5. Probable bug in Interfaces_assign.php file

Probable bug in Interfaces_assign.php file

  • M

    Dears,

    Please consider this line of interfaces_assign.php :

    if ($ifdata['if'] == $_PORT['if_add']) {

    I think $_PORT is a typo and should be changed to $_POST, Am I wrong?

    Thanks,
    Vahid Foroughi

    0
  • P

    Pull request: https://github.com/pfsense/pfsense/pull/1432
    But I also commented:
    –--
    This section is inside:
    if (isset($_POST['add_x']) && isset($_POST['if_add'])) {
    and I cannot find where 'add_x' is ever sent here, so I do not see how this whole code section is ever executed (and that will be why this typo bug has no symptoms). What is the history here? Can the whole block of code be removed?
    The code normally executed is the section for 'Submit' lower down.

    0
  • M

    Dear Phil.davis

    Thanks for your reply.  There is no problem with $_POST['add_x']. The reason is since the button is declared as image button, what is actually sent to the server is add_x and add_y ie, position of the mouse on the image. In other word, _x and _y are added to the name of the image button.

    PS: I traced the code and the code in this part are executed as well. Except that there is some problem with input validation.

    Thanks,
    Vahid Foroughi

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy