summaryrefslogtreecommitdiffhomepage
path: root/protocols/luci-proto-openconnect/htdocs/luci-static/resources/protocol/openconnect.js
diff options
context:
space:
mode:
authorJo-Philipp Wich <jo@mein.io>2023-02-07 11:52:17 +0100
committerJo-Philipp Wich <jo@mein.io>2023-02-08 08:57:24 +0100
commitb200e0e90fdfb294cd31870eb32b6b362ded3733 (patch)
tree7b2451167a8a12a205df5dfa2f4cfdd90405a967 /protocols/luci-proto-openconnect/htdocs/luci-static/resources/protocol/openconnect.js
parent41e9b8d1219a949a0a3105eabec3774dc97f65c2 (diff)
luci-proto-openconnect: fix server url validation
The OpenConnect configuration form incorrectly assumed that the server setting must be hostname while it actually may be a full URL. Fixes: #6184 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Diffstat (limited to 'protocols/luci-proto-openconnect/htdocs/luci-static/resources/protocol/openconnect.js')
-rw-r--r--protocols/luci-proto-openconnect/htdocs/luci-static/resources/protocol/openconnect.js41
1 files changed, 38 insertions, 3 deletions
diff --git a/protocols/luci-proto-openconnect/htdocs/luci-static/resources/protocol/openconnect.js b/protocols/luci-proto-openconnect/htdocs/luci-static/resources/protocol/openconnect.js
index 91ad65cb34..e38afdc201 100644
--- a/protocols/luci-proto-openconnect/htdocs/luci-static/resources/protocol/openconnect.js
+++ b/protocols/luci-proto-openconnect/htdocs/luci-static/resources/protocol/openconnect.js
@@ -2,6 +2,7 @@
'require rpc';
'require form';
'require network';
+'require validation';
var callGetCertificateFiles = rpc.declare({
object: 'luci.openconnect',
@@ -100,7 +101,41 @@ return network.registerProtocol('openconnect', {
o.value('pulse', 'Pulse Connect Secure SSL VPN');
o = s.taboption('general', form.Value, 'server', _('VPN Server'));
- o.datatype = 'host(0)';
+ o.validate = function(section_id, value) {
+ var m = String(value).match(/^(?:(\w+):\/\/|)(?:\[([0-9a-f:.]{2,45})\]|([^\/:]+))(?::([0-9]{1,5}))?(?:\/.*)?$/i);
+
+ if (!m)
+ return _('Invalid server URL');
+
+ if (m[1] != null) {
+ if (!m[1].match(/^(?:http|https|socks|socks4|socks5)$/i))
+ return _('Unsupported protocol');
+ }
+
+ if (m[2] != null) {
+ if (!validation.parseIPv6(m[2]))
+ return _('Invalid IPv6 address');
+ }
+
+ if (m[3] != null) {
+ if (!validation.parseIPv4(m[3])) {
+ if (!(m[3].length <= 253 &&
+ (m[3].match(/^[a-zA-Z0-9_]+$/) != null ||
+ (m[3].match(/^[a-zA-Z0-9_][a-zA-Z0-9_\-.]*[a-zA-Z0-9]$/) &&
+ m[3].match(/[^0-9.]/)))))
+ return _('Invalid hostname or IPv4 address');
+ }
+ }
+
+ if (m[4] != null) {
+ var p = +m[4];
+
+ if (p < 0 || p > 65535)
+ return _('Invalid port');
+ }
+
+ return true;
+ };
o = s.taboption('general', form.Value, 'port', _('VPN Server port'));
o.placeholder = '443';
@@ -116,7 +151,7 @@ return network.registerProtocol('openconnect', {
o = s.taboption('general', form.Value, 'password2', _('Password2'));
o.password = true;
-
+
o = s.taboption('general', form.Value, 'proxy', _('Proxy Server'));
o.optional = true;
@@ -160,7 +195,7 @@ return network.registerProtocol('openconnect', {
o.optional = true;
o.placeholder = 1406;
o.datatype = 'range(68, 9200)';
-
+
o = s.taboption('advanced', form.Value, 'reconnect_timeout', _('Reconnect Timeout'));
o.optional = true;
o.placeholder = 300;