break; case "IP": if (!is_ipaddr($altname['value'])) { $input_errors[] = gettext("IP subjectAltName values must be valid IP Addresses"); } break; case "email": if (empty($altname['value'])) { $input_errors[] = gettext("You must provide an e-mail address for this type of subjectAltName"); } if (preg_match("/[\\!\\#\$\\%\\^\\(\\)\\~\\?\\>\\<\\&\\/\\\\,\"\\']/", $altname['value'])) { $input_errors[] = gettext("The e-mail provided in a subjectAltName contains invalid characters."); } break; case "URI": if (!is_URL($altname['value'])) { $input_errors[] = gettext("URI subjectAltName types must be a valid URI"); } break; default: $input_errors[] = gettext("Unrecognized subjectAltName type."); } } /* Make sure we do not have invalid characters in the fields for the certificate */ for ($i = 0; $i < count($reqdfields); $i++) { if (preg_match('/email/', $reqdfields[$i])) { /* dn_email or csr_dn_name */ if (preg_match("/[\\!\\#\$\\%\\^\\(\\)\\~\\?\\>\\<\\&\\/\\\\,\"\\']/", $pconfig[$reqdfields[$i]])) { $input_errors[] = gettext("The field 'Distinguished name Email Address' contains invalid characters."); } } elseif (preg_match('/commonname/', $reqdfields[$i])) {
if ($_POST['ddnsdomainkey'] && !$_POST['ddnsdomainkeyname'] || $_POST['ddnsdomainkeyname'] && !$_POST['ddnsdomainkey']) { $input_errors[] = gettext("You must specify both a valid domain key and key name."); } if ($_POST['domainsearchlist']) { $domain_array = preg_split("/[ ;]+/", $_POST['domainsearchlist']); foreach ($domain_array as $curdomain) { if (!is_domain($curdomain)) { $input_errors[] = gettext("A valid domain search list must be specified."); break; } } } if ($_POST['ntp1'] && !is_ipaddrv4($_POST['ntp1']) || $_POST['ntp2'] && !is_ipaddrv4($_POST['ntp2'])) { $input_errors[] = gettext("A valid IP address must be specified for the primary/secondary NTP servers."); } if ($_POST['tftp'] && !is_ipaddrv4($_POST['tftp']) && !is_domain($_POST['tftp']) && !is_URL($_POST['tftp'])) { $input_errors[] = gettext("A valid IP address or hostname must be specified for the TFTP server."); } if ($_POST['nextserver'] && !is_ipaddrv4($_POST['nextserver'])) { $input_errors[] = gettext("A valid IP address must be specified for the network boot server."); } if (!$input_errors) { $mapent = array(); $mapent['mac'] = $_POST['mac']; $mapent['cid'] = $_POST['cid']; $mapent['ipaddr'] = $_POST['ipaddr']; $mapent['hostname'] = $_POST['hostname']; $mapent['descr'] = $_POST['descr']; $mapent['arp_table_static_entry'] = $_POST['arp_table_static_entry'] ? true : false; $mapent['filename'] = $_POST['filename']; $mapent['rootpath'] = $_POST['rootpath'];
$pconfig['verifysslpeer'] = isset($a_checkip[$id]['verifysslpeer']); $pconfig['descr'] = $a_checkip[$id]['descr']; } if ($_POST) { unset($input_errors); $pconfig = $_POST; /* input validation */ $reqdfields = array(); $reqdfieldsn = array(); $reqdfields = array_merge($reqdfields, explode(" ", "name url")); $reqdfieldsn = array_merge($reqdfieldsn, array(gettext("Name"), gettext("URL"))); do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if ($_POST['name'] && !is_validaliasname($_POST['name'])) { $input_errors[] = gettext("The Check IP Service name contains invalid characters."); } if ($_POST['url'] && !is_URL($_POST['url'])) { $input_errors[] = gettext("The Check IP Service URL is not valid."); } if ($_POST['passwordfld'] != $_POST['passwordfld_confirm']) { $input_errors[] = gettext("Password and confirmed password must match."); } if (!$input_errors) { $checkip = array(); $checkip['enable'] = $_POST['enable'] ? true : false; $checkip['name'] = $_POST['name']; $checkip['url'] = $_POST['url']; $checkip['username'] = $_POST['username']; if ($_POST['passwordfld'] != DMYPWD) { $checkip['password'] = $_POST['passwordfld']; } else { $checkip['password'] = $a_checkip[$id]['password'];
} } $alias = array(); $address = array(); $final_address_details = array(); $alias['name'] = $_POST['name']; if (preg_match("/urltable/i", $_POST['type'])) { $address = ""; /* item is a url table type */ if ($_POST['address0']) { /* fetch down and add in */ $_POST['address0'] = trim($_POST['address0']); $address[] = $_POST['address0']; $alias['url'] = $_POST['address0']; $alias['updatefreq'] = $_POST['address_subnet0'] ? $_POST['address_subnet0'] : 7; if (!is_URL($alias['url']) || empty($alias['url'])) { $input_errors[] = gettext("You must provide a valid URL."); } elseif (!process_alias_urltable($alias['name'], $alias['url'], 0, true)) { $input_errors[] = gettext("Unable to fetch usable data."); } if ($_POST["detail0"] != "") { if (strpos($_POST["detail0"], "||") === false && substr($_POST["detail0"], 0, 1) != "|" && substr($_POST["detail0"], -1, 1) != "|") { $final_address_details[] = $_POST["detail0"]; } else { /* Remove leading and trailing vertical bars and replace multiple vertical bars with single, */ /* and put in the output array so the text is at least redisplayed for the user. */ $final_address_details[] = preg_replace('/\\|\\|+/', '|', trim($_POST["detail0"], "|")); $input_errors[] = $vertical_bar_err_text; } } else { $final_address_details[] = sprintf(gettext("Entry added %s"), date('r'));
$pconfig = $_POST; /* input validation */ if (empty($_POST['location'])) { $reqdfields = explode(" ", "patch"); $reqdfieldsn = array(gettext("Patch Contents")); } else { $reqdfields = explode(" ", "descr location"); $reqdfieldsn = array(gettext("Description"), gettext("URL/Commit ID")); } $pf_version = substr(trim(file_get_contents("/etc/version")), 0, 3); if ($pf_version < 2.1) { $input_errors = eval('do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); return $input_errors;'); } else { do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); } if (!empty($_POST['location']) && !is_commit_id($_POST['location']) && !is_URL($_POST['location'])) { $input_errors[] = gettext("The supplied commit ID/URL appears to be invalid."); } if (!is_numeric($_POST['pathstrip'])) { $input_errors[] = gettext("Path Strip Count must be numeric!"); } if (!empty($_POST['basedir']) && (!file_exists($_POST['basedir']) || !is_dir($_POST['basedir']))) { $input_errors[] = gettext("Base Directory must exist and be a directory!"); } if (!$input_errors) { $thispatch = array(); $thispatch['descr'] = $_POST['descr']; $thispatch['location'] = patch_fixup_url($_POST['location']); if (!empty($_POST['patch'])) { /* Strip DOS style carriage returns from textarea input */ $thispatch['patch'] = base64_encode(str_replace("\r", "", $_POST['patch']));
if (!is_domain($curdomain)) { $input_errors[] = gettext("A valid domain search list must be specified."); break; } } } if ($_POST['ntp1'] && !is_ipaddrv6($_POST['ntp1']) || $_POST['ntp2'] && !is_ipaddrv6($_POST['ntp2'])) { $input_errors[] = gettext("A valid IPv6 address must be specified for the primary/secondary NTP servers."); } if ($_POST['domain'] && !is_domain($_POST['domain'])) { $input_errors[] = gettext("A valid domain name must be specified for the DNS domain."); } if ($_POST['tftp'] && !is_ipaddr($_POST['tftp']) && !is_domain($_POST['tftp']) && !is_URL($_POST['tftp'])) { $input_errors[] = gettext("A valid IPv6 address or hostname must be specified for the TFTP server."); } if ($_POST['bootfile_url'] && !is_URL($_POST['bootfile_url'])) { $input_errors[] = gettext("A valid URL must be specified for the network bootfile."); } // Disallow a range that includes the virtualip if (is_array($config['virtualip']['vip'])) { foreach ($config['virtualip']['vip'] as $vip) { if ($vip['interface'] == $if) { if ($vip['subnetv6'] && is_inrange_v6($vip['subnetv6'], $_POST['range_from'], $_POST['range_to'])) { $input_errors[] = sprintf(gettext("The subnet range cannot overlap with virtual IPv6 address %s."), $vip['subnetv6']); } } } } $noip = false; if (is_array($a_maps)) { foreach ($a_maps as $map) {
} /* check for name conflicts */ if (empty($a_aliases[$id])) { foreach ($a_aliases as $alias) { if ($alias['name'] == $_POST['name']) { $input_errors[] = gettext("An alias with this name already exists."); break; } } } /* user may not change type */ if (isset($id) && $pconfig['type'] != $a_aliases[$id]['type']) { $input_errors[] = gettext("Alias type may not be changed for an existing alias."); } if ($pconfig['type'] == 'urltable') { if (empty($pconfig['url']) || !is_URL($pconfig['url'])) { $input_errors[] = gettext("You must provide a valid URL."); } } if (count($input_errors) == 0) { // save to config $copy_fields = array("name", "detail", "address", "type", "descr", "updatefreq", "aliasurl", "url"); $confItem = array(); foreach ($copy_fields as $fieldname) { if (!empty($pconfig[$fieldname])) { $confItem[$fieldname] = $pconfig[$fieldname]; } } /* Check to see if alias name needs to be * renamed on referenced rules and such */