diff options
author | Renato Botelho <garga@pfSense.org> | 2014-03-12 08:06:52 -0300 |
---|---|---|
committer | Renato Botelho <garga@pfSense.org> | 2014-03-12 08:06:52 -0300 |
commit | 3b77ba4a2a96a388682d564c3b9b7517bbbfdb21 (patch) | |
tree | 15350a976af8c19011627945c24dc19405c5afbd /usr/local | |
parent | ea44d3baafba7e53317604e5fd964e3839d0d6d5 (diff) | |
parent | eaa2285c06cde3f36ef3f9470c4331708cb5a061 (diff) | |
download | pfsense-3b77ba4a2a96a388682d564c3b9b7517bbbfdb21.zip pfsense-3b77ba4a2a96a388682d564c3b9b7517bbbfdb21.tar.gz |
Merge pull request #1024 from phil-davis/RELENG_2_1
Validate rule Advanced Options numeric entries
Diffstat (limited to 'usr/local')
-rwxr-xr-x | usr/local/www/firewall_rules_edit.php | 42 |
1 files changed, 35 insertions, 7 deletions
diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index d77fe23..d4efe51 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -45,19 +45,25 @@ require("guiconfig.inc"); require_once("filter.inc"); require("shaper.inc"); +function is_posnumericint($arg) { + // Note that to be safe we do not allow any leading zero - "01", "007" + return (is_numericint($arg) && $arg[0] != '0' && $arg > 0); +} + function is_aoadv_used($rule_config) { // Note that the user could set "tag" or "tagged" to the string "0", which is valid but empty(). + // And if the user enters "0" in other fields, we want to present an error message, and keep the Advanced Options section open. if ((isset($rule_config['allowopts'])) || (isset($rule_config['disablereplyto'])) || ($rule_config['tag'] != "") || ($rule_config['tagged'] != "") || - (!empty($rule_config['max'])) || - (!empty($rule_config['max-src-nodes'])) || - (!empty($rule_config['max-src-conn'])) || - (!empty($rule_config['max-src-states'])) || - (!empty($rule_config['max-src-conn-rate'])) || - (!empty($rule_config['max-src-conn-rates'])) || - (!empty($rule_config['statetimeout']))) + ($rule_config['max'] != "") || + ($rule_config['max-src-nodes'] != "") || + ($rule_config['max-src-conn'] != "") || + ($rule_config['max-src-states'] != "") || + ($rule_config['max-src-conn-rate'] != "") || + ($rule_config['max-src-conn-rates'] != "") || + ($rule_config['statetimeout'] != "")) return true; return false; } @@ -528,6 +534,28 @@ if ($_POST) { $input_errors[] = gettext("You cannot specify the state timeout (advanced option) if statetype is none and no L7 container is selected."); } + if (($_POST['max'] != "") && !is_posnumericint($_POST['max'])) + $input_errors[] = gettext("Maximum state entries (advanced option) must be a positive integer"); + + if (($_POST['max-src-nodes'] != "") && !is_posnumericint($_POST['max-src-nodes'])) + $input_errors[] = gettext("Maximum number of unique source hosts (advanced option) must be a positive integer"); + + if (($_POST['max-src-conn'] != "") && !is_posnumericint($_POST['max-src-conn'])) + $input_errors[] = gettext("Maximum number of established connections per host (advanced option) must be a positive integer"); + + if (($_POST['max-src-states'] != "") && !is_posnumericint($_POST['max-src-states'])) + $input_errors[] = gettext("Maximum state entries per host (advanced option) must be a positive integer"); + + if (($_POST['max-src-conn-rate'] != "") && !is_posnumericint($_POST['max-src-conn-rate'])) + $input_errors[] = gettext("Maximum new connections per host / per second(s) (advanced option) must be a positive integer"); + + if (($_POST['statetimeout'] != "") && !is_posnumericint($_POST['statetimeout'])) + $input_errors[] = gettext("State timeout (advanced option) must be a positive integer"); + + if ((($_POST['max-src-conn-rate'] <> "" and $_POST['max-src-conn-rates'] == "")) || + (($_POST['max-src-conn-rate'] == "" and $_POST['max-src-conn-rates'] <> ""))) + $input_errors[] = gettext("Both maximum new connections per host and the interval (per second(s)) must be specified"); + if (!$_POST['tcpflags_any']) { $settcpflags = array(); $outoftcpflags = array(); |