webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

guardian.cgi: Fix and improve input validation.

Browse Source 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This commit is contained in:
Stefan Schantl
2014-10-27 20:16:42 +01:00
parent f8c3bfe050
commit 96655fa6b7
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
html/cgi-bin/guardian.cgi
View File

@@ -80,27 +80,27 @@ my $pid = @pid[0];
#
if ($settings{'ACTION'} eq $Lang::tr{'save'}) {
# Check for valid blocktime.
if (! $settings{'GUARDIAN_BLOCKTIME'} =~ /^\d+$/) {
unless(($settings{'GUARDIAN_BLOCKTIME'} =~ /^\d+$/) && ($settings{'GUARDIAN_BLOCKTIME'} ne "0")) {
$errormessage = "$Lang::tr{'guardian invalid blocktime'}";
}
# Check if the bloccount is valid.
if (! $settings{'GUARDIAN_BLOCKCOUNT'} =~ /^\d+$/) {
unless(($settings{'GUARDIAN_BLOCKCOUNT'} =~ /^\d+$/) && ($settings{'GUARDIAN_BLOCKCOUNT'} ne "0")) {
$errormessage = "$Lang::tr{'guardian invalid blockcount'}";
}
# Check Logfile.
if (! $settings{'GUARDIAN_LOGFILE'} =~ /^[a-zA-Z0-9\.\/]+$/) {
unless($settings{'GUARDIAN_LOGFILE'} =~ /^[a-zA-Z0-9\.\/]+$/) {
$errormessage = "$Lang::tr{'guardian invalid logfile'}";
}
# Check input for snort alert file.
if (! $settings{'GUARDIAN_SNORT_ALERTFILE'} =~ /^[a-zA-Z0-9\.\/]+$/) {
unless($settings{'GUARDIAN_SNORT_ALERTFILE'} =~ /^[a-zA-Z0-9\.\/]+$/) {
$errormessage = "$Lang::tr{'guardian invalid alertfile'}";
}
# Only continue if no error message has been set.
if ($errormessage eq '') {
if($errormessage eq '') {
# Write configuration settings to file.
&General::writehash("${General::swroot}/guardian/settings", \%settings);