aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xconfig/snort/snort_alerts.php19
1 files changed, 11 insertions, 8 deletions
diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php
index 3f3159a6..a22cf138 100755
--- a/config/snort/snort_alerts.php
+++ b/config/snort/snort_alerts.php
@@ -242,12 +242,15 @@ if ($_POST['save']) {
if (!is_array($config['installedpackages']['snortglobal']['alertsblocks']))
$config['installedpackages']['snortglobal']['alertsblocks'] = array();
$config['installedpackages']['snortglobal']['alertsblocks']['arefresh'] = $_POST['arefresh'] ? 'on' : 'off';
- $config['installedpackages']['snortglobal']['alertsblocks']['alertnumber'] = $_POST['alertnumber'];
- write_config("Snort pkg: updated ALERTS tab settings.");
-
- header("Location: /snort/snort_alerts.php?instance={$instanceid}");
- exit;
+ if (is_numeric($_POST['alertnumber'])) {
+ $config['installedpackages']['snortglobal']['alertsblocks']['alertnumber'] = $_POST['alertnumber'];
+ write_config("Snort pkg: updated ALERTS tab settings.");
+ header("Location: /snort/snort_alerts.php?instance={$instanceid}");
+ return;
+ } else {
+ $input_errors[] = "Alert number must be numeric";
+ }
}
if ($_POST['todelete']) {
@@ -582,12 +585,12 @@ if ($savemsg) {
</tr>
<?php if ($filterlogentries) : ?>
<tr>
- <td colspan="2" class="listtopic"><?php printf(gettext("Last %s Alert Entries"), $anentries); ?>&nbsp;&nbsp;
+ <td colspan="2" class="listtopic"><?php printf(gettext("Last %s Alert Entries"), htmlspecialchars($anentries)); ?>&nbsp;&nbsp;
<?php echo gettext("(Most recent listed first) ** FILTERED VIEW ** clear filter to see all entries"); ?></td>
</tr>
<?php else: ?>
<tr>
- <td colspan="2" class="listtopic"><?php printf(gettext("Last %s Alert Entries"), $anentries); ?>&nbsp;&nbsp;
+ <td colspan="2" class="listtopic"><?php printf(gettext("Last %s Alert Entries"), htmlspecialchars($anentries)); ?>&nbsp;&nbsp;
<?php echo gettext("(Most recent entries are listed first)"); ?></td>
</tr>
<?php endif; ?>
@@ -625,7 +628,7 @@ if ($savemsg) {
/* make sure alert file exists */
if (file_exists("{$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert")) {
- exec("tail -{$anentries} -r {$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert > {$g['tmp_path']}/alert_{$snort_uuid}");
+ exec("tail -n" . escapeshellarg($anentries) . " -r " . escapeshellarg("{$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert") . " > " . escapeshellarg("{$g['tmp_path']}/alert_{$snort_uuid}"));
if (file_exists("{$g['tmp_path']}/alert_{$snort_uuid}")) {
$tmpblocked = array_flip(snort_get_blocked_ips());
$counter = 0;