From 6314397f65d1620228599591942054c3704149d6 Mon Sep 17 00:00:00 2001 From: jim-p Date: Thu, 9 Jun 2016 10:05:13 -0400 Subject: Validate submitted groups when editing a user. Ticket #6475 --- src/usr/local/www/system_usermanager.php | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/usr/local/www/system_usermanager.php b/src/usr/local/www/system_usermanager.php index 848d326..56cad93 100644 --- a/src/usr/local/www/system_usermanager.php +++ b/src/usr/local/www/system_usermanager.php @@ -213,6 +213,13 @@ if ($_POST['save']) { $input_errors[] = gettext("IPsec Pre-Shared Key contains invalid characters."); } + /* Check the POSTed groups to ensure they are valid and exist */ + foreach ($_POST['groups'] as $newgroup) { + if (empty(getGroupEntry($newgroup))) { + $input_errors[] = gettext("One or more invalid groups was submitted."); + } + } + if (isset($id) && $a_user[$id]) { $oldusername = $a_user[$id]['name']; } else { -- cgit v1.1