diff options
Diffstat (limited to 'config/snort/snort_frag3_engine.php')
| -rw-r--r-- | config/snort/snort_frag3_engine.php | 23 |
1 files changed, 13 insertions, 10 deletions
diff --git a/config/snort/snort_frag3_engine.php b/config/snort/snort_frag3_engine.php index 89a21dc8..9489bf16 100644 --- a/config/snort/snort_frag3_engine.php +++ b/config/snort/snort_frag3_engine.php @@ -1,7 +1,7 @@ <?php /* * snort_frag3_engine.php - * Copyright (C) 2013 Bill Meeks + * Copyright (C) 2013-2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -34,12 +34,15 @@ global $g; $snortdir = SNORTDIR; // Grab the incoming QUERY STRING or POST variables -$id = $_GET['id']; -$eng_id = $_GET['eng_id']; -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; -if (isset($_POST['eng_id'])) +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + +if (isset($_POST['eng_id']) && isset($_POST['eng_id'])) $eng_id = $_POST['eng_id']; +elseif (isset($_GET['eng_id']) && is_numericint($_GET['eng_id'])) + $eng_id = htmlspecialchars($_GET['eng_id']); if (is_null($id)) { header("Location: /snort/snort_interfaces.php"); @@ -90,10 +93,10 @@ if ($_POST['Cancel']) { // Check for returned "selected alias" if action is import if ($_GET['act'] == "import") { if ($_GET['varname'] == "bind_to" && !empty($_GET['varvalue'])) - $pconfig[$_GET['varname']] = $_GET['varvalue']; + $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']); } -if ($_POST['Submit']) { +if ($_POST['save']) { /* Grab all the POST values and save in new temp array */ $engine = array(); @@ -182,14 +185,14 @@ if ($_POST['Submit']) { } /* Now write the new engine array to conf */ - write_config(); + write_config("Snort pkg: modified frag3 engine settings."); header("Location: /snort/snort_preprocessors.php?id={$id}#frag3_row"); exit; } } -$if_friendly = snort_get_friendly_interface($config['installedpackages']['snortglobal']['rule'][$id]['interface']); +$if_friendly = convert_friendly_interface_to_friendly_descr($config['installedpackages']['snortglobal']['rule'][$id]['interface']); $pgtitle = gettext("Snort: Interface {$if_friendly} Frag3 Preprocessor Engine"); include_once("head.inc"); @@ -324,7 +327,7 @@ if ($savemsg) <tr> <td width="22%" valign="bottom"> </td> <td width="78%" valign="bottom"> - <input name="Submit" id="submit" type="submit" class="formbtn" value=" Save " title="<?php echo + <input name="save" id="save" type="submit" class="formbtn" value=" Save " title="<?php echo gettext("Save Frag3 engine settings and return to Preprocessors tab"); ?>"> <input name="Cancel" id="cancel" type="submit" class="formbtn" value="Cancel" title="<?php echo |