From 996422349cb5f0d95be1d555cd413b75b322804f Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Mon, 11 Oct 2010 13:34:20 -0400
Subject: Correct and cleanup this input validation logic for IPsec Phase 1
 PSK/Cert config. In some cases the test was not being evaluated as expected.

---
 usr/local/www/vpn_ipsec_phase1.php | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

(limited to 'usr/local/www/vpn_ipsec_phase1.php')

diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php
index 7ac7383..7f7439d 100644
--- a/usr/local/www/vpn_ipsec_phase1.php
+++ b/usr/local/www/vpn_ipsec_phase1.php
@@ -138,13 +138,22 @@ if ($_POST) {
 	/* input validation */
 
 	$method = $pconfig['authentication_method'];
+
 	// Only require PSK here for normal PSK tunnels (not mobile) or xauth.
-	if ((($method == "pre_shared_key") && (!$pconfig['mobile']))||($method == "xauth_psk_server")) {
-		$reqdfields = explode(" ", "pskey");
-		$reqdfieldsn = array(gettext("Pre-Shared Key"));
-	} else {
-		$reqdfields = explode(" ", "caref certref");
-		$reqdfieldsn = array(gettext("Certificate Authority"),gettext("Certificate"));
+	switch ($method) {
+		case "pre_shared_key":
+			if ($pconfig['mobile'])
+				break;
+		case "xauth_psk_server":
+			$reqdfields = explode(" ", "pskey");
+			$reqdfieldsn = array(gettext("Pre-Shared Key"));
+			break;
+		case "hybrid_rsa_server":
+		case "xauth_rsa_server":
+		case "rsasig":
+			$reqdfields = explode(" ", "caref certref");
+			$reqdfieldsn = array(gettext("Certificate Authority"),gettext("Certificate"));
+			break;
 	}
 	if (!$pconfig['mobile']) {
 		$reqdfields[] = "remotegw";
-- 
cgit v1.1