Bug #173
closed
Missing input validation for gateways
70%
Description
system_gateways_edit.php does not sanity check entries. Two checks should be added:
1) The gateway IP is within the IP subnet of the interface selected
2) The monitor IP is not used on any other gateway (otherwise the static routes can't be added properly)
Updated by Seth Mos almost 15 years ago
- Status changed from New to Feedback
- Assignee set to Seth Mos
- % Done changed from 0 to 100
.
Updated by Seth Mos almost 15 years ago
- Status changed from Feedback to New
- % Done changed from 100 to 0
Updated by Seth Mos almost 15 years ago
Seth Mos wrote:
The monitor IP check was caused by a incorrect variable name which was fixed in #166.
Adding code for subnet check and comitting that.
Updated by Seth Mos almost 15 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 70
Updated by
Updated by Seth Mos almost 15 years ago
The parse error is now gone, but upon further inspection I can create empty array entries by attempting to delete a gateway entry.
Updated by Chris Buechler almost 15 years ago
- Status changed from Feedback to Resolved
the particular issues mentioned in the ticket are fixed after my last commit fixing the input validation
not sure on the empty array entries. If I delete a gateway it is removed properly, the only thing I see is when all gateways are deleted it leaves <gateways></gateways> which shouldn't be a problem from what I see.
Seth, if you know of any other outstanding issues, please open a new ticket.