From 206aa9fc244e6581e35cbee3df0996a73318d2a9 Mon Sep 17 00:00:00 2001
From: Pierre POMES <pierre.pomes@gmail.com>
Date: Sun, 19 Feb 2012 21:46:12 -0500
Subject: Ticket #2205 - Add input validation, keep same logic as 2.0.1 and
 abore for default values

---
 usr/local/www/load_balancer_setting.php | 23 +++++++++++++++++------
 1 file changed, 17 insertions(+), 6 deletions(-)

(limited to 'usr/local/www/load_balancer_setting.php')

diff --git a/usr/local/www/load_balancer_setting.php b/usr/local/www/load_balancer_setting.php
index 00444d9..479b2d0 100755
--- a/usr/local/www/load_balancer_setting.php
+++ b/usr/local/www/load_balancer_setting.php
@@ -61,16 +61,27 @@ if ($_POST) {
                 $savemsg = get_std_save_message($retval);
                 clear_subsystem_dirty('loadbalancer');
         } else {
+		unset($input_errors);
 		$pconfig = $_POST;
+	
+		/* input validation */
+		if ($_POST['timeout'] && !is_numeric($_POST['timeout'])) {
+			$input_errors[] = gettext("Timeout must be a numeric value");
+		}
 
-		$lbsetting['timeout'] = $_POST['timeout'];
-		$lbsetting['interval'] = $_POST['interval'];
+                if ($_POST['interval'] && !is_numeric($_POST['interval'])) {
+                        $input_errors[] = gettext("Interval must be a numeric value");
+                }
 
-        	write_config();
-        	mark_subsystem_dirty('loadbalancer');
+		/* update config if user entry is valid */
+		if (!$input_errors) {
+			$lbsetting['timeout'] = $_POST['timeout'];
+			$lbsetting['interval'] = $_POST['interval'];
+
+        		write_config();
+        		mark_subsystem_dirty('loadbalancer');
+		}
 	}
-        header("Location: load_balancer_setting.php");
-        exit;
 }
 
 $pgtitle = array(gettext("Services"),gettext("Load Balancer"),gettext("Settings"));
-- 
cgit v1.1