Resolves #146 Add propper validation on alias usage. Allow port type aliases only on port side and other aliases in ip specifications and similar. Introduce a new function is_portoralias to ressemble the is_ipaddroralias to check for the cases.

2 files changed, 10 insertions, 10 deletions

diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php
index 635f7f4..a1e0c9c 100755
--- a/usr/local/www/firewall_nat_edit.php
+++ b/usr/local/www/firewall_nat_edit.php
@@ -125,15 +125,15 @@ if ($_POST) {
 	/* only validate the ports if the protocol is TCP, UDP or TCP/UDP */
 	if(strtoupper($_POST['proto']) == "TCP" or strtoupper($_POST['proto']) == "UDP" or strtoupper($_POST['proto']) == "TCP/UDP") {
 
-		if (($_POST['beginport'] && !is_ipaddroralias($_POST['beginport']) && !is_port($_POST['beginport']))) {
+		if ($_POST['beginport'] && !is_portoralias($_POST['beginport'])) {
 			$input_errors[] = "The start port must be an integer between 1 and 65535.";
 		}
 
-		if (($_POST['endport'] && !is_ipaddroralias($_POST['endport']) && !is_port($_POST['endport']))) {
+		if ($_POST['endport'] && !is_portoralias($_POST['endport'])) {
 			$input_errors[] = "The end port must be an integer between 1 and 65535.";
 		}
 
-		if (($_POST['localbeginport'] && !is_ipaddroralias($_POST['localbeginport']) && !is_port($_POST['localbeginport']))) {
+		if ($_POST['localbeginport'] && !is_portoralias($_POST['localbeginport'])) {
 			$input_errors[] = "The local port must be an integer between 1 and 65535.";
 		}
 
diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php
index 8231692..d647ae7 100755
--- a/usr/local/www/firewall_rules_edit.php
+++ b/usr/local/www/firewall_rules_edit.php
@@ -45,7 +45,7 @@ require("guiconfig.inc");
 require("filter.inc");
 require("shaper.inc");
 
-$specialsrcdst = explode(" ", "any pptp pppoe l2tp");
+$specialsrcdst = explode(" ", "any pptp pppoe l2tp openvpn");
 $ifdisp = get_configured_interface_with_descr();
 foreach ($ifdisp as $kif => $kdescr) {
 	$specialsrcdst[] = "{$kif}";
@@ -273,16 +273,16 @@ if ($_POST) {
 		$_POST['dstendport'] = 0;
 	}
 
-	if (($_POST['srcbeginport'] && !alias_expand($_POST['srcbeginport']) && !is_port($_POST['srcbeginport']))) {
+	if ($_POST['srcbeginport'] && !is_portoralias($_POST['srcbeginport'])) {
 		$input_errors[] = "The start source port must be an alias or integer between 1 and 65535.";
 	}
-	if (($_POST['srcendport'] && !alias_expand($_POST['srcendport']) && !is_port($_POST['srcendport']))) {
+	if ($_POST['srcendport'] && !is_portoralias($_POST['srcendport'])) {
 		$input_errors[] = "The end source port must be an alias or integer between 1 and 65535.";
 	}
-	if (($_POST['dstbeginport'] && !alias_expand($_POST['dstbeginport']) && !is_port($_POST['dstbeginport']))) {
+	if ($_POST['dstbeginport'] && !is_portoralias($_POST['dstbeginport'])) {
 		$input_errors[] = "The start destination port must be an alias or integer between 1 and 65535.";
 	}
-	if (($_POST['dstendport'] && !alias_expand($_POST['dstbeginport']) && !is_port($_POST['dstendport']))) {
+	if ($_POST['dstendport'] && !is_portoralias($_POST['dstbeginport'])) {
 		$input_errors[] = "The end destination port must be an alias or integer between 1 and 65535.";
 	}
 
@@ -297,7 +297,7 @@ if ($_POST) {
 	}
 
 	if (!is_specialnet($_POST['srctype'])) {
-		if (($_POST['src'] && !is_ipaddroranyalias($_POST['src']))) {
+		if (($_POST['src'] && !is_ipaddroralias($_POST['src']))) {
 			$input_errors[] = "A valid source IP address or alias must be specified.";
 		}
 		if (($_POST['srcmask'] && !is_numericint($_POST['srcmask']))) {
@@ -305,7 +305,7 @@ if ($_POST) {
 		}
 	}
 	if (!is_specialnet($_POST['dsttype'])) {
-		if (($_POST['dst'] && !is_ipaddroranyalias($_POST['dst']))) {
+		if (($_POST['dst'] && !is_ipaddroralias($_POST['dst']))) {
 			$input_errors[] = "A valid destination IP address or alias must be specified.";
 		}
 		if (($_POST['dstmask'] && !is_numericint($_POST['dstmask']))) {