From: Michael Tremer Date: Thu, 25 Sep 2025 15:02:18 +0000 (+0200) Subject: fwhosts.cgi: Check country code before proceeding X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ad995081302f6b28ea11c74e56306d94a7bee076;p=ipfire-2.x.git fwhosts.cgi: Check country code before proceeding Signed-off-by: Michael Tremer --- diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl index 33b5605e2..94d0e7440 100644 --- a/config/cfgroot/general-functions.pl +++ b/config/cfgroot/general-functions.pl @@ -864,6 +864,14 @@ sub validportrange # used to check a port range } } +# Checks for a valid country code +sub validcc($) { + my $cc = shift; + + # Must contain of exactly two uppercase characters, or must be A1, A2, or A3 + return ($cc =~ m/^([A-Z]{2}|A[123])$/); +} + sub IpInSubnet { my $addr = shift; my $network = shift; diff --git a/doc/language_issues.en b/doc/language_issues.en index 6dfada328..fe7a17f1f 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -942,6 +942,7 @@ WARNING: untranslated string: fwhost err srvexist = This service already exists WARNING: untranslated string: fwhost err sub32 = Please add a network, not a single host WARNING: untranslated string: fwhost hint = Note WARNING: untranslated string: fwhost icmptype = ICMP type: +WARNING: untranslated string: fwhost invalid country code = Invalid Country Code WARNING: untranslated string: fwhost ip_mac = IP/MAC address WARNING: untranslated string: fwhost ipsec net = IPsec networks: WARNING: untranslated string: fwhost menu = Firewall Groups diff --git a/doc/language_issues.es b/doc/language_issues.es index cadfaf5d6..f0a6e31ba 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -1028,6 +1028,7 @@ WARNING: untranslated string: error message = unknown string WARNING: untranslated string: extrahd because it is outside the allowed mount path = unknown string WARNING: untranslated string: fwhost cust locationgrp = unknown string WARNING: untranslated string: fwhost err hostip = unknown string +WARNING: untranslated string: fwhost invalid country code = Invalid Country Code WARNING: untranslated string: guardian block a host = unknown string WARNING: untranslated string: guardian block httpd brute-force = unknown string WARNING: untranslated string: guardian block ssh brute-force = unknown string diff --git a/doc/language_issues.fr b/doc/language_issues.fr index a03241bce..ce55b88ba 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -1014,6 +1014,7 @@ WARNING: untranslated string: extrahd because it is outside the allowed mount pa WARNING: untranslated string: fwdfw syn flood protection = Enable SYN Flood Protection (TCP only) WARNING: untranslated string: fwhost cust locationgrp = unknown string WARNING: untranslated string: fwhost err hostip = unknown string +WARNING: untranslated string: fwhost invalid country code = Invalid Country Code WARNING: untranslated string: fwhost wg peers = WireGuard Peers WARNING: untranslated string: guardian block a host = unknown string WARNING: untranslated string: guardian block httpd brute-force = unknown string diff --git a/doc/language_issues.it b/doc/language_issues.it index d5fdcd55e..ee5135003 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -1116,6 +1116,7 @@ WARNING: untranslated string: fwhost cust location = Location Groups WARNING: untranslated string: fwhost cust locationgroup = Location Groups WARNING: untranslated string: fwhost cust locationgrp = unknown string WARNING: untranslated string: fwhost err hostip = unknown string +WARNING: untranslated string: fwhost invalid country code = Invalid Country Code WARNING: untranslated string: fwhost newlocationgrp = Location Groups WARNING: untranslated string: fwhost wg peers = WireGuard Peers WARNING: untranslated string: generate ptr = Generate PTR diff --git a/doc/language_issues.nl b/doc/language_issues.nl index 72af4fba5..415041191 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -1123,6 +1123,7 @@ WARNING: untranslated string: fwhost cust location = Location Groups WARNING: untranslated string: fwhost cust locationgroup = Location Groups WARNING: untranslated string: fwhost cust locationgrp = unknown string WARNING: untranslated string: fwhost err hostip = unknown string +WARNING: untranslated string: fwhost invalid country code = Invalid Country Code WARNING: untranslated string: fwhost newlocationgrp = Location Groups WARNING: untranslated string: fwhost wg peers = WireGuard Peers WARNING: untranslated string: generate ptr = Generate PTR diff --git a/doc/language_issues.pl b/doc/language_issues.pl index c89dd9966..c951b39ce 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -1223,6 +1223,7 @@ WARNING: untranslated string: fwhost err srvexist = This service already exists WARNING: untranslated string: fwhost err sub32 = Please add a network, not a single host WARNING: untranslated string: fwhost hint = Note WARNING: untranslated string: fwhost icmptype = ICMP type: +WARNING: untranslated string: fwhost invalid country code = Invalid Country Code WARNING: untranslated string: fwhost ip_mac = IP/MAC address WARNING: untranslated string: fwhost ipsec net = IPsec networks: WARNING: untranslated string: fwhost menu = Firewall Groups diff --git a/doc/language_issues.ru b/doc/language_issues.ru index 2377115ab..738de8fee 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -1221,6 +1221,7 @@ WARNING: untranslated string: fwhost err srvexist = This service already exists WARNING: untranslated string: fwhost err sub32 = Please add a network, not a single host WARNING: untranslated string: fwhost hint = Note WARNING: untranslated string: fwhost icmptype = ICMP type: +WARNING: untranslated string: fwhost invalid country code = Invalid Country Code WARNING: untranslated string: fwhost ip_mac = IP/MAC address WARNING: untranslated string: fwhost ipsec net = IPsec networks: WARNING: untranslated string: fwhost menu = Firewall Groups diff --git a/doc/language_issues.tr b/doc/language_issues.tr index dfabd029e..cb13bc21f 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -1063,6 +1063,7 @@ WARNING: untranslated string: fwdfw all subnets = All subnets WARNING: untranslated string: fwdfw syn flood protection = Enable SYN Flood Protection (TCP only) WARNING: untranslated string: fwhost cust locationgrp = unknown string WARNING: untranslated string: fwhost err hostip = unknown string +WARNING: untranslated string: fwhost invalid country code = Invalid Country Code WARNING: untranslated string: fwhost wg peers = WireGuard Peers WARNING: untranslated string: generate ptr = Generate PTR WARNING: untranslated string: guardian block a host = unknown string diff --git a/doc/language_issues.tw b/doc/language_issues.tw index 2745a25ba..5a9f61b2c 100644 --- a/doc/language_issues.tw +++ b/doc/language_issues.tw @@ -1036,6 +1036,7 @@ WARNING: untranslated string: error message = unknown string WARNING: untranslated string: extrahd because it is outside the allowed mount path = unknown string WARNING: untranslated string: fwhost cust locationgrp = unknown string WARNING: untranslated string: fwhost err hostip = unknown string +WARNING: untranslated string: fwhost invalid country code = Invalid Country Code WARNING: untranslated string: guaranteed bandwidth = Guaranteed bandwidth WARNING: untranslated string: guardian block a host = unknown string WARNING: untranslated string: guardian block httpd brute-force = unknown string diff --git a/doc/language_issues.zh b/doc/language_issues.zh index 2745a25ba..5a9f61b2c 100644 --- a/doc/language_issues.zh +++ b/doc/language_issues.zh @@ -1036,6 +1036,7 @@ WARNING: untranslated string: error message = unknown string WARNING: untranslated string: extrahd because it is outside the allowed mount path = unknown string WARNING: untranslated string: fwhost cust locationgrp = unknown string WARNING: untranslated string: fwhost err hostip = unknown string +WARNING: untranslated string: fwhost invalid country code = Invalid Country Code WARNING: untranslated string: guaranteed bandwidth = Guaranteed bandwidth WARNING: untranslated string: guardian block a host = unknown string WARNING: untranslated string: guardian block httpd brute-force = unknown string diff --git a/doc/language_missings b/doc/language_missings index 03c286f5a..b042081eb 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -156,6 +156,7 @@ < AES-256-GCM < CHACHA20-POLY1305 < dns servers +< fwhost invalid country code < ids all including informational < ids email alerts < ids email alert severity @@ -218,6 +219,7 @@ < endpoint port < extrahd because it it outside the allowed mount path < fwdfw syn flood protection +< fwhost invalid country code < fwhost wg peers < g.dtm < g.lite @@ -570,6 +572,7 @@ < fwhost cust location < fwhost cust locationgroup < fwhost cust locationlocation +< fwhost invalid country code < fwhost newlocationgrp < fwhost wg peers < fw red @@ -1230,6 +1233,7 @@ < fwhost cust location < fwhost cust locationgroup < fwhost cust locationlocation +< fwhost invalid country code < fwhost newlocationgrp < fwhost wg peers < fw red @@ -2154,6 +2158,7 @@ < fwhost hint < fwhost hosts < fwhost icmptype +< fwhost invalid country code < fwhost ipadr < fwhost ip_mac < fwhost ipsec host @@ -3282,6 +3287,7 @@ < fwhost hint < fwhost hosts < fwhost icmptype +< fwhost invalid country code < fwhost ipadr < fwhost ip_mac < fwhost ipsec host @@ -4045,6 +4051,7 @@ < foreshadow < fwdfw all subnets < fwdfw syn flood protection +< fwhost invalid country code < fwhost wg peers < fw red < generate ptr @@ -4399,6 +4406,7 @@ < Captive wrong type < CHACHA20-POLY1305 < dns servers +< fwhost invalid country code < guaranteed bandwidth < ids all including informational < ids email alerts @@ -4462,6 +4470,7 @@ < Captive wrong type < CHACHA20-POLY1305 < dns servers +< fwhost invalid country code < guaranteed bandwidth < ids all including informational < ids email alerts diff --git a/html/cgi-bin/fwhosts.cgi b/html/cgi-bin/fwhosts.cgi index a666969b0..dd0200a8e 100644 --- a/html/cgi-bin/fwhosts.cgi +++ b/html/cgi-bin/fwhosts.cgi @@ -703,6 +703,10 @@ if ($fwhostsettings{'ACTION'} eq 'savelocationgrp') # Check name if (!&validhostname($grp)){$errormessage.=$Lang::tr{'fwhost err name'};} + unless (&General::validcc($fwhostsettings{'COUNTRY_CODE'})) { + $errormessage = $Lang::tr{'fwhost invalid country code'}; + } + # Check for existing group name. if (!&checkgroup($grp) && $fwhostsettings{'update'} ne 'on'){ $errormessage = $Lang::tr{'fwhost err grpexist'}; @@ -714,7 +718,7 @@ if ($fwhostsettings{'ACTION'} eq 'savelocationgrp') } if ($fwhostsettings{'update'} eq 'on'){ - @target=&Header::escape($fwhostsettings{'COUNTRY_CODE'}); + @target = $fwhostsettings{'COUNTRY_CODE'}; $type='Location Group'; #check if host/net exists in grp diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index b997ff9a7..09a63b535 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -1289,6 +1289,7 @@ 'fwhost hint' => 'Hinweis', 'fwhost hosts' => 'Firewall-Hosts', 'fwhost icmptype' => 'ICMP-Typ:', +'fwhost invalid country code' => 'Ungültiger Ländercode', 'fwhost ip_mac' => 'IP/MAC-Adresse', 'fwhost ipadr' => 'IP-Adresse:', 'fwhost ipsec host' => 'IPsec-Clients:', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 35e9da184..02a088600 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -1341,6 +1341,7 @@ 'fwhost hint' => 'Note', 'fwhost hosts' => 'Firewall Hosts', 'fwhost icmptype' => 'ICMP type:', +'fwhost invalid country code' => 'Invalid Country Code', 'fwhost ip_mac' => 'IP/MAC address', 'fwhost ipadr' => 'IP address:', 'fwhost ipsec host' => 'IPsec clients:',