From 69491545a39c9a9c0e0b9530ecfdf8c451da373a Mon Sep 17 00:00:00 2001
From: Bernhard Bitsch <bernhard.bitsch@ipfire.org>
Date: Wed, 18 Jul 2012 12:56:41 +0200
Subject: [PATCH] proxy.cgi: Check upstream proxy address and better neighbour
 detection.

---
 html/cgi-bin/proxy.cgi | 11 +++++++++--
 langs/de/cgi-bin/de.pl |  1 +
 langs/en/cgi-bin/en.pl |  1 +
 3 files changed, 11 insertions(+), 2 deletions(-)
 mode change 100644 => 100755 html/cgi-bin/proxy.cgi
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
old mode 100644
new mode 100755
index 8c9574cd5e..6f4aed27a2
--- a/html/cgi-bin/proxy.cgi
+++ b/html/cgi-bin/proxy.cgi
@@ -353,6 +353,13 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'}
 		$errormessage = $Lang::tr{'advproxy errmsg invalid proxy port'};
 		goto ERROR;
 	}
+	if (!($proxysettings{'UPSTREAM_PROXY'} eq '')) {
+	  my @temp = split(/:/,$proxysettings{'UPSTREAM_PROXY'});
+	  if (!(&General::validip($temp[0]))) {
+	    $errormessage = $Lang::tr{'advproxy errmsg invalid upstream proxy'};
+	    goto ERROR;
+          }
+        }
 	if (!($proxysettings{'CACHE_SIZE'} =~ /^\d+/) ||
 		($proxysettings{'CACHE_SIZE'} < 10))
 	{
@@ -984,7 +991,7 @@ print <<END
 <tr><td class='base' >$Lang::tr{'processes'}<input type='text' name='CHILDREN' value='$proxysettings{'CHILDREN'}' size='5' /></td>
 END
 ;
-my $count = `arp -a | wc -l`;
+my $count = `ip n| wc -l`;
 if ( $count < 1 ){$count = 1;}
 if ( -e "/usr/bin/squidclamav" ) {
 	print "<td class='base'><b>".$Lang::tr{'advproxy squidclamav'}."</b><br />";
@@ -3013,7 +3020,7 @@ sub writeconfig
 	}
 
 	$_ = $proxysettings{'UPSTREAM_PROXY'};
-	my ($remotehost, $remoteport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/);
+        my ($remotehost, $remoteport) = split(/:/,$_);
 
 	if ($remoteport eq '') { $remoteport = 80; }
 
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index c7f254ae64..3ec57ebb99 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -223,6 +223,7 @@
 'advproxy errmsg invalid pdc' => 'UngÃ¼ltiger Hostname fÃ¼r den Primary Domain Controller',
 'advproxy errmsg invalid proxy port' => 'UngÃ¼ltiger Proxy-Port',
 'advproxy errmsg invalid upstream proxy username or password setting' => 'UngÃ¼ltiger Benutzername oder ungÃ¼ltiges Kennwort fÃ¼r Upstream Proxy',
+'advproxy errmsg invalid upstream proxy' => 'UngÃ¼ltige IP fÃ¼r Upstream-Proxy',
 'advproxy errmsg invalid user' => 'Benutzername existiert nicht',
 'advproxy errmsg ldap base dn' => 'LDAP base DN erforderlich',
 'advproxy errmsg ldap bind dn' => 'LDAP bind DN Benutzername und Passwort erforderlich',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 52872f49ac..003056f9ee 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -223,6 +223,7 @@
 'advproxy errmsg invalid pdc' => 'Invalid hostname for primary domain controller',
 'advproxy errmsg invalid proxy port' => 'Invalid proxy port',
 'advproxy errmsg invalid upstream proxy username or password setting' => 'Invalid upstream proxy username or password setting',
+'advproxy errmsg invalid upstream proxy' => 'Invalid upstream proxy IP',
 'advproxy errmsg invalid user' => 'Username does not exist',
 'advproxy errmsg ldap base dn' => 'LDAP base DN required',
 'advproxy errmsg ldap bind dn' => 'LDAP bind DN username and password required',
-- 
2.39.2

