$input_errors[] = sprintf(gettext("%s is not a valid source IP address or alias."), $_POST['src']); } if ($_POST['srcmask'] && !is_numericint($_POST['srcmask'])) { $input_errors[] = gettext("A valid source bit count must be specified."); } } if (!is_specialnet($_POST['dsttype'])) { if ($_POST['dst'] && !is_ipaddroralias($_POST['dst'])) { $input_errors[] = sprintf(gettext("%s is not a valid destination IP address or alias."), $_POST['dst']); } if ($_POST['dstmask'] && !is_numericint($_POST['dstmask'])) { $input_errors[] = gettext("A valid destination bit count must be specified."); } } if (is_ipaddr($_POST['src']) && is_ipaddr($_POST['dst'])) { if (!validate_address_family($_POST['src'], $_POST['dst'])) { $input_errors[] = sprintf(gettext("The Source IP address %s Address Family differs from the destination %s."), $_POST['src'], $_POST['dst']); } if ((is_ipaddrv6($_POST['src']) || is_ipaddrv6($_POST['dst'])) && $_POST['ipprotocol'] == "inet") { $input_errors[] = gettext("You can not use IPv6 addresses in IPv4 rules."); } if ((is_ipaddrv4($_POST['src']) || is_ipaddrv4($_POST['dst'])) && $_POST['ipprotocol'] == "inet6") { $input_errors[] = gettext("You can not use IPv4 addresses in IPv6 rules."); } } if ((is_ipaddr($_POST['src']) || is_ipaddr($_POST['dst'])) && $_POST['ipprotocol'] == "inet46") { $input_errors[] = gettext("You can not use a IPv4 or IPv6 address in combined IPv4 + IPv6 rules."); } if ($_POST['srcbeginport'] > $_POST['srcendport']) { /* swap */ $tmp = $_POST['srcendport'];
$pconfig = $_POST; /* input validation */ $reqdfields = explode(" ", "network network_subnet gateway"); $reqdfieldsn = explode(",", gettext("Destination network") . "," . gettext("Destination network bit count") . "," . gettext("Gateway")); do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); if ($_POST['network'] && !is_ipaddr($_POST['network']) && !is_alias($_POST['network'])) { $input_errors[] = gettext("A valid IPv4 or IPv6 destination network must be specified."); } if ($_POST['network_subnet'] && !is_numeric($_POST['network_subnet'])) { $input_errors[] = gettext("A valid destination network bit count must be specified."); } if ($_POST['gateway'] && is_ipaddr($_POST['network'])) { if (!isset($a_gateways[$_POST['gateway']])) { $input_errors[] = gettext("A valid gateway must be specified."); } if (!validate_address_family($_POST['network'], lookup_gateway_ip_by_name($_POST['gateway']))) { $input_errors[] = gettext("The gateway '{$a_gateways[$_POST['gateway']]['gateway']}' is a different Address Family as network '{$_POST['network']}'."); } } /* check for overlaps */ $current_targets = get_staticroutes(true); $new_targets = array(); if (is_ipaddrv6($_POST['network'])) { $osn = Net_IPv6::compress(gen_subnetv6($_POST['network'], $_POST['network_subnet'])) . "/" . $_POST['network_subnet']; $new_targets[] = $osn; } if (is_ipaddr($_POST['network'])) { if ($_POST['network_subnet'] > 32) { $input_errors[] = gettext("A IPv4 subnet can not be over 32 bits."); } else { $osn = gen_subnet($_POST['network'], $_POST['network_subnet']) . "/" . $_POST['network_subnet'];
} $dnslist = $ignore_posted_dnsgw = array(); for ($dnscounter = 1; $dnscounter < 5; $dnscounter++) { $dnsname = "dns{$dnscounter}"; $dnsgwname = "dns{$dnscounter}gw"; $dnslist[] = $_POST[$dnsname]; if ($_POST[$dnsname] && !is_ipaddr($_POST[$dnsname])) { $input_errors[] = sprintf(gettext("A valid IP address must be specified for DNS server %s."), $dnscounter); } else { if ($_POST[$dnsgwname] != "" && $_POST[$dnsgwname] != "none") { // A real gateway has been selected. if (is_ipaddr($_POST[$dnsname])) { if (is_ipaddrv4($_POST[$dnsname]) && validate_address_family($_POST[$dnsname], $_POST[$dnsgwname]) === false) { $input_errors[] = sprintf(gettext('The IPv6 gateway "%1$s" can not be specified for IPv4 DNS server "%2$s".'), $_POST[$dnsgwname], $_POST[$dnsname]); } if (is_ipaddrv6($_POST[$dnsname]) && validate_address_family($_POST[$dnsname], $_POST[$dnsgwname]) === false) { $input_errors[] = sprintf(gettext('The IPv4 gateway "%1$s" can not be specified for IPv6 DNS server "%2$s".'), $_POST[$dnsgwname], $_POST[$dnsname]); } } else { // The user selected a gateway but did not provide a DNS address. Be nice and set the gateway back to "none". $ignore_posted_dnsgw[$dnsgwname] = true; } } } } if (count(array_filter($dnslist)) != count(array_unique(array_filter($dnslist)))) { $input_errors[] = gettext('Each configured DNS server must have a unique IP address. Remove the duplicated IP.'); } $direct_networks_list = explode(" ", filter_get_direct_networks_list()); for ($dnscounter = 1; $dnscounter < 5; $dnscounter++) { $dnsitem = "dns{$dnscounter}";
if (!empty($pconfig['domain']) && !is_domain($pconfig['domain'])) { $input_errors[] = gettext("The domain may only contain the characters a-z, 0-9, '-' and '.'."); } $ignore_posted_dnsgw = array(); for ($dnscounter = 1; $dnscounter < 5; $dnscounter++) { $dnsname = "dns{$dnscounter}"; $dnsgwname = "dns{$dnscounter}gw"; if (!empty($pconfig[$dnsname]) && !is_ipaddr($pconfig[$dnsname])) { $input_errors[] = gettext("A valid IP address must be specified for DNS server {$dnscounter}."); } elseif (!empty($pconfig[$dnsgwname]) && $pconfig[$dnsgwname] != "none") { // A real gateway has been selected. if (is_ipaddr($pconfig[$dnsname])) { if (is_ipaddrv4($pconfig[$dnsname]) && validate_address_family($pconfig[$dnsname], $pconfig[$dnsgwname]) === false) { $input_errors[] = gettext("You can not specify IPv6 gateway '{$pconfig[$dnsgwname]}' for IPv4 DNS server '{$pconfig[$dnsname]}'"); } if (is_ipaddrv6($pconfig[$dnsname]) && validate_address_family($pconfig[$dnsname], $pconfig[$dnsgwname]) === false) { $input_errors[] = gettext("You can not specify IPv4 gateway '{$pconfig[$dnsgwname]}' for IPv6 DNS server '{$pconfig[$dnsname]}'"); } } else { // The user selected a gateway but did not provide a DNS address. Be nice and set the gateway back to "none". $ignore_posted_dnsgw[$dnsgwname] = true; } } } /* XXX cranky low-level call, please refactor */ $direct_networks_list = explode(' ', filter_get_direct_networks_list(filter_generate_optcfg_array())); for ($dnscounter = 1; $dnscounter < 5; $dnscounter++) { $dnsitem = "dns{$dnscounter}"; $dnsgwitem = "dns{$dnscounter}gw"; if (!empty($pconfig[$dnsgwitem])) { if (interface_has_gateway($pconfig[$dnsgwitem])) {
do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if ($_POST['network'] && !is_ipaddr($_POST['network']) && !is_alias($_POST['network'])) { $input_errors[] = gettext("A valid IPv4 or IPv6 destination network must be specified."); } if ($_POST['network_subnet'] && !is_numeric($_POST['network_subnet'])) { $input_errors[] = gettext("A valid destination network bit count must be specified."); } if ($_POST['gateway'] && is_ipaddr($_POST['network'])) { if (!isset($a_gateways[$_POST['gateway']])) { $input_errors[] = gettext("A valid gateway must be specified."); } else { if (isset($a_gateways[$_POST['gateway']]['disabled']) && !$_POST['disabled']) { $input_errors[] = gettext("The gateway is disabled but the route is not. You must disable the route in order to choose a disabled gateway."); } else { // Note that the 3rd parameter "disabled" must be passed as explicitly true or false. if (!validate_address_family($_POST['network'], $_POST['gateway'], $_POST['disabled'] ? true : false)) { $input_errors[] = gettext("The gateway '{$a_gateways[$_POST['gateway']]['gateway']}' is a different Address Family than network '{$_POST['network']}'."); } } } } /* check for overlaps */ $current_targets = get_staticroutes(true); $new_targets = array(); if (is_ipaddrv6($_POST['network'])) { $osn = gen_subnetv6($_POST['network'], $_POST['network_subnet']) . "/" . $_POST['network_subnet']; $new_targets[] = $osn; } if (is_ipaddrv4($_POST['network'])) { if ($_POST['network_subnet'] > 32) { $input_errors[] = gettext("A IPv4 subnet can not be over 32 bits.");
$input_errors[] = sprintf(gettext("%s is not a valid source IP address or alias."), $pconfig['src']); } if (!is_numericint($pconfig['srcmask'])) { $input_errors[] = gettext("A valid source bit count must be specified."); } } if (!is_specialnet($pconfig['dst'])) { if (!is_ipaddroralias($pconfig['dst'])) { $input_errors[] = sprintf(gettext("%s is not a valid destination IP address or alias."), $pconfig['dst']); } if (!is_numericint($pconfig['dstmask'])) { $input_errors[] = gettext("A valid destination bit count must be specified."); } } if (is_ipaddr($pconfig['src']) && is_ipaddr($pconfig['dst'])) { if (!validate_address_family($pconfig['src'], $pconfig['dst'])) { $input_errors[] = sprintf(gettext("The Source IP address %s Address Family differs from the destination %s."), $pconfig['src'], $pconfig['dst']); } if ((is_ipaddrv6($pconfig['src']) || is_ipaddrv6($pconfig['dst'])) && $pconfig['ipprotocol'] == "inet") { $input_errors[] = gettext("You can not use IPv6 addresses in IPv4 rules."); } if ((is_ipaddrv4($pconfig['src']) || is_ipaddrv4($pconfig['dst'])) && $pconfig['ipprotocol'] == "inet6") { $input_errors[] = gettext("You can not use IPv4 addresses in IPv6 rules."); } } if (is_ipaddrv4($pconfig['src']) && $pconfig['srcmask'] > 32) { $input_errors[] = gettext("Invalid subnet mask on IPv4 source"); } if (is_ipaddrv4($pconfig['dst']) && $pconfig['dstmask'] > 32) { $input_errors[] = gettext("Invalid subnet mask on IPv4 destination"); }
$pconfig = $_POST; /* input validation */ $reqdfields = explode(" ", "network network_subnet gateway"); $reqdfieldsn = explode(",", gettext("Destination network") . "," . gettext("Destination network bit count") . "," . gettext("Gateway")); do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if ($_POST['network'] && !is_ipaddr($_POST['network']) && !is_alias($_POST['network'])) { $input_errors[] = gettext("A valid IPv4 or IPv6 destination network must be specified."); } if ($_POST['network_subnet'] && !is_numeric($_POST['network_subnet'])) { $input_errors[] = gettext("A valid destination network bit count must be specified."); } if ($_POST['gateway'] && is_ipaddr($_POST['network'])) { if (!isset($a_gateways[$_POST['gateway']])) { $input_errors[] = gettext("A valid gateway must be specified."); } if (!validate_address_family($_POST['network'], $_POST['gateway'])) { $input_errors[] = gettext("The gateway '{$a_gateways[$_POST['gateway']]['gateway']}' is a different Address Family as network '{$_POST['network']}'."); } } /* check for overlaps */ $current_targets = get_staticroutes(true); $new_targets = array(); if (is_ipaddrv6($_POST['network'])) { $osn = gen_subnetv6($_POST['network'], $_POST['network_subnet']) . "/" . $_POST['network_subnet']; $new_targets[] = $osn; } if (is_ipaddrv4($_POST['network'])) { if ($_POST['network_subnet'] > 32) { $input_errors[] = gettext("A IPv4 subnet can not be over 32 bits."); } else { $osn = gen_subnet($_POST['network'], $_POST['network_subnet']) . "/" . $_POST['network_subnet'];
$reqdfields = explode(" ", "hostname domain"); $reqdfieldsn = array(gettext("Hostname"), gettext("Domain")); do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); if ($_POST['hostname'] && !is_hostname($_POST['hostname'])) { $input_errors[] = gettext("The hostname may only contain the characters a-z, 0-9 and '-'."); } if ($_POST['domain'] && !is_domain($_POST['domain'])) { $input_errors[] = gettext("The domain may only contain the characters a-z, 0-9, '-' and '.'."); } for ($dnscounter = 1; $dnscounter < 5; $dnscounter++) { $dnsname = "dns{$dnscounter}"; $dnsgwname = "dns{$dnscounter}gw"; if ($_POST[$dnsname] && !is_ipaddr($_POST[$dnsname])) { $input_errors[] = gettext("A valid IP address must be specified for the DNS server {$dnscounter}."); } if ($_POST[$dnsgwname] != "none" && is_ipaddr($_POST[$dnsname]) && validate_address_family($_POST[$dnsname], lookup_gateway_ip_by_name($_POST[$dnsgwname])) === false) { $input_errors[] = gettext("The gateway specified for DNS server '{$_POST[$dnsname]}' is not from the same Address Family as gateway '" . lookup_gateway_ip_by_name($_POST[$dnsgwname]) . "'."); } } if ($_POST['webguiport'] && (!is_numericint($_POST['webguiport']) || $_POST['webguiport'] < 1 || $_POST['webguiport'] > 65535)) { $input_errors[] = gettext("A valid TCP/IP port must be specified for the webConfigurator port."); } $direct_networks_list = explode(" ", filter_get_direct_networks_list()); for ($dnscounter = 1; $dnscounter < 5; $dnscounter++) { $dnsitem = "dns{$dnscounter}"; $dnsgwitem = "dns{$dnscounter}gw"; if ($_POST[$dnsgwitem]) { if (interface_has_gateway($_POST[$dnsgwitem])) { foreach ($direct_networks_list as $direct_network) { if (ip_in_subnet($_POST[$dnsitem], $direct_network)) { $input_errors[] = sprintf(gettext("You can not assign a gateway to DNS '%s' server which is on a directly connected network."), $_POST[$dnsitem]);
<br> <span class="vexpl"><?php echo gettext("Group Name"); ?> </span></td> </tr> <tr> <td width="22%" valign="top" class="vncellreq"><?php echo gettext("Gateway Priority"); ?> </td> <td width="78%" class="vtable"> <?php foreach ($a_gateways as $gwname => $gateway) { if (!empty($pconfig['item'])) { $af = explode("|", $pconfig['item'][0]); if (!validate_address_family(lookup_gateway_ip_by_name($af[0]), $gateway['gateway'])) { continue; } } $selected = array(); $interface = $gateway['interface']; foreach ((array) $pconfig['item'] as $item) { $itemsplit = explode("|", $item); if ($itemsplit[0] == $gwname) { $selected[$itemsplit[1]] = "selected"; break; } else { $selected[0] = "selected"; } } echo "<select name='{$gwname}' class='formfldselect' id='{$gwname}'>";
if (!empty($config['interfaces'][$_POST['interface']]['ipaddr'])) { if (is_ipaddr($config['interfaces'][$_POST['interface']]['ipaddr']) && (empty($_POST['gateway']) || $_POST['gateway'] == "dynamic")) { $input_errors[] = gettext("Dynamic gateway values cannot be specified for interfaces with a static IPv4 configuration."); } } if (!empty($config['interfaces'][$_POST['interface']]['ipaddrv6'])) { if (is_ipaddr($config['interfaces'][$_POST['interface']]['ipaddrv6']) && (empty($_POST['gateway']) || $_POST['gateway'] == "dynamic")) { $input_errors[] = gettext("Dynamic gateway values cannot be specified for interfaces with a static IPv6 configuration."); } } } if ($_POST['monitor'] != "" && !is_ipaddr($_POST['monitor']) && $_POST['monitor'] != "dynamic") { $input_errors[] = gettext("A valid monitor IP address must be specified."); } if ($_POST['monitor'] != "" && is_ipaddr($_POST['monitor']) && $_POST['monitor'] != "dynamic") { if (!validate_address_family($_POST['monitor'], $_POST['gateway'])) { $input_errors[] = gettext("The monitor address '{$_POST['monitor']}' is a different Address Family then gateway '{$_POST['gateway']}'."); } } if (isset($_POST['name'])) { /* check for overlaps */ foreach ($a_gateways as $gateway) { if (isset($id) && $a_gateways[$id] && $a_gateways[$id] === $gateway) { if ($gateway['name'] != $_POST['name']) { $input_errors[] = gettext("Changing name on a gateway is not allowed."); } continue; } if ($_POST['name'] != "") { if ($gateway['name'] != "" && $_POST['name'] == $gateway['name'] && $gateway['attribute'] != "system") { $input_errors[] = sprintf(gettext('The gateway name "%s" already exists.'), $_POST['name']);