aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorthompsa <andy@fud.org.nz>2010-02-08 12:51:25 +1300
committerthompsa <andy@fud.org.nz>2010-02-08 12:51:25 +1300
commitcc3044cdf96229c0d004e619b17fd6b3408d0019 (patch)
treeb9a54eb2ccfa9b88516ec841a9a6343e23e9c933
parent06ea9faba91fe5684e14bea9f8591f88b4a7339d (diff)
downloadpfsense-packages-cc3044cdf96229c0d004e619b17fd6b3408d0019.tar.gz
pfsense-packages-cc3044cdf96229c0d004e619b17fd6b3408d0019.tar.bz2
pfsense-packages-cc3044cdf96229c0d004e619b17fd6b3408d0019.zip
Add more validation around the server list and do not trash the server
array on error.
-rwxr-xr-xconfig/haproxy-dev/haproxy_pool_edit.php15
1 files changed, 14 insertions, 1 deletions
diff --git a/config/haproxy-dev/haproxy_pool_edit.php b/config/haproxy-dev/haproxy_pool_edit.php
index 728c9880..dea2eb7d 100755
--- a/config/haproxy-dev/haproxy_pool_edit.php
+++ b/config/haproxy-dev/haproxy_pool_edit.php
@@ -92,13 +92,25 @@ if ($_POST) {
$server['weight']=$server_weight;
$a_servers[]=$server;
+ if (preg_match("/[^a-zA-Z0-9\.\-_]/", $server_name))
+ $input_errors[] = "The field 'Name' contains invalid characters.";
if (preg_match("/[^a-zA-Z0-9\.\-_]/", $server_address))
$input_errors[] = "The field 'Address' contains invalid characters.";
+ if (!preg_match("/.{2,}/", $server_name))
+ $input_errors[] = "The field 'Name' is required.";
+
+ if (!preg_match("/.{2,}/", $server_address))
+ $input_errors[] = "The field 'Address' is required.";
+
if (!preg_match("/.{2,}/", $server_weight))
$input_errors[] = "The field 'Weight' is required.";
- }
+ if (!is_numeric($server_weight))
+ $input_errors[] = "The field 'Weight' value is not a number.";
+ if ($server_port && !is_numeric($server_port))
+ $input_errors[] = "The field 'Port' value is not a number.";
+ }
}
if (!$input_errors) {
@@ -150,6 +162,7 @@ if ($_POST) {
header("Location: haproxy_pools.php");
exit;
}
+ $pconfig['a_servers']=&$a_pools[$id]['ha_servers']['item'];
}
$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));