aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorD. V. Serg <dvserg@pfsense.org>2008-01-15 14:10:39 +0000
committerD. V. Serg <dvserg@pfsense.org>2008-01-15 14:10:39 +0000
commita031b26d14d2be697aceaec4a296fd550c97d92e (patch)
tree9bd3e55d91d0d6db4fbe034b8a96ff73d3bbb08e
parenta0a3fbe2cfa209bf2f66dcfa1e8fa300f4a2541f (diff)
downloadpfsense-packages-a031b26d14d2be697aceaec4a296fd550c97d92e.tar.gz
pfsense-packages-a031b26d14d2be697aceaec4a296fd550c97d92e.tar.bz2
pfsense-packages-a031b26d14d2be697aceaec4a296fd550c97d92e.zip
Bugfix 1 - url validate
-rw-r--r--packages/squidGuard/squidguard.inc26
-rw-r--r--packages/squidGuard/squidguard_configurator.inc11
2 files changed, 33 insertions, 4 deletions
diff --git a/packages/squidGuard/squidguard.inc b/packages/squidGuard/squidguard.inc
index cb7d4938..f7866965 100644
--- a/packages/squidGuard/squidguard.inc
+++ b/packages/squidGuard/squidguard.inc
@@ -103,6 +103,8 @@ define('WEBGUI_HISTORY_LOG', 'on');
define('TEST_LOG', '/var/tmp/sqtest.test');
+define('ERRVALIDATE_REDIRECT', "Redirect must contains valid data. Example: 'http://www.my.com', 'https://my.com', Error_Code<space>Reason, blank, blank_img");
+
# ==============================================================================
# Initialization
# ==============================================================================
@@ -193,6 +195,28 @@ function squidguard_validate_acl($post, $input_errors) {
if (empty($pass_over_val))
$post[FLD_DEST] = "$pass_up_val";
else $post[FLD_DEST] = "$pass_up_val [$pass_over_val]";
+
+ // check redirect
+ $redirect = trim($post[FLD_REDIRECT]);
+ if(!empty($redirect)) {
+ // cut first redirect url, if entered more that one
+ $redirect = explode("\n", $redirect);
+ $redirect = $redirect[0];
+ $post[FLD_REDIRECT] = $redirect;
+ if (is_url($redirect) === false)
+ $input_errors[] = "Redirect '$redirect' error. " . ERRVALIDATE_REDIRECT;
+ }
+
+ // check overredirect
+ $redirect = trim($post[FLD_OVERREDIRECT]);
+ if(!empty($redirect)) {
+ // cut first redirect url, if entered more that one
+ $redirect = explode("\n", $redirect);
+ $redirect = $redirect[0];
+ $post[FLD_OVERREDIRECT] = $redirect;
+ if (is_url($redirect) === false)
+ $input_errors[] = "Overtime redirect '$redirect' error. " . ERRVALIDATE_REDIRECT;
+ }
}
# ------------------------------------------------------------------------------
@@ -282,7 +306,7 @@ function squidguard_validate_destination($post, $input_errors) {
$redirect = $redirect[0];
$post[FLD_REDIRECT] = $redirect;
if (is_url($redirect) === false)
- $input_errors[] = "Redirect must contains valid url. Example: 'http://www.my.com', 'https://my.com', 'ftp://my.com'";
+ $input_errors[] = "Redirect '$redirect' error. " . ERRVALIDATE_REDIRECT;
}
}
diff --git a/packages/squidGuard/squidguard_configurator.inc b/packages/squidGuard/squidguard_configurator.inc
index db751a95..041f5c14 100644
--- a/packages/squidGuard/squidguard_configurator.inc
+++ b/packages/squidGuard/squidguard_configurator.inc
@@ -827,7 +827,12 @@ function sg_redirector_base_url($url) {
// Attention:
// order arg's must be: first-URL, last-SG variables
// SG have bug, what broke data after his var's
- $rdr_path = $rdr_path . "?url=" . rawurlencode($url) . REDIRECT_URL_ARGS;
+ $tmp_url = ltrim($url);
+ // not need encoded url string. only err_code line
+ if (eregi("^https{0,1}://", $tmp_url) === false)
+ $tmp_url = rawurlencode($tmp_url);
+ $rdr_path = $rdr_path . "?url=" . $tmp_url . REDIRECT_URL_ARGS; // rawurlencode($tmp_url) . REDIRECT_URL_ARGS;
+ unset($tmp_url);
sg_addlog("sg_redirector_base_url: select redirector base url ($rdr_path)");
return $rdr_path;
@@ -1583,7 +1588,7 @@ function scan_dir($dir) {
return $files;
}
# ------------------------------------------------------------------------------
-# is_url - build files listing for $dir
+# is_url - check url an err_codes
# ------------------------------------------------------------------------------
function is_url($url) {
if (empty($url)) return false;
@@ -1591,7 +1596,7 @@ function is_url($url) {
if (eregi("^https://", $url)) return true;
if (strstr("blank", $url)) return true;
if (strstr("blank_img", $url)) return true;
- if (eregi("^([0-9]{3})", $url)) return true; // http error code 403, 404, 410, etc.
+ if (eregi("^((30[1235]{1})|(40[0-9]{1})|(41[0-7]{1})|(50[0-5]{1}))", $url)) return true; // http error code 30x, 4xx, 50x.
return false;
}
# ------------------------------------------------------------------------------