From 8e2cdfe55ad6092667f0e1decd0eb0211ce7eebc Mon Sep 17 00:00:00 2001
From: Bill Marquette <billm@pfsense.org>
Date: Sun, 4 Sep 2005 00:41:47 +0000
Subject: Input validation

---
 usr/local/www/load_balancer_virtual_server_edit.php | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

(limited to 'usr/local/www/load_balancer_virtual_server_edit.php')

diff --git a/usr/local/www/load_balancer_virtual_server_edit.php b/usr/local/www/load_balancer_virtual_server_edit.php
index 77db37a..b4b1b54 100755
--- a/usr/local/www/load_balancer_virtual_server_edit.php
+++ b/usr/local/www/load_balancer_virtual_server_edit.php
@@ -58,11 +58,24 @@ if ($_POST) {
 	$pconfig = $_POST;
 
 	/* input validation */
-	$reqdfields = explode(" ", "ipaddr name");
-	$reqdfieldsn = explode(",", "IP Address, Name");
+	$reqdfields = explode(" ", "ipaddr name port");
+	$reqdfieldsn = explode(",", "IP Address, Name, Port");
 
 	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
 
+	for ($i=0; isset($config['load_balancer']['virtual_server'][$i]); $i++)
+		if (($_POST['name'] == $config['load_balancer']['virtual_server'][$i]['name']) && ($i != $id))
+			$input_errors[] = "This virtual server name has already been used.  Virtual server names must be unique.";
+
+	if (!is_port($_POST['port']))
+		$input_errors[] = "The port must be an integer between 1 and 65535.";
+
+	if(!is_ipaddr($_POST['ipaddr']))
+		$input_errors[] = "{$_POST['ipaddr']} is not a valid IP address.";
+
+	if(($_POST['sitedown'] != "") && (!is_ipaddr($_POST['sitedown'])))
+		$input_errors[] = "{$_POST['sitedown']} is not a valid IP address.";
+
 	if (!$input_errors) {
 		$vsent = array();
 		if(isset($id) && $a_vs[$id])
-- 
cgit v1.1