Skip to content

Commit

Permalink
Fix #168 - vlan-interface/edit doesn't sanitise ipvXhostname correctly
Browse files Browse the repository at this point in the history
  • Loading branch information
@barryo
barryo committed Jun 29, 2015
1 parent d059073 commit 114e612
Show file tree
Hide file tree
Showing 3 changed files with 39 additions and 36 deletions.
67 changes: 33 additions & 34 deletions application/controllers/VlanInterfaceController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,9 +33,9 @@
*/
class VlanInterfaceController extends IXP_Controller_FrontEnd
{

use IXP_Controller_Trait_Interfaces;

/**
* This function sets up the frontend controller
*/
Expand All @@ -45,30 +45,30 @@ protected function _feInit()
'entity' => '\\Entities\\VlanInterface',
'form' => 'IXP_Form_Interface_Vlan',
'pagetitle' => 'VLAN Interfaces',

'titleSingular' => 'VLAN Interface',
'nameSingular' => 'a VLAN interface',

'defaultAction' => 'list',

'listOrderBy' => 'customer',
'listOrderByDir' => 'ASC',
];

switch( $this->getUser()->getPrivs() )
{
case \Entities\User::AUTH_SUPERUSER:
$this->_feParams->listColumns = [
'id' => [ 'title' => 'UID', 'display' => false ],

'customer' => [
'title' => 'Customer',
'type' => self::$FE_COL_TYPES[ 'HAS_ONE' ],
'controller' => 'customer',
'action' => 'overview',
'idField' => 'custid'
],

'vlan' => [
'title' => 'VLAN Name',
'type' => self::$FE_COL_TYPES[ 'HAS_ONE' ],
Expand All @@ -85,7 +85,7 @@ protected function _feInit()
'ipv4' => 'ipv4',
'ipv6' => 'ipv6'
];

$this->_feParams->viewColumns = array_merge(
$this->_feParams->listColumns,
[
Expand All @@ -109,18 +109,18 @@ protected function _feInit()
],
( $this->as112UiActive() ? ['as112client' => 'AS112 Client'] : [] )
);

break;

case \Entities\User::AUTH_CUSTADMIN:
default:
$this->redirectAndEnsureDie( 'error/insufficient-permissions' );
}

}



/**
* Provide array of virtual interfaces for the listAction
*
Expand Down Expand Up @@ -149,14 +149,14 @@ protected function listGetData( $id = null )
->leftJoin( 'vli.IPv4Address', 'ip4' )
->leftJoin( 'vli.IPv6Address', 'ip6' )
->leftJoin( 'vi.Customer', 'c' );

if( $id !== null )
$qb->where( 'vli.id = ' . intval( $id ) );

return $qb->getQuery()->getArrayResult();
}


/**
* @param IXP_Form_Interface_Vlan $form The form object
* @param \Entities\VlanInterface $object The Doctrine2 entity (being edited or blank for add)
Expand All @@ -172,11 +172,11 @@ protected function formPostProcess( $form, $object, $isEdit, $options = null, $c
$form->getElement( 'virtualinterfaceid' )->setValue( $object->getVirtualInterface()->getId() );
$form->getElement( 'preselectCustomer' )->setValue( $object->getVirtualInterface()->getCustomer()->getId() );
$form->getElement( 'vlanid' )->setValue( $object->getVlan()->getId() );

$form->getElement( 'preselectIPv4Address' )->setValue( $object->getIPv4Address() ? $object->getIPv4Address()->getAddress() : null );
$form->getElement( 'preselectIPv6Address' )->setValue( $object->getIPv6Address() ? $object->getIPv6Address()->getAddress() : null );
$form->getElement( 'preselectVlanInterface' )->setValue( $object->getId() );

if( $this->getParam( 'rtn', false ) == 'vli' )
$form->setAction( OSS_Utils::genUrl( 'vlan-interface', 'edit', false, [ 'id' => $object->getId(), 'rtn' => 'vli' ] ) );
else
Expand All @@ -188,19 +188,19 @@ protected function formPostProcess( $form, $object, $isEdit, $options = null, $c
$vint = $this->getD2EM()->getRepository( '\\Entities\\VirtualInterface' )->find( $_POST['virtualinterfaceid'] );
else if( ( $vintid = $this->getRequest()->getParam( 'vintid' ) ) !== null )
$vint = $this->getD2EM()->getRepository( '\\Entities\\VirtualInterface' )->find( $vintid );

if( !isset( $vint ) || !$vint )
{
$this->addMessage( 'You need a containing virtual interface before you add a VLAN interface', OSS_Message::ERROR );
$this->redirect( 'virtual-interface/add' );
}


// make BGP MD5 easy
$form->getElement( 'ipv4bgpmd5secret' )->setValue( OSS_String::random() );
$form->getElement( 'ipv6bgpmd5secret' )->setValue( $form->getElement( 'ipv4bgpmd5secret' )->getValue() );
$form->getElement( 'maxbgpprefix' )->setValue( $vint->getCustomer()->getMaxprefixes() );

$form->getElement( 'virtualinterfaceid' )->setValue( $vint->getId() );
$form->getElement( 'preselectCustomer' )->setValue( $vint->getCustomer()->getId() );

Expand All @@ -227,11 +227,11 @@ protected function addPostValidate( $form, $object, $isEdit )

if( !$this->setIp( $form, $object->getVirtualInterface(), $object, false ) || !$this->setIp( $form, $object->getVirtualInterface(), $object, true ) )
return false;

return true;
}


/**
* You can add `OSS_Message`s here and redirect to a custom destination after a
* successful add / edit operation.
Expand All @@ -245,14 +245,14 @@ protected function addDestinationOnSuccess( $form, $object, $isEdit )
{
if( $this->getParam( 'rtn', false ) == 'vli' )
return false;

$this->addMessage(
'VLAN interface successfuly ' . ( $isEdit ? 'edited.' : 'added.' ), OSS_Message::SUCCESS
);

$this->redirectAndEnsureDie( 'virtual-interface/edit/id/' . $object->getVirtualInterface()->getId() );
}

/**
* You can add `OSS_Message`s here and redirect to a custom destination after a
* successful deletion operation.
Expand All @@ -263,13 +263,12 @@ protected function deleteDestinationOnSuccess()
{
if( $this->getParam( 'rtn', false ) == 'vli' )
return false;

$this->addMessage(
'VLAN interface deleted successfuly.', OSS_Message::SUCCESS
);

$this->redirectAndEnsureDie( 'virtual-interface/edit/id/' . $this->getParam( 'vintid' ) );
}

}

6 changes: 4 additions & 2 deletions library/IXP/Form/Interface/AddWizard.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -162,6 +162,7 @@ public function init()

$ipv4hostname = $this->createElement( 'text', 'ipv4hostname' );
$ipv4hostname->addValidator( 'stringLength', false, array( 1, 64, 'UTF-8' ) )
->addValidator( 'hostname', false, [ 'allow' => Zend_Validate_Hostname::ALLOW_DNS ] )
->setLabel( 'IPv4 Hostname' )
->addFilter( 'StringTrim' )
->addFilter( new OSS_Filter_StripSlashes() );
Expand Down Expand Up @@ -210,6 +211,7 @@ public function init()

$ipv6hostname = $this->createElement( 'text', 'ipv6hostname' );
$ipv6hostname->addValidator( 'stringLength', false, array( 1, 64, 'UTF-8' ) )
->addValidator( 'hostname', false, [ 'allow' => Zend_Validate_Hostname::ALLOW_DNS ] )
->setLabel( 'IPv6 Hostname' )
->addFilter( 'StringTrim' )
->addFilter( new OSS_Filter_StripSlashes() );
Expand All @@ -236,7 +238,7 @@ public function init()

$this->addDisplayGroup(
[ 'ipv6addressid', 'ipv6hostname', 'ipv6bgpmd5secret', 'ipv6canping', 'ipv6monitorrcbgp' ],
'ipv6DisplayGroup'
'ipv6DisplayGroup'
);

$this->getDisplayGroup( 'ipv6DisplayGroup' )->setLegend( 'IPv6 Details' );
Expand Down Expand Up @@ -279,7 +281,7 @@ public function init()

$this->addDisplayGroup(
[ 'irrdbfilter', 'mcastenabled', 'maxbgpprefix', 'rsclient', 'as112client', 'busyhost' ],
'vlanInterfaceDisplayGroup'
'vlanInterfaceDisplayGroup'
);

$this->getDisplayGroup( 'vlanInterfaceDisplayGroup' )->setLegend( 'Other VLAN Interface Settings' );
Expand Down
2 changes: 2 additions & 0 deletions library/IXP/Form/Interface/Vlan.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,7 @@ public function init()

$ipv4hostname = $this->createElement( 'text', 'ipv4hostname' );
$ipv4hostname->addValidator( 'stringLength', false, array( 1, 64, 'UTF-8' ) )
->addValidator( 'hostname', false, [ 'allow' => Zend_Validate_Hostname::ALLOW_DNS ] )
->setLabel( 'IPv4 Hostname' )
->addFilter( 'StringTrim' )
->addFilter( new OSS_Filter_StripSlashes() );
Expand Down Expand Up @@ -106,6 +107,7 @@ public function init()

$ipv6hostname = $this->createElement( 'text', 'ipv6hostname' );
$ipv6hostname->addValidator( 'stringLength', false, array( 1, 64, 'UTF-8' ) )
->addValidator( 'hostname', false, [ 'allow' => Zend_Validate_Hostname::ALLOW_DNS ] )
->setLabel( 'IPv6 Hostname' )
->addFilter( 'StringTrim' )
->addFilter( new OSS_Filter_StripSlashes() );
Expand Down

0 comments on commit 114e612

Please sign in to comment.