Commit f07c0fcf authored by Franco Fichtner's avatar Franco Fichtner

aliases: improve validation messages; closes #1443

(cherry picked from commit 68faafd1)
parent a58d72b9
...@@ -551,19 +551,20 @@ function is_macaddr($macaddr, $partial=false) ...@@ -551,19 +551,20 @@ function is_macaddr($macaddr, $partial=false)
aliases cannot be: aliases cannot be:
bad chars: anything except a-z 0-9 and underscore bad chars: anything except a-z 0-9 and underscore
bad names: empty string, pure numeric, pure underscore bad names: empty string, pure numeric, pure underscore
reserved words: pre-defined service/protocol/port names which should not be ambiguous, and the words "port" and "pass" */ reserved words: pre-defined service/protocol/port names which should not be ambiguous and pf keywords */
function is_validaliasname($name) function is_validaliasname($name)
{ {
/* Array of reserved words */ $reserved = array('all', 'pass', 'block', 'out', 'queue', 'max', 'min', 'pptp', 'pppoe', 'L2TP', 'OpenVPN', 'IPsec');
$reserved = array("port", "pass");
if (!is_string($name) || strlen($name) >= 32 || preg_match('/(^_*$|^\d*$|[^a-z0-9_])/i', $name)) { if (!is_string($name) || strlen($name) >= 32 || preg_match('/(^_*$|^\d*$|[^a-z0-9_])/i', $name)) {
return false; return false;
} }
if (in_array($name, $reserved, true) || getservbyname($name, "tcp") || getservbyname($name, "udp") || getprotobyname($name)) {
return; /* return NULL */ if (in_array($name, $reserved, true) || getservbyname($name, 'tcp') || getservbyname($name, 'udp') || getprotobyname($name)) {
return null;
} }
return true; return true;
} }
......
...@@ -125,25 +125,23 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -125,25 +125,23 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
foreach ($pconfig['host_url'] as $detail_entry) { foreach ($pconfig['host_url'] as $detail_entry) {
if ($pconfig['type'] == 'host') { if ($pconfig['type'] == 'host') {
if (!is_domain($detail_entry) && !is_ipaddr($detail_entry) && !is_alias($detail_entry)) { if (!is_domain($detail_entry) && !is_ipaddr($detail_entry) && !is_alias($detail_entry)) {
$input_errors[] = sprintf(gettext("%s doesn't appear to be a valid hostname or ip address"), $detail_entry) ; $input_errors[] = sprintf(gettext('Entry "%s" is not a valid hostname or IP address.'), $detail_entry) ;
} }
} elseif ($pconfig['type'] == 'port') { } elseif ($pconfig['type'] == 'port') {
if (!is_port($detail_entry) && !is_portrange($detail_entry) && !is_alias($detail_entry)) { if (!is_port($detail_entry) && !is_portrange($detail_entry) && !is_alias($detail_entry)) {
$input_errors[] = sprintf(gettext("%s doesn't appear to be a valid port number"), $detail_entry) ; $input_errors[] = sprintf(gettext('Entry "%s" is not a valid port number.'), $detail_entry) ;
} }
} elseif ($pconfig['type'] == 'geoip') { } elseif ($pconfig['type'] == 'geoip') {
if (!in_array($detail_entry, $country_codes)) { if (!in_array($detail_entry, $country_codes)) {
$input_errors[] = sprintf(gettext("%s doesn't appear to be a valid country code"), $detail_entry) ; $input_errors[] = sprintf(gettext('Entry "%s" is not a valid country code.'), $detail_entry) ;
} }
} }
} }
/* Check for reserved keyword names */ /* Check for reserved keyword names */
// Keywords not allowed in names $reserved_keywords = array();
$reserved_keywords = array("all", "pass", "block", "out", "queue", "max", "min", "pptp", "pppoe", "L2TP", "OpenVPN", "IPsec");
// Add all Load balance names to reserved_keywords if (isset($config['load_balancer']['lbpool'])) {
if (is_array($config['load_balancer']['lbpool'])) {
foreach ($config['load_balancer']['lbpool'] as $lbpool) { foreach ($config['load_balancer']['lbpool'] as $lbpool) {
$reserved_keywords[] = $lbpool['name']; $reserved_keywords[] = $lbpool['name'];
} }
...@@ -151,6 +149,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -151,6 +149,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$reserved_ifs = get_configured_interface_list(false, true); $reserved_ifs = get_configured_interface_list(false, true);
$reserved_keywords = array_merge($reserved_keywords, $reserved_ifs, $reserved_table_names); $reserved_keywords = array_merge($reserved_keywords, $reserved_ifs, $reserved_table_names);
foreach ($reserved_keywords as $rk) { foreach ($reserved_keywords as $rk) {
if ($rk == $pconfig['name']) { if ($rk == $pconfig['name']) {
$input_errors[] = sprintf(gettext("Cannot use a reserved keyword as alias name %s"), $rk); $input_errors[] = sprintf(gettext("Cannot use a reserved keyword as alias name %s"), $rk);
...@@ -164,8 +163,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -164,8 +163,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
break; break;
} }
} }
if (is_validaliasname($pconfig['name']) !== true) {
$input_errors[] = gettext("The alias name must be less than 32 characters long and may only consist of the characters") . " a-z, A-Z, 0-9, _."; $valid = is_validaliasname($pconfig['name']);
if ($valid === false) {
$input_errors[] = sprintf(gettext('The name must be less than 32 characters long and may only consist of the following characters: %s'), 'a-z, A-Z, 0-9, _');
} elseif ($valid === null) {
$input_errors[] = sprintf(gettext('The name cannot be the internally reserved keyword "%s".'), $pconfig['name']);
} }
if (!empty($pconfig['updatefreq']) && !is_numericint($pconfig['updatefreq'])) { if (!empty($pconfig['updatefreq']) && !is_numericint($pconfig['updatefreq'])) {
...@@ -449,28 +452,6 @@ endforeach; ...@@ -449,28 +452,6 @@ endforeach;
<i class="fa fa-toggle-off text-danger" style="cursor: pointer;" id="show_all_help_page" type="button"></i> <i class="fa fa-toggle-off text-danger" style="cursor: pointer;" id="show_all_help_page" type="button"></i>
</td> </td>
</tr> </tr>
<tr>
<td width="22%"><a id="help_for_name" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Name"); ?></td>
<td width="78%">
<input name="origname" type="hidden" id="origname" class="form-control unknown" size="40" value="<?=$pconfig['name'];?>" />
<?php if (isset($id)): ?>
<input name="id" type="hidden" value="<?=$id;?>" />
<?php endif; ?>
<input name="name" type="text" id="name" class="form-control unknown" size="40" maxlength="31" value="<?=$pconfig['name'];?>" />
<div class="hidden" for="help_for_name">
<?=gettext("The name of the alias may only consist of the characters \"a-z, A-Z, 0-9 and _\"."); ?>
</div>
</td>
</tr>
<tr>
<td><a id="help_for_description" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Description"); ?></td>
<td>
<input name="descr" type="text" class="form-control unknown" id="descr" size="40" value="<?=$pconfig['descr'];?>" />
<div class="hidden" for="help_for_description">
<?=gettext("You may enter a description here for your reference (not parsed)."); ?>
</div>
</td>
</tr>
<tr> <tr>
<td><a id="help_for_type" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Type"); ?></td> <td><a id="help_for_type" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Type"); ?></td>
<td> <td>
...@@ -523,7 +504,29 @@ endforeach; ...@@ -523,7 +504,29 @@ endforeach;
</td> </td>
</tr> </tr>
<tr> <tr>
<td><div id="addressnetworkport"><a id="help_for_hosts" href="#" class="showhelp"><i class="fa fa-info-circle text-muted"></i></a> <?=gettext("Host(s)"); ?></div></td> <td width="22%"><a id="help_for_name" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Name"); ?></td>
<td width="78%">
<input name="origname" type="hidden" id="origname" class="form-control unknown" size="40" value="<?=$pconfig['name'];?>" />
<?php if (isset($id)): ?>
<input name="id" type="hidden" value="<?=$id;?>" />
<?php endif; ?>
<input name="name" type="text" id="name" class="form-control unknown" size="40" maxlength="31" value="<?=$pconfig['name'];?>" />
<div class="hidden" for="help_for_name">
<?=gettext("The name of the alias may only consist of the characters \"a-z, A-Z, 0-9 and _\"."); ?>
</div>
</td>
</tr>
<tr>
<td><a id="help_for_description" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Description"); ?></td>
<td>
<input name="descr" type="text" class="form-control unknown" id="descr" size="40" value="<?=$pconfig['descr'];?>" />
<div class="hidden" for="help_for_description">
<?=gettext("You may enter a description here for your reference (not parsed)."); ?>
</div>
</td>
</tr>
<tr>
<td><div id="addressnetworkport"><i class="fa fa-info-circle text-muted"></i> <?= gettext('Aliases') ?></div></td>
<td> <td>
<table class="table table-striped table-condensed" id="detailTable"> <table class="table table-striped table-condensed" id="detailTable">
<thead> <thead>
......
...@@ -49,8 +49,11 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -49,8 +49,11 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors); do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors);
if (is_validaliasname($pconfig['name']) == false) { $valid = is_validaliasname($pconfig['name']);
$input_errors[] = gettext("The alias name may only consist of the characters") . " a-z, A-Z, 0-9, _."; if ($valid === false) {
$input_errors[] = sprintf(gettext('The name must be less than 32 characters long and may only consist of the following characters: %s'), 'a-z, A-Z, 0-9, _');
} elseif ($valid === null) {
$input_errors[] = sprintf(gettext('The name cannot be the internally reserved keyword "%s".'), $pconfig['name']);
} }
/* check for name duplicates */ /* check for name duplicates */
...@@ -58,6 +61,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -58,6 +61,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$input_errors[] = gettext("An alias with this name already exists."); $input_errors[] = gettext("An alias with this name already exists.");
} }
// Keywords not allowed in names
$reserved_keywords = array();
// Add all Load balance names to reserved_keywords // Add all Load balance names to reserved_keywords
if (isset($config['load_balancer']['lbpool'])) { if (isset($config['load_balancer']['lbpool'])) {
foreach ($config['load_balancer']['lbpool'] as $lbpool) { foreach ($config['load_balancer']['lbpool'] as $lbpool) {
...@@ -65,14 +71,15 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -65,14 +71,15 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
} }
} }
// Keywords not allowed in names
$reserved_keywords = array("all", "pass", "block", "out", "queue", "max", "min", "pptp", "pppoe", "L2TP", "OpenVPN", "IPsec");
$reserved_ifs = get_configured_interface_list(false, true); $reserved_ifs = get_configured_interface_list(false, true);
$reserved_keywords = array_merge($reserved_keywords, $reserved_ifs, $reserved_table_names); $reserved_keywords = array_merge($reserved_keywords, $reserved_ifs, $reserved_table_names);
/* Check for reserved keyword names */ /* Check for reserved keyword names */
foreach($reserved_keywords as $rk) foreach($reserved_keywords as $rk) {
if ($rk == $pconfig['name']) if ($rk == $pconfig['name']) {
$input_errors[] = sprintf(gettext("Cannot use a reserved keyword as alias name %s"), $rk); $input_errors[] = sprintf(gettext("Cannot use a reserved keyword as alias name %s"), $rk);
}
}
/* check for name interface description conflicts */ /* check for name interface description conflicts */
foreach($config['interfaces'] as $interface) { foreach($config['interfaces'] as $interface) {
...@@ -200,8 +207,8 @@ include("head.inc"); ...@@ -200,8 +207,8 @@ include("head.inc");
</td> </td>
</tr> </tr>
<tr> <tr>
<td width="22%"><a id="help_for_name" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Alias Name"); ?></td> <td width="22%"><a id="help_for_name" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?= gettext('Name') ?></td>
<td width="78%"> <td width="78%">
<input name="name" type="text" class="form-control unknown" size="40" maxlength="31" value="<?=$pconfig['name'];?>" /> <input name="name" type="text" class="form-control unknown" size="40" maxlength="31" value="<?=$pconfig['name'];?>" />
<div class="hidden" for="help_for_name"> <div class="hidden" for="help_for_name">
<?=gettext("The name of the alias may only consist of the characters \"a-z, A-Z and 0-9\"."); ?> <?=gettext("The name of the alias may only consist of the characters \"a-z, A-Z and 0-9\"."); ?>
...@@ -218,7 +225,7 @@ include("head.inc"); ...@@ -218,7 +225,7 @@ include("head.inc");
</td> </td>
</tr> </tr>
<tr> <tr>
<td><a id="help_for_alias" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Aliases to import"); ?></td> <td><a id="help_for_alias" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?= gettext('Aliases') ?></td>
<td> <td>
<textarea name="aliasimport" rows="15" cols="40"><?=$pconfig['aliasimport'];?></textarea> <textarea name="aliasimport" rows="15" cols="40"><?=$pconfig['aliasimport'];?></textarea>
<div class="hidden" for="help_for_alias"> <div class="hidden" for="help_for_alias">
......
...@@ -113,18 +113,23 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -113,18 +113,23 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$pconfig = $_POST; $pconfig = $_POST;
// validate // validate
if(strtolower($pconfig['name']) == "lan") if (strtolower($pconfig['name']) == 'lan') {
$input_errors[] = gettext("Schedule may not be named LAN."); $input_errors[] = gettext('Schedule may not be named LAN.');
if(strtolower($pconfig['name']) == "wan")
$input_errors[] = gettext("Schedule may not be named WAN.");
if(strtolower($pconfig['name']) == "")
$input_errors[] = gettext("Schedule name cannot be blank.");
$x = is_validaliasname($pconfig['name']);
if (!isset($x)) {
$input_errors[] = gettext("Reserved word used for schedule name.");
} elseif ($x == false) {
$input_errors[] = gettext("The schedule name may only consist of the characters a-z, A-Z, 0-9");
} }
if (strtolower($pconfig['name']) == 'wan') {
$input_errors[] = gettext('Schedule may not be named WAN.');
}
if (empty($pconfig['name'])) {
$input_errors[] = gettext('Schedule may not use a blank name.');
}
$valid = is_validaliasname($pconfig['name']);
if ($valid === false) {
$input_errors[] = sprintf(gettext('The schedule name must be less than 32 characters long and may only consist of the following characters: %s'), 'a-z, A-Z, 0-9, _');
} elseif ($valid === null) {
$input_errors[] = sprintf(gettext('The schedule name cannot be the internally reserved keyword "%s".'), $pconfig['name']);
}
/* check for name conflicts */ /* check for name conflicts */
foreach ($a_schedules as $schedId => $schedule) { foreach ($a_schedules as $schedId => $schedule) {
if ((!isset($id) || $schedId != $id) && $schedule['name'] == $pconfig['name']) { if ((!isset($id) || $schedId != $id) && $schedule['name'] == $pconfig['name']) {
...@@ -790,7 +795,7 @@ function removeRow(el) { ...@@ -790,7 +795,7 @@ function removeRow(el) {
</td> </td>
</tr> </tr>
<tr> <tr>
<td><a id="help_for_name" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Schedule Name");?></td> <td><i class="fa fa-info-circle text-muted"></i> <?= gettext('Name') ?></td>
<td> <td>
<?php <?php
if (is_schedule_inuse($pconfig['name']) && isset($id)): ?> if (is_schedule_inuse($pconfig['name']) && isset($id)): ?>
...@@ -802,9 +807,6 @@ function removeRow(el) { ...@@ -802,9 +807,6 @@ function removeRow(el) {
<?php <?php
else: ?> else: ?>
<input name="name" type="text" id="name" value="<?=$pconfig['name'];?>" /> <input name="name" type="text" id="name" value="<?=$pconfig['name'];?>" />
<div class="hidden" for="help_for_name">
<?=gettext("The name of the alias may only consist of the characters a-z, A-Z and 0-9");?>
</div>
<?php <?php
endif; ?> endif; ?>
</td> </td>
......
...@@ -76,8 +76,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -76,8 +76,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
if (empty($pconfig['name'])) { if (empty($pconfig['name'])) {
$input_errors[] = gettext("A valid gateway group name must be specified."); $input_errors[] = gettext("A valid gateway group name must be specified.");
} }
if (!is_validaliasname($pconfig['name'])) {
$input_errors[] = gettext("The gateway name must not contain invalid characters."); $valid = is_validaliasname($pconfig['name']);
if ($valid === false) {
$input_errors[] = sprintf(gettext('The name must be less than 32 characters long and may only consist of the following characters: %s'), 'a-z, A-Z, 0-9, _');
} elseif ($valid === null) {
$input_errors[] = sprintf(gettext('The name cannot be the internally reserved keyword "%s".'), $pconfig['name']);
} }
if (!empty($pconfig['name'])) { if (!empty($pconfig['name'])) {
......
...@@ -57,9 +57,14 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { ...@@ -57,9 +57,14 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (!isset($pconfig['name'])) { if (!isset($pconfig['name'])) {
$input_errors[] = gettext("A valid gateway name must be specified."); $input_errors[] = gettext("A valid gateway name must be specified.");
} }
if (!is_validaliasname($pconfig['name'])) {
$input_errors[] = gettext("The gateway name must not contain invalid characters."); $valid = is_validaliasname($pconfig['name']);
if ($valid === false) {
$input_errors[] = sprintf(gettext('The name must be less than 32 characters long and may only consist of the following characters: %s'), 'a-z, A-Z, 0-9, _');
} elseif ($valid === null) {
$input_errors[] = sprintf(gettext('The name cannot be the internally reserved keyword "%s".'), $pconfig['name']);
} }
/* skip system gateways which have been automatically added */ /* skip system gateways which have been automatically added */
if (!empty($pconfig['gateway']) && !is_ipaddr($pconfig['gateway']) && if (!empty($pconfig['gateway']) && !is_ipaddr($pconfig['gateway']) &&
$pconfig['attribute'] !== "system" && $pconfig['gateway'] != "dynamic" $pconfig['attribute'] !== "system" && $pconfig['gateway'] != "dynamic"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment