From 1adc1d85625457a0e0ce6fa532665e03cdb9e089 Mon Sep 17 00:00:00 2001 From: doktornotor Date: Sat, 3 Oct 2015 10:07:24 +0200 Subject: Move squid_validate_reverse() to squid_reverse.inc where it belongs --- config/squid3/34/squid_reverse.inc | 69 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) (limited to 'config/squid3') diff --git a/config/squid3/34/squid_reverse.inc b/config/squid3/34/squid_reverse.inc index 32c3fa65..aa46e06d 100755 --- a/config/squid3/34/squid_reverse.inc +++ b/config/squid3/34/squid_reverse.inc @@ -262,4 +262,73 @@ function squid_resync_reverse() { return $conf; } +function squid_validate_reverse($post, &$input_errors) { + global $config; + + if (!empty($post['reverse_ip'])) { + $reverse_ip = explode(";", ($post['reverse_ip'])); + foreach ($reverse_ip as $reip) { + if (!is_ipaddr(trim($reip))) { + $input_errors[] = "You must enter a valid IP address in the 'User-defined reverse-proxy IPs' field. '$reip' is invalid."; + } + } + } + + $fqdn = trim($post['reverse_external_fqdn']); + if (!empty($fqdn) && !is_domain($fqdn)) { + $input_errors[] = "'External FQDN' field must contain a valid domain name."; + } + + $port = trim($post['reverse_http_port']); + preg_match("/(\d+)/", shell_exec("/sbin/sysctl net.inet.ip.portrange.reservedhigh"), $portrange); + if (!empty($port) && !is_port($port)) { + $input_errors[] = "'Reverse HTTP port' must contain a valid port number."; + } + if (!empty($port) && is_port($port) && $port <= $portrange[1]) { + $input_errors[] = "'Reverse HTTP port' must contain a port number higher than net.inet.ip.portrange.reservedhigh sysctl value({$portrange[1]})."; + $input_errors[] = "To listen on low ports, change portrange.reservedhigh sysctl value to 0 in system tunable options and restart Squid daemon."; + } + $port = trim($post['reverse_https_port']); + if (!empty($port) && !is_port($port)) { + $input_errors[] = "'Reverse HTTPS port' must contain a valid port number."; + } + if (!empty($port) && is_port($port) && $port <= $portrange[1]) { + $input_errors[] = "'Reverse HTTPS port' must contain a port number higher than net.inet.ip.portrange.reservedhigh sysctl value({$portrange[1]})."; + $input_errors[] = "To listen on low ports, change portrange.reservedhigh sysctl value to 0 in system tunable options and restart Squid daemon."; + } + if ($post['reverse_ssl_cert'] == 'none') { + $input_errors[] = 'A valid certificate for the external interface must be selected'; + } + + if (($post['reverse_https'] != 'on') && ($post['reverse_owa'] == 'on')) { + $input_errors[] = "You have to enable reverse HTTPS before enabling OWA support."; + } + + if (!empty($post['reverse_owa_ip'])) { + $reverse_owa_ip = explode(";", ($post['reverse_owa_ip'])); + foreach ($reverse_owa_ip as $reowaip) { + if (!is_ipaddr(trim($reowaip))) { + $input_errors[] = "You must enter a valid IP address in the 'CAS-Array / OWA frontend IP address' field. '$reowaip' is invalid."; + } + } + } + + $contents = $post['reverse_cache_peer']; + if (!empty($contents)) { + $defs = explode("\r\n", ($contents)); + foreach ($defs as $def) { + $cfg = explode(";", ($def)); + if (!is_ipaddr($cfg[1])) { + $input_errors[] = "Please choose a valid IP in the cache peer configuration."; + } + if (!is_port($cfg[2])) { + $input_errors[] = "Please choose a valid port in the cache peer configuration."; + } + if (($cfg[3] != 'HTTPS') && ($cfg[3] != 'HTTP')) { + $input_errors[] = "Please choose HTTP or HTTPS in the cache peer configuration."; + } + } + } +} + ?> -- cgit v1.2.3