Révision 055a43d2
Ajouté par Phil Davis il y a plus de 9 ans
| usr/local/www/firewall_aliases_edit.php | ||
|---|---|---|
| 280 | 280 |
/* item is a normal alias type */ |
| 281 | 281 |
$wrongaliases = ""; |
| 282 | 282 |
$desc_fmt_err_found = false; |
| 283 |
|
|
| 284 |
// First trim and expand the input data. |
|
| 285 |
// Users can paste strings like "10.1.2.0/24 10.3.0.0/16 9.10.11.0/24" into an address box. |
|
| 286 |
// They can also put an IP range. |
|
| 287 |
// This loop expands out that stuff so it can easily be validated. |
|
| 283 | 288 |
for($x=0; $x<4999; $x++) {
|
| 284 | 289 |
if($_POST["address{$x}"] <> "") {
|
| 285 |
$_POST["address{$x}"] = trim($_POST["address{$x}"]);
|
|
| 286 |
if (is_alias($_POST["address{$x}"])) {
|
|
| 287 |
if (!alias_same_type($_POST["address{$x}"], $_POST['type']))
|
|
| 288 |
// But alias type network can include alias type urltable. Feature#1603. |
|
| 289 |
if (!($_POST['type'] == 'network' && |
|
| 290 |
preg_match("/urltable/i", alias_get_type($_POST["address{$x}"]))))
|
|
| 291 |
$wrongaliases .= " " . $_POST["address{$x}"];
|
|
| 292 |
} else if ($_POST['type'] == "port") {
|
|
| 293 |
if (!is_port($_POST["address{$x}"]) && !is_portrange($_POST["address{$x}"]))
|
|
| 294 |
$input_errors[] = $_POST["address{$x}"] . " " . gettext("is not a valid port or alias.");
|
|
| 295 |
} else if ($_POST['type'] == "host" || $_POST['type'] == "network") {
|
|
| 296 |
if (is_subnet($_POST["address{$x}"]) || (!is_ipaddr($_POST["address{$x}"])
|
|
| 297 |
&& !is_hostname($_POST["address{$x}"])
|
|
| 298 |
&& !is_iprange($_POST["address{$x}"])))
|
|
| 299 |
$input_errors[] = sprintf(gettext('%1$s is not a valid %2$s alias.'), $_POST["address{$x}"], $_POST['type']);
|
|
| 300 |
} |
|
| 301 |
if (is_iprange($_POST["address{$x}"])) {
|
|
| 302 |
list($startip, $endip) = explode('-', $_POST["address{$x}"]);
|
|
| 303 |
$rangesubnets = ip_range_to_subnet_array($startip, $endip); |
|
| 304 |
$address = array_merge($address, $rangesubnets); |
|
| 305 |
} else {
|
|
| 306 |
$tmpaddress = $_POST["address{$x}"];
|
|
| 307 |
if($_POST['type'] != "host" && is_ipaddr($_POST["address{$x}"]) && $_POST["address_subnet{$x}"] <> "") {
|
|
| 308 |
if (!is_subnet($_POST["address{$x}"] . "/" . $_POST["address_subnet{$x}"]))
|
|
| 309 |
$input_errors[] = sprintf(gettext('%s/%s is not a valid subnet.'), $_POST["address{$x}"], $_POST["address_subnet{$x}"]);
|
|
| 310 |
else |
|
| 311 |
$tmpaddress .= "/" . $_POST["address_subnet{$x}"];
|
|
| 312 |
} |
|
| 313 |
$address[] = $tmpaddress; |
|
| 314 |
} |
|
| 315 |
if ($_POST["detail{$x}"] <> "") {
|
|
| 290 |
if ($_POST["detail{$x}"] <> "")
|
|
| 316 | 291 |
if ((strpos($_POST["detail{$x}"], "||") === false) && (substr($_POST["detail{$x}"], 0, 1) != "|") && (substr($_POST["detail{$x}"], -1, 1) != "|")) {
|
| 317 |
$final_address_details[] = $_POST["detail{$x}"];
|
|
| 292 |
$detail_text = $_POST["detail{$x}"];
|
|
| 318 | 293 |
} else {
|
| 319 | 294 |
/* Remove leading and trailing vertical bars and replace multiple vertical bars with single, */ |
| 320 | 295 |
/* and put in the output array so the text is at least redisplayed for the user. */ |
| 321 |
$final_address_details[] = preg_replace('/\|\|+/', '|', trim($_POST["detail{$x}"], "|"));
|
|
| 296 |
$detail_text = preg_replace('/\|\|+/', '|', trim($_POST["detail{$x}"], "|"));
|
|
| 322 | 297 |
if (!$desc_fmt_err_found) {
|
| 323 | 298 |
$input_errors[] = $vertical_bar_err_text; |
| 324 | 299 |
$desc_fmt_err_found = true; |
| 325 | 300 |
} |
| 326 | 301 |
} |
| 327 |
} else |
|
| 328 |
$final_address_details[] = sprintf(gettext("Entry added %s"), date('r'));
|
|
| 302 |
else {
|
|
| 303 |
$detail_text = sprintf(gettext("Entry added %s"), date('r'));
|
|
| 304 |
} |
|
| 305 |
$address_items = explode(" ", trim($_POST["address{$x}"]));
|
|
| 306 |
foreach ($address_items as $address_item) {
|
|
| 307 |
if (is_iprange($address_item)) {
|
|
| 308 |
list($startip, $endip) = explode('-', $address_item);
|
|
| 309 |
$rangesubnets = ip_range_to_subnet_array($startip, $endip); |
|
| 310 |
foreach ($rangesubnets as $rangesubnet) {
|
|
| 311 |
list($address_part, $subnet_part) = explode("/", $rangesubnet);
|
|
| 312 |
$input_addresses[] = $address_part; |
|
| 313 |
$input_address_subnet[] = $subnet_part; |
|
| 314 |
$final_address_details[] = $detail_text; |
|
| 315 |
} |
|
| 316 |
} else {
|
|
| 317 |
list($address_part, $subnet_part) = explode("/", $address_item);
|
|
| 318 |
$input_addresses[] = $address_part; |
|
| 319 |
if (!empty($subnet_part)) |
|
| 320 |
$input_address_subnet[] = $subnet_part; |
|
| 321 |
else |
|
| 322 |
$input_address_subnet[] = $_POST["address_subnet{$x}"];
|
|
| 323 |
$final_address_details[] = $detail_text; |
|
| 324 |
} |
|
| 325 |
} |
|
| 326 |
} |
|
| 327 |
} |
|
| 328 |
|
|
| 329 |
// Validate the input data expanded above. |
|
| 330 |
foreach($input_addresses as $idx => $input_address) {
|
|
| 331 |
if (is_alias($input_address)) {
|
|
| 332 |
if (!alias_same_type($input_address, $_POST['type'])) |
|
| 333 |
// But alias type network can include alias type urltable. Feature#1603. |
|
| 334 |
if (!($_POST['type'] == 'network' && |
|
| 335 |
preg_match("/urltable/i", alias_get_type($input_address))))
|
|
| 336 |
$wrongaliases .= " " . $input_address; |
|
| 337 |
} else if ($_POST['type'] == "port") {
|
|
| 338 |
if (!is_port($input_address) && !is_portrange($input_address)) |
|
| 339 |
$input_errors[] = $input_address . " " . gettext("is not a valid port or alias.");
|
|
| 340 |
} else if ($_POST['type'] == "host" || $_POST['type'] == "network") {
|
|
| 341 |
if (is_subnet($input_address) || |
|
| 342 |
(!is_ipaddr($input_address) && !is_hostname($input_address))) |
|
| 343 |
$input_errors[] = sprintf(gettext('%1$s is not a valid %2$s address, FQDN or alias.'), $input_address, $_POST['type']);
|
|
| 344 |
} |
|
| 345 |
$tmpaddress = $input_address; |
|
| 346 |
if ($_POST['type'] != "host" && is_ipaddr($input_address) && $input_address_subnet[$idx] <> "") {
|
|
| 347 |
if (!is_subnet($input_address . "/" . $input_address_subnet[$idx])) |
|
| 348 |
$input_errors[] = sprintf(gettext('%s/%s is not a valid subnet.'), $input_address, $input_address_subnet[$idx]);
|
|
| 349 |
else |
|
| 350 |
$tmpaddress .= "/" . $input_address_subnet[$idx]; |
|
| 329 | 351 |
} |
| 352 |
$address[] = $tmpaddress; |
|
| 330 | 353 |
} |
| 331 | 354 |
unset($desc_fmt_err_found); |
| 332 | 355 |
if ($wrongaliases <> "") |
Formats disponibles : Unified diff
Allow extended alias inputs #3890
Currently if you enter a space-separated list of subnets in the IP address box when entering an alias, the code reports that the data is invalid. But it does actually expand the list of subnets into multiple rows, and enters the various subnet CIDRs into the CIDR column for the user. The user can press Save a second time and the data is now valid so the code saves it happily. This is rather odd, as reported in redmine #3890.
Also, if you input an IP range (e.g. 192.168.20.0-192.168.20.30) plus description and in the 2nd row put some other subnet and description, the range is correctly expanded, but the description only appears against the 1st subnet of the range. The description from the 2nd row ends up as the description against the 2nd subnet of the range, and the rest of the descriptions are blank. i.e. the descriptions do not get copied and pushed down as the IP ranges are expanded.
This change fixes all that stuff by first parsing the posted data and expanding any IP ranges and/or space-separated lists, building arrays that have all their entries lined up:
$input_addresses[]
$input_address_subnet[]
$final_address_details[]
which are then validated.
This is for master (2.2) branch. Actually it was not too difficult to integrate.