diff options
-rw-r--r-- | config/snort/snort_frag3_engine.php | 13 | ||||
-rw-r--r-- | config/snort/snort_ftp_client_engine.php | 17 | ||||
-rw-r--r-- | config/snort/snort_ftp_server_engine.php | 13 | ||||
-rw-r--r-- | config/snort/snort_httpinspect_engine.php | 15 | ||||
-rw-r--r-- | config/snort/snort_interfaces_whitelist_edit.php | 2 | ||||
-rwxr-xr-x | config/snort/snort_preprocessors.php | 3 | ||||
-rw-r--r-- | config/snort/snort_select_alias.php | 47 | ||||
-rw-r--r-- | config/snort/snort_stream5_engine.php | 19 |
8 files changed, 37 insertions, 92 deletions
diff --git a/config/snort/snort_frag3_engine.php b/config/snort/snort_frag3_engine.php index f344771b..89a21dc8 100644 --- a/config/snort/snort_frag3_engine.php +++ b/config/snort/snort_frag3_engine.php @@ -1,16 +1,7 @@ <?php /* * snort_frag3_engine.php - * Copyright (C) 2004 Scott Ullrich - * Copyright (C) 2011-2012 Ermal Luci - * All rights reserved. - * - * originially part of m0n0wall (http://m0n0.ch/wall) - * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - * All rights reserved. - * - * modified for the pfsense snort package - * Copyright (C) 2009-2010 Robert Zelaya. + * Copyright (C) 2013 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -246,7 +237,7 @@ if ($savemsg) <td class="vexpl"><input name="frag3_bind_to" type="text" class="formfldalias" id="frag3_bind_to" size="32" value="<?=htmlspecialchars($pconfig['bind_to']);?>" title="<?=trim(filter_expand_alias($pconfig['bind_to']));?>" autocomplete="off"> <?php echo gettext("IP List to bind this engine to. (Cannot be blank)"); ?></td> - <td class="vexpl" align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=host|network&varname=bind_to&act=import&multi_ip=yes'" + <td class="vexpl" align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=host|network&varname=bind_to&act=import&multi_ip=yes&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'" title="<?php echo gettext("Select an existing IP alias");?>"/></td> </tr> <tr> diff --git a/config/snort/snort_ftp_client_engine.php b/config/snort/snort_ftp_client_engine.php index a9f5e82b..b039df5b 100644 --- a/config/snort/snort_ftp_client_engine.php +++ b/config/snort/snort_ftp_client_engine.php @@ -1,16 +1,7 @@ <?php /* * snort_ftp_client_engine.php - * Copyright (C) 2004 Scott Ullrich - * Copyright (C) 2011-2012 Ermal Luci - * All rights reserved. - * - * originially part of m0n0wall (http://m0n0.ch/wall) - * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - * All rights reserved. - * - * modified for the pfsense snort package - * Copyright (C) 2009-2010 Robert Zelaya. + * Copyright (C) 2013 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -277,7 +268,7 @@ if ($savemsg) <td class="vexpl"><input name="ftp_bind_to" type="text" class="formfldalias" id="ftp_bind_to" size="32" value="<?=htmlspecialchars($pconfig['bind_to']);?>" title="<?=trim(filter_expand_alias($pconfig['bind_to']));?>" autocomplete="off" > <?php echo gettext("IP List to bind this engine to. (Cannot be blank)"); ?></td> - <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=host|network&varname=bind_to&act=import'" + <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=host|network&varname=bind_to&act=import&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'" title="<?php echo gettext("Select an existing IP alias");?>"/></td> </tr> <tr> @@ -337,7 +328,7 @@ if ($savemsg) value="<?=htmlspecialchars($pconfig['bounce_to_net']);?>" title="<?=trim(filter_expand_alias($pconfig['bounce_to_net']));?>" autocomplete="off"><span class="vexpl"> <?php echo gettext("Default is ") . "<strong>" . gettext("blank") . "</strong>.";?></span> </td> - <td class="vexpl"> <input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=host|network&varname=bounce_to_net&act=import'" + <td class="vexpl"> <input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=host|network&varname=bounce_to_net&act=import&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'" title="<?php echo gettext("Select an existing IP alias");?>"/> </td> </tr> @@ -347,7 +338,7 @@ if ($savemsg) value="<?=htmlspecialchars($pconfig['bounce_to_port']);?>" title="<?=trim(filter_expand_alias($pconfig['bounce_to_port']));?>" autocomplete="off"><span class="vexpl"> <?php echo gettext("Default is ") . "<strong>" . gettext("blank") . "</strong>.";?></span> </td> - <td class="vexpl"> <input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=port&varname=bounce_to_port&act=import'" + <td class="vexpl"> <input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=port&varname=bounce_to_port&act=import&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'" title="<?php echo gettext("Select an existing port alias");?>"/> </td> </tr> diff --git a/config/snort/snort_ftp_server_engine.php b/config/snort/snort_ftp_server_engine.php index 8f462ca9..e70033e7 100644 --- a/config/snort/snort_ftp_server_engine.php +++ b/config/snort/snort_ftp_server_engine.php @@ -1,16 +1,7 @@ <?php /* * snort_ftp_server_engine.php - * Copyright (C) 2004 Scott Ullrich - * Copyright (C) 2011-2012 Ermal Luci - * All rights reserved. - * - * originially part of m0n0wall (http://m0n0.ch/wall) - * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - * All rights reserved. - * - * modified for the pfsense snort package - * Copyright (C) 2009-2010 Robert Zelaya. + * Copyright (C) 2013 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -248,7 +239,7 @@ if ($savemsg) <td class="vexpl"><input name="ftp_bind_to" type="text" class="formfldalias" id="ftp_bind_to" size="32" value="<?=htmlspecialchars($pconfig['bind_to']);?>" title="<?=trim(filter_expand_alias($pconfig['bind_to']));?>" autocomplete="off"> <?php echo gettext("IP List to bind this engine to. (Cannot be blank)"); ?></td> - <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=host|network&varname=bind_to&act=import'" + <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=host|network&varname=bind_to&act=import&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'" title="<?php echo gettext("Select an existing IP alias");?>"/></td> </tr> <tr> diff --git a/config/snort/snort_httpinspect_engine.php b/config/snort/snort_httpinspect_engine.php index 58488f2d..94d3364f 100644 --- a/config/snort/snort_httpinspect_engine.php +++ b/config/snort/snort_httpinspect_engine.php @@ -1,16 +1,7 @@ <?php /* * snort_httpinspect_engine.php - * Copyright (C) 2004 Scott Ullrich - * Copyright (C) 2011-2012 Ermal Luci - * All rights reserved. - * - * originially part of m0n0wall (http://m0n0.ch/wall) - * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - * All rights reserved. - * - * modified for the pfsense snort package - * Copyright (C) 2009-2010 Robert Zelaya. + * Copyright (C) 2013 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -357,7 +348,7 @@ if ($savemsg) <td class="vexpl"><input name="httpinspect_bind_to" type="text" class="formfldalias" id="httpinspect_bind_to" size="32" value="<?=htmlspecialchars($pconfig['bind_to']);?>" title="<?=trim(filter_expand_alias($pconfig['bind_to']));?>" autocomplete="off"> <?php echo gettext("IP List to bind this engine to. (Cannot be blank)"); ?></td> - <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=host|network&varname=bind_to&act=import&multi_ip=yes'" + <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=host|network&varname=bind_to&act=import&multi_ip=yes&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'" title="<?php echo gettext("Select an existing IP alias");?>"/></td> </tr> <tr> @@ -381,7 +372,7 @@ if ($savemsg) <td class="vexpl"><input name="httpinspect_ports" type="text" class="formfldalias" id="httpinspect_ports" size="25" value="<?=htmlspecialchars($pconfig['ports']);?>" title="<?=trim(filter_expand_alias($pconfig['ports']));?>"> <?php echo gettext("Specifiy which ports to check for HTTP data.");?></td> - <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=port&varname=ports&act=import'" + <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=port&varname=ports&act=import&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'" title="<?php echo gettext("Select an existing port alias");?>"/></td> </tr> <tr> diff --git a/config/snort/snort_interfaces_whitelist_edit.php b/config/snort/snort_interfaces_whitelist_edit.php index 9fb97be1..cbc31378 100644 --- a/config/snort/snort_interfaces_whitelist_edit.php +++ b/config/snort/snort_interfaces_whitelist_edit.php @@ -274,7 +274,7 @@ if ($savemsg) <td width="78%" class="vtable"> <input autocomplete="off" name="address" type="text" class="formfldalias" id="address" size="30" value="<?=htmlspecialchars($pconfig['address']);?>" title="<?=trim(filter_expand_alias($pconfig['address']));?>" /> - <input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=0&type=host|network&varname=address&act=import&multi_ip=yes'" + <input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=0&type=host|network&varname=address&act=import&multi_ip=yes&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'" title="<?php echo gettext("Select an existing IP alias");?>"/> </td> </tr> diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php index 468d1c14..289a3941 100755 --- a/config/snort/snort_preprocessors.php +++ b/config/snort/snort_preprocessors.php @@ -6,6 +6,7 @@ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. * Copyright (C) 2008-2009 Robert Zelaya. * Copyright (C) 2011-2012 Ermal Luci + * Copyright (C) 2013 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -1223,7 +1224,7 @@ include_once("head.inc"); value="<?=$pconfig['pscan_ignore_scanners'];?>" title="<?=trim(filter_expand_alias($pconfig['pscan_ignore_scanners']));?>"> <?php echo gettext("Leave blank for default. ") . gettext("Default value is ") . "<strong>" . gettext("\$HOME_NET") . "</strong>"; ?>.</td> <td class="vexpl" align="right"> - <input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&type=host|network&varname=pscan_ignore_scanners&act=import&multi_ip=yes'" + <input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&type=host|network&varname=pscan_ignore_scanners&act=import&multi_ip=yes&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'" title="<?php echo gettext("Select an existing IP alias");?>"/></td> </tr> <tr> diff --git a/config/snort/snort_select_alias.php b/config/snort/snort_select_alias.php index bd0a02e2..c5c6347e 100644 --- a/config/snort/snort_select_alias.php +++ b/config/snort/snort_select_alias.php @@ -2,11 +2,7 @@ /* $Id$ */ /* snort_select_alias.php - Copyright (C) 2004 Scott Ullrich - All rights reserved. - - originially part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + Copyright (C) 2013 Bill Meeks All rights reserved. Redistribution and use in source and binary forms, with or without @@ -35,38 +31,37 @@ require("guiconfig.inc"); require_once("functions.inc"); require_once("/usr/local/pkg/snort/snort.inc"); -// Set who called us so we can return to the correct page with -// the RETURN button. We will just trust this User-Agent supplied -// string for now. Check and make sure we don't store this page -// as the referrer so we don't stick the user in a loop. -session_start(); -if(!isset($_SESSION['org_referer']) && strpos($_SERVER['HTTP_REFERER'], $SERVER['PHP_SELF']) === false) - $_SESSION['org_referer'] = substr($_SERVER['HTTP_REFERER'], 0, strpos($_SERVER['HTTP_REFERER'], "?")); -$referrer = $_SESSION['org_referer']; +// Need to keep track of who called us so we can return to the correct page +// when the SAVE button is clicked. On initial entry, a GET variable is +// passed with the referrer's URL encoded within. That value is saved and +// used when SAVE or CANCEL is clicked to return to the referring page. +// -// Get the QUERY_STRING from our referrer so we can return it. -if(!isset($_SESSION['org_querystr'])) - $_SESSION['org_querystr'] = $_SERVER['QUERY_STRING']; -$querystr = $_SESSION['org_querystr']; +// Retrieve the QUERY STRING of the original referrer so we can return it. +// On the initial pass, we will save it in a hidden POST field so we won't +// overwrite it on subsequent POST-BACKs to this page. +if (!isset($_POST['org_querystr'])) + $querystr = $_SERVER['QUERY_STRING']; // Retrieve any passed QUERY STRING or POST variables $type = $_GET['type']; $varname = $_GET['varname']; $multi_ip = $_GET['multi_ip']; +$referrer = urldecode($_GET['returl']); if (isset($_POST['type'])) $type = $_POST['type']; if (isset($_POST['varname'])) $varname = $_POST['varname']; if (isset($_POST['multi_ip'])) $multi_ip = $_POST['multi_ip']; +if (isset($_POST['returl'])) + $referrer = urldecode($_POST['returl']); +if (isset($_POST['org_querystr'])) + $querystr = $_POST['org_querystr']; // Make sure we have a valid VARIABLE name // and ALIAS TYPE, or else bail out. if (is_null($type) || is_null($varname)) { - session_start(); - unset($_SESSION['org_referer']); - unset($_SESSION['org_querystr']); - session_write_close(); header("Location: http://{$referrer}?{$querystr}"); exit; } @@ -103,10 +98,6 @@ switch (count($a_types)) { } if ($_POST['cancel']) { - session_start(); - unset($_SESSION['org_referer']); - unset($_SESSION['org_querystr']); - session_write_close(); header("Location: {$referrer}?{$querystr}"); exit; } @@ -118,10 +109,6 @@ if ($_POST['save']) { // if no errors, write new entry to conf if (!$input_errors) { $selection = $_POST['alias']; - session_start(); - unset($_SESSION['org_referer']); - unset($_SESSION['org_querystr']); - session_write_close(); header("Location: {$referrer}?{$querystr}&varvalue={$selection}"); exit; } @@ -138,6 +125,8 @@ include("head.inc"); <input type="hidden" name="varname" value="<?=$varname;?>"> <input type="hidden" name="type" value="<?=$type;?>"> <input type="hidden" name="multi_ip" value="<?=$multi_ip;?>"> +<input type="hidden" name="returl" value="<?=$referrer;?>"> +<input type="hidden" name="org_querystr" value="<?=$querystr;?>"> <?php if ($input_errors) print_input_errors($input_errors); ?> <div id="boxarea"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> diff --git a/config/snort/snort_stream5_engine.php b/config/snort/snort_stream5_engine.php index 33fade40..b3d81f37 100644 --- a/config/snort/snort_stream5_engine.php +++ b/config/snort/snort_stream5_engine.php @@ -1,16 +1,7 @@ <?php /* * snort_stream5_engine.php - * Copyright (C) 2004 Scott Ullrich - * Copyright (C) 2011-2012 Ermal Luci - * All rights reserved. - * - * originially part of m0n0wall (http://m0n0.ch/wall) - * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - * All rights reserved. - * - * modified for the pfsense snort package - * Copyright (C) 2009-2010 Robert Zelaya. + * Copyright (C) 2013 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -390,7 +381,7 @@ if ($savemsg) <td class="vexpl"><input name="stream5_bind_to" type="text" class="formfldalias" id="stream5_bind_to" size="32" value="<?=htmlspecialchars($pconfig['bind_to']);?>" title="<?=trim(filter_expand_alias($pconfig['bind_to']));?>" autocomplete="off"> <?php echo gettext("IP address or network to bind this engine to."); ?></td> - <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=host|network&varname=bind_to&act=import&multi_ip=no'" + <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=host|network&varname=bind_to&act=import&multi_ip=no&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'" title="<?php echo gettext("Select an existing IP alias");?>"/></td> </tr> <tr> @@ -435,7 +426,7 @@ if ($savemsg) value="<?=htmlspecialchars($pconfig['ports_client']);?>" title="<?=trim(filter_expand_alias($pconfig['ports_client']));?>" autocomplete="off"><span class="vexpl"> <?php echo gettext("Default value is the keyword ") . "<strong>" . gettext("default") . "</strong>.";?></span> </td> - <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=port&varname=ports_client&act=import'" + <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=port&varname=ports_client&act=import&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'" title="<?php echo gettext("Select an existing port alias");?>"/> </td> </tr> @@ -445,7 +436,7 @@ if ($savemsg) value="<?=htmlspecialchars($pconfig['ports_server']);?>" title="<?=trim(filter_expand_alias($pconfig['ports_server']));?>" autocomplete="off"><span class="vexpl"> <?php echo gettext("Default value is the keyword ") . "<strong>" . gettext("none") . "</strong>.";?></span> </td> - <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=port&varname=ports_server&act=import'" + <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=port&varname=ports_server&act=import&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'" title="<?php echo gettext("Select an existing port alias");?>"/> </td> </tr> @@ -455,7 +446,7 @@ if ($savemsg) value="<?=htmlspecialchars($pconfig['ports_both']);?>" title="<?=trim(filter_expand_alias($pconfig['ports_both']));?>" autocomplete="off"><span class="vexpl"> <?php echo gettext("Default value is the keyword ") . "<strong>" . gettext("default") . "</strong>.";?></span> </td> - <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=port&varname=ports_both&act=import'" + <td align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=port&varname=ports_both&act=import&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'" title="<?php echo gettext("Select an existing port alias");?>"/> </td> </tr> |