aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
authorChris Buechler <cmb@pfsense.org>2010-06-10 01:58:22 -0400
committerChris Buechler <cmb@pfsense.org>2010-06-10 01:58:22 -0400
commitc43d7a4ec17aa30de383968797b96a2c557cbd50 (patch)
treea02f7be5eda998a4ef4e779dbd73cbd01ec6a03a /config
parent3cadd57113a721bf41344f701d396e4964965ffb (diff)
downloadpfsense-packages-c43d7a4ec17aa30de383968797b96a2c557cbd50.tar.gz
pfsense-packages-c43d7a4ec17aa30de383968797b96a2c557cbd50.tar.bz2
pfsense-packages-c43d7a4ec17aa30de383968797b96a2c557cbd50.zip
Add input validation for most fields. Remove broken input validation that made editing groups impossible.
Still don't have input validation for parameters, nor validation ensuring groups that are in use cannot be deleted.
Diffstat (limited to 'config')
-rw-r--r--config/openbgpd/openbgpd.inc35
-rw-r--r--config/openbgpd/openbgpd.xml5
-rw-r--r--config/openbgpd/openbgpd_groups.xml4
3 files changed, 40 insertions, 4 deletions
diff --git a/config/openbgpd/openbgpd.inc b/config/openbgpd/openbgpd.inc
index 4bf352c9..35485d3e 100644
--- a/config/openbgpd/openbgpd.inc
+++ b/config/openbgpd/openbgpd.inc
@@ -245,6 +245,41 @@ function check_group_usage($groupname) {
return "";
}
+function bgpd_validate_input() {
+ global $config, $g, $input_errors;
+
+
+ if (!empty($_POST['asnum']) && !is_numeric($_POST['asnum']))
+ $input_errors[] = "AS must be entered as a number only.";
+
+ if (!empty($_POST['routerid']) && !is_ipaddr($_POST['routerid']))
+ $input_errors[] = "Router ID must be an IP address.";
+
+ if (!empty($_POST['holdtime']) && !is_numeric($_POST['holdtime']))
+ $input_errors[] = "Holdtime must be entered as a number.";
+
+ if (!empty($_POST['listenip']) && !is_ipaddr($_POST['listenip']))
+ $input_errors[] = "Listen IP must be an IP address or blank to bind to all IPs.";
+
+}
+
+function bgpd_validate_group() {
+ global $config, $g, $id, $input_errors;
+
+ if (!is_numeric($_POST['remoteas']))
+ $input_errors[] = "Remote AS must be entered as a number only.";
+
+ if ($_POST['name'] == "")
+ $input_errors[] = "You must enter a name.";
+
+ $_POST['name'] = remove_bad_chars($_POST['name']);
+
+}
+
+function remove_bad_chars($string) {
+ return preg_replace('/[^a-z|_|0-9]/i','',$string);
+}
+
function grey_out_value_boxes() {
echo <<<EOF
<script language="javascript">
diff --git a/config/openbgpd/openbgpd.xml b/config/openbgpd/openbgpd.xml
index f1130720..2d28de0f 100644
--- a/config/openbgpd/openbgpd.xml
+++ b/config/openbgpd/openbgpd.xml
@@ -132,7 +132,7 @@
<field>
<fielddescr>Listen on IP</fielddescr>
<fieldname>listenip</fieldname>
- <description>Specify the local IP address bgpd(8) should listen on.</description>
+ <description>Specify the local IP address bgpd(8) should listen on, or leave blank to bind to all IPs.</description>
<type>input</type>
</field>
@@ -166,4 +166,7 @@
<custom_php_resync_config_command>
openbgpd_install_conf();
</custom_php_resync_config_command>
+ <custom_php_validation_command>
+ bgpd_validate_input();
+ </custom_php_validation_command>
</packagegui>
diff --git a/config/openbgpd/openbgpd_groups.xml b/config/openbgpd/openbgpd_groups.xml
index 7f479427..f43ab466 100644
--- a/config/openbgpd/openbgpd_groups.xml
+++ b/config/openbgpd/openbgpd_groups.xml
@@ -112,8 +112,6 @@
openbgpd_install_conf();
</custom_php_resync_config_command>
<custom_php_validation_command>
- $status = check_group_usage($_POST['groupname']);
- if($status != "")
- $input_errors[] = "Sorry this group is in use by {$status} and cannot be deleted.";
+ bgpd_validate_group();
</custom_php_validation_command>
</packagegui>