} else { if ($config['openvpn']['openvpn-server'][$srvid]['mode'] != "server_user" && ($usrid === false || $crtid === false)) { pfSenseHeader("vpn_openvpn_export.php"); exit; } } if ($config['openvpn']['openvpn-server'][$srvid]['mode'] == "server_user") { $nokeys = true; } else { $nokeys = false; } $useaddr = ''; if (isset($_GET['useaddr']) && !empty($_GET['useaddr'])) { $useaddr = trim($_GET['useaddr']); } if (!(is_ipaddr($useaddr) || is_hostname($useaddr) || in_array($useaddr, array("serveraddr", "servermagic", "servermagichost", "serverhostname")))) { $input_errors[] = "You need to specify an IP or hostname."; } $advancedoptions = $_GET['advancedoptions']; $openvpnmanager = $_GET['openvpnmanager']; $verifyservercn = $_GET['verifyservercn']; $randomlocalport = $_GET['randomlocalport']; $usetoken = $_GET['usetoken']; if ($usetoken && substr($act, 0, 10) == "confinline") { $input_errors[] = "You cannot use Microsoft Certificate Storage with an Inline configuration."; } if ($usetoken && ($act == "conf_yealink_t28" || $act == "conf_yealink_t38g" || $act == "conf_yealink_t38g2" || $act == "conf_snom")) { $input_errors[] = "You cannot use Microsoft Certificate Storage with a Yealink or SNOM configuration."; } $password = ""; if ($_GET['password']) {
$pconfig = $_POST; /* input validation */ if ($_POST['webguiport']) { if (!is_port($_POST['webguiport'])) { $input_errors[] = gettext("You must specify a valid webConfigurator port number"); } } if ($_POST['max_procs']) { if (!is_numericint($_POST['max_procs']) || $_POST['max_procs'] < 1 || $_POST['max_procs'] > 500) { $input_errors[] = gettext("Max Processes must be a number 1 or greater"); } } if ($_POST['althostnames']) { $althosts = explode(" ", $_POST['althostnames']); foreach ($althosts as $ah) { if (!is_hostname($ah)) { $input_errors[] = sprintf(gettext("Alternate hostname %s is not a valid hostname."), htmlspecialchars($ah)); } } } if ($_POST['sshport']) { if (!is_port($_POST['sshport'])) { $input_errors[] = gettext("You must specify a valid port number"); } } if ($_POST['sshdkeyonly'] == "yes") { $config['system']['ssh']['sshdkeyonly'] = "enabled"; } else { if (isset($config['system']['ssh']['sshdkeyonly'])) { unset($config['system']['ssh']['sshdkeyonly']); }
if ($_POST['pppoe_resethour'] != "" && !is_numericint($_POST['pppoe_resethour']) && $_POST['pppoe_resethour'] >= 0 && $_POST['pppoe_resethour'] <= 23) { $input_errors[] = gettext("A valid PPPoE reset hour must be specified (0-23)."); } if ($_POST['pppoe_resetminute'] != "" && !is_numericint($_POST['pppoe_resetminute']) && $_POST['pppoe_resetminute'] >= 0 && $_POST['pppoe_resetminute'] <= 59) { $input_errors[] = gettext("A valid PPPoE reset minute must be specified (0-59)."); } if ($_POST['pppoe_resetdate'] != "" && !is_numeric(str_replace("/", "", $_POST['pppoe_resetdate']))) { $input_errors[] = gettext("A valid PPPoE reset date must be specified (mm/dd/yyyy)."); } if ($_POST['pptp_local0'] && !is_ipaddrv4($_POST['pptp_local0'])) { $input_errors[] = gettext("A valid PPTP local IP address must be specified."); } if ($_POST['pptp_subnet0'] && !is_numeric($_POST['pptp_subnet0'])) { $input_errors[] = gettext("A valid PPTP subnet bit count must be specified."); } if ($_POST['pptp_remote0'] && !is_ipaddrv4($_POST['pptp_remote0']) && !is_hostname($_POST['gateway'][$iface])) { $input_errors[] = gettext("A valid PPTP remote IP address must be specified."); } if ($_POST['pptp_idletimeout'] != "" && !is_numericint($_POST['pptp_idletimeout'])) { $input_errors[] = gettext("The idle timeout value must be an integer."); } if ($_POST['spoofmac'] && !is_macaddr($_POST['spoofmac'])) { $input_errors[] = gettext("A valid MAC address must be specified."); } if ($_POST['mtu']) { if (!is_numericint($_POST['mtu'])) { $input_errors[] = "MTU must be an integer."; } if (substr($wancfg['if'], 0, 3) == 'gif') { $min_mtu = 1280; $max_mtu = 8192;
$reqdfieldsn = array(gettext("Existing Certificate Choice")); } $altnames = array(); do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors); if (isset($pconfig['altname_value']) && $pconfig['certmethod'] != "import" && $pconfig['certmethod'] != "existing") { /* subjectAltNames */ foreach ($pconfig['altname_type'] as $altname_seq => $altname_type) { if (!empty($pconfig['altname_value'][$altname_seq])) { $altnames[] = array("type" => $altname_type, "value" => $pconfig['altname_value'][$altname_seq]); } } /* Input validation for subjectAltNames */ foreach ($altnames as $altname) { switch ($altname['type']) { case "DNS": if (!is_hostname($altname['value'])) { $input_errors[] = gettext("DNS subjectAltName values must be valid hostnames or FQDNs"); } break; case "IP": if (!is_ipaddr($altname['value'])) { $input_errors[] = gettext("IP subjectAltName values must be valid IP Addresses"); } break; case "email": if (empty($altname['value'])) { $input_errors[] = gettext("You must provide an e-mail address for this type of subjectAltName"); } if (preg_match("/[\\!\\#\$\\%\\^\\(\\)\\~\\?\\>\\<\\&\\/\\\\,\"\\']/", $altname['value'])) { $input_errors[] = gettext("The e-mail provided in a subjectAltName contains invalid characters."); }
if ($numberoption['type'] == 'unsigned integer 16' && (!is_numeric($numberoption['value']) || $numberoption['value'] < 0 || $numberoption['value'] > 65535)) { $input_errors[] = gettext("Unsigned 16-bit integer type must be a number in the range 0 to 65535."); } else { if ($numberoption['type'] == 'unsigned integer 32' && (!is_numeric($numberoption['value']) || $numberoption['value'] < 0 || $numberoption['value'] > 4294967295)) { $input_errors[] = gettext("Unsigned 32-bit integer type must be a number in the range 0 to 4294967295."); } else { if ($numberoption['type'] == 'signed integer 8' && (!is_numeric($numberoption['value']) || $numberoption['value'] < -128 || $numberoption['value'] > 127)) { $input_errors[] = gettext("Signed 8-bit integer type must be a number in the range -128 to 127."); } else { if ($numberoption['type'] == 'signed integer 16' && (!is_numeric($numberoption['value']) || $numberoption['value'] < -32768 || $numberoption['value'] > 32767)) { $input_errors[] = gettext("Signed 16-bit integer type must be a number in the range -32768 to 32767."); } else { if ($numberoption['type'] == 'signed integer 32' && (!is_numeric($numberoption['value']) || $numberoption['value'] < -2147483648 || $numberoption['value'] > 2147483647)) { $input_errors[] = gettext("Signed 32-bit integer type must be a number in the range -2147483648 to 2147483647."); } else { if ($numberoption['type'] == 'ip-address' && !is_ipaddrv4($numberoption['value']) && !is_hostname($numberoption['value'])) { $input_errors[] = gettext("IP address or host type must be an IP address or host name."); } } } } } } } } } } } } if (!$input_errors) { /* make sure the range lies within the current subnet */
$_POST["address{$x}"] = trim($_POST["address{$x}"]); if (is_alias($_POST["address{$x}"])) { if (!alias_same_type($_POST["address{$x}"], $_POST['type'])) { // But alias type network can include alias type urltable. Feature#1603. if (!($_POST['type'] == 'network' && preg_match("/urltable/i", alias_get_type($_POST["address{$x}"])))) { $wrongaliases .= " " . $_POST["address{$x}"]; } } } else { if ($_POST['type'] == "port") { if (!is_port($_POST["address{$x}"]) && !is_portrange($_POST["address{$x}"])) { $input_errors[] = $_POST["address{$x}"] . " " . gettext("is not a valid port or alias."); } } else { if ($_POST['type'] == "host" || $_POST['type'] == "network") { if (is_subnet($_POST["address{$x}"]) || !is_ipaddr($_POST["address{$x}"]) && !is_hostname($_POST["address{$x}"]) && !is_iprange($_POST["address{$x}"])) { $input_errors[] = sprintf(gettext('%1$s is not a valid %2$s alias.'), $_POST["address{$x}"], $_POST['type']); } } } } if (is_iprange($_POST["address{$x}"])) { list($startip, $endip) = explode('-', $_POST["address{$x}"]); $rangesubnets = ip_range_to_subnet_array($startip, $endip); $address = array_merge($address, $rangesubnets); } else { $tmpaddress = $_POST["address{$x}"]; if ($_POST['type'] != "host" && is_ipaddr($_POST["address{$x}"]) && $_POST["address_subnet{$x}"] != "") { if (!is_subnet($_POST["address{$x}"] . "/" . $_POST["address_subnet{$x}"])) { $input_errors[] = sprintf(gettext('%s/%s is not a valid subnet.'), $_POST["address{$x}"], $_POST["address_subnet{$x}"]); } else {
$input_errors[] = gettext("A valid PPPoE reset month must be specified (1-12) in the Custom PPPoE Periodic reset fields."); } if ($date_nums[1] < 1 || $date_nums[1] > 31) { $input_errors[] = gettext("A valid PPPoE reset day of month must be specified (1-31) in the Custom PPPoE Periodic reset fields. No checks are done on valid # of days per month"); } if ($date_nums[2] < date("Y")) { $input_errors[] = gettext("A valid PPPoE reset year must be specified. Don't select a year in the past!"); } } $port_data = array(); if (is_array($_POST['interfaces'])) { foreach ($_POST['interfaces'] as $iface) { if ($_POST['localip'][$iface] && !is_ipaddr($_POST['localip'][$iface])) { $input_errors[] = sprintf(gettext("A valid local IP address must be specified for %s."), $iface); } if ($_POST['gateway'][$iface] && !is_ipaddr($_POST['gateway'][$iface]) && !is_hostname($_POST['gateway'][$iface])) { $input_errors[] = sprintf(gettext("A valid gateway IP address OR hostname must be specified for %s."), $iface); } if ($_POST['bandwidth'][$iface] && !is_numericint($_POST['bandwidth'][$iface])) { $input_errors[] = sprintf(gettext("The bandwidth value for %s must be an integer."), $iface); } if ($_POST['mtu'][$iface] && $_POST['mtu'][$iface] < 576) { $input_errors[] = sprintf(gettext("The MTU for %s must be greater than 576 bytes."), $iface); } if ($_POST['mru'][$iface] && $_POST['mru'][$iface] < 576) { $input_errors[] = sprintf(gettext("The MRU for %s must be greater than 576 bytes."), $iface); } } // Loop through fields associated with an individual link/port and make an array of the data $port_fields = array("localip", "gateway", "subnet", "bandwidth", "mtu", "mru", "mrru"); foreach ($_POST['interfaces'] as $iface) {
} elseif (!substr_compare('aliasdescription', $key, 0, 16)) { $entry = substr($key, 16); $field = 'description'; } if (ctype_digit($entry)) { $aliases[$entry][$field] = $value; } } $pconfig['aliases']['item'] = $aliases; /* validate aliases */ foreach ($aliases as $idx => $alias) { $aliasreqdfields = array('aliasdomain' . $idx); $aliasreqdfieldsn = array(gettext("Alias Domain")); var_dump(array('fields' => $aliasreqdfields, 'names' => $aliasreqdfieldsn, 'alias' => $alias)); do_input_validation($_POST, $aliasreqdfields, $aliasreqdfieldsn, $input_errors); if ($alias['host'] && !is_hostname($alias['host'])) { $input_errors[] = gettext("Hostnames in alias list can only contain the characters A-Z, 0-9 and '-'."); } if ($alias['domain'] && !is_domain($alias['domain'])) { $input_errors[] = gettext("A valid domain must be specified in alias list."); } } /* check for overlaps */ foreach ($a_hosts as $hostent) { if (isset($id) && $a_hosts[$id] && $a_hosts[$id] === $hostent) { continue; } if ($hostent['host'] == $_POST['host'] && $hostent['domain'] == $_POST['domain'] && (is_ipaddrv4($hostent['ip']) && is_ipaddrv4($_POST['ip']) || is_ipaddrv6($hostent['ip']) && is_ipaddrv6($_POST['ip']))) { $input_errors[] = gettext("This host/domain already exists."); break; }
##|*NAME=Diagnostics: Test Port ##|*DESCR=Allow access to the 'Diagnostics: Test Port' page. ##|*MATCH=diag_testport.php* ##|-PRIV $allowautocomplete = true; $pgtitle = array(gettext("Diagnostics"), gettext("Test Port")); require "guiconfig.inc"; define('NC_TIMEOUT', 10); if ($_POST || $_REQUEST['host']) { unset($input_errors); unset($do_testport); /* input validation */ $reqdfields = explode(" ", "host port"); $reqdfieldsn = array(gettext("Host"), gettext("Port")); do_input_validation($_REQUEST, $reqdfields, $reqdfieldsn, $input_errors); if (!is_ipaddr($_REQUEST['host']) && !is_hostname($_REQUEST['host'])) { $input_errors[] = gettext("Please enter a valid IP or hostname."); } if (!is_port($_REQUEST['port'])) { $input_errors[] = gettext("Please enter a valid port number."); } if (!is_numeric($_REQUEST['srcport']) || !is_port($_REQUEST['srcport'])) { $input_errors[] = gettext("Please enter a valid source port number, or leave the field blank."); } if (is_ipaddrv4($_REQUEST['host']) && $_REQUEST['ipprotocol'] == "ipv6") { $input_errors[] = gettext("You cannot connect to an IPv4 address using IPv6."); } if (is_ipaddrv6($_REQUEST['host']) && $_REQUEST['ipprotocol'] == "ipv4") { $input_errors[] = gettext("You cannot connect to an IPv6 address using IPv4."); } if (!$input_errors) {
if (!empty($pconfig['pppoe-reset-type'])) { if (!empty($pconfig['pppoe_resethour']) && (!is_numericint($pconfig['pppoe_resethour']) || $pconfig['pppoe_resethour'] < 0 || $pconfig['pppoe_resethour'] > 23)) { $input_errors[] = gettext("A valid PPPoE reset hour must be specified (0-23)."); } if (!empty($pconfig['pppoe_resetminute']) && (!is_numericint($pconfig['pppoe_resetminute']) || $pconfig['pppoe_resetminute'] < 0 || $pconfig['pppoe_resetminute'] > 59)) { $input_errors[] = gettext("A valid PPPoE reset minute must be specified (0-59)."); } if (!empty($pconfig['pppoe_resetdate']) && !is_numeric(str_replace("/", "", $pconfig['pppoe_resetdate']))) { $input_errors[] = gettext("A valid PPPoE reset date must be specified (mm/dd/yyyy)."); } } foreach ($pconfig['ports'] as $iface_idx => $iface) { if (!empty($pconfig['localip'][$iface_idx]) && !is_ipaddr($pconfig['localip'][$iface_idx])) { $input_errors[] = sprintf(gettext("A valid local IP address must be specified for %s."), $iface); } if (!empty($pconfig['gateway'][$iface_idx]) && !is_ipaddr($pconfig['gateway'][$iface_idx]) && !is_hostname($pconfig['gateway'][$iface_idx])) { $input_errors[] = sprintf(gettext("A valid gateway IP address OR hostname must be specified for %s."), $iface); } if (!empty($pconfig['bandwidth'][$iface_idx]) && !is_numericint($pconfig['bandwidth'][$iface_idx])) { $input_errors[] = sprintf(gettext("The bandwidth value for %s must be an integer."), $iface); } if (!empty($pconfig['mtu'][$iface_idx]) && $pconfig['mtu'][$iface_idx] < 576) { $input_errors[] = sprintf(gettext("The MTU for %s must be greater than 576 bytes."), $iface); } if (!empty($pconfig['mru'][$iface_idx]) && $pconfig['mru'][$iface_idx] < 576) { $input_errors[] = sprintf(gettext("The MRU for %s must be greater than 576 bytes."), $iface); } } if (count($input_errors) == 0) { $ppp = array(); $ppp['ptpid'] = $pconfig['ptpid'];
redirectHeader("vpn_openvpn_export.php"); exit; } if ($config['openvpn']['openvpn-server'][$srvid]['mode'] == "server_user") { $nokeys = true; } else { $nokeys = false; } $useaddr = ''; if (isset($_GET['useaddr']) && !empty($_GET['useaddr'])) { $useaddr = trim($_GET['useaddr']); } if (!(is_ipaddr($useaddr) || is_hostname($useaddr) || in_array($useaddr, array("serveraddr", "servermagic", "servermagichost", "serverhostname")))) { $input_errors[] = "You need to specify an IP or hostname."; } $advancedoptions = $_GET['advancedoptions']; $openvpnmanager = $_GET['openvpnmanager']; $verifyservercn = $_GET['verifyservercn']; $randomlocalport = $_GET['randomlocalport']; $usetoken = $_GET['usetoken']; if ($usetoken && (substr($act, 0, 10) == "confinline")) { $input_errors[] = "You cannot use Microsoft Certificate Storage with an Inline configuration."; } if ($usetoken && (($act == "conf_yealink_t28") || ($act == "conf_yealink_t38g") || ($act == "conf_yealink_t38g2") || ($act == "conf_snom"))) { $input_errors[] = "You cannot use Microsoft Certificate Storage with a Yealink or SNOM configuration.";
if ($_SERVER['REQUEST_METHOD'] === 'GET') { // set form defaults $pconfig = array(); $pconfig['ipprotocol'] = 'ipv4'; $pconfig['host'] = null; $pconfig['port'] = null; $pconfig['showtext'] = null; $pconfig['sourceip'] = null; } elseif ($_SERVER['REQUEST_METHOD'] === 'POST') { $pconfig = $_POST; $input_errors = array(); /* input validation */ $reqdfields = explode(" ", "host port"); $reqdfieldsn = array(gettext("Host"), gettext("Port")); do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors); if (!is_ipaddr($pconfig['host']) && !is_hostname($pconfig['host'])) { $input_errors[] = gettext("Please enter a valid IP or hostname."); } if (!is_port($pconfig['port'])) { $input_errors[] = gettext("Please enter a valid port number."); } if ($pconfig['srcport'] != "" && (!is_numeric($pconfig['srcport']) || !is_port($pconfig['srcport']))) { $input_errors[] = gettext("Please enter a valid source port number, or leave the field blank."); } if (is_ipaddrv4($pconfig['host']) && $pconfig['ipprotocol'] == "ipv6") { $input_errors[] = gettext("You cannot connect to an IPv4 address using IPv6."); } if (is_ipaddrv6($pconfig['host']) && $pconfig['ipprotocol'] == "ipv4") { $input_errors[] = gettext("You cannot connect to an IPv6 address using IPv4."); } if (count($input_errors) == 0) {
} else { } } else { } } } $subnet = $config['interfaces']['lan']['ipaddr'] . "/" . $config['interfaces']['lan']['subnet']; if (is_ipaddr($_POST['ipadress'])) { if (false == ($cnif = ip_in_subnet($_POST['ipadress'], $subnet))) { $input_errors[] = "Value \"IP address\" is not belongs to the subnet LAN"; goto out; } else { } } } elseif (empty($_POST['macaddr']) && empty($_POST['ipadress']) && !empty($_POST['hostname'])) { if (FALSE == is_hostname($_POST['hostname'])) { $input_errors[] = "Wrong Host name."; goto out; } else { $pconfig['leasetime'] = "60"; $nas4frehosts =& $config['system']['hosts']; if (false !== ($cnin = array_search_ex($_POST['hostname'], $nas4frehosts, "name"))) { $warning_mess = "Host defined on <a href=system_hosts.php>/etc/hosts</a>"; } else { if ($_POST['hostname'] == $config['system']['hostname']) { $input_errors[] = "You can not define main host as DHCP client"; goto out; } else { $warning_mess = "Host NOT defined on <a href=system_hosts.php>/etc/hosts</a>, please define it"; } }
if ($_POST["address{$x}"] != "") { if (is_alias($_POST["address{$x}"])) { if (!alias_same_type($_POST["address{$x}"], $_POST['type'])) { // But alias type network can include alias type urltable. Feature#1603. if (!($_POST['type'] == 'network' && alias_get_type($_POST["address{$x}"]) == 'urltable')) { $wrongaliases .= " " . $_POST["address{$x}"]; } } } else { if ($_POST['type'] == "port") { if (!is_port($_POST["address{$x}"])) { $input_errors[] = $_POST["address{$x}"] . " " . gettext("is not a valid port or alias."); } } else { if ($_POST['type'] == "host" || $_POST['type'] == "network") { if (!is_ipaddr($_POST["address{$x}"]) && !is_hostname($_POST["address{$x}"]) && !is_iprange($_POST["address{$x}"])) { $input_errors[] = sprintf(gettext('%1$s is not a valid %2$s alias.'), $_POST["address{$x}"], $_POST['type']); } } } } if (is_iprange($_POST["address{$x}"])) { list($startip, $endip) = explode('-', $_POST["address{$x}"]); $rangesubnets = ip_range_to_subnet_array($startip, $endip); $address = array_merge($address, $rangesubnets); } else { $tmpaddress = $_POST["address{$x}"]; if (is_ipaddr($_POST["address{$x}"]) && $_POST["address_subnet{$x}"] != "") { $tmpaddress .= "/" . $_POST["address_subnet{$x}"]; } $address[] = $tmpaddress;
} elseif (!substr_compare('altname_value', $key, 0, 13)) { $entry = substr($key, 13); $field = 'value'; } if (ctype_digit($entry)) { $entry++; // Pre-bootstrap code is one-indexed, but the bootstrap code is 0-indexed $altnames[$entry][$field] = $value; } } $pconfig['altnames']['item'] = $altnames; /* Input validation for subjectAltNames */ foreach ($altnames as $idx => $altname) { switch ($altname['type']) { case "DNS": if (!is_hostname($altname['value'], true)) { array_push($input_errors, "DNS subjectAltName values must be valid hostnames, FQDNs or wildcard domains."); } break; case "IP": if (!is_ipaddr($altname['value'])) { array_push($input_errors, "IP subjectAltName values must be valid IP Addresses"); } break; case "email": if (empty($altname['value'])) { array_push($input_errors, "You must provide an e-mail address for this type of subjectAltName"); } if (preg_match("/[\\!\\#\$\\%\\^\\(\\)\\~\\?\\>\\<\\&\\/\\\\,\"\\']/", $altname['value'])) { array_push($input_errors, "The e-mail provided in a subjectAltName contains invalid characters."); }
} elseif (!substr_compare('aliasdescription', $key, 0, 16)) { $entry = substr($key, 16); $field = 'description'; } if (ctype_digit($entry)) { $aliases[$entry][$field] = $value; } } $pconfig['aliases']['item'] = $aliases; /* validate aliases */ foreach ($aliases as $idx => $alias) { $aliasreqdfields = array('aliasdomain' . $idx); $aliasreqdfieldsn = array(gettext("Alias Domain")); do_input_validation($_POST, $aliasreqdfields, $aliasreqdfieldsn, $input_errors); if ($alias['host']) { if (!is_hostname($alias['host'])) { $input_errors[] = gettext("Hostnames in an alias list can only contain the characters A-Z, 0-9 and '-'. They may not start or end with '-'."); } else { if (!is_unqualified_hostname($alias['host'])) { $input_errors[] = gettext("A valid alias hostname is specified, but the domain name part should be omitted"); } } } if ($alias['domain'] && !is_domain($alias['domain'])) { $input_errors[] = gettext("A valid domain must be specified in alias list."); } } /* check for overlaps */ foreach ($a_hosts as $hostent) { if (isset($id) && $a_hosts[$id] && $a_hosts[$id] === $hostent) { continue;
function is_valid_syslog_server($target) { return is_ipaddr($target) || is_ipaddrwithport($target) || is_hostname($target) || is_hostnamewithport($target); }
if (preg_match('/[ \\/]/', $_POST['name'])) { $input_errors[] = gettext("You cannot use spaces or slashes in the 'name' field."); } if (strlen($_POST['name']) > 16) { $input_errors[] = gettext("The 'name' field must be 16 characters or less."); } switch ($_POST['type']) { case 'icmp': break; case 'tcp': break; case 'http': case 'https': if (is_array($pconfig['options'])) { if (isset($pconfig['options']['host']) && $pconfig['options']['host'] != "") { if (!is_hostname($pconfig['options']['host'])) { $input_errors[] = gettext("The hostname can only contain the characters A-Z, 0-9 and '-'."); } } if (isset($pconfig['options']['code']) && $pconfig['options']['code'] != "") { // Check code if (!is_rfc2616_code($pconfig['options']['code'])) { $input_errors[] = gettext("HTTP(s) codes must be from RFC2616."); } } if (!isset($pconfig['options']['path']) || $pconfig['options']['path'] == "") { $input_errors[] = gettext("The path to monitor must be set."); } } break; case 'send':
foreach ($input_addresses as $idx => $input_address) { if (is_alias($input_address)) { if (!alias_same_type($input_address, $_POST['type'])) { // But alias type network can include alias type urltable. Feature#1603. if (!($_POST['type'] == 'network' && preg_match("/urltable/i", alias_get_type($input_address)))) { $wrongaliases .= " " . $input_address; } } } else { if ($_POST['type'] == "port") { if (!is_port($input_address) && !is_portrange($input_address)) { $input_errors[] = $input_address . " " . gettext("is not a valid port or alias."); } } else { if ($_POST['type'] == "host" || $_POST['type'] == "network") { if (is_subnet($input_address) || !is_ipaddr($input_address) && !is_hostname($input_address)) { $input_errors[] = sprintf(gettext('%1$s is not a valid %2$s address, FQDN or alias.'), $input_address, $_POST['type']); } } } } $tmpaddress = $input_address; if ($_POST['type'] != "host" && is_ipaddr($input_address) && $input_address_subnet[$idx] != "") { if (!is_subnet($input_address . "/" . $input_address_subnet[$idx])) { $input_errors[] = sprintf(gettext('%s/%s is not a valid subnet.'), $input_address, $input_address_subnet[$idx]); } else { $tmpaddress .= "/" . $input_address_subnet[$idx]; } } $address[] = $tmpaddress; }
$input_errors[] = gettext("A valid PPPoE reset hour must be specified (0-23)."); } if (!empty($pconfig['pppoe_resetminute']) && (!is_numericint($pconfig['pppoe_resetminute']) || $pconfig['pppoe_resetminute'] < 0 || $pconfig['pppoe_resetminute'] > 59)) { $input_errors[] = gettext("A valid PPPoE reset minute must be specified (0-59)."); } if (!empty($pconfig['pppoe_resetdate']) && !is_numeric(str_replace("/", "", $pconfig['pppoe_resetdate']))) { $input_errors[] = gettext("A valid PPPoE reset date must be specified (mm/dd/yyyy)."); } } if (!empty($pconfig['localip']) && !is_ipaddrv4($pconfig['localip'])) { $input_errors[] = gettext("A valid PPTP local IP address must be specified."); } if (!empty($pconfig['pptp_subnet']) && !is_numeric($pconfig['pptp_subnet'])) { $input_errors[] = gettext("A valid PPTP subnet bit count must be specified."); } if (!empty($pconfig['pptp_remote']) && !is_ipaddrv4($pconfig['pptp_remote']) && !is_hostname($pconfig['gateway'][$iface])) { $input_errors[] = gettext("A valid PPTP remote IP address must be specified."); } if (!empty($pconfig['pptp_idletimeout']) && !is_numericint($pconfig['pptp_idletimeout'])) { $input_errors[] = gettext("The idle timeout value must be an integer."); } if (!empty($pconfig['spoofmac']) && !is_macaddr($pconfig['spoofmac'])) { $input_errors[] = gettext("A valid MAC address must be specified."); } if (!empty($pconfig['mtu'])) { if ($pconfig['mtu'] < 576 || $pconfig['mtu'] > 9000) { $input_errors[] = gettext("The MTU must be greater than 576 bytes and less than 9000."); } if (stristr($a_interfaces[$if]['if'], "_vlan")) { $realhwif_array = get_parent_interface($a_interfaces[$if]['if']); // Need code to handle MLPPP if we ever use $realhwif for MLPPP handling
} $type = "unknown"; $resolved = array(); $ipaddr = ""; if (!$input_errors) { if (is_ipaddr($host)) { $type = "ip"; $resolvedptr = gethostbyaddr($host); $ipaddr = $host; if ($host != $resolvedptr) { $tmpresolved = array(); $tmpresolved['type'] = "PTR"; $tmpresolved['data'] = $resolvedptr; $resolved[] = $tmpresolved; } } elseif (is_hostname($host)) { $type = "hostname"; $ipaddr = gethostbyname($host); $resolved = resolve_host_addresses($host); } } } if ($_POST['host'] && $_POST['dialog_output']) { $host = isset($resolvedptr) ? $resolvedptr : $host; display_host_results($ipaddr, $host, $dns_speeds); exit; } function display_host_results($address, $hostname, $dns_speeds) { $map_lengths = function ($element) { return strlen($element[0]);
$input_errors[] = "This pool name has already been used. Pool names must be unique."; } } $pconfig['a_acl'] = $htmllist_acls->haproxy_htmllist_get_values(); $pconfig['a_actionitems'] = $htmllist_actions->haproxy_htmllist_get_values(); $a_servers = $serverslist->haproxy_htmllist_get_values(); foreach ($a_servers as $server) { $server_name = $server['name']; $server_address = $server['address']; $server_port = $server['port']; $server_weight = $server['weight']; if (preg_match("/[^a-zA-Z0-9\\.\\-_]/", $server_name)) { $input_errors[] = "The field 'Name' contains invalid characters."; } if (!isset($server['forwardto']) || $server['forwardto'] == "") { if (!is_ipaddr($server_address) && !is_hostname($server_address) && !haproxy_is_frontendname($server_address)) { $input_errors[] = "The field 'Address' for server {$server_name} is not a valid ip address or hostname." . $server_address; } } else { if ($server_address && $server_address != "" || $server_port && !is_numeric($server_port)) { $input_errors[] = "'Address' and 'port' should be empty when a 'Forwardto' frontend is chosen other than 'Address+Port'."; } } if (!preg_match("/.{2,}/", $server_name)) { $input_errors[] = "The field 'Name' is required (and must be at least 2 characters)."; } if ($server_weight && !is_numeric($server_weight)) { $input_errors[] = "The field 'Weight' value is not a number."; } if ($server_port && !is_numeric($server_port)) { $input_errors[] = "The field 'Port' value is not a number.";
$id = $_POST['id']; } if (isset($id) && $a_hosts[$id]) { $pconfig['host'] = $a_hosts[$id]['host']; $pconfig['domain'] = $a_hosts[$id]['domain']; $pconfig['ip'] = $a_hosts[$id]['ip']; $pconfig['descr'] = $a_hosts[$id]['descr']; } if ($_POST) { unset($input_errors); $pconfig = $_POST; /* input validation */ $reqdfields = explode(" ", "domain ip"); $reqdfieldsn = array(gettext("Domain"), gettext("IP address")); do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); if ($_POST['host'] && !is_hostname($_POST['host'])) { $input_errors[] = gettext("The hostname can only contain the characters A-Z, 0-9 and '-'."); } if ($_POST['domain'] && !is_domain($_POST['domain'])) { $input_errors[] = gettext("A valid domain must be specified."); } if ($_POST['ip'] && !is_ipaddr($_POST['ip'])) { $input_errors[] = gettext("A valid IP address must be specified."); } /* check for overlaps */ foreach ($a_hosts as $hostent) { if (isset($id) && $a_hosts[$id] && $a_hosts[$id] === $hostent) { continue; } if ($hostent['host'] == $_POST['host'] && $hostent['domain'] == $_POST['domain'] && (is_ipaddrv4($hostent['ip']) && is_ipaddrv4($_POST['ip']) || is_ipaddrv6($hostent['ip']) && is_ipaddrv6($_POST['ip']))) { $input_errors[] = gettext("This host/domain already exists.");
$impip = $implinea[0]; $impdesc = trim($implinea[1]); if (strlen($impdesc) < 200) { if (strpos($impdesc, "||") === false && substr($impdesc, 0, 1) != "|" && substr($impdesc, -1, 1) != "|") { $iprange_type = is_iprange($impip); if ($iprange_type == 4) { list($startip, $endip) = explode('-', $impip); $rangesubnets = ip_range_to_subnet_array($startip, $endip); $imported_ips = array_merge($imported_ips, $rangesubnets); $rangedescs = array_fill(0, count($rangesubnets), $impdesc); $imported_descs = array_merge($imported_descs, $rangedescs); } else { if ($iprange_type == 6) { $input_errors[] = sprintf(gettext('IPv6 address ranges are not supported (%s)'), $impip); } else { if (!is_ipaddr($impip) && !is_subnet($impip) && !is_hostname($impip) && !empty($impip)) { $input_errors[] = sprintf(gettext("%s is not an IP address. Please correct the error to continue"), $impip); } elseif (!empty($impip)) { $imported_ips[] = $impip; $imported_descs[] = $impdesc; } } } } else { if (!$desc_fmt_err_found) { $input_errors[] = gettext("Descriptions may not start or end with vertical bar (|) or contain double vertical bar ||."); $desc_fmt_err_found = true; } } } else { if (!$desc_len_err_found) {
$pgtitle = array('SERVİSLER', ' 5651 SAYILI YASAYA GÖRE KAYIT TUTMA SERVİSİ'); if (!is_array($config['digitalsign'])) { $config['digitalsign'] = array(); } $pconfig['enable'] = isset($config['digitalsign']['enable']); $pconfig['sign_type'] = $config['digitalsign']['sign_type']; $pconfig['sign_time'] = $config['digitalsign']['sign_time']; $pconfig['sign_hour'] = $config['digitalsign']['sign_hour']; $pconfig['smbhostname'] = base64_decode($config['digitalsign']['smbhostname']); $pconfig['smbusername'] = base64_decode($config['digitalsign']['smbusername']); $pconfig['smbpassword'] = base64_decode($config['digitalsign']['smbpassword']); $pconfig['smbfolder'] = base64_decode($config['digitalsign']['smbfolder']); if ($_POST) { unset($input_errors); $pconfig = $_POST; if (!empty($_POST['smbhostname']) && !is_hostname($_POST['smbhostname'])) { $input_errors[] = 'Geçerli bir sunucu adı girmelisiniz.'; } if (!empty($_POST['sign_hour']) && !check_hour($_POST['sign_hour'])) { $input_errors[] = 'Geçerli bir saat girmelisiniz. HH:MM formatında bir saat girin.'; } if ($_POST['sign_type'] == 'remote') { $reqdfields = split(" ", "smbhostname smbusername smbpassword smbfolder"); $reqdfieldsn = array("Sunucu Adı", "Kullanıcı Adı", "Parola", "Klasör Adı"); do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); } if (strlen($_POST['smbusername']) > 128) { $input_errors[] = 'Kullanıcı adı 128 karakteri geçmemelidir.'; } if (strlen($_POST['smbpassword']) > 128) { $input_errors[] = 'Parola 128 karakteri geçmemelidir.';
$pconfig['mirror'] = $config['system']['firmware']['mirror']; } if (isset($config['system']['firmware']['flavour'])) { $pconfig['flavour'] = $config['system']['firmware']['flavour']; } } elseif ($_SERVER['REQUEST_METHOD'] === 'POST') { if (isset($_POST['timezone']) && $pconfig['timezone'] != $_POST['timezone']) { filter_pflog_start(); } $input_errors = array(); $pconfig = $_POST; /* input validation */ $reqdfields = explode(" ", "hostname domain"); $reqdfieldsn = array(gettext("Hostname"), gettext("Domain")); do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors); if (!empty($pconfig['hostname']) && !is_hostname($pconfig['hostname'])) { $input_errors[] = gettext("The hostname may only contain the characters a-z, 0-9 and '-'."); } if (!empty($pconfig['domain']) && !is_domain($pconfig['domain'])) { $input_errors[] = gettext("The domain may only contain the characters a-z, 0-9, '-' and '.'."); } $ignore_posted_dnsgw = array(); for ($dnscounter = 1; $dnscounter < 5; $dnscounter++) { $dnsname = "dns{$dnscounter}"; $dnsgwname = "dns{$dnscounter}gw"; if (!empty($pconfig[$dnsname]) && !is_ipaddr($pconfig[$dnsname])) { $input_errors[] = gettext("A valid IP address must be specified for DNS server {$dnscounter}."); } elseif (!empty($pconfig[$dnsgwname]) && $pconfig[$dnsgwname] != "none") { // A real gateway has been selected. if (is_ipaddr($pconfig[$dnsname])) { if (is_ipaddrv4($pconfig[$dnsname]) && validate_address_family($pconfig[$dnsname], $pconfig[$dnsgwname]) === false) {
<pre> <?php $useicmp = isset($_REQUEST['useicmp']) ? "-I" : ""; $n = isset($resolve) ? "" : "-n"; $command = "/usr/sbin/traceroute"; if ($ipproto == "ipv6") { $command .= "6"; $ifaddr = is_ipaddr($sourceip) ? $sourceip : get_interface_ipv6($sourceip); } else { $ifaddr = is_ipaddr($sourceip) ? $sourceip : get_interface_ip($sourceip); } if ($ifaddr && (is_ipaddr($host) || is_hostname($host))) $srcip = "-s " . escapeshellarg($ifaddr); $cmd = "{$command} {$n} {$srcip} -w 2 {$useicmp} -m " . escapeshellarg($ttl) . " " . escapeshellarg($host); //echo "Traceroute command: {$cmd}\n"; system($cmd); ?> </pre> </div> </div> </section> <? endif; ?> </div> </div>
$pconfig = $_POST; /* input validation */ if ($_POST['webguiport']) { if (!is_port($_POST['webguiport'])) { $input_errors[] = gettext("A valid webConfigurator port number must be specified"); } } if ($_POST['max_procs']) { if (!is_numericint($_POST['max_procs']) || $_POST['max_procs'] < 1 || $_POST['max_procs'] > 500) { $input_errors[] = gettext("Max Processes must be a number 1 or greater"); } } if ($_POST['althostnames']) { $althosts = explode(" ", $_POST['althostnames']); foreach ($althosts as $ah) { if (!is_ipaddr($ah) && !is_hostname($ah)) { $input_errors[] = sprintf(gettext("Alternate hostname %s is not a valid hostname."), htmlspecialchars($ah)); } } } if ($_POST['sshport']) { if (!is_port($_POST['sshport'])) { $input_errors[] = gettext("A valid port number must be specified"); } } if ($_POST['sshdkeyonly'] == "yes") { $config['system']['ssh']['sshdkeyonly'] = "enabled"; } else { if (isset($config['system']['ssh']['sshdkeyonly'])) { unset($config['system']['ssh']['sshdkeyonly']); }
/* input validation */ $reqdfields = array(); $reqdfieldsn = array(); do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); /* either MAC or Client-ID must be specified */ if (empty($_POST['mac']) && empty($_POST['cid'])) { $input_errors[] = gettext("Either MAC address or Client identifier must be specified"); } /* normalize MAC addresses - lowercase and convert Windows-ized hyphenated MACs to colon delimited */ $_POST['mac'] = strtolower(str_replace("-", ":", $_POST['mac'])); if ($_POST['hostname']) { preg_match("/\\-\$/", $_POST['hostname'], $matches); if ($matches) { $input_errors[] = gettext("The hostname cannot end with a hyphen according to RFC952"); } if (!is_hostname($_POST['hostname'])) { $input_errors[] = gettext("The hostname can only contain the characters A-Z, 0-9 and '-'."); } else { if (!is_unqualified_hostname($_POST['hostname'])) { $input_errors[] = gettext("A valid hostname is specified, but the domain name part should be omitted"); } } } if ($_POST['ipaddr'] && !is_ipaddr($_POST['ipaddr'])) { $input_errors[] = gettext("A valid IP address must be specified."); } if ($_POST['mac'] && !is_macaddr($_POST['mac'])) { $input_errors[] = gettext("A valid MAC address must be specified."); } if ($static_arp_enabled && !$_POST['ipaddr']) { $input_errors[] = gettext("Static ARP is enabled. You must specify an IP address.");
function get_remote_log() { global $config, $g, $postfix_dir; $curr_time = time(); $log_time = date('YmdHis', $curr_time); if (is_array($config['installedpackages']['postfixsync'])) { $synctimeout = $config['installedpackages']['postfixsync']['config'][0]['synctimeout'] ?: '250'; foreach ($config['installedpackages']['postfixsync']['config'][0]['row'] as $sh) { // Get remote data for enabled fetch hosts if ($sh['enabless'] && $sh['sync_type'] == 'fetch') { $sync_to_ip = $sh['ipaddress']; $port = $sh['syncport']; $username = $sh['username'] ?: 'admin'; $password = $sh['password']; $protocol = $sh['syncprotocol']; $file = '/var/db/postfix/' . $server . '.sql'; $error = ''; $valid = TRUE; if ($password == "") { $error = "Password parameter is empty. "; $valid = FALSE; } if ($protocol == "") { $error = "Protocol parameter is empty. "; $valid = FALSE; } if (!is_ipaddr($sync_to_ip) && !is_hostname($sync_to_ip) && !is_domain($sync_to_ip)) { $error .= "Misconfigured Replication Target IP Address or Hostname. "; $valid = FALSE; } if (!is_port($port)) { $error .= "Misconfigured Replication Target Port. "; $valid = FALSE; } if ($valid) { // Take care of IPv6 literal address if (is_ipaddrv6($sync_to_ip)) { $sync_to_ip = "[{$sync_to_ip}]"; } $url = "{$protocol}://{$sync_to_ip}"; print "{$sync_to_ip} {$url}, {$port}\n"; $method = 'pfsense.exec_php'; $execcmd = "require_once('/usr/local/www/postfix.php');\n"; $execcmd .= '$toreturn = get_sql(' . $log_time . ');'; /* Assemble XMLRPC payload. */ $params = array(XML_RPC_encode($password), XML_RPC_encode($execcmd)); log_error("[postfix] Fetching sql data from {$sync_to_ip}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); $cli->setCredentials($username, $password); //$cli->setDebug(1); $resp = $cli->send($msg, $synctimeout); $a = $resp->value(); $errors = 0; //var_dump($sql); foreach ($a as $b) { foreach ($b as $c) { foreach ($c as $d) { foreach ($d as $e) { $update = unserialize($e['string']); print $update['day'] . "\n"; if ($update['day'] != "") { create_db($update['day'] . ".db"); if ($debug) { print $update['day'] . " writing from remote system to db..."; } $dbhandle = sqlite_open($postfix_dir . '/' . $update['day'] . ".db", 0666, $error); //file_put_contents("/tmp/" . $key . '-' . $update['day'] . ".sql", gzuncompress(base64_decode($update['sql'])), LOCK_EX); $ok = sqlite_exec($dbhandle, gzuncompress(base64_decode($update['sql'])), $error); if (!$ok) { $errors++; die("Cannot execute query. {$error}\n" . $update['sql'] . "\n"); } elseif ($debug) { print "ok\n"; } sqlite_close($dbhandle); } } } } } if ($errors == 0) { $method = 'pfsense.exec_php'; $execcmd = "require_once('/usr/local/www/postfix.php');\n"; $execcmd .= 'flush_sql(' . $log_time . ');'; /* Assemble XMLRPC payload. */ $params = array(XML_RPC_encode($password), XML_RPC_encode($execcmd)); log_error("[postfix] Flushing sql buffer file from {$sync_to_ip}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); $cli->setCredentials($username, $password); //$cli->setDebug(1); $resp = $cli->send($msg, $synctimeout); } } else { log_error("[postfix] Fetch sql database from '{$sync_to_ip}' aborted due to the following error(s): {$error}"); } } } log_error("[postfix] Fetch sql database completed."); } }