summaryrefslogtreecommitdiffstats
path: root/usr
diff options
context:
space:
mode:
authorjim-p <jimp@pfsense.org>2015-09-08 15:15:58 -0400
committerjim-p <jimp@pfsense.org>2015-09-08 15:15:58 -0400
commit9fb19cab962fd97fa19054c1f5cf0246a08e2978 (patch)
tree167637fdcd9de048f2164881a81f79b4bb655869 /usr
parent5a33a6fb8a41a097204939fd696a0e7e6d5b877f (diff)
downloadpfsense-9fb19cab962fd97fa19054c1f5cf0246a08e2978.zip
pfsense-9fb19cab962fd97fa19054c1f5cf0246a08e2978.tar.gz
Misc encoding/display issues in the Load Balancer code
Diffstat (limited to 'usr')
-rw-r--r--usr/local/www/load_balancer_pool.php2
-rw-r--r--usr/local/www/load_balancer_pool_edit.php6
-rw-r--r--usr/local/www/load_balancer_virtual_server.php2
-rw-r--r--usr/local/www/load_balancer_virtual_server_edit.php6
-rw-r--r--usr/local/www/status_lb_pool.php2
-rw-r--r--usr/local/www/status_lb_vs.php2
-rw-r--r--usr/local/www/widgets/widgets/load_balancer_status.widget.php2
7 files changed, 19 insertions, 3 deletions
diff --git a/usr/local/www/load_balancer_pool.php b/usr/local/www/load_balancer_pool.php
index 46e4e1c..0a81931 100644
--- a/usr/local/www/load_balancer_pool.php
+++ b/usr/local/www/load_balancer_pool.php
@@ -92,9 +92,11 @@ for ($i = 0; isset($config['load_balancer']['monitor_type'][$i]); $i++) {
$mondex[$config['load_balancer']['monitor_type'][$i]['name']] = $i;
}
for ($i = 0; isset($config['load_balancer']['lbpool'][$i]); $i++) {
+ $a_pool[$i]['mode'] = htmlspecialchars($a_pool[$i]['mode']);
$a_pool[$i]['monitor'] = "<a href=\"/load_balancer_monitor_edit.php?id={$mondex[$a_pool[$i]['monitor']]}\">" . htmlspecialchars($a_pool[$i]['monitor']) . "</a>";
}
+
$pgtitle = array(gettext("Services"), gettext("Load Balancer"),gettext("Pool"));
$shortcut_section = "relayd";
diff --git a/usr/local/www/load_balancer_pool_edit.php b/usr/local/www/load_balancer_pool_edit.php
index 457087b..72f36ce 100644
--- a/usr/local/www/load_balancer_pool_edit.php
+++ b/usr/local/www/load_balancer_pool_edit.php
@@ -74,6 +74,8 @@ if (isset($id) && $a_pool[$id]) {
$changedesc = gettext("Load Balancer: Pool:") . " ";
$changecount = 0;
+$allowed_modes = array("loadbalance", "failover");
+
if ($_POST) {
$changecount++;
@@ -110,6 +112,10 @@ if ($_POST) {
if (!empty($_POST['retry']) && !is_port($_POST['retry']))
$input_errors[] = gettext("The retry value must be an integer between 1 and 65535.");
+ if (!in_array($_POST['mode'], $allowed_modes)) {
+ $input_errors[] = gettext("The submitted mode is not valid.");
+ }
+
if (is_array($_POST['servers'])) {
foreach($pconfig['servers'] as $svrent) {
if (!is_ipaddr($svrent) && !is_subnetv4($svrent)) {
diff --git a/usr/local/www/load_balancer_virtual_server.php b/usr/local/www/load_balancer_virtual_server.php
index 04a4d7b..4940864 100644
--- a/usr/local/www/load_balancer_virtual_server.php
+++ b/usr/local/www/load_balancer_virtual_server.php
@@ -87,6 +87,8 @@ for ($i = 0; isset($config['load_balancer']['lbpool'][$i]); $i++) {
}
for ($i = 0; isset($config['load_balancer']['virtual_server'][$i]); $i++) {
if($a_vs[$i]) {
+ $a_vs[$i]['mode'] = htmlspecialchars($a_vs[$i]['mode']);
+ $a_vs[$i]['relay_protocol'] = htmlspecialchars($a_vs[$i]['relay_protocol']);
$a_vs[$i]['poolname'] = "<a href=\"/load_balancer_pool_edit.php?id={$poodex[$a_vs[$i]['poolname']]}\">" . htmlspecialchars($a_vs[$i]['poolname']) . "</a>";
if ($a_vs[$i]['sitedown'] != '') {
$a_vs[$i]['sitedown'] = "<a href=\"/load_balancer_pool_edit.php?id={$poodex[$a_vs[$i]['sitedown']]}\">" . htmlspecialchars($a_vs[$i]['sitedown']) . "</a>";
diff --git a/usr/local/www/load_balancer_virtual_server_edit.php b/usr/local/www/load_balancer_virtual_server_edit.php
index 8e6ffe8..50f59ed 100644
--- a/usr/local/www/load_balancer_virtual_server_edit.php
+++ b/usr/local/www/load_balancer_virtual_server_edit.php
@@ -69,6 +69,8 @@ if (isset($id) && $a_vs[$id]) {
$changedesc = gettext("Load Balancer: Virtual Server:") . " ";
$changecount = 0;
+$allowed_protocols = array("tcp", "dns");
+
if ($_POST) {
unset($input_errors);
$pconfig = $_POST;
@@ -107,6 +109,10 @@ if ($_POST) {
else if (is_subnetv4($_POST['ipaddr']) && subnet_size($_POST['ipaddr']) > 64)
$input_errors[] = sprintf(gettext("%s is a subnet containing more than 64 IP addresses."), $_POST['ipaddr']);
+ if (!in_array($_POST['relay_protocol'], $allowed_protocols)) {
+ $input_errors[] = gettext("The submitted relay protocol is not valid.");
+ }
+
if ((strtolower($_POST['relay_protocol']) == "dns") && !empty($_POST['sitedown']))
$input_errors[] = gettext("You cannot select a Fall Back Pool when using the DNS relay protocol.");
diff --git a/usr/local/www/status_lb_pool.php b/usr/local/www/status_lb_pool.php
index 6e689a3..140a18a 100644
--- a/usr/local/www/status_lb_pool.php
+++ b/usr/local/www/status_lb_pool.php
@@ -209,7 +209,7 @@ if ($_POST) {
<?php echo $pool['monitor']; ?>
</td>
<td class="listbg" >
- <?=$pool['descr'];?>
+ <?=htmlspecialchars($pool['descr']);?>
</td>
</tr>
<?php endforeach; ?>
diff --git a/usr/local/www/status_lb_vs.php b/usr/local/www/status_lb_vs.php
index 62ae530..952aea7 100644
--- a/usr/local/www/status_lb_vs.php
+++ b/usr/local/www/status_lb_vs.php
@@ -132,7 +132,7 @@ include("head.inc");
?>
</td>
<td class="listbg" >
- <?=$vsent['descr'];?>
+ <?=htmlspecialchars($vsent['descr']);?>
</td>
</tr>
<?php $i++; endforeach; ?>
diff --git a/usr/local/www/widgets/widgets/load_balancer_status.widget.php b/usr/local/www/widgets/widgets/load_balancer_status.widget.php
index 098a028..9accedc 100644
--- a/usr/local/www/widgets/widgets/load_balancer_status.widget.php
+++ b/usr/local/www/widgets/widgets/load_balancer_status.widget.php
@@ -140,7 +140,7 @@ if (!$nentries)
</table>
</td>
<td class="listbg" >
- <font color="#FFFFFF"><?=$vsent['descr'];?></font>
+ <font color="#FFFFFF"><?=htmlspecialchars($vsent['descr']);?></font>
</td>
</tr>
<?php $i++; endforeach; ?>
OpenPOWER on IntegriCloud