Merge pull request #1497 from RaspAP/fix/static-leases

Validate static leases input

app/js/custom.js

@@ -468,6 +468,14 @@ $(document).ready(function(){
         },
         placeholder: "___.___.___.___"
     });
+    $('.date').mask('FF:FF:FF:FF:FF:FF', {
+        translation: {
+            "F": {
+                pattern: /[0-9a-z]/, optional: true
+            }
+        },
+        placeholder: "__:__:__:__:__:__"
+    });
 });
 
 $('#wg-upload,#wg-manual').on('click', function (e) {

includes/dhcp.php

@@ -108,9 +108,18 @@ function saveDHCPConfig($status)
             return false;
         }
 
-        if (($_POST['dhcp-iface'] == "1")) {
-            $return = updateDnsmasqConfig($iface,$status);
+        if (($_POST['dhcp-iface'] == "1") || (isset($_POST['mac']))) {
+            $errors = validateDnsmasqInput();
+            if (empty($errors)) {
+                $return = updateDnsmasqConfig($iface,$status);
+            } else {
+                foreach ($errors as $error) {
+                    $status->addMessage($error, 'danger');
+                }
+                $return = 1;
+            }
         }
+
         if ($return == 0) {
             $status->addMessage('Dnsmasq configuration updated successfully.', 'success');
         } else {
@@ -179,6 +188,34 @@ function compareIPs($ip1, $ip2)
     return $ipu1 > $ipu2;
 }
 
+/**
+ * Validates Dnsmasq user input from the $_POST object
+ *
+ * @return array $errors
+ */
+function validateDnsmasqInput()
+{
+    $errors = [];
+    $encounteredIPs = [];
+
+    if (isset($_POST["static_leases"]["mac"])) {
+        for ($i=0; $i < count($_POST["static_leases"]["mac"]); $i++) {
+            $mac = trim($_POST["static_leases"]["mac"][$i]);
+            $ip  = trim($_POST["static_leases"]["ip"][$i]);
+            if (!validateMac($mac)) {
+                $errors[] = _('Invalid MAC address: '.$mac);
+            }
+            if (in_array($ip, $encounteredIPs)) {
+                $errors[] = _('Duplicate IP address entered: ' . $ip);
+            } else {
+                $encounteredIPs[] = $ip;
+            }
+        }
+    }
+    return $errors;
+}
+
+
 /**
  * Updates a dnsmasq configuration
  *
@@ -188,6 +225,7 @@ function compareIPs($ip1, $ip2)
  */
 function updateDnsmasqConfig($iface,$status)
 {
+
     $config = '# RaspAP '.$iface.' configuration'.PHP_EOL;
     $config .= 'interface='.$iface.PHP_EOL.'dhcp-range='.$_POST['RangeStart'].','.$_POST['RangeEnd'].','.$_POST['SubnetMask'].',';
     if ($_POST['RangeLeaseTimeUnits'] !== 'i') {

includes/functions.php

@@ -780,6 +780,23 @@ function validate_host($host)
   return preg_match('/^([a-z\d](-*[a-z\d])*)(\.([a-z\d](-*[a-z\d])*))*$/i', $host);
 }
 
+/**
+ * Validates a MAC address
+ *
+ * @param string $mac
+ * @return bool
+ */
+function validateMac($mac) {
+    $macAddress = strtoupper(preg_replace('/[^a-fA-F0-9]/', '', $mac));
+    if (strlen($macAddress) !== 12) {
+        return false;
+    }
+    if (!ctype_xdigit($macAddress)) {
+        return false;
+    }
+    return true;
+}
+
 // Gets night mode toggle value
 // @return boolean
 function getNightmode()

templates/dhcp/static_leases.php

@@ -30,7 +30,7 @@
 
       <div class="row dhcp-static-lease-row js-new-dhcp-static-lease">
         <div class="col-md-4 col-xs-3">
-          <input type="text" name="mac" value="" placeholder="<?php echo _("MAC address") ?>" class="form-control" autofocus="autofocus">
+          <input type="text" name="mac" value="" placeholder="<?php echo _("MAC address") ?>" class="form-control date" autofocus="autofocus">
         </div>
         <div class="col-md-3 col-xs-3">
           <input type="text" name="ip" value="" placeholder="<?php echo _("IP address") ?>" class="form-control ip_address" maxlength="15">