Probable bug in Interfaces_assign.php file



  • Dears,

    Please consider this line of interfaces_assign.php :

    if ($ifdata['if'] == $_PORT['if_add']) {
    

    I think $_PORT is a typo and should be changed to $_POST, Am I wrong?

    Thanks,
    Vahid Foroughi



  • Pull request: https://github.com/pfsense/pfsense/pull/1432
    But I also commented:
    –--
    This section is inside:
    if (isset($_POST['add_x']) && isset($_POST['if_add'])) {
    and I cannot find where 'add_x' is ever sent here, so I do not see how this whole code section is ever executed (and that will be why this typo bug has no symptoms). What is the history here? Can the whole block of code be removed?
    The code normally executed is the section for 'Submit' lower down.



  • Dear Phil.davis

    Thanks for your reply.  There is no problem with $_POST['add_x']. The reason is since the button is declared as image button, what is actually sent to the server is add_x and add_y ie, position of the mouse on the image. In other word, _x and _y are added to the name of the image button.

    PS: I traced the code and the code in this part are executed as well. Except that there is some problem with input validation.

    Thanks,
    Vahid Foroughi


Log in to reply