Add input validation for the Backends form

2 files changed, 35 insertions, 9 deletions

diff --git a/config/varnish64/varnish.inc b/config/varnish64/varnish.inc
index 7535b1bb..735152f7 100644
--- a/config/varnish64/varnish.inc
+++ b/config/varnish64/varnish.inc
@@ -31,12 +31,33 @@
                                                                               */
 /* ========================================================================== */
 
+function varnish_backends_post_validate($post, $input_errors) {
+ 	if (preg_match("/[^a-zA-Z0-9\.\-_]/", $post['backendname']))
+		$input_errors[] = "The backend name must only contain the characters a-Z or 0-9";
+	if(!is_ipaddr($post['ipaddress'])) 
+		$input_errors[] = "A valid IP address is required for the field 'IPAddress'";
+	if($post['first_byte_timeout'] && !is_int($post['first_byte_timeout'])) 
+		$input_errors[] = "A valid number is required for the field 'first byte timeout'";
+	if($post['connect_timeout'] && !is_int($post['connect_timeout'])) 
+		$input_errors[] = "A valid number is required for the field 'connect timeout'";
+	if($post['probe_interval'] && !is_int($post['probe_interval'])) 
+		$input_errors[] = "A valid number is required for the field 'probe interval'";
+	if($post['probe_interval'] && !is_int($post['probe_interval'])) 
+		$input_errors[] = "A valid number is required for the field 'probe interval'";
+	if($post['probe_timeout'] && !is_int($post['probe_timeout'])) 
+		$input_errors[] = "A valid number is required for the field 'probe timeout'";
+	if($post['probe_window'] && !is_int($post['probe_window'])) 
+		$input_errors[] = "A valid number is required for the field 'probe window'";
+	if($post['probe_threshold'] && !is_int($post['probe_threshold'])) 
+		$input_errors[] = "A valid number is required for the field 'probe threshold'";
+}
+
 function varnish_install() {
-		create_varnish_rcd_file();
+	create_varnish_rcd_file();
 }
 
 function varnish_deinstall() {
-		create_varnish_rcd_file();
+	create_varnish_rcd_file();
 }
 
 function varnish_start() {
diff --git a/config/varnish64/varnish_backends.xml b/config/varnish64/varnish_backends.xml
index 65a03499..68736c44 100644
--- a/config/varnish64/varnish_backends.xml
+++ b/config/varnish64/varnish_backends.xml
@@ -109,22 +109,24 @@
 	</adddeleteeditpagefields>
 	<fields>
 		<field>
-			<fielddescr>IPAddress</fielddescr>
-			<fieldname>ipaddress</fieldname>
-			<description>Enter the IP Address of the backend web server.</description>
-			<type>input</type>
-		</field>
-		<field>
 			<fielddescr>Backend name</fielddescr>
 			<fieldname>backendname</fieldname>
 			<description>Enter the name of this backend web server.</description>
 			<type>input</type>
+			<validate>^[a-z0-9.|-]+$</validate>
+		</field>
+		<field>
+			<fielddescr>IPAddress</fielddescr>
+			<fieldname>ipaddress</fieldname>
+			<description>Enter the IP Address of the backend web server.</description>
+			<type>input</type>
 		</field>
 		<field>
 			<fielddescr>Port</fielddescr>
 			<fieldname>port</fieldname>
 			<description>Enter the TCP/IP port of the webserver.</description>
 			<type>input</type>
+			<validate>^[0-9]+$</validate>
 		</field>
 		<field>
 			<fielddescr>First byte timeout</fielddescr>
@@ -140,7 +142,7 @@
 		</field>
 		<field>
 			<fielddescr>Probe URL</fielddescr>
-			<fieldname>probe_url</fieldname>
+			<fieldname>probe_interval</fieldname>
 			<description>Enter the URL that varnish will use to ensure that this backend is healthy.</description>
 			<type>input</type>
 		</field>
@@ -196,4 +198,7 @@
 		sync_package_varnish();
 		varnish_start();
 	</custom_php_resync_config_command>
+	<custom_php_validation_command>
+		varnish_backends_post_validate($_POST, &amp;$input_errors);
+	</custom_php_validation_command>
 </packagegui>
\ No newline at end of file