Révision c4107752
Ajouté par Phil Davis il y a presque 10 ans
etc/inc/filter_log.inc | ||
---|---|---|
81 | 81 |
return isset($config['syslog']['reverse']) ? $filterlog : array_reverse($filterlog); |
82 | 82 |
} |
83 | 83 |
|
84 |
function escape_filter_regex($filtertext) { |
|
85 |
/* If the caller (user) has not already put a backslash before a slash, to escape it in the regex, */ |
|
86 |
/* then this will do it. Take out any "\/" already there, then turn all ordinary "/" into "\/". */ |
|
87 |
return str_replace('/', '\/', str_replace('\/', '/', $filtertext)); |
|
88 |
} |
|
89 |
|
|
84 | 90 |
function match_filter_line($flent, $filtertext = "") { |
85 | 91 |
if (!$filtertext) |
86 | 92 |
return true; |
87 |
$filtertext = str_replace(' ', '\s+', $filtertext);
|
|
88 |
return preg_match("/{$filtertext}/i", implode(" ", array_values($flent))); |
|
93 |
$filtertext = escape_filter_regex(str_replace(' ', '\s+', $filtertext));
|
|
94 |
return @preg_match("/{$filtertext}/i", implode(" ", array_values($flent)));
|
|
89 | 95 |
} |
90 | 96 |
|
91 | 97 |
function match_filter_field($flent, $fields) { |
... | ... | |
95 | 101 |
$fields[$field] = substr($fields[$field], 1); |
96 | 102 |
if (preg_match("/act/i", $field)) { |
97 | 103 |
if ( (in_arrayi($flent[$field], explode(",", str_replace(" ", ",", $fields[$field]))) ) ) return false; |
98 |
} else if ( (preg_match("/{$fields[$field]}/i", $flent[$field])) ) return false; |
|
104 |
} else { |
|
105 |
$field_regex = escape_filter_regex($fields[$field]); |
|
106 |
if ( (@preg_match("/{$field_regex}/i", $flent[$field])) ) |
|
107 |
return false; |
|
108 |
} |
|
99 | 109 |
} |
100 | 110 |
else { |
101 | 111 |
if (preg_match("/act/i", $field)) { |
102 | 112 |
if ( !(in_arrayi($flent[$field], explode(",", str_replace(" ", ",", $fields[$field]))) ) ) return false; |
103 |
} else if ( !(preg_match("/{$fields[$field]}/i", $flent[$field])) ) return false; |
|
113 |
} else { |
|
114 |
$field_regex = escape_filter_regex($fields[$field]); |
|
115 |
if ( !(@preg_match("/{$field_regex}/i", $flent[$field])) ) |
|
116 |
return false; |
|
117 |
} |
|
104 | 118 |
} |
105 | 119 |
} |
106 | 120 |
return true; |
Formats disponibles : Unified diff
Handle firewall log filter regex input better bug #3689
If the user inputs an invalid regex in any of the filter fields, then a page full of "warning" messages appear in the GUI, about whatever is invalid.
If for some reason the user wants to match a forward slash somewhere, then they have to realize to escape it, doing "\/" instead of just "/". Be nice to this special case, because the user does not necessarily know that "/" is being used as the delimiter in the preg_match call. Turn "/" into "\/" (when the "\" is not already put in by the user).
For other regex issues, suppress the warning output, using "@". When the user inputs some invalid garbage in a filter field, an empty filtered firewall log table will be displayed, rather than screens full of PHP warning output.