summaryrefslogtreecommitdiffstats
path: root/usr/local/www
diff options
context:
space:
mode:
authorChris Buechler <cmb@pfsense.org>2015-12-17 22:14:39 -0600
committerChris Buechler <cmb@pfsense.org>2015-12-17 22:14:39 -0600
commit0548783251c1e98d6e9d93c75fcb967ef63c4904 (patch)
treeba054debac38463db6b57793debd56cfbcd49e33 /usr/local/www
parent6d05bb9af71b156b8fe9a3a9502d93e095f457de (diff)
downloadpfsense-0548783251c1e98d6e9d93c75fcb967ef63c4904.zip
pfsense-0548783251c1e98d6e9d93c75fcb967ef63c4904.tar.gz
Add range validation to CP IP passthrough. Ticket #5655
Diffstat (limited to 'usr/local/www')
-rw-r--r--usr/local/www/services_captiveportal_ip_edit.php13
1 files changed, 10 insertions, 3 deletions
diff --git a/usr/local/www/services_captiveportal_ip_edit.php b/usr/local/www/services_captiveportal_ip_edit.php
index 4ad066a..7d5becb 100644
--- a/usr/local/www/services_captiveportal_ip_edit.php
+++ b/usr/local/www/services_captiveportal_ip_edit.php
@@ -108,11 +108,18 @@ if ($_POST) {
if ($_POST['sn'] && (!is_numeric($_POST['sn']) || ($_POST['sn'] < 1) || ($_POST['sn'] > 32)))
$input_errors[] = gettext("A valid subnet mask must be specified");
- if ($_POST['bw_up'] && !is_numeric($_POST['bw_up']))
+ if ($_POST['bw_up'] && !is_numeric($_POST['bw_up'])) {
$input_errors[] = gettext("Upload speed needs to be an integer");
-
- if ($_POST['bw_down'] && !is_numeric($_POST['bw_down']))
+ }
+ if ($_POST['bw_up'] && ($_POST['bw_up'] > 999999 || $_POST['bw_up'] < 1)) {
+ $input_errors[] = gettext("Upload speed must be between 1 and 999999");
+ }
+ if ($_POST['bw_down'] && !is_numeric($_POST['bw_down'])) {
$input_errors[] = gettext("Download speed needs to be an integer");
+ }
+ if ($_POST['bw_down'] && ($_POST['bw_down'] > 999999 || $_POST['bw_down'] < 1)) {
+ $input_errors[] = gettext("Download speed must be between 1 and 999999");
+ }
foreach ($a_allowedips as $ipent) {
if (isset($id) && ($a_allowedips[$id]) && ($a_allowedips[$id] === $ipent))
OpenPOWER on IntegriCloud