aboutsummaryrefslogtreecommitdiffstats
path: root/config/suricata
diff options
context:
space:
mode:
authorbmeeks8 <bmeeks8@bellsouth.net>2014-02-21 14:44:36 -0500
committerbmeeks8 <bmeeks8@bellsouth.net>2014-02-21 14:44:36 -0500
commit4d68da5d12cc272337f38d338913f66a8c703898 (patch)
treec23bcff720e334f816714eb426ae82221cb05712 /config/suricata
parentf8f2d8493be025464627ba990133a542bd071700 (diff)
downloadpfsense-packages-4d68da5d12cc272337f38d338913f66a8c703898.tar.gz
pfsense-packages-4d68da5d12cc272337f38d338913f66a8c703898.tar.bz2
pfsense-packages-4d68da5d12cc272337f38d338913f66a8c703898.zip
Remove use of $_GET wherever possible for security.
Diffstat (limited to 'config/suricata')
-rw-r--r--config/suricata/suricata_interfaces.php6
-rw-r--r--config/suricata/suricata_interfaces_edit.php27
2 files changed, 14 insertions, 19 deletions
diff --git a/config/suricata/suricata_interfaces.php b/config/suricata/suricata_interfaces.php
index 26ccada3..364abe62 100644
--- a/config/suricata/suricata_interfaces.php
+++ b/config/suricata/suricata_interfaces.php
@@ -449,6 +449,12 @@ if ($pfsense_stable == 'yes')
</form>
<script type="text/javascript">
+<script language="javascript" type="text/javascript">
+
+var initiator = '';
+$(document).ready(function() {
+ $(":submit").click(function() { initiator = this.value });
+});
function intf_del() {
var isSelected = false;
diff --git a/config/suricata/suricata_interfaces_edit.php b/config/suricata/suricata_interfaces_edit.php
index 74344072..b1e05f99 100644
--- a/config/suricata/suricata_interfaces_edit.php
+++ b/config/suricata/suricata_interfaces_edit.php
@@ -40,8 +40,9 @@ if (!is_array($config['installedpackages']['suricata']['rule']))
$config['installedpackages']['suricata']['rule'] = array();
$a_rule = &$config['installedpackages']['suricata']['rule'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if ($_GET['id'] && is_numeric($_POST['id']));
+ $id = htmlspecialchars($_GET['id'], ENT_QUOTES | ENT_HTML401);
+if ($_POST['id'] && is_numeric($_POST['id']))
$id = $_POST['id'];
if (is_null($id)) {
header("Location: /suricata/suricata_interfaces.php");
@@ -62,13 +63,7 @@ else {
$suricata_uuid = $pconfig['uuid'];
// Get the physical configured interfaces on the firewall
-if (function_exists('get_configured_interface_with_descr'))
- $interfaces = get_configured_interface_with_descr();
-else {
- $interfaces = array('wan' => 'WAN', 'lan' => 'LAN');
- for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++)
- $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
-}
+$interfaces = get_configured_interface_with_descr();
// See if interface is already configured, and use its values
if (isset($id) && $a_rule[$id]) {
@@ -97,9 +92,6 @@ elseif (isset($id) && !isset($a_rule[$id])) {
}
}
-if (isset($_GET['dup']))
- unset($id);
-
// Set defaults for any empty key parameters
if (empty($pconfig['blockoffendersip']))
$pconfig['blockoffendersip'] = "both";
@@ -374,7 +366,7 @@ include_once("head.inc");
<?php endforeach; ?>
</select>&nbsp;&nbsp;
<span class="vexpl"><?php echo gettext("Choose which interface this Suricata instance applies to."); ?><br/>
- <span class="red"><?php echo gettext("Hint:"); ?></span>&nbsp;<?php echo gettext("In most cases, you'll want to use WAN here."); ?></span><br/></td>
+ <span class="red"><?php echo gettext("Hint:"); ?></span>&nbsp;<?php echo gettext("In most cases, you'll want to use WAN here if this is the first Suricata-configured interface."); ?></span><br/></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncellreq"><?php echo gettext("Description"); ?></td>
@@ -390,7 +382,6 @@ include_once("head.inc");
<td width="78%" class="vtable"><input name="alertsystemlog" type="checkbox" value="on" <?php if ($pconfig['alertsystemlog'] == "on") echo "checked"; ?>/>
<?php echo gettext("Suricata will send Alerts to the firewall's system log."); ?></td>
</tr>
-
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable Stats Log"); ?></td>
<td width="78%" class="vtable"><input name="enable_stats_log" type="checkbox" value="on" <?php if ($pconfig['enable_stats_log'] == "on") echo "checked"; ?>
@@ -466,8 +457,6 @@ include_once("head.inc");
gettext("This will consume a significant amount of disk space on a busy network when enabled!"); ?></div>
</td>
</tr>
-
-
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable Packet Log"); ?></td>
<td width="78%" class="vtable"><input name="enable_pcap_log" id="enable_pcap_log" type="checkbox" value="on" <?php if ($pconfig['enable_pcap_log'] == "on") echo "checked"; ?>
@@ -484,7 +473,6 @@ include_once("head.inc");
<?php echo gettext("Enter maximum size in ") . "<strong>" . gettext("MB") . "</strong>" . gettext(" for a packet log file. Default is ") . "<strong>" .
gettext("32") . "</strong>."; ?><br/><br/><?php echo gettext("When the packet log file size reaches the set limit, it will be rotated and a new one created.") ?></td>
</tr>
- </tr>
<tr id="pcap_log_max_row">
<td width="22%" valign="top" class="vncell"><?php echo gettext("Max Packet Log Files"); ?></td>
<td width="78%" class="vtable"><input name="max_pcap_log_files" type="text"
@@ -493,7 +481,7 @@ include_once("head.inc");
gettext("1000") . "</strong>."; ?><br/><br/><?php echo gettext("When the number of packet log files reaches the set limit, the oldest file will be overwritten.") ?></td>
</tr>
-<!--
+<!-- ### Blocking not yet enabled, so hide the controls ###
<tr>
<td colspan="2" class="listtopic"><?php echo gettext("Alert Settings"); ?></td>
</tr>
@@ -529,6 +517,7 @@ include_once("head.inc");
<span class="red"><?php echo gettext("Hint:") . "</span>&nbsp;" . gettext("Choosing BOTH is suggested, and it is the default value."); ?></span><br/></td>
</td>
</tr>
+ ### End of Blocking controls ###
-->
<tr>
@@ -897,7 +886,7 @@ function viewList(id, elemID, elemType) {
}
enable_change(false);
-enable_blockoffenders();
+//enable_blockoffenders();
toggle_stats_log();
toggle_http_log();
toggle_tls_log();