From 755edf6fbf65fa2f6b778e7edfd8b56fd1742f70 Mon Sep 17 00:00:00 2001
From: Jo-Philipp Wich <jo@mein.io>
Date: Thu, 12 Oct 2023 09:38:46 +0200
Subject: firewall: ipsets.js: validate set names

Ensure that user supplied set name values conform to the nftables identifier
syntax constraints.

Fixes: #6633
Fixes: 0484343903 ("luci-app-firewall: implement IPsets GUI")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
---
 .../htdocs/luci-static/resources/view/firewall/ipsets.js            | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall')

diff --git a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/ipsets.js b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/ipsets.js
index c9f3e1131a..40d47cb2e4 100644
--- a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/ipsets.js
+++ b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/ipsets.js
@@ -41,6 +41,12 @@ return view.extend({
 			o = s.option(form.Value, 'name', _('Name'));
 			o.optional = false;
 			o.rmempty = false;
+			o.validate = function (section_id, value) {
+				if (!/^[a-zA-Z_.][a-zA-Z0-9\/_.-]*$/.test(value))
+					return _('Invalid set name');
+
+				return true;
+			};
 		} else {
 			o = s.option(form.Value, 'name', _('Name'));
 			o.depends({ external: '' });
-- 
cgit v1.2.3