Revision d72e6feb
Added by Phil Davis about 9 years ago
| src/etc/inc/util.inc | ||
|---|---|---|
| 1058 | 1058 |
return preg_match('/^[0-9A-F]{2}(?:[:][0-9A-F]{2}){'.$repeat.'}$/i', $macaddr) == 1 ? true : false;
|
| 1059 | 1059 |
} |
| 1060 | 1060 |
|
| 1061 |
/* returns true if $name is a valid name for an alias |
|
| 1062 |
returns NULL if a reserved word is used |
|
| 1063 |
returns FALSE for bad chars in the name - this allows calling code to determine what the problem was. |
|
| 1064 |
aliases cannot be: |
|
| 1065 |
bad chars: anything except a-z 0-9 and underscore |
|
| 1066 |
bad names: empty string, pure numeric, pure underscore |
|
| 1067 |
reserved words: pre-defined service/protocol/port names which should not be ambiguous, and the words "port" and "pass" */ |
|
| 1068 |
|
|
| 1069 |
function is_validaliasname($name) {
|
|
| 1061 |
/* |
|
| 1062 |
If $return_message is true then |
|
| 1063 |
returns a text message about the reason that the name is invalid. |
|
| 1064 |
the text includes the type of "thing" that is being checked, passed in $object. (e.g. "alias", "gateway group", "schedule") |
|
| 1065 |
else |
|
| 1066 |
returns true if $name is a valid name for an alias |
|
| 1067 |
returns false if $name is not a valid name for an alias |
|
| 1068 |
|
|
| 1069 |
Aliases cannot be: |
|
| 1070 |
bad chars: anything except a-z 0-9 and underscore |
|
| 1071 |
bad names: empty string, pure numeric, pure underscore |
|
| 1072 |
reserved words: pre-defined service/protocol/port names which should not be ambiguous, and the words "port" and "pass" */ |
|
| 1073 |
|
|
| 1074 |
function is_validaliasname($name, $return_message = false, $object = "alias") {
|
|
| 1070 | 1075 |
/* Array of reserved words */ |
| 1071 | 1076 |
$reserved = array("port", "pass");
|
| 1072 | 1077 |
|
| 1073 | 1078 |
if (!is_string($name) || strlen($name) >= 32 || preg_match('/(^_*$|^\d*$|[^a-z0-9_])/i', $name)) {
|
| 1074 |
return false; |
|
| 1079 |
if ($return_message) {
|
|
| 1080 |
return sprintf(gettext('The %1$s name must be less than 32 characters long, may not consist of only numbers, may not consist of only underscores, and may only contain the following characters: %2$s'), $object, 'a-z, A-Z, 0-9, _');
|
|
| 1081 |
} else {
|
|
| 1082 |
return false; |
|
| 1083 |
} |
|
| 1075 | 1084 |
} |
| 1076 |
if (in_array($name, $reserved, true) || getservbyname($name, "tcp") || getservbyname($name, "udp") || getprotobyname($name)) {
|
|
| 1077 |
return; /* return NULL */ |
|
| 1085 |
if (in_array($name, $reserved, true)) {
|
|
| 1086 |
if ($return_message) {
|
|
| 1087 |
return sprintf(gettext('The %1$s name must not be either of the reserved words %2$s or %3$s.'), $object, "'port'", "'pass'");
|
|
| 1088 |
} else {
|
|
| 1089 |
return false; |
|
| 1090 |
} |
|
| 1078 | 1091 |
} |
| 1079 |
return true; |
|
| 1092 |
if (getprotobyname($name)) {
|
|
| 1093 |
if ($return_message) {
|
|
| 1094 |
return sprintf(gettext('The %1$s name must not be a well-known IP protocol name such as TCP, UDP, ICMP etc.'), $object);
|
|
| 1095 |
} else {
|
|
| 1096 |
return false; |
|
| 1097 |
} |
|
| 1098 |
} |
|
| 1099 |
if (getservbyname($name, "tcp") || getservbyname($name, "udp")) {
|
|
| 1100 |
if ($return_message) {
|
|
| 1101 |
return sprintf(gettext('The %1$s name must not be a well-known TCP or UDP port name such as ssh, smtp, pop3, tftp, http, openvpn etc.'), $object);
|
|
| 1102 |
} else {
|
|
| 1103 |
return false; |
|
| 1104 |
} |
|
| 1105 |
} |
|
| 1106 |
if ($return_message) {
|
|
| 1107 |
return sprintf(gettext("The %1$s name is valid."), $object);
|
|
| 1108 |
} else {
|
|
| 1109 |
return true; |
|
| 1110 |
} |
|
| 1111 |
} |
|
| 1112 |
|
|
| 1113 |
/* returns a text message indicating if the alias name is valid, or the reason it is not valid. */ |
|
| 1114 |
function invalidaliasnamemsg($name, $object = "alias") {
|
|
| 1115 |
return is_validaliasname($name, true, $object); |
|
| 1080 | 1116 |
} |
| 1081 | 1117 |
|
| 1082 | 1118 |
/* returns true if $port is a valid TCP/UDP port */ |
| src/usr/local/www/firewall_aliases_edit.php | ||
|---|---|---|
| 175 | 175 |
|
| 176 | 176 |
do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); |
| 177 | 177 |
|
| 178 |
$x = is_validaliasname($_POST['name']); |
|
| 179 |
if (!isset($x)) {
|
|
| 180 |
$input_errors[] = gettext("Reserved word used for alias name.");
|
|
| 181 |
} else if ($_POST['type'] == "port" && (getservbyname($_POST['name'], "tcp") || getservbyname($_POST['name'], "udp"))) {
|
|
| 182 |
$input_errors[] = gettext("Reserved word used for alias name.");
|
|
| 183 |
} else {
|
|
| 184 |
if (is_validaliasname($_POST['name']) == false) {
|
|
| 185 |
$input_errors[] = sprintf(gettext("The alias name must be less than 32 characters long, may not consist of only numbers, may not consist of only underscores, and may only contain the following characters: %s"), 'a-z, A-Z, 0-9, _');
|
|
| 186 |
} |
|
| 178 |
if (!is_validaliasname($_POST['name'])) {
|
|
| 179 |
$input_errors[] = invalidaliasnamemsg($_POST['name']); |
|
| 187 | 180 |
} |
| 181 |
|
|
| 188 | 182 |
/* check for name conflicts */ |
| 189 | 183 |
foreach ($a_aliases as $key => $alias) {
|
| 190 | 184 |
if (($alias['name'] == $_POST['name']) && (empty($a_aliases[$id]) || ($key != $id))) {
|
| src/usr/local/www/firewall_aliases_import.php | ||
|---|---|---|
| 94 | 94 |
|
| 95 | 95 |
do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); |
| 96 | 96 |
|
| 97 |
if (is_validaliasname($_POST['name']) == false) {
|
|
| 98 |
$input_errors[] = sprintf(gettext("The alias name may only consist of the characters %s"), "a-z, A-Z, 0-9, _.");
|
|
| 97 |
if (!is_validaliasname($_POST['name'])) {
|
|
| 98 |
$input_errors[] = invalidaliasnamemsg($_POST['name']);
|
|
| 99 | 99 |
} |
| 100 | 100 |
|
| 101 | 101 |
/* check for name duplicates */ |
| src/usr/local/www/firewall_schedule_edit.php | ||
|---|---|---|
| 125 | 125 |
$input_errors[] = gettext("Schedule name cannot be blank.");
|
| 126 | 126 |
} |
| 127 | 127 |
|
| 128 |
$x = is_validaliasname($_POST['name']); |
|
| 129 |
if (!isset($x)) {
|
|
| 130 |
$input_errors[] = gettext("Reserved word used for schedule name.");
|
|
| 131 |
} else {
|
|
| 132 |
if (is_validaliasname($_POST['name']) == false) {
|
|
| 133 |
$input_errors[] = sprintf(gettext("The schedule name must be less than 32 characters long, may not consist of only numbers, may not consist of only underscores, and may only contain the following characters: %s"), 'a-z, A-Z, 0-9, _');
|
|
| 134 |
} |
|
| 128 |
if (!is_validaliasname($_POST['name'])) {
|
|
| 129 |
$input_errors[] = invalidaliasnamemsg($_POST['name'], gettext("schedule"));
|
|
| 135 | 130 |
} |
| 136 | 131 |
|
| 137 | 132 |
/* check for name conflicts */ |
| src/usr/local/www/system_gateway_groups_edit.php | ||
|---|---|---|
| 115 | 115 |
$input_errors[] = gettext("A valid gateway group name must be specified.");
|
| 116 | 116 |
} |
| 117 | 117 |
if (!is_validaliasname($_POST['name'])) {
|
| 118 |
$input_errors[] = gettext("The gateway name must not contain invalid characters.");
|
|
| 118 |
$input_errors[] = invalidaliasnamemsg($_POST['name'], gettext("gateway group"));
|
|
| 119 | 119 |
} |
| 120 | 120 |
|
| 121 | 121 |
if (isset($_POST['name'])) {
|
| src/usr/local/www/system_gateways_edit.php | ||
|---|---|---|
| 147 | 147 |
$input_errors[] = "A valid gateway name must be specified."; |
| 148 | 148 |
} |
| 149 | 149 |
if (!is_validaliasname($_POST['name'])) {
|
| 150 |
$input_errors[] = gettext("The gateway name must not contain invalid characters.");
|
|
| 150 |
$input_errors[] = invalidaliasnamemsg($_POST['name'], gettext("gateway"));
|
|
| 151 | 151 |
} else if (isset($_POST['disabled'])) {
|
| 152 | 152 |
// We have a valid gateway name that the user wants to mark as disabled. |
| 153 | 153 |
// Check if the gateway name is used in any gateway group. |
Also available in: Unified diff
Provide better messages for invalid alias name errors
(cherry picked from commit e1f5381f4ecae20922a379b75820af1c9e57927e)