From 65f815dd9fec2c7c290c7ff82f86ca8ab77f8035 Mon Sep 17 00:00:00 2001
From: Renato Botelho <garga@FreeBSD.org>
Date: Tue, 17 Jun 2014 07:33:46 -0300
Subject: Validate starttime and stoptime format

---
 usr/local/www/firewall_schedule_edit.php | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'usr/local')

diff --git a/usr/local/www/firewall_schedule_edit.php b/usr/local/www/firewall_schedule_edit.php
index 4b361b1..e1901e3 100644
--- a/usr/local/www/firewall_schedule_edit.php
+++ b/usr/local/www/firewall_schedule_edit.php
@@ -116,6 +116,14 @@ if ($_POST) {
 	$timerangeFound = false;
 	for ($x=0; $x<99; $x++){
 		if($_POST['schedule' . $x]) {
+			if (!preg_match('/^[0-9]+:[0-9]+$/', $_POST['starttime' . $x])) {
+				$input_errors[] = sprintf(gettext("Invalid start time - '%s'"), $_POST['starttime' . $x]);
+				continue;
+			}
+			if (!preg_match('/^[0-9]+:[0-9]+$/', $_POST['stoptime' . $x])) {
+				$input_errors[] = sprintf(gettext("Invalid start time - '%s'"), $_POST['stoptime' . $x]);
+				continue;
+			}
 			$timerangeFound = true;
 			$timeparts = array();
 			$firstprint = false;
-- 
cgit v1.1