diff options
author | thompsa <andy@fud.org.nz> | 2010-02-08 12:51:25 +1300 |
---|---|---|
committer | thompsa <andy@fud.org.nz> | 2010-02-08 12:51:25 +1300 |
commit | cc3044cdf96229c0d004e619b17fd6b3408d0019 (patch) | |
tree | b9a54eb2ccfa9b88516ec841a9a6343e23e9c933 /config | |
parent | 06ea9faba91fe5684e14bea9f8591f88b4a7339d (diff) | |
download | pfsense-packages-cc3044cdf96229c0d004e619b17fd6b3408d0019.tar.gz pfsense-packages-cc3044cdf96229c0d004e619b17fd6b3408d0019.tar.bz2 pfsense-packages-cc3044cdf96229c0d004e619b17fd6b3408d0019.zip |
Add more validation around the server list and do not trash the server
array on error.
Diffstat (limited to 'config')
-rwxr-xr-x | config/haproxy-dev/haproxy_pool_edit.php | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/config/haproxy-dev/haproxy_pool_edit.php b/config/haproxy-dev/haproxy_pool_edit.php index 728c9880..dea2eb7d 100755 --- a/config/haproxy-dev/haproxy_pool_edit.php +++ b/config/haproxy-dev/haproxy_pool_edit.php @@ -92,13 +92,25 @@ if ($_POST) { $server['weight']=$server_weight; $a_servers[]=$server; + if (preg_match("/[^a-zA-Z0-9\.\-_]/", $server_name)) + $input_errors[] = "The field 'Name' contains invalid characters."; if (preg_match("/[^a-zA-Z0-9\.\-_]/", $server_address)) $input_errors[] = "The field 'Address' contains invalid characters."; + if (!preg_match("/.{2,}/", $server_name)) + $input_errors[] = "The field 'Name' is required."; + + if (!preg_match("/.{2,}/", $server_address)) + $input_errors[] = "The field 'Address' is required."; + if (!preg_match("/.{2,}/", $server_weight)) $input_errors[] = "The field 'Weight' is required."; - } + if (!is_numeric($server_weight)) + $input_errors[] = "The field 'Weight' value is not a number."; + if ($server_port && !is_numeric($server_port)) + $input_errors[] = "The field 'Port' value is not a number."; + } } if (!$input_errors) { @@ -150,6 +162,7 @@ if ($_POST) { header("Location: haproxy_pools.php"); exit; } + $pconfig['a_servers']=&$a_pools[$id]['ha_servers']['item']; } $pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); |