Missing input validation for gateways
system_gateways_edit.php does not sanity check entries. Two checks should be added:
1) The gateway IP is within the IP subnet of the interface selected
2) The monitor IP is not used on any other gateway (otherwise the static routes can't be added properly)
#7 Updated by Chris Buechler over 10 years ago
- Status changed from Feedback to Resolved
the particular issues mentioned in the ticket are fixed after my last commit fixing the input validation
not sure on the empty array entries. If I delete a gateway it is removed properly, the only thing I see is when all gateways are deleted it leaves <gateways></gateways> which shouldn't be a problem from what I see.
Seth, if you know of any other outstanding issues, please open a new ticket.