X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=blobdiff_plain;f=html%2Fcgi-bin%2Ffirewall.cgi;h=82684e06fed51dca3afc9313c1ae3219f5986e94;hp=ce8d0f3f15e536d8cb6e1d7d76f73908e433bfe3;hb=b3c53248d97ee083fcf43cc5ff745396be06ca1a;hpb=46a6d6c7fcf5037bcb57ca2d1c6508b8d702ffed diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi index ce8d0f3f1..82684e06f 100644 --- a/html/cgi-bin/firewall.cgi +++ b/html/cgi-bin/firewall.cgi @@ -21,7 +21,11 @@ use strict; use Sort::Naturally; +use utf8; +use feature 'unicode_strings'; + no warnings 'uninitialized'; + # enable only the following on debugging purpose #use warnings; #use CGI::Carp 'fatalsToBrowser'; @@ -194,6 +198,7 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') $errormessage=&checksource; if(!$errormessage){&checktarget;} if(!$errormessage){&checkrule;} + #check if manual ip (source) is orange network if ($fwdfwsettings{'grp1'} eq 'src_addr'){ my ($sip,$scidr) = split("/",$fwdfwsettings{$fwdfwsettings{'grp1'}}); @@ -223,6 +228,9 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){ $errormessage=$Lang::tr{'fwdfw err remark'}."
"; } + if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && &validremark($fwdfwsettings{'ruleremark'})){ + $errormessage=''; + } if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){ $fwdfwsettings{'nosave'} = 'on'; } @@ -264,6 +272,9 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){ $errormessage=$Lang::tr{'fwdfw err remark'}."
"; } + if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && &validremark($fwdfwsettings{'ruleremark'})){ + $errormessage=''; + } if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){ $fwdfwsettings{'nosave'} = 'on'; } @@ -307,6 +318,9 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){ $errormessage=$Lang::tr{'fwdfw err remark'}."
"; } + if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && &validremark($fwdfwsettings{'ruleremark'})){ + $errormessage=''; + } if ($fwdfwsettings{'oldruleremark'} eq $fwdfwsettings{'ruleremark'}){ $fwdfwsettings{'nosave'} = 'on'; } @@ -498,8 +512,8 @@ sub checksource return $errormessage; } }elsif($fwdfwsettings{'src_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp1'}} && $fwdfwsettings{'src_addr'} eq ''){ - $errormessage.=$Lang::tr{'fwdfw err nosrcip'}; - return $errormessage; + $fwdfwsettings{'grp1'}='std_net_src'; + $fwdfwsettings{$fwdfwsettings{'grp1'}} = 'ALL'; } #check empty fields @@ -599,8 +613,8 @@ sub checktarget return $errormessage; } }elsif($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} eq ''){ - $errormessage.=$Lang::tr{'fwdfw err notgtip'}; - return $errormessage; + $fwdfwsettings{'grp2'}='std_net_tgt'; + $fwdfwsettings{$fwdfwsettings{'grp2'}} = 'ALL'; } #check for mac in targetgroup if ($fwdfwsettings{'grp2'} eq 'cust_grp_tgt'){ @@ -1286,6 +1300,12 @@ sub getcolor my $val=shift; my $hash=shift; if($optionsfw{'SHOWCOLORS'} eq 'on'){ + # Don't colourise MAC addresses + if (&General::validmac($val)) { + $tdcolor = ""; + return; + } + #custom Hosts if ($nettype eq 'cust_host_src' || $nettype eq 'cust_host_tgt'){ foreach my $key (sort keys %$hash){ @@ -1565,7 +1585,7 @@ sub newrule my ($sip,$scidr) = split("/",$fwdfwsettings{$fwdfwsettings{'grp1'}}); if ($scidr eq '32'){$fwdfwsettings{$fwdfwsettings{'grp1'}}=$sip;} my ($dip,$dcidr) = split("/",$fwdfwsettings{$fwdfwsettings{'grp2'}}); - if ($scidr eq '32'){$fwdfwsettings{$fwdfwsettings{'grp2'}}=$dip;} + if ($dcidr eq '32'){$fwdfwsettings{$fwdfwsettings{'grp2'}}=$dip;} &Header::openbox('100%', 'left', $Lang::tr{'fwdfw source'}); #------SOURCE------------------------------------------------------- print "
"; @@ -2125,6 +2145,9 @@ sub saverule &changerule($configfwdfw); #print"6"; } + $fwdfwsettings{'ruleremark'}=~ s/,/;/g; + utf8::decode($fwdfwsettings{'ruleremark'}); + $fwdfwsettings{'ruleremark'}=&Header::escape($fwdfwsettings{'ruleremark'}); if ($fwdfwsettings{'updatefwrule'} ne 'on'){ my $key = &General::findhasharraykey ($hash); $$hash{$key}[0] = $fwdfwsettings{'RULE_ACTION'}; @@ -2260,22 +2283,19 @@ sub saverule sub validremark { # Checks a hostname against RFC1035 - my $remark = $_[0]; - - # Each part should be at least two characters in length - # but no more than 63 characters - if (length ($remark) < 1 || length ($remark) > 255) { - return 0;} - # Only valid characters are a-z, A-Z, 0-9 and - - if ($remark !~ /^[a-zäöüA-ZÖÄÜ0-9-.:;\|_()\/\s]*$/) { - return 0;} - # First character can only be a letter or a digit - if (substr ($remark, 0, 1) !~ /^[a-zäöüA-ZÖÄÜ0-9(]*$/) { - return 0;} - # Last character can only be a letter or a digit - if (substr ($remark, -1, 1) !~ /^[a-zöäüA-ZÖÄÜ0-9.:;_)]*$/) { - return 0;} - return 1; + my $remark = $_[0]; + + # Try to decode $remark into UTF-8. If this doesn't work, + # we assume that the string it not sane. + if (!utf8::decode($remark)) { + return 0; + } + + # Check if the string only contains of printable characters. + if ($remark =~ /^[[:print:]]*$/) { + return 1; + } + return 0; } sub viewtablerule { @@ -2355,26 +2375,18 @@ END if($$hash{$key}[3] eq 'ipsec_net_src'){ if(&fwlib::get_ipsec_net_ip($host,11) eq ''){ $coloryellow='on'; - &disable_rule($key); - $$hash{$key}[2]=''; } }elsif($$hash{$key}[3] eq 'ovpn_net_src'){ if(&fwlib::get_ovpn_net_ip($host,1) eq ''){ $coloryellow='on'; - &disable_rule($key); - $$hash{$key}[2]=''; } }elsif($$hash{$key}[3] eq 'ovpn_n2n_src'){ if(&fwlib::get_ovpn_n2n_ip($host,27) eq ''){ $coloryellow='on'; - &disable_rule($key); - $$hash{$key}[2]=''; } }elsif($$hash{$key}[3] eq 'ovpn_host_src'){ if(&fwlib::get_ovpn_host_ip($host,33) eq ''){ $coloryellow='on'; - &disable_rule($key); - $$hash{$key}[2]=''; } } } @@ -2382,26 +2394,18 @@ END if($$hash{$key}[5] eq 'ipsec_net_tgt'){ if(&fwlib::get_ipsec_net_ip($host,11) eq ''){ $coloryellow='on'; - &disable_rule($key); - $$hash{$key}[2]=''; } }elsif($$hash{$key}[5] eq 'ovpn_net_tgt'){ if(&fwlib::get_ovpn_net_ip($host,1) eq ''){ $coloryellow='on'; - &disable_rule($key); - $$hash{$key}[2]=''; } }elsif($$hash{$key}[5] eq 'ovpn_n2n_tgt'){ if(&fwlib::get_ovpn_n2n_ip($host,27) eq ''){ $coloryellow='on'; - &disable_rule($key); - $$hash{$key}[2]=''; } }elsif($$hash{$key}[5] eq 'ovpn_host_tgt'){ if(&fwlib::get_ovpn_host_ip($host,33) eq ''){ $coloryellow='on'; - &disable_rule($key); - $$hash{$key}[2]=''; } } } @@ -2409,15 +2413,11 @@ END foreach my $netgroup (sort keys %customgrp){ if(($$hash{$key}[4] eq $customgrp{$netgroup}[0] || $$hash{$key}[6] eq $customgrp{$netgroup}[0]) && $customgrp{$netgroup}[2] eq 'none'){ $coloryellow='on'; - &disable_rule($key); - $$hash{$key}[2]=''; } } foreach my $srvgroup (sort keys %customservicegrp){ if($$hash{$key}[15] eq $customservicegrp{$srvgroup}[0] && $customservicegrp{$srvgroup}[2] eq 'none'){ $coloryellow='on'; - &disable_rule($key); - $$hash{$key}[2]=''; } } $$hash{'ACTIVE'}=$$hash{$key}[2]; @@ -2792,14 +2792,16 @@ END $Lang::tr{'orange'} ($Lang::tr{'fwdfw pol block'}) +END + } + + print < $Lang::tr{'green'} ($Lang::tr{'fwdfw pol block'}) + END - } - - print""; } print <