diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2007-12-01 01:20:38 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2007-12-01 01:20:38 +0000 |
commit | ac09997e9460ae263769dc7bef990563451ac92d (patch) | |
tree | 60b2851ac1b212246da49a28a299cd0724ae3867 /usr/local | |
parent | 891075403dcfb118cfafea76e5f0c8d25c35113f (diff) | |
download | pfsense-ac09997e9460ae263769dc7bef990563451ac92d.zip pfsense-ac09997e9460ae263769dc7bef990563451ac92d.tar.gz |
Add more input validation to settings screen.
* Do not allow < 1
* Do not allow > 999
* Turn longs into integers
Diffstat (limited to 'usr/local')
-rwxr-xr-x | usr/local/www/system_usermanager_settings.php | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/usr/local/www/system_usermanager_settings.php b/usr/local/www/system_usermanager_settings.php index b707461..acba7a8 100755 --- a/usr/local/www/system_usermanager_settings.php +++ b/usr/local/www/system_usermanager_settings.php @@ -42,8 +42,15 @@ if ($_POST) { do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - if ($_POST['session_timeout'] != "" && !is_numeric($_POST['session_timeout'])) - $input_errors[] = gettext("Session timeout must be an integer with value 0 or greater."); + $timeout = intval($_POST['session_timeout']); + if ($timeout != "" && !is_numeric($timeout)) + $input_errors[] = gettext("Session timeout must be an integer with value 1 or greater."); + + if ($timeout < 1) + $input_errors[] = gettext("Session timeout must be an integer with value 1 or greater."); + + if ($timeout > 999) + $input_errors[] = gettext("Session timeout must be an integer with value 1 or greater."); /* if this is an AJAX caller then handle via JSON */ if (isAjax() && is_array($input_errors)) { @@ -53,7 +60,7 @@ if ($_POST) { if (!$input_errors) { - $pconfig['session_timeout'] = $_POST['session_timeout']; + $pconfig['session_timeout'] = intval($_POST['session_timeout']); write_config(); |