
$pconfig = $_POST;
/* input validation */
- $reqdfields = explode(" ", "ip");
- $reqdfieldsn = array(gettext("Allowed IP address"));
+ $reqdfields = explode(" ", "ip sn");
+ $reqdfieldsn = array(gettext("Allowed IP address"), gettext("Subnet mask"));
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
- if (($_POST['ip'] && !is_ipaddr($_POST['ip'])))
+ if ($_POST['ip'] && !is_ipaddr($_POST['ip']))
$input_errors[] = sprintf(gettext("A valid IP address must be specified. [%s]"), $_POST['ip']);
+ if ($_POST['sn'] && (!is_numeric($_POST['sn']) || ($_POST['sn'] < 1) || ($_POST['sn'] > 32)))
+ $input_errors[] = gettext("A valid subnet mask must be specified");
+
if ($_POST['bw_up'] && !is_numeric($_POST['bw_up']))
$input_errors[] = gettext("Upload speed needs to be an integer");
@@ -128,16 +131,14 @@ if ($_POST) {
$ip['bw_up'] = $_POST['bw_up'];
if ($_POST['bw_down'])
$ip['bw_down'] = $_POST['bw_down'];
- $oldmask = "";
if (isset($id) && $a_allowedips[$id]) {
$oldip = $a_allowedips[$id]['ip'];
if (!empty($a_allowedips[$id]['sn']))
- $oldmask .= "/{$a_allowedips[$id]['sn']}";
+ $oldmask = $a_allowedips[$id]['sn'];
+ else
+ $oldmask = 32;
$a_allowedips[$id] = $ip;
} else {
- $oldip = $ip['ip'];
- if (!empty($ip['sn']))
- $oldmask .= "/{$ip['sn']}";
$a_allowedips[] = $ip;
}
allowedips_sort();
@@ -145,20 +146,20 @@ if ($_POST) {
write_config();
if (isset($a_cp[$cpzone]['enable']) && is_module_loaded("ipfw.ko")) {
- if (is_ipaddr($oldip)) {
- if (!empty($oldmask))
- $ipfw = pfSense_ipfw_getTablestats($cpzone, 3, $oldip, $oldmask);
- else
- $ipfw = pfSense_ipfw_getTablestats($cpzone, 3, $oldip);
+ $rules = "";
+ if (isset($oldip) && isset($oldmask)) {
+ $ipfw = pfSense_ipfw_getTablestats($cpzone, 3, $oldip, $oldmask);
+ $rules .= "table 3 delete {$oldip}/{$oldmask}\n";
+ $rules .= "table 4 delete {$oldip}/{$oldmask}\n";
+ if (is_array($ipfw)) {
+ $rules .= "pipe delete {$ipfw['dnpipe']}\n";
+ $rules .= "pipe delete " . ($ipfw['dnpipe']+1 . "\n");
+ }
}
- $rules = "table 3 delete {$oldip}\n";
- $rules .= "table 4 delete {$oldip}\n";
+ $rules .= captiveportal_allowedip_configure_entry($ip);
if (is_array($ipfw)) {
captiveportal_free_dn_ruleno($ipfw['dnpipe']);
- $rules .= "pipe delete {$ipfw['dnpipe']}\n";
- $rules .= "pipe delete " . ($ipfw['dnpipe']+1 . "\n");
}
- $rules .= captiveportal_allowedip_configure_entry($ip);
$uniqid = uniqid("{$cpzone}_allowed");
@file_put_contents("{$g['tmp_path']}/{$uniqid}_tmp", $rules);
mwexec("/sbin/ipfw -x {$cpzone} -q {$g['tmp_path']}/{$uniqid}_tmp");
OpenPOWER on IntegriCloud