Fix/1549 firewall issue (hestiacp#1555)

* Fixed hestiacp#1549

* remove defer

Author: jaapmarcus

web/add/firewall/index.php

@@ -30,9 +30,7 @@
 $ipset_lists_json=json_encode($ipset_lists);
 
 // Check POST request
-if (!empty($_POST['ok'])) {
-
-    // Check token
+if (!empty($_POST['ok'])) {    // Check token
     if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
         header('location: /login/');
         exit();
@@ -41,7 +39,7 @@
     // Check empty fields
     if (empty($_POST['v_action'])) $errors[] = _('action');
     if (empty($_POST['v_protocol'])) $errors[] = _('protocol');
-    if (!isset($_POST['v_port'])) $errors[] = _('port');
+    if (empty($_POST['v_port']) && strlen($_POST['v_port']) == 0) $errors[] = _('port');
     if (empty($_POST['v_ip'])) $errors[] = _('ip address');
     if (!empty($errors[0])) {
         foreach ($errors as $i => $error) {

web/edit/firewall/index.php

@@ -66,34 +66,59 @@
         header('location: /login/');
         exit();
     }
-
-    $v_rule = escapeshellarg($_GET['rule']);
-    $v_action = escapeshellarg($_POST['v_action']);
-    $v_protocol = escapeshellarg($_POST['v_protocol']);
-    $v_port = str_replace(" ",",", $_POST['v_port']);
-    $v_port = preg_replace('/\,+/', ',', $v_port);
-    $v_port = trim($v_port, ",");
-    $v_port = escapeshellarg($v_port);
-    $v_ip = escapeshellarg($_POST['v_ip']);
-    $v_comment = escapeshellarg($_POST['v_comment']);
-
-    // Change Status
-    exec (HESTIA_CMD."v-change-firewall-rule ".$v_rule." ".$v_action." ".$v_ip."  ".$v_port." ".$v_protocol." ".$v_comment, $output, $return_var);
-    check_return_code($return_var,$output);
-    unset($output);
-
-    $v_rule = $_GET['v_rule'];
-    $v_action = $_POST['v_action'];
-    $v_protocol = $_POST['v_protocol'];
-    $v_port = str_replace(" ",",", $_POST['v_port']);
-    $v_port = preg_replace('/\,+/', ',', $v_port);
-    $v_port = trim($v_port, ",");
-    $v_ip = $_POST['v_ip'];
-    $v_comment = $_POST['v_comment'];
-
-    // Set success message
-    if (empty($_SESSION['error_msg'])) {
-        $_SESSION['ok_msg'] = _('Changes has been saved.');
+    // Check empty fields
+    if (empty($_POST['v_action'])) $errors[] = _('action');
+    if (empty($_POST['v_protocol'])) $errors[] = _('protocol');
+    if (empty($_POST['v_port']) && strlen($_POST['v_port']) == 0) $errors[] = _('port');
+    if (empty($_POST['v_ip'])) $errors[] = _('ip address');
+    if (!empty($errors[0])) {
+        foreach ($errors as $i => $error) {
+            if ( $i == 0 ) {
+                $error_msg = $error;
+            } else {
+                $error_msg = $error_msg.", ".$error;
+            }
+        }
+        $_SESSION['error_msg'] = sprintf(_('Field "%s" can not be blank.'),$error_msg);
+    }
+    if (!empty($_SESSION['error_msg'])) {
+        $v_rule = escapeshellarg($_GET['rule']);
+        $v_action = escapeshellarg($_POST['v_action']);
+        $v_protocol = escapeshellarg($_POST['v_protocol']);
+        $v_port = str_replace(" ",",", $_POST['v_port']);
+        $v_port = preg_replace('/\,+/', ',', $v_port);
+        $v_port = trim($v_port, ",");
+        $v_port = escapeshellarg($v_port);
+        $v_ip = escapeshellarg($_POST['v_ip']);
+        $v_comment = escapeshellarg($_POST['v_comment']);
+    
+        // Change Status
+        exec (HESTIA_CMD."v-change-firewall-rule ".$v_rule." ".$v_action." ".$v_ip."  ".$v_port." ".$v_protocol." ".$v_comment, $output, $return_var);
+        check_return_code($return_var,$output);
+        unset($output);
+    
+        $v_rule = $_GET['v_rule'];
+        $v_action = $_POST['v_action'];
+        $v_protocol = $_POST['v_protocol'];
+        $v_port = str_replace(" ",",", $_POST['v_port']);
+        $v_port = preg_replace('/\,+/', ',', $v_port);
+        $v_port = trim($v_port, ",");
+        $v_ip = $_POST['v_ip'];
+        $v_comment = $_POST['v_comment'];
+    
+        // Set success message
+        if (empty($_SESSION['error_msg'])) {
+            $_SESSION['ok_msg'] = _('Changes has been saved.');
+        }
+    }else{
+        $v_rule = $_GET['v_rule'];
+        $v_action = $_POST['v_action'];
+        $v_protocol = $_POST['v_protocol'];
+        $v_port = str_replace(" ",",", $_POST['v_port']);
+        $v_port = preg_replace('/\,+/', ',', $v_port);
+        $v_port = trim($v_port, ",");
+        $v_ip = $_POST['v_ip'];
+        $v_comment = $_POST['v_comment'];
     }
 }
 

web/templates/header.html

@@ -9,6 +9,7 @@
   <link type="text/css" href="/css/animate.min.css?<?=JS_LATEST_UPDATE?>" rel="stylesheet" />
   <link type="text/css" href="/css/jquery-custom-dialogs.css?<?=JS_LATEST_UPDATE?>" rel="stylesheet" />
   <link type="text/css" href="/css/all.min.css?<?=JS_LATEST_UPDATE?>" rel="stylesheet" />
+  <script type="text/javascript" src="/inc/jquery/jquery-3.5.1.min.js"></script> 
   <script>
     //
     //  GLOBAL SETTINGS

web/templates/scripts.html

@@ -1,4 +1,3 @@
-  <script type="text/javascript" src="/inc/jquery/jquery-3.5.1.min.js"></script> 
   <script type="text/javascript" src="/js/jquery/jquery-1.7.2.min.js?<?=JS_LATEST_UPDATE?>"></script>
   <script type="text/javascript" src="/js/jquery/jquery.cookie.js?<?=JS_LATEST_UPDATE?>"></script>
   <script type="text/javascript" src="/js/jquery/jquery-ui-1.8.20.custom.min.js?<?=JS_LATEST_UPDATE?>"></script>