$input_errors[] = gettext("This pool name has already been used. Pool names must be unique."); } } if (preg_match('/[ \\/]/', $_POST['name'])) { $input_errors[] = gettext("You cannot use spaces or slashes in the 'name' field."); } if (strlen($_POST['name']) > 16) { $input_errors[] = gettext("The 'name' field must be 16 characters or less."); } if (in_array($_POST['name'], $reserved_table_names)) { $input_errors[] = sprintf(gettext("The name '%s' is a reserved word and cannot be used."), $_POST['name']); } if (is_alias($_POST['name'])) { $input_errors[] = sprintf(gettext("Sorry, an alias is already named %s."), $_POST['name']); } if (!is_portoralias($_POST['port'])) { $input_errors[] = gettext("The port must be an integer between 1 and 65535, or a port alias."); } // May as well use is_port as we want a positive integer and such. if (!empty($_POST['retry']) && !is_port($_POST['retry'])) { $input_errors[] = gettext("The retry value must be an integer between 1 and 65535."); } if (is_array($_POST['servers'])) { foreach ($pconfig['servers'] as $svrent) { if (!is_ipaddr($svrent) && !is_subnetv4($svrent)) { $input_errors[] = sprintf(gettext("%s is not a valid IP address or IPv4 subnet (in \"enabled\" list)."), $svrent); } else { if (is_subnetv4($svrent) && subnet_size($svrent) > 64) { $input_errors[] = sprintf(gettext("%s is a subnet containing more than 64 IP addresses (in \"enabled\" list)."), $svrent); } }
$_POST['srcendport'] = 0; } if (!$_POST['dstbeginport']) { $_POST['dstbeginport'] = 0; $_POST['dstendport'] = 0; } if ($_POST['srcbeginport'] && !is_portoralias($_POST['srcbeginport'])) { $input_errors[] = sprintf(gettext("%s is not a valid start source port. It must be a port alias or integer between 1 and 65535."), $_POST['srcbeginposrt']); } if ($_POST['srcendport'] && !is_portoralias($_POST['srcendport'])) { $input_errors[] = sprintf(gettext("%s is not a valid end source port. It must be a port alias or integer between 1 and 65535."), $_POST['srcendport']); } if ($_POST['dstbeginport'] && !is_portoralias($_POST['dstbeginport'])) { $input_errors[] = sprintf(gettext("%s is not a valid start destination port. It must be a port alias or integer between 1 and 65535."), $_POST['dstbeginport']); } if ($_POST['dstendport'] && !is_portoralias($_POST['dstendport'])) { $input_errors[] = sprintf(gettext("%s is not a valid end destination port. It must be a port alias or integer between 1 and 65535."), $_POST['dstendport']); } if (!$_POST['srcbeginport_cust'] && $_POST['srcendport_cust']) { if (is_alias($_POST['srcendport_cust'])) { $input_errors[] = 'If you put port alias in Source port range to: field you must put the same port alias in from: field'; } } if ($_POST['srcbeginport_cust'] && $_POST['srcendport_cust']) { if (is_alias($_POST['srcendport_cust']) && is_alias($_POST['srcendport_cust']) && $_POST['srcbeginport_cust'] != $_POST['srcendport_cust']) { $input_errors[] = 'The same port alias must be used in Source port range from: and to: fields'; } if (is_alias($_POST['srcbeginport_cust']) && (!is_alias($_POST['srcendport_cust']) && $_POST['srcendport_cust'] != '') || !is_alias($_POST['srcbeginport_cust']) && $_POST['srcbeginport_cust'] != '' && is_alias($_POST['srcendport_cust'])) { $input_errors[] = 'You cannot specify numbers and port aliases at the same time in Source port range from: and to: field'; } }
if ($_POST['sourceport']) { $_POST['sourceport'] = trim($_POST['sourceport']); } if ($_POST['dstport']) { $_POST['dstport'] = trim($_POST['dstport']); } if ($_POST['natport']) { $_POST['natport'] = trim($_POST['natport']); } if ($protocol_uses_ports && $_POST['sourceport'] != "" && !(is_portoralias($_POST['sourceport']) || is_portrange($_POST['sourceport']))) { $input_errors[] = gettext("A valid port or port alias must be supplied for the source port entry."); } if ($protocol_uses_ports && $_POST['dstport'] != "" && !(is_portoralias($_POST['dstport']) || is_portrange($_POST['dstport']))) { $input_errors[] = gettext("A valid port or port alias must be supplied for the destination port entry."); } if ($protocol_uses_ports && $_POST['natport'] != "" && !(is_portoralias($_POST['natport']) || is_portrange($_POST['natport'])) && !isset($_POST['nonat'])) { $input_errors[] = gettext("A valid port must be supplied for the NAT port entry."); } if ($_POST['source_type'] != "any" && $_POST['source_type'] != "(self)") { if ($_POST['source'] && !is_ipaddroralias($_POST['source']) && $_POST['source'] != "any") { $input_errors[] = gettext("A valid source must be specified."); } } if ($_POST['source_subnet'] && !is_numericint($_POST['source_subnet'])) { $input_errors[] = gettext("A valid source bit count must be specified."); } if ($_POST['destination_type'] != "any") { if ($_POST['destination'] && !is_ipaddroralias($_POST['destination'])) { $input_errors[] = gettext("A valid destination must be specified."); } }
break; case "relay": $reqdfields = explode(" ", "ipaddr name mode relay_protocol"); $reqdfieldsn = array(gettext("IP Address"), gettext("Name"), gettext("Relay Protocol")); break; } do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); for ($i = 0; isset($config['load_balancer']['virtual_server'][$i]); $i++) { if ($_POST['name'] == $config['load_balancer']['virtual_server'][$i]['name'] && $i != $id) { $input_errors[] = gettext("This virtual server name has already been used. Virtual server names must be unique."); } } if (preg_match('/[ \\/]/', $_POST['name'])) { $input_errors[] = gettext("You cannot use spaces or slashes in the 'name' field."); } if ($_POST['port'] != "" && !is_portoralias($_POST['port'])) { $input_errors[] = gettext("The port must be an integer between 1 and 65535, a port alias, or left blank."); } if (!is_ipaddroralias($_POST['ipaddr']) && !is_subnetv4($_POST['ipaddr'])) { $input_errors[] = sprintf(gettext("%s is not a valid IP address, IPv4 subnet, or alias."), $_POST['ipaddr']); } else { if (is_subnetv4($_POST['ipaddr']) && subnet_size($_POST['ipaddr']) > 64) { $input_errors[] = sprintf(gettext("%s is a subnet containing more than 64 IP addresses."), $_POST['ipaddr']); } } if (strtolower($_POST['relay_protocol']) == "dns" && !empty($_POST['sitedown'])) { $input_errors[] = gettext("You cannot select a Fall Back Pool when using the DNS relay protocol."); } if (!$input_errors) { $vsent = array(); if (isset($id) && $a_vs[$id]) {
if ($_POST['targetip']) { $_POST['targetip'] = trim($_POST['targetip']); } if ($_POST['sourceport']) { $_POST['sourceport'] = trim($_POST['sourceport']); } if ($_POST['dstport']) { $_POST['dstport'] = trim($_POST['dstport']); } if ($_POST['natport']) { $_POST['natport'] = trim($_POST['natport']); } if ($protocol_uses_ports && $_POST['sourceport'] != "" && !is_portoralias($_POST['sourceport'])) { $input_errors[] = gettext("You must supply either a valid port or port alias for the source port entry."); } if ($protocol_uses_ports && $_POST['dstport'] != "" && !is_portoralias($_POST['dstport'])) { $input_errors[] = gettext("You must supply either a valid port or port alias for the destination port entry."); } if ($protocol_uses_ports && $_POST['natport'] != "" && !is_port($_POST['natport']) && !isset($_POST['nonat'])) { $input_errors[] = gettext("You must supply a valid port for the NAT port entry."); } if ($_POST['source_type'] != "any" && $_POST['source_type'] != "(self)") { if ($_POST['source'] && !is_ipaddroralias($_POST['source']) && $_POST['source'] != "any") { $input_errors[] = gettext("A valid source must be specified."); } } if ($_POST['source_subnet'] && !is_numericint($_POST['source_subnet'])) { $input_errors[] = gettext("A valid source bit count must be specified."); } if ($_POST['destination_type'] != "any") { if ($_POST['destination'] && !is_ipaddroralias($_POST['destination'])) {
foreach ($_POST as $key => $value) { $temp = str_replace(">", "", $value); $newpost = htmlentities($temp); if ($newpost != $temp) { $input_errors[] = sprintf(gettext("Invalid characters detected (%s). Please remove invalid characters and save again."), $temp); } } /* input validation */ $reqdfields = explode(" ", "interface protocol source source_subnet destination destination_subnet"); $reqdfieldsn = array(gettext("Interface"), gettext("Protocol"), gettext("Source"), gettext("Source bit count"), gettext("Destination"), gettext("Destination bit count")); do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); $protocol_uses_ports = in_array($_POST['protocol'], explode(" ", "any tcp udp tcp/udp")); if ($protocol_uses_ports && $_POST['sourceport'] != "" && !is_portoralias($_POST['sourceport'])) { $input_errors[] = gettext("You must supply either a valid port or port alias for the source port entry."); } if ($protocol_uses_ports and $_POST['dstport'] != "" and !is_portoralias($_POST['dstport'])) { $input_errors[] = gettext("You must supply either a valid port or port alias for the destination port entry."); } if ($protocol_uses_ports and $_POST['natport'] != "" and !is_port($_POST['natport']) and !isset($_POST['nonat'])) { $input_errors[] = gettext("You must supply a valid port for the nat port entry."); } if ($_POST['source_type'] != "any") { if ($_POST['source'] && !is_ipaddroralias($_POST['source']) && $_POST['source'] != "any") { $input_errors[] = gettext("A valid source must be specified."); } } if ($_POST['source_subnet'] && !is_numericint($_POST['source_subnet'])) { $input_errors[] = gettext("A valid source bit count must be specified."); } if ($_POST['destination_type'] != "any") { if ($_POST['destination'] && !is_ipaddroralias($_POST['destination'])) {
if (!isset($_POST['nordr']) && ($_POST['localip'] && !is_ipaddroralias($_POST['localip']))) { $input_errors[] = sprintf(gettext("\"%s\" is not a valid redirect target IP address or host alias."), $_POST['localip']); } if ($_POST['srcbeginport'] && !is_portoralias($_POST['srcbeginport'])) { $input_errors[] = sprintf(gettext("%s is not a valid start source port. It must be a port alias or integer between 1 and 65535."), $_POST['srcbeginport']); } if ($_POST['srcendport'] && !is_portoralias($_POST['srcendport'])) { $input_errors[] = sprintf(gettext("%s is not a valid end source port. It must be a port alias or integer between 1 and 65535."), $_POST['srcendport']); } if ($_POST['dstbeginport'] && !is_portoralias($_POST['dstbeginport'])) { $input_errors[] = sprintf(gettext("%s is not a valid start destination port. It must be a port alias or integer between 1 and 65535."), $_POST['dstbeginport']); } if ($_POST['dstendport'] && !is_portoralias($_POST['dstendport'])) { $input_errors[] = sprintf(gettext("%s is not a valid end destination port. It must be a port alias or integer between 1 and 65535."), $_POST['dstendport']); } if ((strtoupper($_POST['proto']) == "TCP" || strtoupper($_POST['proto']) == "UDP" || strtoupper($_POST['proto']) == "TCP/UDP") && (!isset($_POST['nordr']) && !is_portoralias($_POST['localbeginport']))) { $input_errors[] = sprintf(gettext("A valid redirect target port must be specified. It must be a port alias or integer between 1 and 65535."), $_POST['localbeginport']); } /* if user enters an alias and selects "network" then disallow. */ if ($_POST['srctype'] == "network" && is_alias($_POST['src']) || $_POST['dsttype'] == "network" && is_alias($_POST['dst'])) { $input_errors[] = gettext("You must specify single host or alias for alias entries."); } if (!is_specialnet($_POST['srctype'])) { if ($_POST['src'] && !is_ipaddroralias($_POST['src'])) { $input_errors[] = sprintf(gettext("%s is not a valid source IP address or alias."), $_POST['src']); } if ($_POST['srcmask'] && !is_numericint($_POST['srcmask'])) { $input_errors[] = gettext("A valid source bit count must be specified."); } } if (!is_specialnet($_POST['dsttype'])) {
$input_errors[] = sprintf(gettext("%s is only valid with protocol tcp."), $pconfig['statetype']); } if ($pconfig['gateway'] != "") { $input_errors[] = sprintf(gettext("%s is only valid if the gateway is set to 'default'."), $pconfig['statetype']); } } if (!empty($pconfig['srcbeginport']) && !is_portoralias($pconfig['srcbeginport']) && $pconfig['srcbeginport'] != 'any') { $input_errors[] = sprintf(gettext("%s is not a valid start source port. It must be a port alias or integer between 1 and 65535."), $pconfig['srcbeginport']); } if (!empty($pconfig['srcendport']) && !is_portoralias($pconfig['srcendport']) && $pconfig['srcendport'] != 'any') { $input_errors[] = sprintf(gettext("%s is not a valid end source port. It must be a port alias or integer between 1 and 65535."), $pconfig['srcendport']); } if (!empty($pconfig['dstbeginport']) && !is_portoralias($pconfig['dstbeginport']) && $pconfig['dstbeginport'] != 'any') { $input_errors[] = sprintf(gettext("%s is not a valid start destination port. It must be a port alias or integer between 1 and 65535."), $pconfig['dstbeginport']); } if (!empty($pconfig['dstendport']) && !is_portoralias($pconfig['dstendport']) && $pconfig['dstendport'] != 'any') { $input_errors[] = sprintf(gettext("%s is not a valid end destination port. It must be a port alias or integer between 1 and 65535."), $pconfig['dstendport']); } if ((is_alias($pconfig['srcbeginport']) || is_alias($pconfig['srcendport'])) && $pconfig['srcbeginport'] != $pconfig['srcendport']) { $input_errors[] = gettext('When selecting aliases for source ports, both from and to fields must be the same'); } if ((is_alias($pconfig['dstbeginport']) || is_alias($pconfig['dstendport'])) && $pconfig['dstbeginport'] != $pconfig['dstendport']) { $input_errors[] = gettext('When selecting aliases for destination ports, both from and to fields must be the same'); } if (!is_specialnet($pconfig['src'])) { if (!is_ipaddroralias($pconfig['src'])) { $input_errors[] = sprintf(gettext("%s is not a valid source IP address or alias."), $pconfig['src']); } if (!is_numericint($pconfig['srcmask'])) { $input_errors[] = gettext("A valid source bit count must be specified."); }
// input record id, if valid if (isset($pconfig['id']) && isset($a_out[$pconfig['id']])) { $id = $pconfig['id']; } if (isset($pconfig['after']) && isset($a_out[$pconfig['after']])) { $after = $pconfig['after']; } /* input validation */ $reqdfields = explode(" ", "interface protocol source source_subnet destination destination_subnet"); $reqdfieldsn = array(gettext("Interface"), gettext("Protocol"), gettext("Source"), gettext("Source bit count"), gettext("Destination"), gettext("Destination bit count")); do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors); if (in_array($pconfig['protocol'], explode(" ", "any tcp udp tcp/udp"))) { if (!empty($pconfig['sourceport']) && !is_portoralias($pconfig['sourceport'])) { $input_errors[] = gettext("You must supply either a valid port or port alias for the source port entry."); } if (!empty($pconfig['dstport']) && !is_portoralias($pconfig['dstport'])) { $input_errors[] = gettext("You must supply either a valid port or port alias for the destination port entry."); } if (!empty($pconfig['natport']) && !is_port($pconfig['natport']) && empty($pconfig['nonat'])) { $input_errors[] = gettext("You must supply a valid port for the NAT port entry."); } } if (!(in_array($pconfig['source'], array("any", "(self)")) || is_ipaddroralias($pconfig['source']))) { $input_errors[] = gettext("A valid source must be specified."); } if (!empty($pconfig['source_subnet']) && !is_numericint($pconfig['source_subnet'])) { $input_errors[] = gettext("A valid source bit count must be specified."); } if (!(in_array($pconfig['destination'], array("any", "(self)")) || is_ipaddroralias($pconfig['destination']))) { $input_errors[] = gettext("A valid destination must be specified."); }
if ($_POST['targetip']) { $_POST['targetip'] = trim($_POST['targetip']); } if ($_POST['sourceport']) { $_POST['sourceport'] = trim($_POST['sourceport']); } if ($_POST['dstport']) { $_POST['dstport'] = trim($_POST['dstport']); } if ($_POST['natport']) { $_POST['natport'] = trim($_POST['natport']); } if ($protocol_uses_ports && $_POST['sourceport'] != "" && !(is_portoralias($_POST['sourceport']) || is_portrange($_POST['sourceport']))) { $input_errors[] = gettext("You must supply either a valid port or port alias for the source port entry."); } if ($protocol_uses_ports && $_POST['dstport'] != "" && !(is_portoralias($_POST['dstport']) || is_portrange($_POST['dstport']))) { $input_errors[] = gettext("You must supply either a valid port or port alias for the destination port entry."); } if ($protocol_uses_ports && $_POST['natport'] != "" && !is_port($_POST['natport']) && !isset($_POST['nonat'])) { $input_errors[] = gettext("You must supply a valid port for the NAT port entry."); } if ($_POST['source_type'] != "any" && $_POST['source_type'] != "(self)") { if ($_POST['source'] && !is_ipaddroralias($_POST['source']) && $_POST['source'] != "any") { $input_errors[] = gettext("A valid source must be specified."); } } if ($_POST['source_subnet'] && !is_numericint($_POST['source_subnet'])) { $input_errors[] = gettext("A valid source bit count must be specified."); } if ($_POST['destination_type'] != "any") { if ($_POST['destination'] && !is_ipaddroralias($_POST['destination'])) {
if (!isset($_POST['nordr']) && ($_POST['localip'] && !is_ipaddroralias($_POST['localip']))) { $input_errors[] = sprintf(gettext("\"%s\" is not a valid redirect target IP address or host alias."), $_POST['localip']); } if ($_POST['srcbeginport'] && !is_portoralias($_POST['srcbeginport'])) { $input_errors[] = sprintf(gettext("%s is not a valid start source port. It must be a port alias or integer between 1 and 65535."), $_POST['srcbeginport']); } if ($_POST['srcendport'] && !is_portoralias($_POST['srcendport'])) { $input_errors[] = sprintf(gettext("%s is not a valid end source port. It must be a port alias or integer between 1 and 65535."), $_POST['srcendport']); } if ($_POST['dstbeginport'] && !is_portoralias($_POST['dstbeginport'])) { $input_errors[] = sprintf(gettext("%s is not a valid start destination port. It must be a port alias or integer between 1 and 65535."), $_POST['dstbeginport']); } if ($_POST['dstendport'] && !is_portoralias($_POST['dstendport'])) { $input_errors[] = sprintf(gettext("%s is not a valid end destination port. It must be a port alias or integer between 1 and 65535."), $_POST['dstendport']); } if (!isset($_POST['nordr']) && !is_portoralias($_POST['localbeginport'])) { $input_errors[] = sprintf(gettext("A valid local port must be specified. It must be a port alias or integer between 1 and 65535."), $_POST['localbeginport']); } /* if user enters an alias and selects "network" then disallow. */ if ($_POST['srctype'] == "network" && is_alias($_POST['src']) || $_POST['dsttype'] == "network" && is_alias($_POST['dst'])) { $input_errors[] = gettext("You must specify single host or alias for alias entries."); } if (!is_specialnet($_POST['srctype'])) { if ($_POST['src'] && !is_ipaddroralias($_POST['src'])) { $input_errors[] = sprintf(gettext("%s is not a valid source IP address or alias."), $_POST['src']); } if ($_POST['srcmask'] && !is_numericint($_POST['srcmask'])) { $input_errors[] = gettext("A valid source bit count must be specified."); } } if (!is_specialnet($_POST['dsttype'])) {
if (!isset($pconfig['nordr']) && ($pconfig['target'] && !is_ipaddroralias($pconfig['target']))) { $input_errors[] = sprintf(gettext("\"%s\" is not a valid redirect target IP address or host alias."), $pconfig['target']); } if (!empty($pconfig['srcbeginport']) && $pconfig['srcbeginport'] != 'any' && !is_portoralias($pconfig['srcbeginport'])) { $input_errors[] = sprintf(gettext("%s is not a valid start source port. It must be a port alias or integer between 1 and 65535."), $pconfig['srcbeginport']); } if (!empty($pconfig['srcendport']) && $pconfig['srcendport'] != 'any' && !is_portoralias($pconfig['srcendport'])) { $input_errors[] = sprintf(gettext("%s is not a valid end source port. It must be a port alias or integer between 1 and 65535."), $pconfig['srcendport']); } if (!empty($pconfig['dstbeginport']) && $pconfig['dstbeginport'] != 'any' && !is_portoralias($pconfig['dstbeginport'])) { $input_errors[] = sprintf(gettext("%s is not a valid start destination port. It must be a port alias or integer between 1 and 65535."), $pconfig['dstbeginport']); } if (!empty($pconfig['dstendport']) && $pconfig['dstendport'] != 'any' && !is_portoralias($pconfig['dstendport'])) { $input_errors[] = sprintf(gettext("%s is not a valid end destination port. It must be a port alias or integer between 1 and 65535."), $pconfig['dstendport']); } if (($pconfig['protocol'] == "tcp" || $pconfig['protocol'] == "udp" || $_POST['protocol'] == "tcp/udp") && (!isset($pconfig['nordr']) && !is_portoralias($pconfig['local-port']))) { $input_errors[] = sprintf(gettext("A valid redirect target port must be specified. It must be a port alias or integer between 1 and 65535."), $pconfig['local-port']); } if (!is_specialnet($pconfig['src']) && !is_ipaddroralias($pconfig['src'])) { $input_errors[] = sprintf(gettext("%s is not a valid source IP address or alias."), $pconfig['src']); } if (!empty($pconfig['srcmask']) && !is_numericint($pconfig['srcmask'])) { $input_errors[] = gettext("A valid source bit count must be specified."); } if (!is_specialnet($pconfig['dst']) && !is_ipaddroralias($pconfig['dst'])) { $input_errors[] = sprintf(gettext("%s is not a valid destination IP address or alias."), $pconfig['dst']); } if (!empty($pconfig['dstmask']) && !is_numericint($pconfig['dstmask'])) { $input_errors[] = gettext("A valid destination bit count must be specified."); } if (!isset($_POST['nordr']) && is_numericint($pconfig['dstbeginport']) && is_numericint($pconfig['dstendport']) && is_numericint($pconfig['local-port']) && max($pconfig['dstendport'], $pconfig['dstbeginport']) - min($pconfig['dstendport'], $pconfig['dstbeginport']) + $pconfig['local-port'] > 65535) {
$pf_version = substr(trim(file_get_contents("/etc/version")), 0, 3); if ($pf_version < 2.1) { $input_errors = eval('do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); return $input_errors;'); } else { do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); } if (preg_match("/[^a-zA-Z0-9\\.\\-_]/", $_POST['name'])) { $input_errors[] = "The field 'Name' contains invalid characters."; } if ($pconfig['secondary'] != "yes") { if ($_POST['max_connections'] && !is_numeric($_POST['max_connections'])) { $input_errors[] = "The field 'Max connections' value is not a number."; } $ports = split(",", $_POST['port'] . ","); foreach ($ports as $port) { if ($port && !is_numeric($port) && !is_portoralias($port)) { $input_errors[] = "The field 'Port' value '" . htmlspecialchars($port) . "' is not a number or alias thereof."; } } if ($_POST['client_timeout'] !== "" && !is_numeric($_POST['client_timeout'])) { $input_errors[] = "The field 'Client timeout' value is not a number."; } } /* Ensure that our pool names are unique */ for ($i = 0; isset($config['installedpackages']['haproxy']['ha_backends']['item'][$i]); $i++) { if ($_POST['name'] == $config['installedpackages']['haproxy']['ha_backends']['item'][$i]['name'] && $i != $id) { $input_errors[] = "This frontend name has already been used. Frontend names must be unique. {$i} != {$id}"; } } $a_certificates = haproxy_htmllist_get_values($fields_sslCertificates); $pconfig['a_certificates'] = $a_certificates;