diff options
Diffstat (limited to 'config/snort/snort_stream5_engine.php')
| -rw-r--r-- | config/snort/snort_stream5_engine.php | 24 |
1 files changed, 13 insertions, 11 deletions
diff --git a/config/snort/snort_stream5_engine.php b/config/snort/snort_stream5_engine.php index b3d81f37..89b0bc02 100644 --- a/config/snort/snort_stream5_engine.php +++ b/config/snort/snort_stream5_engine.php @@ -1,7 +1,7 @@ <?php /* * snort_stream5_engine.php - * Copyright (C) 2013 Bill Meeks + * Copyright (C) 2013, 2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -36,14 +36,16 @@ $snortdir = SNORTDIR; /* Retrieve required array index values from QUERY string if available. */ /* 'id' is the [rule] array index, and 'eng_id' is the index for the */ /* stream5_tcp_engine's [item] array. */ -$id = $_GET['id']; -$eng_id = $_GET['eng_id']; - /* See if values are in our form's POST content */ -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; -if (isset($_POST['eng_id'])) +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + +if (isset($_POST['eng_id']) && isset($_POST['eng_id'])) $eng_id = $_POST['eng_id']; +elseif (isset($_GET['eng_id']) && is_numericint($_GET['eng_id'])) + $eng_id = htmlspecialchars($_GET['eng_id']); /* If we don't have a [rule] index specified, exit */ if (is_null($id)) { @@ -131,7 +133,7 @@ if ($_GET['act'] == "import") { session_start(); if (($_GET['varname'] == "bind_to" || $_GET['varname'] == "ports_client" || $_GET['varname'] == "ports_both" || $_GET['varname'] == "ports_server") && !empty($_GET['varvalue'])) { - $pconfig[$_GET['varname']] = $_GET['varvalue']; + $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']); if(!isset($_SESSION['stream5_client_import'])) $_SESSION['stream5_client_import'] = array(); @@ -165,7 +167,7 @@ if ($_GET['act'] == "import") { } } -if ($_POST['Submit']) { +if ($_POST['save']) { // Clear and close out any session variable we created session_start(); unset($_SESSION['org_referer']); @@ -326,14 +328,14 @@ if ($_POST['Submit']) { } /* Now write the new engine array to conf */ - write_config(); + write_config("Snort pkg: save modified stream5 engine."); header("Location: /snort/snort_preprocessors.php?id={$id}#stream5_row"); exit; } } -$if_friendly = snort_get_friendly_interface($config['installedpackages']['snortglobal']['rule'][$id]['interface']); +$if_friendly = convert_friendly_interface_to_friendly_descr($config['installedpackages']['snortglobal']['rule'][$id]['interface']); $pgtitle = gettext("Snort: Interface {$if_friendly} - Stream5 Preprocessor TCP Engine"); include_once("head.inc"); @@ -586,7 +588,7 @@ if ($savemsg) <tr> <td width="22%" valign="bottom"> </td> <td width="78%" valign="bottom"> - <input name="Submit" id="submit" type="submit" class="formbtn" value=" Save " title="<?php echo + <input name="save" id="save" type="submit" class="formbtn" value=" Save " title="<?php echo gettext("Save Stream5 engine settings and return to Preprocessors tab"); ?>"> <input name="Cancel" id="cancel" type="submit" class="formbtn" value="Cancel" title="<?php echo |