From cc3044cdf96229c0d004e619b17fd6b3408d0019 Mon Sep 17 00:00:00 2001
From: thompsa <andy@fud.org.nz>
Date: Mon, 8 Feb 2010 12:51:25 +1300
Subject: Add more validation around the server list and do not trash the
 server array on error.

---
 config/haproxy-dev/haproxy_pool_edit.php | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/config/haproxy-dev/haproxy_pool_edit.php b/config/haproxy-dev/haproxy_pool_edit.php
index 728c9880..dea2eb7d 100755
--- a/config/haproxy-dev/haproxy_pool_edit.php
+++ b/config/haproxy-dev/haproxy_pool_edit.php
@@ -92,13 +92,25 @@ if ($_POST) {
 			$server['weight']=$server_weight;
 			$a_servers[]=$server;
 
+			if (preg_match("/[^a-zA-Z0-9\.\-_]/", $server_name))
+				$input_errors[] = "The field 'Name' contains invalid characters.";
 			if (preg_match("/[^a-zA-Z0-9\.\-_]/", $server_address))
 				$input_errors[] = "The field 'Address' contains invalid characters.";
 
+			if (!preg_match("/.{2,}/", $server_name))
+				$input_errors[] = "The field 'Name' is required.";
+
+			if (!preg_match("/.{2,}/", $server_address))
+				$input_errors[] = "The field 'Address' is required.";
+
 			if (!preg_match("/.{2,}/", $server_weight))
 				$input_errors[] = "The field 'Weight' is required.";
 
-			}
+			if (!is_numeric($server_weight))
+				$input_errors[] = "The field 'Weight' value is not a number.";
+			if ($server_port && !is_numeric($server_port))
+				$input_errors[] = "The field 'Port' value is not a number.";
+		}
 	}
 
 	if (!$input_errors) {
@@ -150,6 +162,7 @@ if ($_POST) {
 		header("Location: haproxy_pools.php");
 		exit;
 	}
+	$pconfig['a_servers']=&$a_pools[$id]['ha_servers']['item'];	
 }
 
 $pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-- 
cgit v1.2.3