diff options
author | Jo-Philipp Wich <jo@mein.io> | 2023-02-07 11:52:17 +0100 |
---|---|---|
committer | Jo-Philipp Wich <jo@mein.io> | 2023-02-07 11:53:31 +0100 |
commit | f1312cadc6675fb29d02425775dd8a2a533d7e7c (patch) | |
tree | df25b11b8ef0b02a0df8a0c3134d1a0788f3050d /protocols/luci-proto-openconnect/htdocs/luci-static/resources/protocol | |
parent | 1597d8e555cfe7444bcbcb44d45caf6954b61b3e (diff) |
luci-proto-openconnect: fix server url validation
The OpenConnect configuration form incorrectly assumed that the server
setting must be hostname while it actually may be a full URL.
Fixes: #6184
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Diffstat (limited to 'protocols/luci-proto-openconnect/htdocs/luci-static/resources/protocol')
-rw-r--r-- | protocols/luci-proto-openconnect/htdocs/luci-static/resources/protocol/openconnect.js | 41 |
1 files changed, 38 insertions, 3 deletions
diff --git a/protocols/luci-proto-openconnect/htdocs/luci-static/resources/protocol/openconnect.js b/protocols/luci-proto-openconnect/htdocs/luci-static/resources/protocol/openconnect.js index 91ad65cb34..e38afdc201 100644 --- a/protocols/luci-proto-openconnect/htdocs/luci-static/resources/protocol/openconnect.js +++ b/protocols/luci-proto-openconnect/htdocs/luci-static/resources/protocol/openconnect.js @@ -2,6 +2,7 @@ 'require rpc'; 'require form'; 'require network'; +'require validation'; var callGetCertificateFiles = rpc.declare({ object: 'luci.openconnect', @@ -100,7 +101,41 @@ return network.registerProtocol('openconnect', { o.value('pulse', 'Pulse Connect Secure SSL VPN'); o = s.taboption('general', form.Value, 'server', _('VPN Server')); - o.datatype = 'host(0)'; + o.validate = function(section_id, value) { + var m = String(value).match(/^(?:(\w+):\/\/|)(?:\[([0-9a-f:.]{2,45})\]|([^\/:]+))(?::([0-9]{1,5}))?(?:\/.*)?$/i); + + if (!m) + return _('Invalid server URL'); + + if (m[1] != null) { + if (!m[1].match(/^(?:http|https|socks|socks4|socks5)$/i)) + return _('Unsupported protocol'); + } + + if (m[2] != null) { + if (!validation.parseIPv6(m[2])) + return _('Invalid IPv6 address'); + } + + if (m[3] != null) { + if (!validation.parseIPv4(m[3])) { + if (!(m[3].length <= 253 && + (m[3].match(/^[a-zA-Z0-9_]+$/) != null || + (m[3].match(/^[a-zA-Z0-9_][a-zA-Z0-9_\-.]*[a-zA-Z0-9]$/) && + m[3].match(/[^0-9.]/))))) + return _('Invalid hostname or IPv4 address'); + } + } + + if (m[4] != null) { + var p = +m[4]; + + if (p < 0 || p > 65535) + return _('Invalid port'); + } + + return true; + }; o = s.taboption('general', form.Value, 'port', _('VPN Server port')); o.placeholder = '443'; @@ -116,7 +151,7 @@ return network.registerProtocol('openconnect', { o = s.taboption('general', form.Value, 'password2', _('Password2')); o.password = true; - + o = s.taboption('general', form.Value, 'proxy', _('Proxy Server')); o.optional = true; @@ -160,7 +195,7 @@ return network.registerProtocol('openconnect', { o.optional = true; o.placeholder = 1406; o.datatype = 'range(68, 9200)'; - + o = s.taboption('advanced', form.Value, 'reconnect_timeout', _('Reconnect Timeout')); o.optional = true; o.placeholder = 300; |