From e4cad7c450d1300a3f35eacdbef72f62cea5447a Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Fri, 26 Nov 2010 11:30:55 -0500
Subject: Add input validation to siproxd

---
 config/siproxd.inc | 19 +++++++++++++++++++
 config/siproxd.xml |  3 +++
 2 files changed, 22 insertions(+)

(limited to 'config')

diff --git a/config/siproxd.inc b/config/siproxd.inc
index 93bdf203..e8bfb4f7 100644
--- a/config/siproxd.inc
+++ b/config/siproxd.inc
@@ -205,4 +205,23 @@ function sync_package_siproxd() {
 
 }
 
+function validate_form_siproxd($post, $input_errors) {
+	if ($post['port'] && !is_port($post['port']))
+		$input_errors[] = 'Invalid port entered for "Listening Port"';
+	if ($post['rtplower'] && !is_port($post['rtplower']))
+		$input_errors[] = 'Invalid port entered for "RTP port range (lower)".';
+	if ($post['rtpupper'] && !is_port($post['rtpupper']))
+		$input_errors[] = 'Invalid port entered for "RTP port range (upper)".';
+	if ($post['rtplower'] && $post['rtpupper'] && ($post['rtplower'] >= $post['rtpupper']))
+		$input_errors[] = 'RTP lower port cannot be equal to or higher than the RTP upper port.';
+	if ($post['rtptimeout'] && (!is_numeric($post['rtptimeout']) || ($post['rtptimeout'] < 0)))
+		$input_errors[] = '"RTP stream timeout" must be numeric and greater than 0.';
+	if ($post['defaulttimeout'] && (!is_numeric($post['defaulttimeout']) || ($post['defaulttimeout'] < 0)))
+		$input_errors[] = '"Default expiration timeout" must be numeric and greater than 0.';
+	if ($post['outboundproxyhost'] && (!is_hostname($post['outboundproxyhost']) && !is_ipaddr($post['outboundproxyhost'])))
+		$input_errors[] = 'Invalid hostname or IP address entered for "Outbound Proxy Host".';
+	if ($post['outboundproxyport'] && !is_port($post['outboundproxyport']))
+		$input_errors[] = 'Invalid port entered for "Outbound Proxy Port".';
+}
+
 ?>
diff --git a/config/siproxd.xml b/config/siproxd.xml
index 7feb4d0f..cabb5341 100644
--- a/config/siproxd.xml
+++ b/config/siproxd.xml
@@ -172,4 +172,7 @@
 		sync_package_siproxd();
 	</custom_php_resync_config_command>
 	<filter_rules_needed>siproxd_generate_rules</filter_rules_needed>
+	<custom_php_validation_command>
+		validate_form_siproxd($_POST, &amp;$input_errors);
+	</custom_php_validation_command>
 </packagegui>
-- 
cgit v1.2.3