diff options
author | Chris Buechler <cmb@pfsense.org> | 2015-03-05 21:40:23 -0600 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2015-03-05 21:40:23 -0600 |
commit | 1bfb95f38d2a84335ba6ba9cd610342b743c4e13 (patch) | |
tree | f52774436aff6ba31a5ba2c801e103012ec3c4be /usr | |
parent | 73cdd9f0caa9fb3caad6f4d83f4fb31dfc209d62 (diff) | |
download | pfsense-1bfb95f38d2a84335ba6ba9cd610342b743c4e13.zip pfsense-1bfb95f38d2a84335ba6ba9cd610342b743c4e13.tar.gz |
Don't save config if input validation fails. Add input validation preventing "Harden DNSSEC Data" from being enabled if DNSSEC support isn't enabled.
Diffstat (limited to 'usr')
-rw-r--r-- | usr/local/www/services_unbound_advanced.php | 103 |
1 files changed, 55 insertions, 48 deletions
diff --git a/usr/local/www/services_unbound_advanced.php b/usr/local/www/services_unbound_advanced.php index 56c52b6..0712ce9 100644 --- a/usr/local/www/services_unbound_advanced.php +++ b/usr/local/www/services_unbound_advanced.php @@ -130,56 +130,63 @@ if ($_POST) { if (isset($_POST['log_verbosity']) && !in_array($_POST['log_verbosity'], array('0', '1', '2', '3', '4', '5'), true)) { $input_errors[] = "A valid value must be specified for Log level verbosity."; } - if (isset($_POST['hideidentity'])) { - $config['unbound']['hideidentity'] = true; - } else { - unset($config['unbound']['hideidentity']); + if (isset($_POST['dnssecstripped']) && !isset($config['unbound']['dnssec'])) { + $input_errors[] = "Harden DNSSEC Data option can only be enabled if DNSSEC support is enabled."; } - if (isset($_POST['hideversion'])) { - $config['unbound']['hideversion'] = true; - } else { - unset($config['unbound']['hideversion']); - } - if (isset($_POST['prefetch'])) { - $config['unbound']['prefetch'] = true; - } else { - unset($config['unbound']['prefetch']); - } - if (isset($_POST['prefetchkey'])) { - $config['unbound']['prefetchkey'] = true; - } else { - unset($config['unbound']['prefetchkey']); - } - if (isset($_POST['dnssecstripped'])) { - $config['unbound']['dnssecstripped'] = true; - } else { - unset($config['unbound']['dnssecstripped']); - } - $config['unbound']['msgcachesize'] = $_POST['msgcachesize']; - $config['unbound']['outgoing_num_tcp'] = $_POST['outgoing_num_tcp']; - $config['unbound']['incoming_num_tcp'] = $_POST['incoming_num_tcp']; - $config['unbound']['edns_buffer_size'] = $_POST['edns_buffer_size']; - $config['unbound']['num_queries_per_thread'] = $_POST['num_queries_per_thread']; - $config['unbound']['jostle_timeout'] = $_POST['jostle_timeout']; - $config['unbound']['cache_max_ttl'] = $_POST['cache_max_ttl']; - $config['unbound']['cache_min_ttl'] = $_POST['cache_min_ttl']; - $config['unbound']['infra_host_ttl'] = $_POST['infra_host_ttl']; - $config['unbound']['infra_cache_numhosts'] = $_POST['infra_cache_numhosts']; - $config['unbound']['unwanted_reply_threshold'] = $_POST['unwanted_reply_threshold']; - $config['unbound']['log_verbosity'] = $_POST['log_verbosity']; - if (isset($_POST['disable_auto_added_access_control'])) { - $config['unbound']['disable_auto_added_access_control'] = true; - } else { - unset($config['unbound']['disable_auto_added_access_control']); - } - if (isset($_POST['use_caps'])) { - $config['unbound']['use_caps'] = true; - } else { - unset($config['unbound']['use_caps']); - } - write_config("DNS Resolver configured."); + + if (!$input_errors) { - mark_subsystem_dirty('unbound'); + if (isset($_POST['hideidentity'])) { + $config['unbound']['hideidentity'] = true; + } else { + unset($config['unbound']['hideidentity']); + } + if (isset($_POST['hideversion'])) { + $config['unbound']['hideversion'] = true; + } else { + unset($config['unbound']['hideversion']); + } + if (isset($_POST['prefetch'])) { + $config['unbound']['prefetch'] = true; + } else { + unset($config['unbound']['prefetch']); + } + if (isset($_POST['prefetchkey'])) { + $config['unbound']['prefetchkey'] = true; + } else { + unset($config['unbound']['prefetchkey']); + } + if (isset($_POST['dnssecstripped'])) { + $config['unbound']['dnssecstripped'] = true; + } else { + unset($config['unbound']['dnssecstripped']); + } + $config['unbound']['msgcachesize'] = $_POST['msgcachesize']; + $config['unbound']['outgoing_num_tcp'] = $_POST['outgoing_num_tcp']; + $config['unbound']['incoming_num_tcp'] = $_POST['incoming_num_tcp']; + $config['unbound']['edns_buffer_size'] = $_POST['edns_buffer_size']; + $config['unbound']['num_queries_per_thread'] = $_POST['num_queries_per_thread']; + $config['unbound']['jostle_timeout'] = $_POST['jostle_timeout']; + $config['unbound']['cache_max_ttl'] = $_POST['cache_max_ttl']; + $config['unbound']['cache_min_ttl'] = $_POST['cache_min_ttl']; + $config['unbound']['infra_host_ttl'] = $_POST['infra_host_ttl']; + $config['unbound']['infra_cache_numhosts'] = $_POST['infra_cache_numhosts']; + $config['unbound']['unwanted_reply_threshold'] = $_POST['unwanted_reply_threshold']; + $config['unbound']['log_verbosity'] = $_POST['log_verbosity']; + if (isset($_POST['disable_auto_added_access_control'])) { + $config['unbound']['disable_auto_added_access_control'] = true; + } else { + unset($config['unbound']['disable_auto_added_access_control']); + } + if (isset($_POST['use_caps'])) { + $config['unbound']['use_caps'] = true; + } else { + unset($config['unbound']['use_caps']); + } + write_config("DNS Resolver configured."); + + mark_subsystem_dirty('unbound'); + } } } |