Revision f71e0ac6
Added by Ermal Luçi over 15 years ago
| usr/local/www/firewall_aliases_edit.php | ||
|---|---|---|
| 250 | 250 |
} |
| 251 | 251 |
$final_address_details .= "||"; |
| 252 | 252 |
$isfirst++; |
| 253 |
} |
|
| 254 |
if (is_alias($_POST["address{$x}"])) {
|
|
| 255 |
if (!alias_same_type($_POST["address{$x}"], $_POST['type']))
|
|
| 256 |
$wrongaliases .= " " . $_POST["address{$x}"];
|
|
| 253 |
|
|
| 254 |
if (is_alias($_POST["address{$x}"])) {
|
|
| 255 |
if (!alias_same_type($_POST["address{$x}"], $_POST['type']))
|
|
| 256 |
$wrongaliases .= " " . $_POST["address{$x}"];
|
|
| 257 |
} else if ($_POST['type'] == "port") {
|
|
| 258 |
if (preg_match("/[^[[:digit:]]]/", $_POST["address{$x}"]) || strlen($_POST["address{$x}"]) > 5)
|
|
| 259 |
$input_errors[] = $_POST["address{$x}"] . " is not a valid {$_POST['type']} alias.";
|
|
| 260 |
else if (intval($_POST["address{$x}"]) < 0 || intval($_POST["address{$x}"]) > 65535)
|
|
| 261 |
$input_errors[] = $_POST["address{$x}"] . " is not a valid port alias.";
|
|
| 262 |
} else if ($_POST['type'] == "host" || $_POST['type'] == "network") {
|
|
| 263 |
if (!is_ipaddr($_POST["address{$x}"]) && !is_hostname($_POST["address{$x}"]))
|
|
| 264 |
$input_errors[] = $_POST["address{$x}"] . " is not a valid {$_POST['type']} alias.";
|
|
| 265 |
} |
|
| 257 | 266 |
} |
| 258 | 267 |
} |
| 259 | 268 |
if ($wrongaliases <> "") |
| 260 |
$input_errors[] = "The following aliases: {$wrongaliases} \ncannot be nested cause they are not of the same type.";
|
|
| 269 |
$input_errors[] = "The alias(es): {$wrongaliases} \ncannot be nested cause they are not of the same type.";
|
|
| 261 | 270 |
} |
| 262 | 271 |
|
| 263 | 272 |
if (!$input_errors) {
|
Also available in: Unified diff
Resolves #138 Add propper input validation to aliases. Do not allow to nested different types of aliases. Do not allow on ports to enter something that is not in the range 0-65535.