diff options
author | Renato Botelho <garga@FreeBSD.org> | 2013-08-14 08:00:43 -0300 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2013-08-14 08:00:43 -0300 |
commit | 4262641880e1c0ee9c9e1c1334470c39537173f9 (patch) | |
tree | c8e0afc4fe9dcd981999e8c7d3b575071a3dea92 /usr | |
parent | cf96a1a958a60cac4d1187405b9d791cc99adf66 (diff) | |
download | pfsense-4262641880e1c0ee9c9e1c1334470c39537173f9.zip pfsense-4262641880e1c0ee9c9e1c1334470c39537173f9.tar.gz |
Do not allow to add nested alias containing FQDNs when current alias is used on a static route, ticket #2941
Diffstat (limited to 'usr')
-rwxr-xr-x | usr/local/www/firewall_aliases_edit.php | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/usr/local/www/firewall_aliases_edit.php b/usr/local/www/firewall_aliases_edit.php index 4c23417..cee13ef 100755 --- a/usr/local/www/firewall_aliases_edit.php +++ b/usr/local/www/firewall_aliases_edit.php @@ -263,6 +263,7 @@ if ($_POST) { } } $wrongaliases = ""; + $wrongaliases_fqdn = ""; for($x=0; $x<4999; $x++) { if($_POST["address{$x}"] <> "") { $_POST["address{$x}"] = trim($_POST["address{$x}"]); @@ -272,6 +273,18 @@ if ($_POST) { if (!($_POST['type'] == 'network' && alias_get_type($_POST["address{$x}"]) == 'urltable')) $wrongaliases .= " " . $_POST["address{$x}"]; + if ($used_for_routes === 1) { + foreach (filter_expand_alias_array($_POST["address{$x}"], true) as $tgt) { + if (is_ipaddrv4($tgt)) + $tgt .= "/32"; + if (is_ipaddrv6($tgt)) + $tgt .= "/128"; + if (!is_subnet($tgt) && is_fqdn($tgt)) { + $wrongaliases_fqdn .= " " . $_POST["address{$x}"]; + break; + } + } + } } else if ($_POST['type'] == "port") { if (!is_port($_POST["address{$x}"])) $input_errors[] = $_POST["address{$x}"] . " " . gettext("is not a valid port or alias."); @@ -304,6 +317,8 @@ if ($_POST) { } if ($wrongaliases <> "") $input_errors[] = sprintf(gettext('The alias(es): %s cannot be nested because they are not of the same type.'), $wrongaliases); + if ($wrongaliases_fqdn <> "") + $input_errors[] = sprintf(gettext('The alias(es): %s cannot be nested because they contain FQDNs and this alias is used on at least one static route.'), $wrongaliases_fqdn); } // Allow extending of the firewall edit page and include custom input validation |