aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
Diffstat (limited to 'config/snort')
-rwxr-xr-xconfig/snort/snort.inc2
-rwxr-xr-xconfig/snort/snort.xml4
-rw-r--r--config/snort/snort_import_aliases.php4
-rw-r--r--config/snort/snort_interfaces_suppress_edit.php7
-rw-r--r--config/snort/snort_migrate_config.php2
-rw-r--r--config/snort/snort_passlist_edit.php7
-rw-r--r--config/snort/snort_post_install.php2
-rw-r--r--config/snort/snort_rules_flowbits.php2
-rw-r--r--config/snort/snort_select_alias.php18
9 files changed, 30 insertions, 18 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index c0c5756c..47274e77 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -54,7 +54,7 @@ if (empty($snort_version))
$snort_version = "2.9.6.0";
/* Used to indicate latest version of this include file has been loaded */
-$pfSense_snort_version = "3.0.8";
+$pfSense_snort_version = "3.0.13";
/* get installed package version for display */
$snort_package_version = "Snort {$config['installedpackages']['package'][get_pkg_id("snort")]['version']}";
diff --git a/config/snort/snort.xml b/config/snort/snort.xml
index ca99accf..977db98a 100755
--- a/config/snort/snort.xml
+++ b/config/snort/snort.xml
@@ -47,7 +47,7 @@
<faq>Currently there are no FAQ items provided.</faq>
<name>Snort</name>
<version>2.9.6.0</version>
- <title>Services:2.9.6.0 pkg v3.0.8</title>
+ <title>Services:2.9.6.0 pkg v3.0.13</title>
<include_file>/usr/local/pkg/snort/snort.inc</include_file>
<menu>
<name>Snort</name>
@@ -269,7 +269,7 @@
</custom_add_php_command>
<custom_php_resync_config_command>
<![CDATA[
- if ($GLOBALS['pfSense_snort_version'] == "3.0.8")
+ if ($GLOBALS['pfSense_snort_version'] == "3.0.13")
sync_snort_package_config();
]]>
</custom_php_resync_config_command>
diff --git a/config/snort/snort_import_aliases.php b/config/snort/snort_import_aliases.php
index 80b3bb1d..ba71c9bf 100644
--- a/config/snort/snort_import_aliases.php
+++ b/config/snort/snort_import_aliases.php
@@ -32,13 +32,13 @@ require_once("functions.inc");
require_once("/usr/local/pkg/snort/snort.inc");
// Retrieve any passed QUERY STRING or POST variables
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
elseif (isset($_GET['id']) && is_numericint($_GET['id']))
$id = htmlspecialchars($_GET['id']);
if (isset($_POST['eng']))
- $eng = $_POST['eng'];
+ $eng = htmlspecialchars($_POST['eng']);
elseif (isset($_GET['eng']))
$eng = htmlspecialchars($_GET['eng']);
diff --git a/config/snort/snort_interfaces_suppress_edit.php b/config/snort/snort_interfaces_suppress_edit.php
index 986bfc38..ec4d9116 100644
--- a/config/snort/snort_interfaces_suppress_edit.php
+++ b/config/snort/snort_interfaces_suppress_edit.php
@@ -90,7 +90,12 @@ if ($_POST['save']) {
$reqdfields = explode(" ", "name");
$reqdfieldsn = array("Name");
- do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+
+ $pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+ if ($pf_version < 2.1)
+ $input_errors = eval('do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); return $input_errors;');
+ else
+ do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
if(strtolower($_POST['name']) == "defaultwhitelist")
$input_errors[] = "Whitelist file names may not be named defaultwhitelist.";
diff --git a/config/snort/snort_migrate_config.php b/config/snort/snort_migrate_config.php
index d483ba47..d524e9f3 100644
--- a/config/snort/snort_migrate_config.php
+++ b/config/snort/snort_migrate_config.php
@@ -365,7 +365,7 @@ unset($r);
// Write out the new configuration to disk if we changed anything
if ($updated_cfg) {
- $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.8";
+ $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.13";
log_error("[Snort] Saving configuration settings in new format...");
write_config("Snort pkg: migrate existing settings to new format as part of package upgrade.");
log_error("[Snort] Settings successfully migrated to new configuration format...");
diff --git a/config/snort/snort_passlist_edit.php b/config/snort/snort_passlist_edit.php
index 3be776f4..f501e0fc 100644
--- a/config/snort/snort_passlist_edit.php
+++ b/config/snort/snort_passlist_edit.php
@@ -112,7 +112,12 @@ if ($_POST['save']) {
/* input validation */
$reqdfields = explode(" ", "name");
$reqdfieldsn = explode(",", "Name");
- do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+
+ $pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+ if ($pf_version < 2.1)
+ $input_errors = eval('do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); return $input_errors;');
+ else
+ do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
if(strtolower($_POST['name']) == "defaultpasslist")
$input_errors[] = gettext("Pass List file names may not be named defaultpasslist.");
diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php
index 8d3c427d..6b645df5 100644
--- a/config/snort/snort_post_install.php
+++ b/config/snort/snort_post_install.php
@@ -1494,7 +1494,7 @@ if (stristr($config['widgets']['sequence'], "snort_alerts-container") === FALSE)
$config['widgets']['sequence'] .= ",{$snort_widget_container}";
/* Update Snort package version in configuration */
-$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.8";
+$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.13";
write_config("Snort pkg: post-install configuration saved.");
/* Done with post-install, so clear flag */
diff --git a/config/snort/snort_rules_flowbits.php b/config/snort/snort_rules_flowbits.php
index daf1c4ef..d7c18a9d 100644
--- a/config/snort/snort_rules_flowbits.php
+++ b/config/snort/snort_rules_flowbits.php
@@ -53,7 +53,7 @@ if (is_null($id)) {
// Set who called us so we can return to the correct page with
// the RETURN ('cancel') button.
-if ($_POST['referrer'])
+if (isset($_POST['referrer']) && strpos($_POST['referrer'], '://'.$_SERVER['SERVER_NAME'].'/') !== FALSE)
$referrer = $_POST['referrer'];
else
$referrer = $_SERVER['HTTP_REFERER'];
diff --git a/config/snort/snort_select_alias.php b/config/snort/snort_select_alias.php
index c632b388..de504b7f 100644
--- a/config/snort/snort_select_alias.php
+++ b/config/snort/snort_select_alias.php
@@ -47,29 +47,31 @@ else
// Retrieve any passed QUERY STRING or POST variables
if (isset($_POST['type']))
- $type = $_POST['type'];
+ $type = htmlspecialchars($_POST['type']);
elseif (isset($_GET['type']))
$type = htmlspecialchars($_GET['type']);
if (isset($_POST['varname']))
- $varname = $_POST['varname'];
+ $varname = htmlspecialchars($_POST['varname']);
elseif (isset($_GET['varname']))
$varname = htmlspecialchars($_GET['varname']);
if (isset($_POST['multi_ip']))
- $multi_ip = $_POST['multi_ip'];
+ $multi_ip = htmlspecialchars($_POST['multi_ip']);
elseif (isset($_GET['multi_ip']))
$multi_ip = htmlspecialchars($_GET['multi_ip']);
-if (isset($_POST['returl']))
+if (isset($_POST['returl']) && substr($_POST['returl'], 0, 1) == '/')
$referrer = urldecode($_POST['returl']);
-elseif (isset($_GET['returl']))
+elseif (isset($_GET['returl']) && substr($_GET['returl'], 0, 1) == '/')
$referrer = urldecode($_GET['returl']);
+else
+ $referrer = $_SERVER['HTTP_REFERER'];
// Make sure we have a valid VARIABLE name
// and ALIAS TYPE, or else bail out.
if (is_null($type) || is_null($varname)) {
- header("Location: http://{$referrer}?{$querystr}");
+ header("Location: {$referrer}?{$querystr}");
exit;
}
@@ -132,8 +134,8 @@ include("head.inc");
<input type="hidden" name="varname" value="<?=$varname;?>"/>
<input type="hidden" name="type" value="<?=$type;?>"/>
<input type="hidden" name="multi_ip" value="<?=$multi_ip;?>"/>
-<input type="hidden" name="returl" value="<?=$referrer;?>"/>
-<input type="hidden" name="org_querystr" value="<?=$querystr;?>"/>
+<input type="hidden" name="returl" value="<?=htmlspecialchars($referrer);?>"/>
+<input type="hidden" name="org_querystr" value="<?=htmlspecialchars($querystr);?>"/>
<?php if ($input_errors) print_input_errors($input_errors); ?>
<div id="boxarea">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-06 05:53:08 +0000