aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort/snort_frag3_engine.php
diff options
context:
space:
mode:
Diffstat (limited to 'config/snort/snort_frag3_engine.php')
-rw-r--r--config/snort/snort_frag3_engine.php21
1 files changed, 12 insertions, 9 deletions
diff --git a/config/snort/snort_frag3_engine.php b/config/snort/snort_frag3_engine.php
index 89a21dc8..a4c8cb53 100644
--- a/config/snort/snort_frag3_engine.php
+++ b/config/snort/snort_frag3_engine.php
@@ -1,7 +1,7 @@
<?php
/*
* snort_frag3_engine.php
- * Copyright (C) 2013 Bill Meeks
+ * Copyright (C) 2013-2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -34,12 +34,15 @@ global $g;
$snortdir = SNORTDIR;
// Grab the incoming QUERY STRING or POST variables
-$id = $_GET['id'];
-$eng_id = $_GET['eng_id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
-if (isset($_POST['eng_id']))
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
+if (isset($_POST['eng_id']) && isset($_POST['eng_id']))
$eng_id = $_POST['eng_id'];
+elseif (isset($_GET['eng_id']) && is_numericint($_GET['eng_id']))
+ $eng_id = htmlspecialchars($_GET['eng_id']);
if (is_null($id)) {
header("Location: /snort/snort_interfaces.php");
@@ -90,10 +93,10 @@ if ($_POST['Cancel']) {
// Check for returned "selected alias" if action is import
if ($_GET['act'] == "import") {
if ($_GET['varname'] == "bind_to" && !empty($_GET['varvalue']))
- $pconfig[$_GET['varname']] = $_GET['varvalue'];
+ $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']);
}
-if ($_POST['Submit']) {
+if ($_POST['save']) {
/* Grab all the POST values and save in new temp array */
$engine = array();
@@ -189,7 +192,7 @@ if ($_POST['Submit']) {
}
}
-$if_friendly = snort_get_friendly_interface($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
+$if_friendly = convert_friendly_interface_to_friendly_descr($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} Frag3 Preprocessor Engine");
include_once("head.inc");
@@ -324,7 +327,7 @@ if ($savemsg)
<tr>
<td width="22%" valign="bottom">&nbsp;</td>
<td width="78%" valign="bottom">
- <input name="Submit" id="submit" type="submit" class="formbtn" value=" Save " title="<?php echo
+ <input name="save" id="save" type="submit" class="formbtn" value=" Save " title="<?php echo
gettext("Save Frag3 engine settings and return to Preprocessors tab"); ?>">
&nbsp;&nbsp;&nbsp;&nbsp;
<input name="Cancel" id="cancel" type="submit" class="formbtn" value="Cancel" title="<?php echo