diff options
| author | Chris Buechler <cmb@pfsense.org> | 2015-06-14 00:48:55 -0500 |
|---|---|---|
| committer | Chris Buechler <cmb@pfsense.org> | 2015-06-14 00:48:55 -0500 |
| commit | fd90a77fdf54204cf24b960b2e0b8549419be357 (patch) | |
| tree | 8fc3931570128d2dca23bf5f52e8c4f047ce9dc7 /usr | |
| parent | d6084ab02fa82163342894e7385464976b64f7b6 (diff) | |
| download | pfsense-fd90a77fdf54204cf24b960b2e0b8549419be357.zip pfsense-fd90a77fdf54204cf24b960b2e0b8549419be357.tar.gz | |
add input validation for proxy URL, port, user.
Diffstat (limited to 'usr')
| -rw-r--r-- | usr/local/www/system_advanced_misc.php | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/usr/local/www/system_advanced_misc.php b/usr/local/www/system_advanced_misc.php index ab2c7f4..0707619 100644 --- a/usr/local/www/system_advanced_misc.php +++ b/usr/local/www/system_advanced_misc.php @@ -108,7 +108,19 @@ if ($_POST) { if (!empty($_POST['use_mfs_var_size']) && (!is_numeric($_POST['use_mfs_var_size']) || ($_POST['use_mfs_var_size'] < 60))) $input_errors[] = gettext("/var Size must be numeric and should not be less than 60MB."); - + + if (!empty($_POST['proxyport']) && !is_port($_POST['proxyport'])) { + $input_errors[] = gettext("Proxy port must be a valid port number, 1-65535."); + } + + if (!empty($_POST['proxyurl']) && !is_fqdn($_POST['proxyurl']) && !is_ipaddr($_POST['proxyurl'])) { + $input_errors[] = gettext("Proxy URL must be a valid IP address or FQDN."); + } + + if (!empty($_POST['proxyuser']) && preg_match("/[^a-zA-Z0-9\.\-_@]/", $_POST['proxyuser'])) { + $input_errors[] = gettext("The proxy username contains invalid characters."); + } + if (!$input_errors) { if($_POST['harddiskstandby'] <> "") { |
