From 1122a892f2af418daa5964d41d1d942fc89d470e Mon Sep 17 00:00:00 2001
From: Erik Fonnesbeck <efonnes@gmail.com>
Date: Tue, 11 May 2010 20:09:52 -0600
Subject: Fix source input validation, saving, and the "View the NAT rule" link
 on linked filter rules. Ticket #586

---
 usr/local/www/firewall_rules_edit.php              | 22 ++++++++++++++--------
 .../firewall_rules_edit/firewall_rules_edit.js     |  8 ++++----
 2 files changed, 18 insertions(+), 12 deletions(-)

(limited to 'usr')

diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php
index 91c5b07..05ad793 100755
--- a/usr/local/www/firewall_rules_edit.php
+++ b/usr/local/www/firewall_rules_edit.php
@@ -256,12 +256,16 @@ if ($_POST) {
 	}
 
 	/* input validation */
-	$reqdfields = explode(" ", "type proto src");
-	if ( isset($a_filter[$id]['associated-rule-id'])===false )
+	$reqdfields = explode(" ", "type proto");
+	if ( isset($a_filter[$id]['associated-rule-id'])===false ) {
+		$redqfields[] = "src";
 		$redqfields[] = "dst";
-	$reqdfieldsn = explode(",", "Type,Protocol,Source");
-	if ( isset($a_filter[$id]['associated-rule-id'])===false )
+	}
+	$reqdfieldsn = explode(",", "Type,Protocol");
+	if ( isset($a_filter[$id]['associated-rule-id'])===false ) {
+		$reqdfieldsn[] = "Source";
 		$reqdfieldsn[] = "Destination";
+	}
 
 	if($_POST['statetype'] == "modulate state" or $_POST['statetype'] == "synproxy state") {
 		if( $_POST['proto'] != "tcp" )
@@ -270,7 +274,8 @@ if ($_POST) {
 			$input_errors[] = "{$_POST['statetype']} is only valid if the gateway is set to 'default'.";
 	}
         
-	if (!(is_specialnet($_POST['srctype']) || ($_POST['srctype'] == "single"))) {
+	if ( isset($a_filter[$id]['associated-rule-id'])===false &&
+	(!(is_specialnet($_POST['srctype']) || ($_POST['srctype'] == "single"))) ) {
 		$reqdfields[] = "srcmask";
 		$reqdfieldsn[] = "Source bit count";
 	}
@@ -508,8 +513,9 @@ if ($_POST) {
 			$filterent['sched'] = $_POST['sched'];
 		}
 
-		// If we have an associated nat rule, make sure the destination doesn't change
+		// If we have an associated nat rule, make sure the source and destination doesn't change
 		if( isset($a_filter[$id]['associated-rule-id']) ) {
+			$filterent['source'] = $a_filter[$id]['source'];
 			$filterent['destination'] = $a_filter[$id]['destination'];
 			$filterent['associated-rule-id'] = $a_filter[$id]['associated-rule-id'];
 		}
@@ -721,8 +727,8 @@ include("head.inc");
 						$edit_disabled=true;
 						if (is_array($config['nat']['rule'])) {
 							foreach( $config['nat']['rule'] as $index => $nat_rule ) {
-								if( $nat_rule['associated-rule-id']==$pconfig['associated-rule-id']) {
-									echo "<a href=\"firewall_nat_edit.php?id={$nat_rule[$index]}\">View the NAT rule</a><br>";
+								if( isset($nat_rule['associated-rule-id']) && $nat_rule['associated-rule-id']==$pconfig['associated-rule-id'] ) {
+									echo "<a href=\"firewall_nat_edit.php?id={$index}\">View the NAT rule</a><br>";
 									break;
 								}
 							}
diff --git a/usr/local/www/javascript/firewall_rules_edit/firewall_rules_edit.js b/usr/local/www/javascript/firewall_rules_edit/firewall_rules_edit.js
index 2aefe92..38b9363 100644
--- a/usr/local/www/javascript/firewall_rules_edit/firewall_rules_edit.js
+++ b/usr/local/www/javascript/firewall_rules_edit/firewall_rules_edit.js
@@ -3,13 +3,13 @@ var portsenabled = 1;
 var editenabled = 1;
 
 function ext_change() {
-	if ((document.iform.srcbeginport.selectedIndex == 0) && portsenabled) {
+	if ((document.iform.srcbeginport.selectedIndex == 0) && portsenabled && editenabled) {
 		document.iform.srcbeginport_cust.disabled = 0;
 	} else {
 		document.iform.srcbeginport_cust.value = "";
 		document.iform.srcbeginport_cust.disabled = 1;
 	}
-	if ((document.iform.srcendport.selectedIndex == 0) && portsenabled) {
+	if ((document.iform.srcendport.selectedIndex == 0) && portsenabled && editenabled) {
 		document.iform.srcendport_cust.disabled = 0;
 	} else {
 		document.iform.srcendport_cust.value = "";
@@ -34,9 +34,9 @@ function ext_change() {
 		document.iform.dstbeginport.disabled = 1;
 		document.iform.dstendport.disabled = 1;
 	} else {
-		document.iform.srcbeginport.disabled = 0;
-		document.iform.srcendport.disabled = 0;
 		if( editenabled ) {
+			document.iform.srcbeginport.disabled = 0;
+			document.iform.srcendport.disabled = 0;
 			document.iform.dstbeginport.disabled = 0;
 			document.iform.dstendport.disabled = 0;
 		}
-- 
cgit v1.1