Revision db7f2719
Added by Jim Pingle about 7 years ago
| src/etc/inc/pfsense-utils.inc | ||
|---|---|---|
| 227 | 227 |
$csslist |
| 228 | 228 |
))->setHelp('Choose an alternative css file (if installed) to change the appearance of the webConfigurator. css files are located in /usr/local/www/css/%s', '<span id="csstxt"></span>');
|
| 229 | 229 |
} |
| 230 |
function validate_webguicss_field(&$input_errors, $value) {
|
|
| 231 |
$csslist = get_css_files(); |
|
| 232 |
if (!isset($csslist[$value])) {
|
|
| 233 |
$input_errors[] = gettext("The submitted Theme could not be found. Pick a different theme.");
|
|
| 234 |
} |
|
| 235 |
} |
|
| 230 | 236 |
|
| 231 | 237 |
/****f* pfsense-utils/gen_webguifixedmenu_field |
| 232 | 238 |
* NAME |
| ... | ... | |
| 246 | 252 |
["" => gettext("Scrolls with page"), "fixed" => gettext("Fixed (Remains visible at top of page)")]
|
| 247 | 253 |
))->setHelp("The fixed option is intended for large screens only.");
|
| 248 | 254 |
} |
| 255 |
function validate_webguifixedmenu_field(&$input_errors, $value) {
|
|
| 256 |
$valid_values = array("", "fixed");
|
|
| 257 |
if (!in_array($value, $valid_values)) {
|
|
| 258 |
$input_errors[] = gettext("The submitted Top Navigation value is invalid.");
|
|
| 259 |
} |
|
| 260 |
} |
|
| 249 | 261 |
|
| 250 | 262 |
/****f* pfsense-utils/gen_webguihostnamemenu_field |
| 251 | 263 |
* NAME |
| ... | ... | |
| 265 | 277 |
["" => gettext("Default (No hostname)"), "hostonly" => gettext("Hostname only"), "fqdn" => gettext("Fully Qualified Domain Name")]
|
| 266 | 278 |
))->setHelp("Replaces the Help menu title in the Navbar with the system hostname or FQDN.");
|
| 267 | 279 |
} |
| 280 |
function validate_webguihostnamemenu_field(&$input_errors, $value) {
|
|
| 281 |
$valid_values = array("", "hostonly", "fqdn");
|
|
| 282 |
if (!in_array($value, $valid_values)) {
|
|
| 283 |
$input_errors[] = gettext("The submitted Hostname in Menu value is invalid.");
|
|
| 284 |
} |
|
| 285 |
} |
|
| 268 | 286 |
|
| 269 | 287 |
/****f* pfsense-utils/gen_dashboardcolumns_field |
| 270 | 288 |
* NAME |
| ... | ... | |
| 277 | 295 |
******/ |
| 278 | 296 |
function gen_dashboardcolumns_field(&$section, $value) {
|
| 279 | 297 |
|
| 280 |
if (($value < 1) || ($value > 6)) {
|
|
| 298 |
if (((int) $value < 1) || ((int) $value > 6)) {
|
|
| 281 | 299 |
$value = 2; |
| 282 | 300 |
} |
| 283 | 301 |
|
| ... | ... | |
| 289 | 307 |
[min => 1, max => 6] |
| 290 | 308 |
)); |
| 291 | 309 |
} |
| 310 |
function validate_dashboardcolumns_field(&$input_errors, $value) {
|
|
| 311 |
if (!is_numericint($value) || ((int) $value < 1) || ((int) $value > 6)) {
|
|
| 312 |
$input_errors[] = gettext("The submitted Dashboard Columns value is invalid.");
|
|
| 313 |
} |
|
| 314 |
} |
|
| 292 | 315 |
|
| 293 | 316 |
/****f* pfsense-utils/gen_interfacessort_field |
| 294 | 317 |
* NAME |
| src/usr/local/www/head.inc | ||
|---|---|---|
| 437 | 437 |
$menuclass = "fixed"; |
| 438 | 438 |
} |
| 439 | 439 |
|
| 440 |
$numColumns = $user_settings['webgui']['dashboardcolumns']; |
|
| 440 |
$numColumns = (int) $user_settings['webgui']['dashboardcolumns'];
|
|
| 441 | 441 |
|
| 442 | 442 |
if (($pagename === "index.php") && ($numColumns > 2)) {
|
| 443 | 443 |
$columnsContainer = 'style="max-width: ' . 585*$numColumns . 'px;width: 100%"'; |
| src/usr/local/www/index.php | ||
|---|---|---|
| 273 | 273 |
|
| 274 | 274 |
##build widget saved list information |
| 275 | 275 |
if ($user_settings['widgets']['sequence'] != "") {
|
| 276 |
$dashboardcolumns = isset($user_settings['webgui']['dashboardcolumns']) ? $user_settings['webgui']['dashboardcolumns'] : 2; |
|
| 276 |
$dashboardcolumns = isset($user_settings['webgui']['dashboardcolumns']) ? (int) $user_settings['webgui']['dashboardcolumns'] : 2;
|
|
| 277 | 277 |
$pconfig['sequence'] = $user_settings['widgets']['sequence']; |
| 278 | 278 |
$widgetsfromconfig = array(); |
| 279 | 279 |
|
| src/usr/local/www/system.php | ||
|---|---|---|
| 160 | 160 |
|
| 161 | 161 |
do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); |
| 162 | 162 |
|
| 163 |
// if ($_POST['dashboardperiod']) {
|
|
| 164 |
// $config['widgets']['period'] = $_POST['dashboardperiod']; |
|
| 165 |
// } |
|
| 166 |
|
|
| 167 |
if ($_POST['webguicss']) {
|
|
| 168 |
$config['system']['webgui']['webguicss'] = $_POST['webguicss']; |
|
| 169 |
} else {
|
|
| 170 |
unset($config['system']['webgui']['webguicss']); |
|
| 171 |
} |
|
| 172 |
|
|
| 173 |
$config['system']['webgui']['roworderdragging'] = $_POST['roworderdragging'] ? true:false; |
|
| 174 |
|
|
| 175 |
if ($_POST['logincss']) {
|
|
| 176 |
$config['system']['webgui']['logincss'] = $_POST['logincss']; |
|
| 177 |
} else {
|
|
| 178 |
unset($config['system']['webgui']['logincss']); |
|
| 179 |
} |
|
| 180 |
|
|
| 181 |
$config['system']['webgui']['loginshowhost'] = $_POST['loginshowhost'] ? true:false; |
|
| 182 |
|
|
| 183 |
if ($_POST['webguifixedmenu']) {
|
|
| 184 |
$config['system']['webgui']['webguifixedmenu'] = $_POST['webguifixedmenu']; |
|
| 185 |
} else {
|
|
| 186 |
unset($config['system']['webgui']['webguifixedmenu']); |
|
| 187 |
} |
|
| 188 |
|
|
| 189 |
if ($_POST['webguihostnamemenu']) {
|
|
| 190 |
$config['system']['webgui']['webguihostnamemenu'] = $_POST['webguihostnamemenu']; |
|
| 191 |
} else {
|
|
| 192 |
unset($config['system']['webgui']['webguihostnamemenu']); |
|
| 193 |
} |
|
| 194 |
|
|
| 195 |
if ($_POST['dashboardcolumns']) {
|
|
| 196 |
$config['system']['webgui']['dashboardcolumns'] = $_POST['dashboardcolumns']; |
|
| 197 |
} else {
|
|
| 198 |
unset($config['system']['webgui']['dashboardcolumns']); |
|
| 199 |
} |
|
| 200 |
|
|
| 201 |
$config['system']['webgui']['requirestatefilter'] = $_POST['requirestatefilter'] ? true : false; |
|
| 202 |
|
|
| 203 | 163 |
if ($_POST['hostname']) {
|
| 204 | 164 |
if (!is_hostname($_POST['hostname'])) {
|
| 205 | 165 |
$input_errors[] = gettext("The hostname can only contain the characters A-Z, 0-9 and '-'. It may not start or end with '-'.");
|
| ... | ... | |
| 212 | 172 |
if ($_POST['domain'] && !is_domain($_POST['domain'])) {
|
| 213 | 173 |
$input_errors[] = gettext("The domain may only contain the characters a-z, 0-9, '-' and '.'.");
|
| 214 | 174 |
} |
| 175 |
validate_webguicss_field($input_errors, $_POST['webguicss']); |
|
| 176 |
validate_webguifixedmenu_field($input_errors, $_POST['webguifixedmenu']); |
|
| 177 |
validate_webguihostnamemenu_field($input_errors, $_POST['webguihostnamemenu']); |
|
| 178 |
validate_dashboardcolumns_field($input_errors, $_POST['dashboardcolumns']); |
|
| 215 | 179 |
|
| 216 | 180 |
$dnslist = $ignore_posted_dnsgw = array(); |
| 217 | 181 |
|
| ... | ... | |
| 309 | 273 |
unset($config['system']['webgui']['statusmonitoringsettingspanel']); |
| 310 | 274 |
$config['system']['webgui']['statusmonitoringsettingspanel'] = $_POST['statusmonitoringsettingspanel'] ? true : false; |
| 311 | 275 |
|
| 276 |
// if ($_POST['dashboardperiod']) {
|
|
| 277 |
// $config['widgets']['period'] = $_POST['dashboardperiod']; |
|
| 278 |
// } |
|
| 279 |
|
|
| 280 |
if ($_POST['webguicss']) {
|
|
| 281 |
$config['system']['webgui']['webguicss'] = $_POST['webguicss']; |
|
| 282 |
} else {
|
|
| 283 |
unset($config['system']['webgui']['webguicss']); |
|
| 284 |
} |
|
| 285 |
|
|
| 286 |
$config['system']['webgui']['roworderdragging'] = $_POST['roworderdragging'] ? true:false; |
|
| 287 |
|
|
| 288 |
if ($_POST['logincss']) {
|
|
| 289 |
$config['system']['webgui']['logincss'] = $_POST['logincss']; |
|
| 290 |
} else {
|
|
| 291 |
unset($config['system']['webgui']['logincss']); |
|
| 292 |
} |
|
| 293 |
|
|
| 294 |
$config['system']['webgui']['loginshowhost'] = $_POST['loginshowhost'] ? true:false; |
|
| 295 |
|
|
| 296 |
if ($_POST['webguifixedmenu']) {
|
|
| 297 |
$config['system']['webgui']['webguifixedmenu'] = $_POST['webguifixedmenu']; |
|
| 298 |
} else {
|
|
| 299 |
unset($config['system']['webgui']['webguifixedmenu']); |
|
| 300 |
} |
|
| 301 |
|
|
| 302 |
if ($_POST['webguihostnamemenu']) {
|
|
| 303 |
$config['system']['webgui']['webguihostnamemenu'] = $_POST['webguihostnamemenu']; |
|
| 304 |
} else {
|
|
| 305 |
unset($config['system']['webgui']['webguihostnamemenu']); |
|
| 306 |
} |
|
| 307 |
|
|
| 308 |
if ($_POST['dashboardcolumns']) {
|
|
| 309 |
$config['system']['webgui']['dashboardcolumns'] = $_POST['dashboardcolumns']; |
|
| 310 |
} else {
|
|
| 311 |
unset($config['system']['webgui']['dashboardcolumns']); |
|
| 312 |
} |
|
| 313 |
|
|
| 314 |
$config['system']['webgui']['requirestatefilter'] = $_POST['requirestatefilter'] ? true : false; |
|
| 315 |
|
|
| 312 | 316 |
/* XXX - billm: these still need updating after figuring out how to check if they actually changed */ |
| 313 | 317 |
$olddnsservers = $config['system']['dnsserver']; |
| 314 | 318 |
unset($config['system']['dnsserver']); |
| src/usr/local/www/system_user_settings.php | ||
|---|---|---|
| 63 | 63 |
$reqdfields = explode(" ", "webguicss dashboardcolumns");
|
| 64 | 64 |
$reqdfieldsn = array(gettext("Theme"), gettext("Dashboard Columns"));
|
| 65 | 65 |
do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); |
| 66 |
validate_webguicss_field($input_errors, $_POST['webguicss']); |
|
| 67 |
validate_webguifixedmenu_field($input_errors, $_POST['webguifixedmenu']); |
|
| 68 |
validate_webguihostnamemenu_field($input_errors, $_POST['webguihostnamemenu']); |
|
| 69 |
validate_dashboardcolumns_field($input_errors, $_POST['dashboardcolumns']); |
|
| 66 | 70 |
|
| 67 | 71 |
$userent = $a_user[$id]; |
| 68 | 72 |
|
| src/usr/local/www/system_usermanager.php | ||
|---|---|---|
| 285 | 285 |
$input_errors[] = gettext("Invalid internal Certificate Authority") . "\n";
|
| 286 | 286 |
} |
| 287 | 287 |
} |
| 288 |
validate_webguicss_field($input_errors, $_POST['webguicss']); |
|
| 289 |
validate_webguifixedmenu_field($input_errors, $_POST['webguifixedmenu']); |
|
| 290 |
validate_webguihostnamemenu_field($input_errors, $_POST['webguihostnamemenu']); |
|
| 291 |
validate_dashboardcolumns_field($input_errors, $_POST['dashboardcolumns']); |
|
| 288 | 292 |
|
| 289 | 293 |
if (!$input_errors) {
|
| 290 | 294 |
|
Also available in: Unified diff
Validation for GUI custom settings. Fixes #8726
Add validation for customizable GUI setting fields and test submitted
values before allowing them to be stored.
Also ensure that dashboardcolumns is an integer before using it in the
GUI.
(cherry picked from commit 9ceace2562e718b9b460633847c12050fff96640)