From 8b060357e806292c10e79ff7d7f01e6722c29975 Mon Sep 17 00:00:00 2001
From: Seth Mos <seth.mos@xs4all.nl>
Date: Wed, 11 Mar 2009 21:39:39 +0100
Subject: Add input validation on the gateway groups page as well, fix the
 check on the gateways page.

---
 usr/local/www/system_gateway_groups_edit.php | 21 +++++++++++++--------
 usr/local/www/system_gateways_edit.php       |  2 +-
 2 files changed, 14 insertions(+), 9 deletions(-)

(limited to 'usr/local')

diff --git a/usr/local/www/system_gateway_groups_edit.php b/usr/local/www/system_gateway_groups_edit.php
index 60da1cb..cad6867 100755
--- a/usr/local/www/system_gateway_groups_edit.php
+++ b/usr/local/www/system_gateway_groups_edit.php
@@ -76,16 +76,21 @@ if ($_POST) {
 	if (! isset($_POST['name'])) {
 		$input_errors[] = "A valid gateway group name must be specified.";
 	}
+	if (! is_validaliasname($_POST['name'])) {
+		$input_errors[] = "The gateway name must not contain invalid characters.";
+	}
 
-	/* check for overlaps */
-	if(is_array($a_gateway_groups)) {
-		foreach ($a_gateway_groups as $gateway_group) {
-			if (isset($id) && ($a_gateway_groups[$id]) && ($a_gateway_groups[$id] === $gateway_group))
-				continue;
+	if (isset($_POST['name'])) {
+		/* check for overlaps */
+		if(is_array($a_gateway_groups)) {
+			foreach ($a_gateway_groups as $gateway_group) {
+				if (isset($id) && ($a_gateway_groups[$id]) && ($a_gateway_groups[$id] === $gateway_group))
+					continue;
 
-			if ($gateway_group['name'] == $_POST['name']) {
-				$input_errors[] = "A gateway group with this name \"{$_POST['name']}\" already exists.";
-				break;
+				if ($gateway_group['name'] == $_POST['name']) {
+					$input_errors[] = "A gateway group with this name \"{$_POST['name']}\" already exists.";
+					break;
+				}
 			}
 		}
 	}
diff --git a/usr/local/www/system_gateways_edit.php b/usr/local/www/system_gateways_edit.php
index 1e427cf..9863be0 100755
--- a/usr/local/www/system_gateways_edit.php
+++ b/usr/local/www/system_gateways_edit.php
@@ -94,7 +94,7 @@ if ($_POST) {
 		$input_errors[] = "A valid monitor IP address must be specified.";
 	}
 
-	if (! isset($_POST['name'])) {
+	if (isset($_POST['name'])) {
 		/* check for overlaps */
 		foreach ($a_gateways as $gateway) {
 			if (isset($id) && ($a_gateways[$id]) && ($a_gateways[$id] === $gateway))
-- 
cgit v1.1