]> git.ipfire.org Git - ipfire-2.x.git/commitdiff
projects / ipfire-2.x.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4fca9c9)
proxy.cgi: Allow safe/SSL ports to be empty.
authorMichael Tremer <michael.tremer@ipfire.org>
Thu, 10 Jul 2014 11:26:02 +0000 (13:26 +0200)
committerMichael Tremer <michael.tremer@ipfire.org>
Thu, 10 Jul 2014 11:30:02 +0000 (13:30 +0200)
Fixes a syntax error in the generated squid configuration
file.

config/rootfiles/core/80/update.sh patch | blob | blame | history
html/cgi-bin/proxy.cgi patch | blob | blame | history

diff --git a/config/rootfiles/core/80/update.sh b/config/rootfiles/core/80/update.sh
index 8bd9a89077d0335cbd4b3374606af1082a71e9ac..830481d0eaa14275eeba26325872c2aa01d5d0cd 100644 (file)
--- a/config/rootfiles/core/80/update.sh
+++ b/config/rootfiles/core/80/update.sh
@@ -53,6 +53,9 @@ rm -f \
        /opt/pakfire/db/installed/meta-libgpg-error \
        /opt/pakfire/db/rootfiles/libgpg-error
 
+# Regenerate squid configuration file
+/srv/web/ipfire/cgi-bin/proxy.cgi
+
 # Generate ddns configuration file
 /srv/web/ipfire/cgi-bin/ddns.cgi
 
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
index 2a9d49394276a83233b4928b5737b1facb5141e9..03fd1ab7b6d18513e4e1078a6162bc998dc18de4 100644 (file)
--- a/html/cgi-bin/proxy.cgi
+++ b/html/cgi-bin/proxy.cgi
@@ -3396,19 +3396,25 @@ END
        }
 
 open (PORTS,"$acl_ports_ssl");
-@temp = <PORTS>;
+my @ssl_ports = <PORTS>;
 close PORTS;
-if (@temp)
-{
-       foreach (@temp) { print FILE "acl SSL_ports port $_"; }
+
+if (@ssl_ports) {
+       foreach (@ssl_ports) {
+               print FILE "acl SSL_ports port $_";
+       }
 }
+
 open (PORTS,"$acl_ports_safe");
-@temp = <PORTS>;
+my @safe_ports = <PORTS>;
 close PORTS;
-if (@temp)
-{
-       foreach (@temp) { print FILE "acl Safe_ports port $_"; }
+
+if (@safe_ports) {
+       foreach (@safe_ports) {
+               print FILE "acl Safe_ports port $_";
+       }
 }
+
        print FILE <<END
 
 acl IPFire_http  port $http_port
@@ -3498,7 +3504,7 @@ END
                print FILE "http_access deny purge\n";
                print FILE "url_rewrite_access deny localhost\n";
        }
-       print FILE <<END
+       print FILE <<END;
 
 #Access to squid:
 #local machine, no restriction
@@ -3509,11 +3515,15 @@ http_access allow         IPFire_ips IPFire_networks IPFire_http
 http_access allow CONNECT IPFire_ips IPFire_networks IPFire_https
 
 #Deny not web services
-http_access deny          !Safe_ports
-http_access deny  CONNECT !SSL_ports
-
 END
-       ;
+
+if (@safe_ports) {
+       print FILE "http_access deny          !Safe_ports\n";
+}
+
+if (@ssl_ports) {
+       print FILE "http_access deny  CONNECT !SSL_ports\n";
+}
 
 if ($proxysettings{'AUTH_METHOD'} eq 'ident')
 {
IPFire 2.x development tree