diff options
author | Phil Davis <phil.davis@inf.org> | 2015-02-21 19:38:01 +0545 |
---|---|---|
committer | Phil Davis <phil.davis@inf.org> | 2015-02-21 19:38:01 +0545 |
commit | 93656e41097c250d9951000261effca93118e1bd (patch) | |
tree | d5ef335617e2dcf7817cb69b9005c3b61409e76f /config/snort | |
parent | 44b7ee6dec8c2b37e757af697262e9cecbf173fe (diff) | |
download | pfsense-packages-93656e41097c250d9951000261effca93118e1bd.tar.gz pfsense-packages-93656e41097c250d9951000261effca93118e1bd.tar.bz2 pfsense-packages-93656e41097c250d9951000261effca93118e1bd.zip |
Validate widget_snort_display_lines
Currently if you open the snort widget settings and just press "save" with a blank field, it sets the parameter to blank. Subsequently that causes problems trying to fetch the last "" number of alerts, and actually the little "tool" icon never reappears, so you cannot fix it from the dashboard.
1) Setting the number of entries to 0 seems silly, so limit it to a minimum of 1 alert.
2) If the user blanks the box, then unset widget_snort_display_lines to make sure things will always revert to the default.
3) Whatever else the user types in - "abc", "-999", "23xyz99" - try to interpret it as an int (with intval()), then do not let it be less than 1 (not negative or zero).
This forum entry made me touch it and "break" my widget also: https://forum.pfsense.org/index.php?topic=89161.0
Diffstat (limited to 'config/snort')
-rw-r--r-- | config/snort/snort_alerts.widget.php | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/config/snort/snort_alerts.widget.php b/config/snort/snort_alerts.widget.php index 552dab61..96c70562 100644 --- a/config/snort/snort_alerts.widget.php +++ b/config/snort/snort_alerts.widget.php @@ -46,7 +46,7 @@ $alertColClass = "listMRr"; /* check if Snort widget alert display lines value is set */ $snort_nentries = $config['widgets']['widget_snort_display_lines']; -if (!isset($snort_nentries) || $snort_nentries < 0) +if (!isset($snort_nentries) || $snort_nentries <= 0) $snort_nentries = 5; /* array sorting of the alerts */ @@ -95,7 +95,11 @@ if (isset($_GET['getNewAlerts'])) { // See if saving new display line count value if(isset($_POST['widget_snort_display_lines'])) { - $config['widgets']['widget_snort_display_lines'] = $_POST['widget_snort_display_lines']; + if($_POST['widget_snort_display_lines'] == "") { + unset($config['widgets']['widget_snort_display_lines']); + } else { + $config['widgets']['widget_snort_display_lines'] = max(intval($_POST['widget_snort_display_lines']), 1); + } write_config("Saved Snort Alerts Widget Displayed Lines Parameter via Dashboard"); header("Location: ../../index.php"); } |