diff options
| author | bmeeks8 <bmeeks8@bellsouth.net> | 2014-04-02 15:24:03 -0400 |
|---|---|---|
| committer | Ermal <ermal.luci@gmail.com> | 2014-04-08 08:47:28 +0000 |
| commit | c88494af6b8a845218030028fd424f7eb048cd69 (patch) | |
| tree | 9eb0568e0d77133337fd9539d96f8c6b3dfed91b /config/snort/snort_stream5_engine.php | |
| parent | ba7b699353bb0d97ba221975bd80ba42cd11db2e (diff) | |
| download | pfsense-packages-c88494af6b8a845218030028fd424f7eb048cd69.tar.gz pfsense-packages-c88494af6b8a845218030028fd424f7eb048cd69.tar.bz2 pfsense-packages-c88494af6b8a845218030028fd424f7eb048cd69.zip | |
Use $_POST for config changes and add misc fixes and improvements.
Diffstat (limited to 'config/snort/snort_stream5_engine.php')
| -rw-r--r-- | config/snort/snort_stream5_engine.php | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/config/snort/snort_stream5_engine.php b/config/snort/snort_stream5_engine.php index b3d81f37..9a91e0d6 100644 --- a/config/snort/snort_stream5_engine.php +++ b/config/snort/snort_stream5_engine.php @@ -1,7 +1,7 @@ <?php /* * snort_stream5_engine.php - * Copyright (C) 2013 Bill Meeks + * Copyright (C) 2013, 2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -36,14 +36,16 @@ $snortdir = SNORTDIR; /* Retrieve required array index values from QUERY string if available. */ /* 'id' is the [rule] array index, and 'eng_id' is the index for the */ /* stream5_tcp_engine's [item] array. */ -$id = $_GET['id']; -$eng_id = $_GET['eng_id']; - /* See if values are in our form's POST content */ -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; -if (isset($_POST['eng_id'])) +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + +if (isset($_POST['eng_id']) && isset($_POST['eng_id'])) $eng_id = $_POST['eng_id']; +elseif (isset($_GET['eng_id']) && is_numericint($_GET['eng_id'])) + $eng_id = htmlspecialchars($_GET['eng_id']); /* If we don't have a [rule] index specified, exit */ if (is_null($id)) { @@ -131,7 +133,7 @@ if ($_GET['act'] == "import") { session_start(); if (($_GET['varname'] == "bind_to" || $_GET['varname'] == "ports_client" || $_GET['varname'] == "ports_both" || $_GET['varname'] == "ports_server") && !empty($_GET['varvalue'])) { - $pconfig[$_GET['varname']] = $_GET['varvalue']; + $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']); if(!isset($_SESSION['stream5_client_import'])) $_SESSION['stream5_client_import'] = array(); @@ -165,7 +167,7 @@ if ($_GET['act'] == "import") { } } -if ($_POST['Submit']) { +if ($_POST['save']) { // Clear and close out any session variable we created session_start(); unset($_SESSION['org_referer']); @@ -333,7 +335,7 @@ if ($_POST['Submit']) { } } -$if_friendly = snort_get_friendly_interface($config['installedpackages']['snortglobal']['rule'][$id]['interface']); +$if_friendly = convert_friendly_interface_to_friendly_descr($config['installedpackages']['snortglobal']['rule'][$id]['interface']); $pgtitle = gettext("Snort: Interface {$if_friendly} - Stream5 Preprocessor TCP Engine"); include_once("head.inc"); @@ -586,7 +588,7 @@ if ($savemsg) <tr> <td width="22%" valign="bottom"> </td> <td width="78%" valign="bottom"> - <input name="Submit" id="submit" type="submit" class="formbtn" value=" Save " title="<?php echo + <input name="save" id="save" type="submit" class="formbtn" value=" Save " title="<?php echo gettext("Save Stream5 engine settings and return to Preprocessors tab"); ?>"> <input name="Cancel" id="cancel" type="submit" class="formbtn" value="Cancel" title="<?php echo |