diff options
| author | bmeeks8 <bmeeks8@bellsouth.net> | 2014-04-02 15:24:03 -0400 |
|---|---|---|
| committer | Ermal <ermal.luci@gmail.com> | 2014-04-08 08:47:28 +0000 |
| commit | c88494af6b8a845218030028fd424f7eb048cd69 (patch) | |
| tree | 9eb0568e0d77133337fd9539d96f8c6b3dfed91b /config/snort/snort_list_view.php | |
| parent | ba7b699353bb0d97ba221975bd80ba42cd11db2e (diff) | |
| download | pfsense-packages-c88494af6b8a845218030028fd424f7eb048cd69.tar.gz pfsense-packages-c88494af6b8a845218030028fd424f7eb048cd69.tar.bz2 pfsense-packages-c88494af6b8a845218030028fd424f7eb048cd69.zip | |
Use $_POST for config changes and add misc fixes and improvements.
Diffstat (limited to 'config/snort/snort_list_view.php')
| -rw-r--r-- | config/snort/snort_list_view.php | 28 |
1 files changed, 15 insertions, 13 deletions
diff --git a/config/snort/snort_list_view.php b/config/snort/snort_list_view.php index 856367ef..8c3d0134 100644 --- a/config/snort/snort_list_view.php +++ b/config/snort/snort_list_view.php @@ -4,6 +4,7 @@ * * Copyright (C) 2004, 2005 Scott Ullrich * Copyright (C) 2011 Ermal Luci + * Copyright (C) 2014 Bill Meeks * All rights reserved. * * Adapted for FreeNAS by Volker Theile (votdev@gmx.de) @@ -41,23 +42,29 @@ global $g, $config; $contents = ''; -$id = $_GET['id']; -$wlist = $_GET['wlist']; -$type = $_GET['type']; +if (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + +$wlist = htmlspecialchars($_GET['wlist']); +$type = htmlspecialchars($_GET['type']); +$title = "List"; if (isset($id) && isset($wlist)) { $a_rule = $config['installedpackages']['snortglobal']['rule'][$id]; if ($type == "homenet") { $list = snort_build_list($a_rule, $wlist); $contents = implode("\n", $list); + $title = "HOME_NET"; } - elseif ($type == "whitelist") { + elseif ($type == "passlist") { $list = snort_build_list($a_rule, $wlist, true); $contents = implode("\n", $list); + $title = "Pass List"; } elseif ($type == "suppress") { $list = snort_find_list($wlist, $type); $contents = str_replace("\r", "", base64_decode($list['suppresspassthru'])); + $title = "Suppress List"; } else $contents = gettext("\n\nERROR -- Requested List Type entity is not valid!"); @@ -65,35 +72,32 @@ if (isset($id) && isset($wlist)) { else $contents = gettext("\n\nERROR -- Supplied interface or List entity is not valid!"); -$pgtitle = array(gettext("Snort"), gettext(ucfirst($type) . " Viewer")); +$pgtitle = array(gettext("Snort"), gettext($title . " Viewer")); ?> <?php include("head.inc");?> <body link="#000000" vlink="#000000" alink="#000000"> -<?php if ($savemsg) print_info_box($savemsg); ?> -<?php // include("fbegin.inc");?> -<form action="snort_whitelist_view.php" method="post"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td class="tabcont"> <table width="100%" cellpadding="0" cellspacing="6" bgcolor="#eeeeee"> <tr> - <td class="pgtitle" colspan="2">Snort: <?php echo gettext(ucfirst($type) . " Viewer"); ?></td> + <td class="pgtitle" colspan="2">Snort: <?php echo gettext($title . " Viewer"); ?></td> </tr> <tr> <td align="left" width="20%"> <input type="button" class="formbtn" value="Return" onclick="window.close()"> </td> <td align="right"> - <b><?php echo gettext(ucfirst($type) . ": ") . '</b> ' . $_GET['wlist']; ?> + <b><?php echo gettext($title . ": ") . '</b> ' . htmlspecialchars($_GET['wlist']); ?> </td> </tr> <tr> <td colspan="2" valign="top" class="label"> <div style="background: #eeeeee; width:100%; height:100%;" id="textareaitem"><!-- NOTE: The opening *and* the closing textarea tag must be on the same line. --> - <textarea style="width:100%; height:100%;" readonly wrap="off" rows="25" cols="80" name="code2"><?=$contents;?></textarea> + <textarea style="width:100%; height:100%;" readonly wrap="off" rows="25" cols="80" name="code2"><?=htmlspecialchars($contents);?></textarea> </div> </td> </tr> @@ -101,7 +105,5 @@ $pgtitle = array(gettext("Snort"), gettext(ucfirst($type) . " Viewer")); </td> </tr> </table> -</form> -<?php // include("fend.inc");?> </body> </html> |