upstream/opnsense-core
1
0
Fork 0
mirror of https://github.com/opnsense/core.git synced 2026-02-18 18:18:13 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

www: config read safety using feddc1f (#9787)

Browse source 
Increase coverage of the new feature in our legacy www files.
This commit is contained in:
Franco Fichtner 2026-02-17 08:00:51 +01:00 committed by GitHub
parent df17f3ce81
commit dec48352f9
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
10 changed files with 64 additions and 107 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
src/www/firewall_nat_out.php
View file

@ -107,10 +107,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$mode = $config['nat']['outbound']['mode'];
$interface_names= array();
// add this hosts ips
foreach ($config['interfaces'] as $intf => $intfdata) {
if (isset($intfdata['ipaddr']) && $intfdata['ipaddr'] != 'dhcp') {
$interface_names = [];
foreach (config_read_array('interfaces', false) as $intf => $intfdata) {
if (is_ipaddrv4($intfdata['ipaddr'] ?? 'none')) {
$interface_names[$intfdata['ipaddr']] = sprintf(gettext('%s address'), !empty($intfdata['descr']) ? $intfdata['descr'] : $intf );
}
}

41
src/www/firewall_nat_out_edit.php
View file

@ -34,36 +34,33 @@ require_once("filter.inc");
/**
* return option array for valid translation networks
*/
function formTranslateAddresses() {
global $config;
$retval = array();
function formTranslateAddresses()
{
$retval = [];
// add this hosts ips
foreach (legacy_config_get_interfaces(array('virtual' => false, "enable" => true)) as $intf => $intfdata) {
foreach (legacy_config_get_interfaces(['virtual' => false, 'enable' => true]) as $intf => $intfdata) {
$retval[$intf."ip"] = (!empty($intfdata['descr']) ? $intfdata['descr'] : $intf ) . " " . gettext("address");
}
// add VIPs's
if (isset($config['virtualip']['vip'])) {
foreach ($config['virtualip']['vip'] as $sn) {
if (empty($sn['noexpand'])) {
if ($sn['mode'] == "proxyarp") {
$start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits']));
$end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits']));
$len = $end - $start;
$retval[$sn['subnet'].'/'.$sn['subnet_bits']] = htmlspecialchars("Subnet: {$sn['subnet']}/{$sn['subnet_bits']} ({$sn['descr']})");
for ($i = 0; $i <= $len; $i++) {
$snip = long2ip32($start+$i);
$retval[$snip] = htmlspecialchars("{$snip} ({$sn['descr']})");
}
} else {
$retval[$sn['subnet']] = htmlspecialchars("{$sn['subnet']} ({$sn['descr']})");
}
foreach (config_read_array('virtualip', 'vip', false) as $sn) {
if (!empty($sn['noexpand'])) {
continue;
}
if ($sn['mode'] == "proxyarp") {
$start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits']));
$end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits']));
$len = $end - $start;
$retval[$sn['subnet'].'/'.$sn['subnet_bits']] = htmlspecialchars("Subnet: {$sn['subnet']}/{$sn['subnet_bits']} ({$sn['descr']})");
for ($i = 0; $i <= $len; $i++) {
$snip = long2ip32($start+$i);
$retval[$snip] = htmlspecialchars("{$snip} ({$sn['descr']})");
}
} else {
$retval[$sn['subnet']] = htmlspecialchars("{$sn['subnet']} ({$sn['descr']})");
}
}
// add Aliases
foreach (legacy_list_aliases("network") as $alias) {
if ($alias['type'] == "host") {
$retval[$alias['name']] = $alias['name'];

15
src/www/firewall_rules.php
View file

@ -941,16 +941,11 @@ $( document ).ready(function() {
<?php
if (!empty($filterent['sched'])):?>
<?php
$schedule_descr = "";
if (isset($config['schedules']['schedule']))
{
foreach ($config['schedules']['schedule'] as $schedule)
{
if ($schedule['name'] == $filterent['sched'])
{
$schedule_descr = (isset($schedule['descr'])) ? $schedule['descr'] : "";
break;
}
$schedule_descr = '';
foreach (config_read_array('schedules', 'schedule', false) as $schedule) {
if ($schedule['name'] == $filterent['sched']) {
$schedule_descr = (isset($schedule['descr'])) ? $schedule['descr'] : "";
break;
}
}
?>

36
src/www/firewall_schedule_edit.php
View file

@ -32,34 +32,20 @@
require_once("guiconfig.inc");
require_once("filter.inc");
/****f* legacy/is_schedule_inuse
* NAME
* checks to see if a schedule is currently in use by a rule
* INPUTS
*
* RESULT
* true or false
* NOTES
*
******/
function is_schedule_inuse($schedule)
{
global $config;
if ($schedule == '') {
return false;
}
/* loop through firewall rules looking for schedule in use */
if (isset($config['filter']['rule'])) {
foreach ($config['filter']['rule'] as $rule) {
if ($rule['sched'] == $schedule) {
return true;
}
}
}
if ($schedule == '') {
return false;
}
/* loop through firewall rules looking for schedule in use */
foreach (config_read_array('filter', 'rule', false) as $rule) {
if ($rule['sched'] == $schedule) {
return true;
}
}
return false;
}
function schedule_sort()

10
src/www/interfaces.php
View file

@ -904,7 +904,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$input_errors[] = gettext("MTU of a VLAN should not be bigger than parent interface.");
}
} else {
foreach ($config['interfaces'] as $idx => $ifdata) {
foreach (config_read_array('interfaces', false) as $idx => $ifdata) {
if ($idx == $if || !strstr($ifdata['if'], 'vlan') || !strstr($ifdata['if'], 'qinq')) {
continue;
}
@ -943,11 +943,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
if ($a_interfaces[$if]['wireless']['mode'] != $pconfig['mode']) {
$wlanbaseif = interface_get_wireless_base($a_interfaces[$if]['if']);
$clone_count = does_interface_exist("{$wlanbaseif}_wlan0") ? 1 : 0;
if (!empty($config['wireless']['clone'])) {
foreach ($config['wireless']['clone'] as $clone) {
if ($clone['if'] == $wlanbaseif) {
$clone_count++;
}
foreach (config_read_array('wireless', 'clone', false) as $clone) {
if ($clone['if'] == $wlanbaseif) {
$clone_count++;
}
}
if ($clone_count > 1) {

38
src/www/interfaces_assign.php
View file

@ -35,15 +35,11 @@ require_once("interfaces.inc");
function link_interface_to_group($int)
{
global $config;
$result = [];
if (isset($config['ifgroups']['ifgroupentry'])) {
foreach ($config['ifgroups']['ifgroupentry'] as $group) {
if (in_array($int, preg_split('/[ |,]+/', $group['members']))) {
$result[$group['ifname']] = $int;
}
foreach (config_read_array('ifgroups', 'ifgroupentry', false) as $group) {
if (in_array($int, preg_split('/[ |,]+/', $group['members']))) {
$result[$group['ifname']] = $int;
}
}
@ -52,8 +48,6 @@ function link_interface_to_group($int)
function list_devices($devices)
{
global $config;
$interfaces = [];
/* add physical network interfaces */
@ -169,20 +163,16 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
plugins_configure('dhcp', false, array('inet6'));
}
if (isset($config['filter']['rule'])) {
foreach ($config['filter']['rule'] as $x => $rule) {
/* XXX this doesn't match floating rules with multiple values */
if (isset($rule['interface']) && $rule['interface'] == $id) {
unset($config['filter']['rule'][$x]);
}
foreach (config_read_array('filter', 'rule') as $x => $rule) {
/* XXX this doesn't match floating rules with multiple values */
if (isset($rule['interface']) && $rule['interface'] == $id) {
unset($config['filter']['rule'][$x]);
}
}
if (isset($config['nat']['rule'])) {
foreach ($config['nat']['rule'] as $x => $rule) {
if ($rule['interface'] == $id) {
unset($config['nat']['rule'][$x]['interface']);
}
foreach (config_read_array('nat', 'rule', false) as $x => $rule) {
if ($rule['interface'] == $id) {
unset($config['nat']['rule'][$x]['interface']);
}
}
@ -228,11 +218,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
}
}
if (isset($config['vlans']['vlan'])) {
foreach ($config['vlans']['vlan'] as $vlan) {
if (!does_interface_exist($vlan['if'])) {
$input_errors[] = sprintf(gettext("VLAN parent interface %s does not exist."), $vlan['if']);
}
foreach (config_read_array('vlans', 'vlan', false) as $vlan) {
if (!does_interface_exist($vlan['if'])) {
$input_errors[] = sprintf(gettext("VLAN parent interface %s does not exist."), $vlan['if']);
}
}

16
src/www/interfaces_ppps_edit.php
View file

@ -33,13 +33,9 @@ require_once("interfaces.inc");
function interfaces_ptpid_used($ptpid)
{
global $config;
if (isset($config['ppps']['ppp'])) {
foreach ($config['ppps']['ppp'] as & $settings) {
if ($ptpid == $settings['ptpid']) {
return true;
}
foreach (config_read_array('ppps', 'ppp', false) as $settings) {
if ($ptpid == $settings['ptpid']) {
return true;
}
}
@ -501,10 +497,8 @@ include("head.inc");
$iflist = get_configured_interface_with_descr();
$portlist = array_merge($portlist, $iflist);
if (isset($config['vlans']['vlan'])) {
foreach ($config['vlans']['vlan'] as $vlan) {
$portlist[$vlan['vlanif']] = $vlan;
}
foreach (config_read_array('vlans', 'vlan', false) as $vlan) {
$portlist[$vlan['vlanif']] = $vlan;
}
foreach ($portlist as $intf_key => $intf_value):?>
<option data-type="interface" value="<?=$intf_key;?>" <?=in_array($intf_key, $pconfig['ports']) ? "selected=\"selected\"" : "";?> >

2
src/www/system_advanced_admin.php
View file

@ -135,7 +135,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
}
if (!empty($pconfig['ssl-certref'])) {
foreach ($config['cert'] as $cert) {
foreach (config_read_array('cert', false) as $cert) {
if ($cert['refid'] == $pconfig['ssl-certref']) {
if (cert_get_purpose($cert['crt'])['server'] == 'No') {
$input_errors[] = gettext(

4
src/www/system_authservers.php
View file

@ -333,8 +333,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
} elseif (isset($pconfig['act']) && $pconfig['act'] == 'del' && isset($id)) {
/* Remove server from main list. */
$serverdeleted = $a_server[$id]['name'];
foreach ($config['system']['authserver'] as $k => $as) {
if ($config['system']['authserver'][$k]['name'] == $serverdeleted) {
foreach (config_read_array('system', 'authserver', false) as $k => $as) {
if ($as['name'] == $serverdeleted) {
unset($config['system']['authserver'][$k]);
}
}

2
src/www/system_usermanager_passwordmg.php
View file

@ -36,7 +36,7 @@ $username = $_SESSION['Username'];
/* determine if user is not local to system */
$userFound = false;
foreach ($config['system']['user'] as $user) {
foreach (config_read_array('system', 'user', false) as $user) {
if ($user['name'] == $username) {
$userFound = true;
break;