Project

General

Profile

« Previous | Next » 

Revision 6fa73745

Added by Erik Fonnesbeck almost 15 years ago

Fix input validation with "no rdr" for ticket #570

View differences:

usr/local/www/firewall_nat_edit.php
178 178 

  		




  179
  179
  
    
	/* input validation */


  		




  180
  180
  
    
	if(strtoupper($_POST['proto']) == "TCP" or strtoupper($_POST['proto']) == "UDP" or strtoupper($_POST['proto']) == "TCP/UDP") {


  		




  181
  
  
    
		$reqdfields = explode(" ", "interface proto dstbeginport dstendport localip");


  		




  182
  
  
    
		$reqdfieldsn = array(gettext("Interface"),gettext("Protocol"),gettext("Destination port from"),gettext("Destination port to"),gettext("NAT IP"));


  		




  
  181
  
    
		$reqdfields = explode(" ", "interface proto dstbeginport dstendport");


  		




  
  182
  
    
		$reqdfieldsn = array(gettext("Interface"),gettext("Protocol"),gettext("Destination port from"),gettext("Destination port to"));


  		




  183
  183
  
    
	} else {


  		




  184
  
  
    
		$reqdfields = explode(" ", "interface proto localip");


  		




  185
  
  
    
		$reqdfieldsn = array(gettext("Interface"),gettext("Protocol"),gettext("NAT IP"));


  		




  
  184
  
    
		$reqdfields = explode(" ", "interface proto");


  		




  
  185
  
    
		$reqdfieldsn = array(gettext("Interface"),gettext("Protocol"));


  		




  186
  186
  
    
	}


  		




  187
  187
  
    

  		




  188
  188
  
    
	if ($_POST['srctype'] == "single" || $_POST['srctype'] == "network") {


  		




  ......




  193
  193
  
    
		$reqdfields[] = "dst";


  		




  194
  194
  
    
		$reqdfieldsn[] = gettext("Destination address");


  		




  195
  195
  
    
	}


  		




  
  196
  
    
	if (!isset($_POST['nordr'])) {


  		




  
  197
  
    
		$reqdfields[] = "localip";


  		




  
  198
  
    
		$reqdfieldsn[] = gettext("Redirect target IP");


  		




  
  199
  
    
	}


  		




  196
  200
  
    

  		




  197
  201
  
    
	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);


  		




  198
  202
  
    

  		




  ......




  205
  209
  
    
		$_POST['dstendport'] = 0;


  		




  206
  210
  
    
	}


  		




  207
  211
  
    

  		




  208
  
  
    
	if (($_POST['localip'] && !is_ipaddroralias($_POST['localip']))) {


  		




  209
  
  
    
		$input_errors[] = sprintf(gettext("\"%s\" is not valid NAT IP address or host alias."), $_POST['localip']);


  		




  
  212
  
    
	if (!isset($_POST['nordr']) && ($_POST['localip'] && !is_ipaddroralias($_POST['localip']))) {


  		




  
  213
  
    
		$input_errors[] = sprintf(gettext("\"%s\" is not a valid redirect target IP address or host alias."), $_POST['localip']);


  		




  210
  214
  
    
	}


  		




  211
  215
  
    

  		




  212
  216
  
    
	if ($_POST['srcbeginport'] && !is_portoralias($_POST['srcbeginport']))


  		




  ......




  218
  222
  
    
	if ($_POST['dstendport'] && !is_portoralias($_POST['dstendport']))


  		




  219
  223
  
    
		$input_errors[] = sprintf(gettext("%s is not a valid end destination port. It must be a port alias or integer between 1 and 65535."), $_POST['dstendport']);


  		




  220
  224
  
    

  		




  221
  
  
    
	if ($_POST['localbeginport'] && !is_portoralias($_POST['localbeginport'])) {


  		




  
  225
  
    
	if (!isset($_POST['nordr']) && $_POST['localbeginport'] && !is_portoralias($_POST['localbeginport'])) {


  		




  222
  226
  
    
		$input_errors[] = sprintf(gettext("%s is not a valid local port. It must be a port alias or integer between 1 and 65535."), $_POST['localbeginport']);


  		




  223
  227
  
    
	}


  		




  224
  228
  
    

  		




  ......




  259
  263
  
    
	}


  		




  260
  264
  
    

  		




  261
  265
  
    
	if (!$input_errors) {


  		




  262
  
  
    
		if (($_POST['dstendport'] - $_POST['dstbeginport'] + $_POST['localbeginport']) > 65535)


  		




  
  266
  
    
		if (!isset($_POST['nordr']) && ($_POST['dstendport'] - $_POST['dstbeginport'] + $_POST['localbeginport']) > 65535)


  		




  263
  267
  
    
			$input_errors[] = gettext("The target port range must be an integer between 1 and 65535.");


  		




  264
  268
  
    
	}


  		




  265
  269
  
    

  		




  ......




  292
  296
  
    
		$natent['disabled'] = isset($_POST['disabled']) ? true:false;


  		




  293
  297
  
    
		$natent['nordr'] = isset($_POST['nordr']) ? true:false;


  		




  294
  298
  
    

  		




  
  299
  
    
		if ($natent['nordr']) {


  		




  
  300
  
    
			$_POST['associated-rule-id'] = '';


  		




  
  301
  
    
			$_POST['filter-rule-association'] = '';


  		




  
  302
  
    
		}


  		




  
  303
  
    

  		




  295
  304
  
    
		pconfig_to_address($natent['source'], $_POST['src'],


  		




  296
  305
  
    
			$_POST['srcmask'], $_POST['srcnot'],


  		




  297
  306
  
    
			$_POST['srcbeginport'], $_POST['srcendport']);


  		




  ......




  302
  311
  
    

  		




  303
  312
  
    
		$natent['protocol'] = $_POST['proto'];


  		




  304
  313
  
    

  		




  305
  
  
    
		$natent['target'] = $_POST['localip'];


  		




  306
  
  
    
		$natent['local-port'] = $_POST['localbeginport'];


  		




  
  314
  
    
		if (!$natent['nordr']) {


  		




  
  315
  
    
			$natent['target'] = $_POST['localip'];


  		




  
  316
  
    
			$natent['local-port'] = $_POST['localbeginport'];


  		




  
  317
  
    
		}


  		




  307
  318
  
    
		$natent['interface'] = $_POST['interface'];


  		




  308
  319
  
    
		$natent['descr'] = $_POST['descr'];


  		




  309
  320
  
    
		$natent['associated-rule-id'] = $_POST['associated-rule-id'];


  		












Also available in:  Unified diff