Commit 68faafd1 authored by Franco Fichtner's avatar Franco Fichtner

aliases: improve validation messages; closes #1443

parent 6c022705
......@@ -551,19 +551,20 @@ function is_macaddr($macaddr, $partial=false)
aliases cannot be:
bad chars: anything except a-z 0-9 and underscore
bad names: empty string, pure numeric, pure underscore
reserved words: pre-defined service/protocol/port names which should not be ambiguous, and the words "port" and "pass" */
reserved words: pre-defined service/protocol/port names which should not be ambiguous and pf keywords */
function is_validaliasname($name)
{
/* Array of reserved words */
$reserved = array("port", "pass");
$reserved = array('all', 'pass', 'block', 'out', 'queue', 'max', 'min', 'pptp', 'pppoe', 'L2TP', 'OpenVPN', 'IPsec');
if (!is_string($name) || strlen($name) >= 32 || preg_match('/(^_*$|^\d*$|[^a-z0-9_])/i', $name)) {
return false;
}
if (in_array($name, $reserved, true) || getservbyname($name, "tcp") || getservbyname($name, "udp") || getprotobyname($name)) {
return; /* return NULL */
if (in_array($name, $reserved, true) || getservbyname($name, 'tcp') || getservbyname($name, 'udp') || getprotobyname($name)) {
return null;
}
return true;
}
......
......@@ -125,25 +125,23 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
foreach ($pconfig['host_url'] as $detail_entry) {
if ($pconfig['type'] == 'host') {
if (!is_domain($detail_entry) && !is_ipaddr($detail_entry) && !is_alias($detail_entry)) {
$input_errors[] = sprintf(gettext("%s doesn't appear to be a valid hostname or ip address"), $detail_entry) ;
$input_errors[] = sprintf(gettext('Entry "%s" is not a valid hostname or IP address.'), $detail_entry) ;
}
} elseif ($pconfig['type'] == 'port') {
if (!is_port($detail_entry) && !is_portrange($detail_entry) && !is_alias($detail_entry)) {
$input_errors[] = sprintf(gettext("%s doesn't appear to be a valid port number"), $detail_entry) ;
$input_errors[] = sprintf(gettext('Entry "%s" is not a valid port number.'), $detail_entry) ;
}
} elseif ($pconfig['type'] == 'geoip') {
if (!in_array($detail_entry, $country_codes)) {
$input_errors[] = sprintf(gettext("%s doesn't appear to be a valid country code"), $detail_entry) ;
$input_errors[] = sprintf(gettext('Entry "%s" is not a valid country code.'), $detail_entry) ;
}
}
}
/* Check for reserved keyword names */
// Keywords not allowed in names
$reserved_keywords = array("all", "pass", "block", "out", "queue", "max", "min", "pptp", "pppoe", "L2TP", "OpenVPN", "IPsec");
$reserved_keywords = array();
// Add all Load balance names to reserved_keywords
if (is_array($config['load_balancer']['lbpool'])) {
if (isset($config['load_balancer']['lbpool'])) {
foreach ($config['load_balancer']['lbpool'] as $lbpool) {
$reserved_keywords[] = $lbpool['name'];
}
......@@ -151,6 +149,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$reserved_ifs = get_configured_interface_list(false, true);
$reserved_keywords = array_merge($reserved_keywords, $reserved_ifs, $reserved_table_names);
foreach ($reserved_keywords as $rk) {
if ($rk == $pconfig['name']) {
$input_errors[] = sprintf(gettext("Cannot use a reserved keyword as alias name %s"), $rk);
......@@ -164,8 +163,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
break;
}
}
if (is_validaliasname($pconfig['name']) !== true) {
$input_errors[] = gettext("The alias name must be less than 32 characters long and may only consist of the characters") . " a-z, A-Z, 0-9, _.";
$valid = is_validaliasname($pconfig['name']);
if ($valid === false) {
$input_errors[] = sprintf(gettext('The name must be less than 32 characters long and may only consist of the following characters: %s'), 'a-z, A-Z, 0-9, _');
} elseif ($valid === null) {
$input_errors[] = sprintf(gettext('The name cannot be the internally reserved keyword "%s".'), $pconfig['name']);
}
if (!empty($pconfig['updatefreq']) && !is_numericint($pconfig['updatefreq'])) {
......@@ -449,28 +452,6 @@ endforeach;
<i class="fa fa-toggle-off text-danger" style="cursor: pointer;" id="show_all_help_page" type="button"></i>
</td>
</tr>
<tr>
<td width="22%"><a id="help_for_name" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Name"); ?></td>
<td width="78%">
<input name="origname" type="hidden" id="origname" class="form-control unknown" size="40" value="<?=$pconfig['name'];?>" />
<?php if (isset($id)): ?>
<input name="id" type="hidden" value="<?=$id;?>" />
<?php endif; ?>
<input name="name" type="text" id="name" class="form-control unknown" size="40" maxlength="31" value="<?=$pconfig['name'];?>" />
<div class="hidden" for="help_for_name">
<?=gettext("The name of the alias may only consist of the characters \"a-z, A-Z, 0-9 and _\"."); ?>
</div>
</td>
</tr>
<tr>
<td><a id="help_for_description" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Description"); ?></td>
<td>
<input name="descr" type="text" class="form-control unknown" id="descr" size="40" value="<?=$pconfig['descr'];?>" />
<div class="hidden" for="help_for_description">
<?=gettext("You may enter a description here for your reference (not parsed)."); ?>
</div>
</td>
</tr>
<tr>
<td><a id="help_for_type" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Type"); ?></td>
<td>
......@@ -523,7 +504,29 @@ endforeach;
</td>
</tr>
<tr>
<td><div id="addressnetworkport"><a id="help_for_hosts" href="#" class="showhelp"><i class="fa fa-info-circle text-muted"></i></a> <?=gettext("Host(s)"); ?></div></td>
<td width="22%"><a id="help_for_name" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Name"); ?></td>
<td width="78%">
<input name="origname" type="hidden" id="origname" class="form-control unknown" size="40" value="<?=$pconfig['name'];?>" />
<?php if (isset($id)): ?>
<input name="id" type="hidden" value="<?=$id;?>" />
<?php endif; ?>
<input name="name" type="text" id="name" class="form-control unknown" size="40" maxlength="31" value="<?=$pconfig['name'];?>" />
<div class="hidden" for="help_for_name">
<?=gettext("The name of the alias may only consist of the characters \"a-z, A-Z, 0-9 and _\"."); ?>
</div>
</td>
</tr>
<tr>
<td><a id="help_for_description" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Description"); ?></td>
<td>
<input name="descr" type="text" class="form-control unknown" id="descr" size="40" value="<?=$pconfig['descr'];?>" />
<div class="hidden" for="help_for_description">
<?=gettext("You may enter a description here for your reference (not parsed)."); ?>
</div>
</td>
</tr>
<tr>
<td><div id="addressnetworkport"><i class="fa fa-info-circle text-muted"></i> <?= gettext('Aliases') ?></div></td>
<td>
<table class="table table-striped table-condensed" id="detailTable">
<thead>
......
......@@ -49,8 +49,11 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors);
if (is_validaliasname($pconfig['name']) == false) {
$input_errors[] = gettext("The alias name may only consist of the characters") . " a-z, A-Z, 0-9, _.";
$valid = is_validaliasname($pconfig['name']);
if ($valid === false) {
$input_errors[] = sprintf(gettext('The name must be less than 32 characters long and may only consist of the following characters: %s'), 'a-z, A-Z, 0-9, _');
} elseif ($valid === null) {
$input_errors[] = sprintf(gettext('The name cannot be the internally reserved keyword "%s".'), $pconfig['name']);
}
/* check for name duplicates */
......@@ -58,6 +61,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$input_errors[] = gettext("An alias with this name already exists.");
}
// Keywords not allowed in names
$reserved_keywords = array();
// Add all Load balance names to reserved_keywords
if (isset($config['load_balancer']['lbpool'])) {
foreach ($config['load_balancer']['lbpool'] as $lbpool) {
......@@ -65,14 +71,15 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
}
}
// Keywords not allowed in names
$reserved_keywords = array("all", "pass", "block", "out", "queue", "max", "min", "pptp", "pppoe", "L2TP", "OpenVPN", "IPsec");
$reserved_ifs = get_configured_interface_list(false, true);
$reserved_keywords = array_merge($reserved_keywords, $reserved_ifs, $reserved_table_names);
/* Check for reserved keyword names */
foreach($reserved_keywords as $rk)
if ($rk == $pconfig['name'])
foreach($reserved_keywords as $rk) {
if ($rk == $pconfig['name']) {
$input_errors[] = sprintf(gettext("Cannot use a reserved keyword as alias name %s"), $rk);
}
}
/* check for name interface description conflicts */
foreach($config['interfaces'] as $interface) {
......@@ -200,8 +207,8 @@ include("head.inc");
</td>
</tr>
<tr>
<td width="22%"><a id="help_for_name" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Alias Name"); ?></td>
<td width="78%">
<td width="22%"><a id="help_for_name" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?= gettext('Name') ?></td>
<td width="78%">
<input name="name" type="text" class="form-control unknown" size="40" maxlength="31" value="<?=$pconfig['name'];?>" />
<div class="hidden" for="help_for_name">
<?=gettext("The name of the alias may only consist of the characters \"a-z, A-Z and 0-9\"."); ?>
......@@ -218,7 +225,7 @@ include("head.inc");
</td>
</tr>
<tr>
<td><a id="help_for_alias" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Aliases to import"); ?></td>
<td><a id="help_for_alias" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?= gettext('Aliases') ?></td>
<td>
<textarea name="aliasimport" rows="15" cols="40"><?=$pconfig['aliasimport'];?></textarea>
<div class="hidden" for="help_for_alias">
......
......@@ -113,18 +113,23 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$pconfig = $_POST;
// validate
if(strtolower($pconfig['name']) == "lan")
$input_errors[] = gettext("Schedule may not be named LAN.");
if(strtolower($pconfig['name']) == "wan")
$input_errors[] = gettext("Schedule may not be named WAN.");
if(strtolower($pconfig['name']) == "")
$input_errors[] = gettext("Schedule name cannot be blank.");
$x = is_validaliasname($pconfig['name']);
if (!isset($x)) {
$input_errors[] = gettext("Reserved word used for schedule name.");
} elseif ($x == false) {
$input_errors[] = gettext("The schedule name may only consist of the characters a-z, A-Z, 0-9");
if (strtolower($pconfig['name']) == 'lan') {
$input_errors[] = gettext('Schedule may not be named LAN.');
}
if (strtolower($pconfig['name']) == 'wan') {
$input_errors[] = gettext('Schedule may not be named WAN.');
}
if (empty($pconfig['name'])) {
$input_errors[] = gettext('Schedule may not use a blank name.');
}
$valid = is_validaliasname($pconfig['name']);
if ($valid === false) {
$input_errors[] = sprintf(gettext('The schedule name must be less than 32 characters long and may only consist of the following characters: %s'), 'a-z, A-Z, 0-9, _');
} elseif ($valid === null) {
$input_errors[] = sprintf(gettext('The schedule name cannot be the internally reserved keyword "%s".'), $pconfig['name']);
}
/* check for name conflicts */
foreach ($a_schedules as $schedId => $schedule) {
if ((!isset($id) || $schedId != $id) && $schedule['name'] == $pconfig['name']) {
......@@ -790,7 +795,7 @@ function removeRow(el) {
</td>
</tr>
<tr>
<td><a id="help_for_name" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Schedule Name");?></td>
<td><i class="fa fa-info-circle text-muted"></i> <?= gettext('Name') ?></td>
<td>
<?php
if (is_schedule_inuse($pconfig['name']) && isset($id)): ?>
......@@ -802,9 +807,6 @@ function removeRow(el) {
<?php
else: ?>
<input name="name" type="text" id="name" value="<?=$pconfig['name'];?>" />
<div class="hidden" for="help_for_name">
<?=gettext("The name of the alias may only consist of the characters a-z, A-Z and 0-9");?>
</div>
<?php
endif; ?>
</td>
......
......@@ -76,8 +76,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
if (empty($pconfig['name'])) {
$input_errors[] = gettext("A valid gateway group name must be specified.");
}
if (!is_validaliasname($pconfig['name'])) {
$input_errors[] = gettext("The gateway name must not contain invalid characters.");
$valid = is_validaliasname($pconfig['name']);
if ($valid === false) {
$input_errors[] = sprintf(gettext('The name must be less than 32 characters long and may only consist of the following characters: %s'), 'a-z, A-Z, 0-9, _');
} elseif ($valid === null) {
$input_errors[] = sprintf(gettext('The name cannot be the internally reserved keyword "%s".'), $pconfig['name']);
}
if (!empty($pconfig['name'])) {
......
......@@ -57,9 +57,14 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (!isset($pconfig['name'])) {
$input_errors[] = gettext("A valid gateway name must be specified.");
}
if (!is_validaliasname($pconfig['name'])) {
$input_errors[] = gettext("The gateway name must not contain invalid characters.");
$valid = is_validaliasname($pconfig['name']);
if ($valid === false) {
$input_errors[] = sprintf(gettext('The name must be less than 32 characters long and may only consist of the following characters: %s'), 'a-z, A-Z, 0-9, _');
} elseif ($valid === null) {
$input_errors[] = sprintf(gettext('The name cannot be the internally reserved keyword "%s".'), $pconfig['name']);
}
/* skip system gateways which have been automatically added */
if (!empty($pconfig['gateway']) && !is_ipaddr($pconfig['gateway']) &&
$pconfig['attribute'] !== "system" && $pconfig['gateway'] != "dynamic"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment