aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort/snort_stream5_engine.php
diff options
context:
space:
mode:
Diffstat (limited to 'config/snort/snort_stream5_engine.php')
-rw-r--r--config/snort/snort_stream5_engine.php22
1 files changed, 12 insertions, 10 deletions
diff --git a/config/snort/snort_stream5_engine.php b/config/snort/snort_stream5_engine.php
index b3d81f37..9a91e0d6 100644
--- a/config/snort/snort_stream5_engine.php
+++ b/config/snort/snort_stream5_engine.php
@@ -1,7 +1,7 @@
<?php
/*
* snort_stream5_engine.php
- * Copyright (C) 2013 Bill Meeks
+ * Copyright (C) 2013, 2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -36,14 +36,16 @@ $snortdir = SNORTDIR;
/* Retrieve required array index values from QUERY string if available. */
/* 'id' is the [rule] array index, and 'eng_id' is the index for the */
/* stream5_tcp_engine's [item] array. */
-$id = $_GET['id'];
-$eng_id = $_GET['eng_id'];
-
/* See if values are in our form's POST content */
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
-if (isset($_POST['eng_id']))
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
+if (isset($_POST['eng_id']) && isset($_POST['eng_id']))
$eng_id = $_POST['eng_id'];
+elseif (isset($_GET['eng_id']) && is_numericint($_GET['eng_id']))
+ $eng_id = htmlspecialchars($_GET['eng_id']);
/* If we don't have a [rule] index specified, exit */
if (is_null($id)) {
@@ -131,7 +133,7 @@ if ($_GET['act'] == "import") {
session_start();
if (($_GET['varname'] == "bind_to" || $_GET['varname'] == "ports_client" || $_GET['varname'] == "ports_both" || $_GET['varname'] == "ports_server")
&& !empty($_GET['varvalue'])) {
- $pconfig[$_GET['varname']] = $_GET['varvalue'];
+ $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']);
if(!isset($_SESSION['stream5_client_import']))
$_SESSION['stream5_client_import'] = array();
@@ -165,7 +167,7 @@ if ($_GET['act'] == "import") {
}
}
-if ($_POST['Submit']) {
+if ($_POST['save']) {
// Clear and close out any session variable we created
session_start();
unset($_SESSION['org_referer']);
@@ -333,7 +335,7 @@ if ($_POST['Submit']) {
}
}
-$if_friendly = snort_get_friendly_interface($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
+$if_friendly = convert_friendly_interface_to_friendly_descr($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} - Stream5 Preprocessor TCP Engine");
include_once("head.inc");
@@ -586,7 +588,7 @@ if ($savemsg)
<tr>
<td width="22%" valign="bottom">&nbsp;</td>
<td width="78%" valign="bottom">
- <input name="Submit" id="submit" type="submit" class="formbtn" value=" Save " title="<?php echo
+ <input name="save" id="save" type="submit" class="formbtn" value=" Save " title="<?php echo
gettext("Save Stream5 engine settings and return to Preprocessors tab"); ?>">
&nbsp;&nbsp;&nbsp;&nbsp;
<input name="Cancel" id="cancel" type="submit" class="formbtn" value="Cancel" title="<?php echo