diff options
author | bmeeks8 <bmeeks8@bellsouth.net> | 2014-04-02 15:24:03 -0400 |
---|---|---|
committer | Ermal <ermal.luci@gmail.com> | 2014-04-08 08:47:28 +0000 |
commit | c88494af6b8a845218030028fd424f7eb048cd69 (patch) | |
tree | 9eb0568e0d77133337fd9539d96f8c6b3dfed91b /config/snort/snort_select_alias.php | |
parent | ba7b699353bb0d97ba221975bd80ba42cd11db2e (diff) | |
download | pfsense-packages-c88494af6b8a845218030028fd424f7eb048cd69.tar.gz pfsense-packages-c88494af6b8a845218030028fd424f7eb048cd69.tar.bz2 pfsense-packages-c88494af6b8a845218030028fd424f7eb048cd69.zip |
Use $_POST for config changes and add misc fixes and improvements.
Diffstat (limited to 'config/snort/snort_select_alias.php')
-rw-r--r-- | config/snort/snort_select_alias.php | 31 |
1 files changed, 19 insertions, 12 deletions
diff --git a/config/snort/snort_select_alias.php b/config/snort/snort_select_alias.php index c5c6347e..c632b388 100644 --- a/config/snort/snort_select_alias.php +++ b/config/snort/snort_select_alias.php @@ -2,7 +2,7 @@ /* $Id$ */ /* snort_select_alias.php - Copyright (C) 2013 Bill Meeks + Copyright (C) 2013, 2014 Bill Meeks All rights reserved. Redistribution and use in source and binary forms, with or without @@ -42,22 +42,29 @@ require_once("/usr/local/pkg/snort/snort.inc"); // overwrite it on subsequent POST-BACKs to this page. if (!isset($_POST['org_querystr'])) $querystr = $_SERVER['QUERY_STRING']; +else + $querystr = $_POST['org_querystr']; // Retrieve any passed QUERY STRING or POST variables -$type = $_GET['type']; -$varname = $_GET['varname']; -$multi_ip = $_GET['multi_ip']; -$referrer = urldecode($_GET['returl']); if (isset($_POST['type'])) $type = $_POST['type']; +elseif (isset($_GET['type'])) + $type = htmlspecialchars($_GET['type']); + if (isset($_POST['varname'])) $varname = $_POST['varname']; +elseif (isset($_GET['varname'])) + $varname = htmlspecialchars($_GET['varname']); + if (isset($_POST['multi_ip'])) $multi_ip = $_POST['multi_ip']; +elseif (isset($_GET['multi_ip'])) + $multi_ip = htmlspecialchars($_GET['multi_ip']); + if (isset($_POST['returl'])) $referrer = urldecode($_POST['returl']); -if (isset($_POST['org_querystr'])) - $querystr = $_POST['org_querystr']; +elseif (isset($_GET['returl'])) + $referrer = urldecode($_GET['returl']); // Make sure we have a valid VARIABLE name // and ALIAS TYPE, or else bail out. @@ -122,11 +129,11 @@ include("head.inc"); <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> <form action="snort_select_alias.php" method="post"> -<input type="hidden" name="varname" value="<?=$varname;?>"> -<input type="hidden" name="type" value="<?=$type;?>"> -<input type="hidden" name="multi_ip" value="<?=$multi_ip;?>"> -<input type="hidden" name="returl" value="<?=$referrer;?>"> -<input type="hidden" name="org_querystr" value="<?=$querystr;?>"> +<input type="hidden" name="varname" value="<?=$varname;?>"/> +<input type="hidden" name="type" value="<?=$type;?>"/> +<input type="hidden" name="multi_ip" value="<?=$multi_ip;?>"/> +<input type="hidden" name="returl" value="<?=$referrer;?>"/> +<input type="hidden" name="org_querystr" value="<?=$querystr;?>"/> <?php if ($input_errors) print_input_errors($input_errors); ?> <div id="boxarea"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> |