Bug #13436
closed
Input validation on ``system_advanced_firewall.inc`` uses incorrect variable references for some fields
100%
Description
A few fields in /usr/local/pfSense/include/www/system_advanced_firewall.inc are being incorrectly validated.
- `adaptiveend` is incorrectly being referred to as `adaptive-end` during validation.
- `maximumstates` is incorrectly being referred to as `firewall-maximum-states` during validation.
- `aliasesresolveinterval` is incorrectly being referred to as `aliases-hostnames-resolve-interval` during validation. (On the frontend, this field also has its input type `type=text` so any arbitrary value could be entered and accepted here.)
- `maximumtableentries` is incorrectly being referred to as `firewall-maximum-table-entries` during validation, but is validated correctly further down in the file.
I searched for references to the incorrect names and only see them in this file so I'm assuming they were just leftover from a refactor at some point.
Updated by Jim Pingle about 2 years ago
- Category changed from Aliases / Tables to Web Interface
- Assignee set to Jim Pingle
- Target version set to 2.7.0
- Plus Target Version set to 22.11
Looks like a remnant of the Bootstrap GUI work many years ago, most fields were fixed in #5025 but those were apparently missed.
Updated by Jim Pingle about 2 years ago
- Status changed from Pull Request Review to Feedback
PR merged
Updated by Christopher Cope about 2 years ago
Tested on
22.11-DEVELOPMENT (amd64) built on Fri Sep 30 06:04:54 UTC 2022 FreeBSD 14.0-CURRENT
The validation seems to be working correctly now, but the 'aliasesresolveinterval' is still set as a text input on the front-end. 'maximumtableentries' & 'maximumfrags' are also set as text input, but the back-end prevents anything other than integers.
Updated by Jim Pingle about 2 years ago
- Plus Target Version changed from 22.11 to 23.01
Updated by Jim Pingle almost 2 years ago
- Subject changed from Bad field validation in system_advanced_firewall.inc to Input validation on ``system_advanced_firewall.inc`` uses incorrect variable references for some fields
Updating subject for release notes.
Updated by Chris Linstruth almost 2 years ago
- Status changed from Feedback to In Progress
Should this be in Feedback, Resolved, or is there more work to be done based on the last feedback?
Updated by Jim Pingle almost 2 years ago
- Status changed from In Progress to Resolved
- % Done changed from 0 to 100
This issue was specifically about the variable names being incorrect which was causing the validation to be non-functional. The type mismatch isn't fatal or preventing anything from working so I'd say that's more appropriate for a separate request.
Closing.