Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Probable bug in Interfaces_assign.php file

    Scheduled Pinned Locked Moved 2.2 Snapshot Feedback and Problems - RETIRED
    3 Posts 2 Posters 971 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mrvahid9
      last edited by

      Dears,

      Please consider this line of interfaces_assign.php :

      if ($ifdata['if'] == $_PORT['if_add']) {

      I think $_PORT is a typo and should be changed to $_POST, Am I wrong?

      Thanks,
      Vahid Foroughi

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        Pull request: https://github.com/pfsense/pfsense/pull/1432
        But I also commented:
        –--
        This section is inside:
        if (isset($_POST['add_x']) && isset($_POST['if_add'])) {
        and I cannot find where 'add_x' is ever sent here, so I do not see how this whole code section is ever executed (and that will be why this typo bug has no symptoms). What is the history here? Can the whole block of code be removed?
        The code normally executed is the section for 'Submit' lower down.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • M
          mrvahid9
          last edited by

          Dear Phil.davis

          Thanks for your reply.  There is no problem with $_POST['add_x']. The reason is since the button is declared as image button, what is actually sent to the server is add_x and add_y ie, position of the mouse on the image. In other word, _x and _y are added to the name of the image button.

          PS: I traced the code and the code in this part are executed as well. Except that there is some problem with input validation.

          Thanks,
          Vahid Foroughi

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.