Project

General

Profile

« Previous | Next » 

Revision cfceda6d

Added by Evgeny Yurchenko about 14 years ago

Bug #1639. Port alias missing input validation in firewall_rules_edit.php.

View differences:

usr/local/www/firewall_rules_edit.php
302 302 
                $input_errors[] = sprintf(gettext("%s is not a valid start destination port. It must be a port alias or integer between 1 and 65535."),$_POST['dstbeginport']);
303 303 
        if ($_POST['dstendport'] && !is_portoralias($_POST['dstendport']))
304 304 
                $input_errors[] = sprintf(gettext("%s is not a valid end destination port. It must be a port alias or integer between 1 and 65535."),$_POST['dstendport']);
305 
	if ( !$_POST['srcbeginport_cust'] && $_POST['srcendport_cust'])
306 
		if (is_alias($_POST['srcendport_cust']))
307 
			$input_errors[] = 'If you put port alias in Source port range to: field you must put the same port alias in from: field';
308 
	if ( $_POST['srcbeginport_cust'] && $_POST['srcendport_cust']){
309 
		if (is_alias($_POST['srcendport_cust']) && is_alias($_POST['srcendport_cust']) && $_POST['srcbeginport_cust'] != $_POST['srcendport_cust'])
310 
			$input_errors[] = 'The same port alias must be used in Source port range from: and to: fields';
311 
		if ((is_alias($_POST['srcbeginport_cust']) && (!is_alias($_POST['srcendport_cust']) && $_POST['srcendport_cust']!='')) ||
312 
		    ((!is_alias($_POST['srcbeginport_cust']) && $_POST['srcbeginport_cust']!='') && is_alias($_POST['srcendport_cust'])))
313 
			$input_errors[] = 'You cannot specify numbers and port aliases at the same time in Source port range from: and to: field';
314 
	}
315 
	if ( !$_POST['dstbeginport_cust'] && $_POST['dstendport_cust'])
316 
		if (is_alias($_POST['dstendport_cust']))
317 
			$input_errors[] = 'If you put port alias in Destination port range to: field you must put the same port alias in from: field';
318 
	if ( $_POST['dstbeginport_cust'] && $_POST['dstendport_cust']){
319 
		if (is_alias($_POST['dstendport_cust']) && is_alias($_POST['dstendport_cust']) && $_POST['dstbeginport_cust'] != $_POST['dstendport_cust'])
320 
			$input_errors[] = 'The same port alias must be used in Destination port range from: and to: fields';
321 
		if ((is_alias($_POST['dstbeginport_cust']) && (!is_alias($_POST['dstendport_cust']) && $_POST['dstendport_cust']!='')) ||
322 
		    ((!is_alias($_POST['dstbeginport_cust']) && $_POST['dstbeginport_cust']!='') && is_alias($_POST['dstendport_cust'])))
323 
			$input_errors[] = 'You cannot specify numbers and port aliases at the same time in Destination port range from: and to: field';
324 
	}
305 325 

  		




  306
  326
  
    
	/* if user enters an alias and selects "network" then disallow. */


  		




  307
  327
  
    
	if($_POST['srctype'] == "network") {


  		












Also available in:  Unified diff