From 7c1b7d3e226310403ddd40b4cd19d78f7db4d457 Mon Sep 17 00:00:00 2001
From: Bernhard Bitsch <bbitsch@ipfire.org>
Date: Mon, 12 May 2014 13:16:43 +0200
Subject: [PATCH] proxy.pac: Only grant direct access for actual subnets.

Fixes #10324.
---
 html/cgi-bin/proxy.cgi | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
index c4cff4789..5ab6f9b5b 100644
--- a/html/cgi-bin/proxy.cgi
+++ b/html/cgi-bin/proxy.cgi
@@ -2974,9 +2974,22 @@ if (
      (isPlainHostName(host)) ||
      (dnsDomainIs(host, ".$mainsettings{'DOMAINNAME'}")) ||
      (isInNet(host, "127.0.0.1", "255.0.0.0")) ||
-     (isInNet(host, "10.0.0.0", "255.0.0.0")) ||
-     (isInNet(host, "172.16.0.0", "255.240.0.0")) ||
-     (isInNet(host, "192.168.0.0", "255.255.0.0")) ||
+END
+;
+
+	if ($netsettings{'GREEN_DEV'}) {
+		print FILE "     (isInNet(host, \"$netsettings{'GREEN_NETADDRESS'}\", \"$netsettings{'GREEN_NETMASK'}\")) ||\n";
+	}
+
+	if (&Header::blue_used() && $netsettings{'BLUE_DEV'}) {
+		print FILE "     (isInNet(host, \"$netsettings{'BLUE_NETADDRESS'}\", \"$netsettings{'BLUE_NETMASK'}\")) ||\n";
+	}
+
+	if (&Header::orange_used() && $netsettings{'ORANGE_DEV'}) {
+		print FILE "     (isInNet(host, \"$netsettings{'ORANGE_NETADDRESS'}\", \"$netsettings{'ORANGE_NETMASK'}\")) ||\n";
+	}
+
+	print FILE <<END
      (isInNet(host, "169.254.0.0", "255.255.0.0"))
    )
      return "DIRECT";
-- 
2.39.2