diff options
author | Seth Mos <seth.mos@xs4all.nl> | 2009-03-11 21:25:44 +0100 |
---|---|---|
committer | Seth Mos <seth.mos@xs4all.nl> | 2009-03-11 21:25:44 +0100 |
commit | 31ace93c7e6dcb7d3f388982c71ecb854f52f7ed (patch) | |
tree | 5f6301cf6397b88a8f2b4e3d0f163a759f1d2aee /usr/local | |
parent | 07e8a013e9984e62cebe7e79dad9fbe5f0e9c8cf (diff) | |
download | pfsense-31ace93c7e6dcb7d3f388982c71ecb854f52f7ed.zip pfsense-31ace93c7e6dcb7d3f388982c71ecb854f52f7ed.tar.gz |
Add input validation on the gateway name field.
We apply the same input validation as we use from the aliases page as we do not want a - in the name nor spaces.
Diffstat (limited to 'usr/local')
-rwxr-xr-x | usr/local/www/system_gateways_edit.php | 35 |
1 files changed, 20 insertions, 15 deletions
diff --git a/usr/local/www/system_gateways_edit.php b/usr/local/www/system_gateways_edit.php index a8aa571..1e427cf 100755 --- a/usr/local/www/system_gateways_edit.php +++ b/usr/local/www/system_gateways_edit.php @@ -83,6 +83,9 @@ if ($_POST) { if (! isset($_POST['name'])) { $input_errors[] = "A valid gateway name must be specified."; } + if (! is_validaliasname($_POST['name'])) { + $input_errors[] = "The gateway name must not contain invalid characters."; + } /* skip system gateways which have been automatically added */ if ($_POST['gateway'] && (!is_ipaddr($_POST['gateway'])) && ($pconfig['attribute'] != "system")) { $input_errors[] = "A valid gateway IP address must be specified."; @@ -91,22 +94,24 @@ if ($_POST) { $input_errors[] = "A valid monitor IP address must be specified."; } - /* check for overlaps */ - foreach ($a_gateways as $gateway) { - if (isset($id) && ($a_gateways[$id]) && ($a_gateways[$id] === $gateway)) - continue; + if (! isset($_POST['name'])) { + /* check for overlaps */ + foreach ($a_gateways as $gateway) { + if (isset($id) && ($a_gateways[$id]) && ($a_gateways[$id] === $gateway)) + continue; - if (($gateway['name'] <> "") && (in_array($gateway, $_POST['name']))) { - $input_errors[] = "The name \"{$_POST['name']}\" already exists."; - break; - } - if (($gateway['gateway'] <> "") && (in_array($gateway, $_POST['gateway']))) { - $input_errors[] = "The IP address \"{$_POST['gateway']}\" already exists."; - break; - } - if (($gateway['monitor'] <> "") && (in_array($gateway, $gateway['monitor']))) { - $input_errors[] = "The IP address \"{$_POST['monitor']}\" already exists."; - break; + if (($gateway['name'] <> "") && (in_array($gateway, $_POST['name']))) { + $input_errors[] = "The name \"{$_POST['name']}\" already exists."; + break; + } + if (($gateway['gateway'] <> "") && (in_array($gateway, $_POST['gateway']))) { + $input_errors[] = "The IP address \"{$_POST['gateway']}\" already exists."; + break; + } + if (($gateway['monitor'] <> "") && (in_array($gateway, $gateway['monitor']))) { + $input_errors[] = "The IP address \"{$_POST['monitor']}\" already exists."; + break; + } } } |