Diagnostics - States, javascript error



  • pf 1.2.1, Aug 13th build.
    I get a javascript error in Opera and Firefox when I try to delete a state.
    (icon to the right of each state).  Nick.



  • Thanks for the report but can you please let us know the error?



  • I get a pop-up box stating "An error occurred".

    In diag_dump_states.php the function "removeState" makes an ajax request back to diag_dump_states.php which is failing, at least in my case. It returns non-zero which raises a pop-up with
    alert('An error occurred.');
    I don't know enough javascript/ajax to delve into why…

    NickC



  • Yep.

    Me to - using 'plain vanilla' IE7.

    It pops an error box.



  • Seems to work ok here in IE7 and Firefox on a Aug 14th build.



  • Dam…

    Using : 1.2.1-RC1 - built on Wed Aug 13 04:23:51 EDT 2008

    I'll up right now .....

    Ok. Just updated to
    => 1.2.1-RC1 built on Thu Aug 14 18:19:52 EDT 2008
    WTF….
    The Auto update says now that a 'new' version is available :
    => 1.2.1-RC1 built on Thu Aug 14 18:49:53 EDT 2008
    I re-update......
    .... and can't. 18:19:52  is the latest, even if the autoupdater says a more recent one is present.

    This issue is still there.



  • That is perfectly normal.  I have answered this question/statement about 10+ times now.  The auto upgrade code simply looks for different version!  When using stable pfSense you will only see when a new upgrade is available when there really is one…  This is part of using snapshots.



  • @sullrich:

    That is perfectly normal….  ....This is part of using snapshots.

    Don't worry, I know - it's just 'funy' to see an update being proposed, but one can not update to it. The effect is more visual mather then a technical one.

    @Gertjan:

    This issue is still there.

    I'm talking the about the alert popup here, that flags an error.
    I'm having the latest snapshot 1.2.1 now.

    I tried 1.2 Stable - it works, or, no error popup.

    Hummm, diag_dump_states.php needs some attention  ;)



  • Confirmed still present on 1.2.1-RC1, Fri Aug 15 21:14:08 EDT 2008 using FireFox3 on Ubuntu 8.04

    ryts

    @NickC:

    I get a pop-up box stating "An error occurred".

    In diag_dump_states.php the function "removeState" makes an ajax request back to diag_dump_states.php which is failing, at least in my case. It returns non-zero which raises a pop-up with
    alert('An error occurred.');
    I don't know enough javascript/ajax to delve into why…

    NickC



  • I apologize - I first read this thread to report that the error was on the states page; not when deleting a state.  I can confirm this error occurs for me as wel when trying to delete a state.



  • Same problem here.

    Is there any ticket open in order to track this bug status?



  • I foud the solution of this problem with some code changes on "diag_dump_states.php" as below.

    From:

    /* handle AJAX operations */
    if($_GET['action']) {
    if($_GET['action'] == "remove") {
    $srcip  = escapeshellarg($_GET['srcip']);
    $dstip  = escapeshellarg($_GET['dstip']);
    if (is_ipaddr($srcip) and is_ipaddr($dstip)) {
    $retval = mwexec("/sbin/pfctl -k '{$srcip}' -k '{$dstip}'");
    echo "|{$srcip}|{$dstip}|{$retval}|";
    } else {
    echo "invalid input";
    }
    exit;
    }
    }

    To:

    /* handle AJAX operations */
    if($_GET['action']) {
    if($_GET['action'] == "remove") {
    $srcip  = $_GET['srcip'];
    $dstip  = $_GET['dstip'];
    if (is_ipaddr($srcip) and is_ipaddr($dstip)) {
    $retval = mwexec("/sbin/pfctl -k '{$srcip}' -k '{$dstip}'");
    echo "|{$srcip}|{$dstip}|{$retval}|";
    } else {
    echo "invalid input";
    }
    exit;
    }
    }



  • Works for me. Thanks a lot. Can a submitter paste this in…?

    Nick.



  • @sbyoon:

    I foud the solution of this problem with some code changes on "diag_dump_states.php" as below.

    That also opens up a security hole because it removes the input sanitation, so no, this won't be committed.

    We'll find a solution though.



  • @cmb:

    @sbyoon:

    I foud the solution of this problem with some code changes on "diag_dump_states.php" as below.

    That also opens up a security hole because it removes the input sanitation, so no, this won't be committed.

    Actually it doesn't because of the later input validation, but we still always want to escapeshellarg on _GET's.



  • This is now fixed, or will be in the next snapshot dated after the time of this post.



  • I just updated to latest snapshot (Fri Oct 31 12:36:04 EDT 2008),
    and yes the fix is in and working.

    Thanks a lot.

    Nick.


Log in to reply