From 9e80d14cab8349d737325e59a1d6eb8f6cc7e0d6 Mon Sep 17 00:00:00 2001
From: Seth Mos <seth.mos@dds.nl>
Date: Wed, 24 Aug 2011 12:42:16 +0200
Subject: Add address family input validation on the Gateways edit page, also
 prevent adding gateways on interfaces that do not carry that address family.
 Fix Ticket #1633

---
 usr/local/www/system_gateways_edit.php | 45 ++++++++++++++++++++++------------
 1 file changed, 29 insertions(+), 16 deletions(-)

(limited to 'usr/local/www/system_gateways_edit.php')

diff --git a/usr/local/www/system_gateways_edit.php b/usr/local/www/system_gateways_edit.php
index c28e5cc..dbdeb39 100755
--- a/usr/local/www/system_gateways_edit.php
+++ b/usr/local/www/system_gateways_edit.php
@@ -111,33 +111,46 @@ if ($_POST) {
 	}
 
 	if ($_POST['gateway'] && (is_ipaddr($_POST['gateway'])) && !$_REQUEST['isAjax']) {
-		if (!empty($config['interfaces'][$_POST['interface']]['ipaddr'])) {
-			if (is_ipaddr($config['interfaces'][$_POST['interface']]['ipaddr']) && (empty($_POST['gateway']) || $_POST['gateway'] == "dynamic"))
-				$input_errors[] = gettext("Dynamic gateway values cannot be specified for interfaces with a static ip configuration.");
-		}
-		if(is_ipaddrv6($_POST['gateway'])) {
-			$parent_ip = get_interface_ipv6($_POST['interface']);
-		} else {		
+		if(is_ipaddrv4($_POST['gateway'])) {
 			$parent_ip = get_interface_ip($_POST['interface']);
-		}
-		if (is_ipaddrv4($parent_ip)) {
 			$parent_sn = get_interface_subnet($_POST['interface']);
-			$subnet = gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn;
-			if(!ip_in_subnet($_POST['gateway'], $subnet) && !ip_in_interface_alias_subnet($_POST['interface'], $_POST['gateway'])) {
-				$input_errors[] = sprintf(gettext("The gateway address %1\$s does not lie within the chosen interface's subnet '%2\$s'."), $_POST['gateway'],$subnet);
+			if(empty($parent_ip) || empty($parent_sn)) {
+				$input_errors[] = gettext("You can not use a IPv6 Gateway Address on a IPv4 only interface.");
+			} else {
+				$subnet = gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn;
+				if(!ip_in_subnet($_POST['gateway'], $subnet))
+					$input_errors[] = sprintf(gettext("The gateway address %1\$s does not lie within the chosen interface's subnet '%2\$s'."), $_POST['gateway'],$subnet);
 			}
 		}
-		if (is_ipaddrv6($parent_ip)) {
+		if(is_ipaddrv6($_POST['gateway'])) {
+			$parent_ip = get_interface_ipv6($_POST['interface']);
 			$parent_sn = get_interface_subnetv6($_POST['interface']);
-			$subnet = gen_subnetv6($parent_ip, $parent_sn) . "/" . $parent_sn;
-			if(!ip_in_subnet($_POST['gateway'], $subnet)) {
-				$input_errors[] = sprintf(gettext("The gateway address %1\$s does not lie within the chosen interface's subnet '%2\$s'."), $_POST['gateway'],$subnet);
+			if(empty($parent_ip) || empty($parent_sn)) {
+				$input_errors[] = gettext("You can not use a IPv4 Gateway Address on a IPv6 only interface.");
+			} else {
+				$subnet = gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn;
+				if(!ip_in_subnet($_POST['gateway'], $subnet))
+					$input_errors[] = sprintf(gettext("The gateway address %1\$s does not lie within the chosen interface's subnet '%2\$s'."), $_POST['gateway'],$subnet);
 			}
 		}
+
+		if (!empty($config['interfaces'][$_POST['interface']]['ipaddr'])) {
+			if (is_ipaddr($config['interfaces'][$_POST['interface']]['ipaddr']) && (empty($_POST['gateway']) || $_POST['gateway'] == "dynamic"))
+				$input_errors[] = gettext("Dynamic gateway values cannot be specified for interfaces with a static IPv4 configuration.");
+		}
+		if (!empty($config['interfaces'][$_POST['interface']]['ipaddrv6'])) {
+			if (is_ipaddr($config['interfaces'][$_POST['interface']]['ipaddrv6']) && (empty($_POST['gateway']) || $_POST['gateway'] == "dynamic"))
+				$input_errors[] = gettext("Dynamic gateway values cannot be specified for interfaces with a static IPv6 configuration.");
+		}
 	}
 	if (($_POST['monitor'] <> "") && !is_ipaddr($_POST['monitor']) && $_POST['monitor'] != "dynamic") {
 		$input_errors[] = gettext("A valid monitor IP address must be specified.");
 	}
+	if (($_POST['monitor'] <> "") && is_ipaddr($_POST['monitor']) && $_POST['monitor'] != "dynamic") {
+		if(!validate_address_family($_POST['monitor'], $_POST['gateway'])) {
+			$input_errors[] = gettext("The monitor address '{$_POST['monitor']}' is a different Address Family then gateway '{$_POST['gateway']}'.");
+		}
+	}
 
 	if (isset($_POST['name'])) {
 		/* check for overlaps */
-- 
cgit v1.1