Révision c4107752
Ajouté par Phil Davis il y a presque 10 ans
| etc/inc/filter_log.inc | ||
|---|---|---|
| 81 | 81 |
return isset($config['syslog']['reverse']) ? $filterlog : array_reverse($filterlog); |
| 82 | 82 |
} |
| 83 | 83 |
|
| 84 |
function escape_filter_regex($filtertext) {
|
|
| 85 |
/* If the caller (user) has not already put a backslash before a slash, to escape it in the regex, */ |
|
| 86 |
/* then this will do it. Take out any "\/" already there, then turn all ordinary "/" into "\/". */ |
|
| 87 |
return str_replace('/', '\/', str_replace('\/', '/', $filtertext));
|
|
| 88 |
} |
|
| 89 |
|
|
| 84 | 90 |
function match_filter_line($flent, $filtertext = "") {
|
| 85 | 91 |
if (!$filtertext) |
| 86 | 92 |
return true; |
| 87 |
$filtertext = str_replace(' ', '\s+', $filtertext);
|
|
| 88 |
return preg_match("/{$filtertext}/i", implode(" ", array_values($flent)));
|
|
| 93 |
$filtertext = escape_filter_regex(str_replace(' ', '\s+', $filtertext));
|
|
| 94 |
return @preg_match("/{$filtertext}/i", implode(" ", array_values($flent)));
|
|
| 89 | 95 |
} |
| 90 | 96 |
|
| 91 | 97 |
function match_filter_field($flent, $fields) {
|
| ... | ... | |
| 95 | 101 |
$fields[$field] = substr($fields[$field], 1); |
| 96 | 102 |
if (preg_match("/act/i", $field)) {
|
| 97 | 103 |
if ( (in_arrayi($flent[$field], explode(",", str_replace(" ", ",", $fields[$field]))) ) ) return false;
|
| 98 |
} else if ( (preg_match("/{$fields[$field]}/i", $flent[$field])) ) return false;
|
|
| 104 |
} else {
|
|
| 105 |
$field_regex = escape_filter_regex($fields[$field]); |
|
| 106 |
if ( (@preg_match("/{$field_regex}/i", $flent[$field])) )
|
|
| 107 |
return false; |
|
| 108 |
} |
|
| 99 | 109 |
} |
| 100 | 110 |
else {
|
| 101 | 111 |
if (preg_match("/act/i", $field)) {
|
| 102 | 112 |
if ( !(in_arrayi($flent[$field], explode(",", str_replace(" ", ",", $fields[$field]))) ) ) return false;
|
| 103 |
} else if ( !(preg_match("/{$fields[$field]}/i", $flent[$field])) ) return false;
|
|
| 113 |
} else {
|
|
| 114 |
$field_regex = escape_filter_regex($fields[$field]); |
|
| 115 |
if ( !(@preg_match("/{$field_regex}/i", $flent[$field])) )
|
|
| 116 |
return false; |
|
| 117 |
} |
|
| 104 | 118 |
} |
| 105 | 119 |
} |
| 106 | 120 |
return true; |
Formats disponibles : Unified diff
Handle firewall log filter regex input better bug #3689
If the user inputs an invalid regex in any of the filter fields, then a page full of "warning" messages appear in the GUI, about whatever is invalid.
If for some reason the user wants to match a forward slash somewhere, then they have to realize to escape it, doing "\/" instead of just "/". Be nice to this special case, because the user does not necessarily know that "/" is being used as the delimiter in the preg_match call. Turn "/" into "\/" (when the "\" is not already put in by the user).
For other regex issues, suppress the warning output, using "@". When the user inputs some invalid garbage in a filter field, an empty filtered firewall log table will be displayed, rather than screens full of PHP warning output.