diff options
Diffstat (limited to 'config')
112 files changed, 498 insertions, 380 deletions
diff --git a/config/apache_mod_security-dev/apache.template b/config/apache_mod_security-dev/apache24.template index ab981a9e..4d3fd97a 100644 --- a/config/apache_mod_security-dev/apache.template +++ b/config/apache_mod_security-dev/apache24.template @@ -1,13 +1,14 @@ <?php // Mod_security enabled? if($settings['memcachesize'] != "0") { - if(file_exists( APACHEDIR ."/libexec/apache22/mod_memcache.so")) - $mod_mem_cache = "LoadModule memcache_module libexec/apache22/mod_memcache.so\n"; + if(file_exists( APACHEDIR ."/libexec/". APACHEVERSION ."/mod_cache_disk.so")) + $mod_mem_cache = "LoadModule cache_disk_module libexec/". APACHEVERSION ."/mod_cache_disk.so\n"; } if($mods_settings['enablemodsecurity']=="on") - $mod_security_module= "LoadModule security2_module libexec/apache22/mod_security2.so\n"; + $mod_security_module= "LoadModule security2_module libexec/". APACHEVERSION ."/mod_security2.so\n"; $apache_dir=APACHEDIR; +$apache_version=APACHEVERSION; $apache_config = <<<EOF ################################################################################## # NOTE: This file was generated by the pfSense package management system. # @@ -71,64 +72,95 @@ Listen {$global_listen} # # have to place corresponding `LoadModule' lines at this location so the # LoadModule foo_module modules/mod_foo.so -LoadModule authn_file_module libexec/apache22/mod_authn_file.so -LoadModule authn_dbm_module libexec/apache22/mod_authn_dbm.so -LoadModule authn_anon_module libexec/apache22/mod_authn_anon.so -LoadModule authn_default_module libexec/apache22/mod_authn_default.so -LoadModule authn_alias_module libexec/apache22/mod_authn_alias.so -LoadModule authz_host_module libexec/apache22/mod_authz_host.so -LoadModule authz_groupfile_module libexec/apache22/mod_authz_groupfile.so -LoadModule authz_user_module libexec/apache22/mod_authz_user.so -LoadModule authz_dbm_module libexec/apache22/mod_authz_dbm.so -LoadModule authz_owner_module libexec/apache22/mod_authz_owner.so -LoadModule authz_default_module libexec/apache22/mod_authz_default.so -LoadModule auth_basic_module libexec/apache22/mod_auth_basic.so -LoadModule auth_digest_module libexec/apache22/mod_auth_digest.so -LoadModule file_cache_module libexec/apache22/mod_file_cache.so -LoadModule cache_module libexec/apache22/mod_cache.so -LoadModule disk_cache_module libexec/apache22/mod_disk_cache.so -LoadModule dumpio_module libexec/apache22/mod_dumpio.so -LoadModule include_module libexec/apache22/mod_include.so -LoadModule filter_module libexec/apache22/mod_filter.so -LoadModule charset_lite_module libexec/apache22/mod_charset_lite.so -LoadModule deflate_module libexec/apache22/mod_deflate.so -LoadModule log_config_module libexec/apache22/mod_log_config.so -LoadModule logio_module libexec/apache22/mod_logio.so -LoadModule env_module libexec/apache22/mod_env.so -LoadModule mime_magic_module libexec/apache22/mod_mime_magic.so -LoadModule cern_meta_module libexec/apache22/mod_cern_meta.so -LoadModule expires_module libexec/apache22/mod_expires.so -LoadModule headers_module libexec/apache22/mod_headers.so -LoadModule usertrack_module libexec/apache22/mod_usertrack.so -LoadModule unique_id_module libexec/apache22/mod_unique_id.so -LoadModule setenvif_module libexec/apache22/mod_setenvif.so -LoadModule version_module libexec/apache22/mod_version.so -LoadModule proxy_module libexec/apache22/mod_proxy.so -LoadModule proxy_connect_module libexec/apache22/mod_proxy_connect.so -LoadModule proxy_ftp_module libexec/apache22/mod_proxy_ftp.so -LoadModule proxy_http_module libexec/apache22/mod_proxy_http.so -LoadModule proxy_ajp_module libexec/apache22/mod_proxy_ajp.so -LoadModule proxy_balancer_module libexec/apache22/mod_proxy_balancer.so -LoadModule ssl_module libexec/apache22/mod_ssl.so -LoadModule mime_module libexec/apache22/mod_mime.so -LoadModule status_module libexec/apache22/mod_status.so -LoadModule autoindex_module libexec/apache22/mod_autoindex.so -LoadModule asis_module libexec/apache22/mod_asis.so -LoadModule info_module libexec/apache22/mod_info.so -#LoadModule cgi_module libexec/apache22/mod_cgi.so -LoadModule vhost_alias_module libexec/apache22/mod_vhost_alias.so -LoadModule negotiation_module libexec/apache22/mod_negotiation.so -LoadModule dir_module libexec/apache22/mod_dir.so -LoadModule imagemap_module libexec/apache22/mod_imagemap.so -LoadModule actions_module libexec/apache22/mod_actions.so -LoadModule speling_module libexec/apache22/mod_speling.so -LoadModule userdir_module libexec/apache22/mod_userdir.so -LoadModule alias_module libexec/apache22/mod_alias.so -LoadModule rewrite_module libexec/apache22/mod_rewrite.so -LoadModule reqtimeout_module libexec/apache22/mod_reqtimeout.so +LoadModule authn_file_module libexec/{$apache_version}/mod_authn_file.so +LoadModule authn_dbm_module libexec/{$apache_version}/mod_authn_dbm.so +LoadModule authn_anon_module libexec/{$apache_version}/mod_authn_anon.so +LoadModule authn_dbd_module libexec/{$apache_version}/mod_authn_dbd.so +#LoadModule authn_socache_module libexec/{$apache_version}/mod_authn_socache.so +LoadModule authn_core_module libexec/{$apache_version}/mod_authn_core.so +LoadModule authz_host_module libexec/{$apache_version}/mod_authz_host.so +LoadModule authz_groupfile_module libexec/{$apache_version}/mod_authz_groupfile.so +LoadModule authz_user_module libexec/{$apache_version}/mod_authz_user.so +LoadModule authz_dbm_module libexec/{$apache_version}/mod_authz_dbm.so +LoadModule authz_owner_module libexec/{$apache_version}/mod_authz_owner.so +LoadModule authz_dbd_module libexec/{$apache_version}/mod_authz_dbd.so +LoadModule authz_core_module libexec/{$apache_version}/mod_authz_core.so +LoadModule access_compat_module libexec/{$apache_version}/mod_access_compat.so +LoadModule auth_basic_module libexec/{$apache_version}/mod_auth_basic.so +LoadModule auth_form_module libexec/{$apache_version}/mod_auth_form.so +LoadModule auth_digest_module libexec/{$apache_version}/mod_auth_digest.so +#LoadModule allowmethods_module libexec/{$apache_version}/mod_allowmethods.so +LoadModule file_cache_module libexec/{$apache_version}/mod_file_cache.so +LoadModule cache_module libexec/{$apache_version}/mod_cache.so +#LoadModule cache_socache_module libexec/{$apache_version}/mod_cache_socache.so +#LoadModule socache_shmcb_module libexec/{$apache_version}/mod_socache_shmcb.so +#LoadModule socache_dbm_module libexec/{$apache_version}/mod_socache_dbm.so +#LoadModule socache_memcache_module libexec/{$apache_version}/mod_socache_memcache.so +LoadModule slotmem_shm_module libexec/{$apache_version}/mod_slotmem_shm.so +#LoadModule macro_module libexec/{$apache_version}/mod_macro.so +#LoadModule dbd_module libexec/{$apache_version}/mod_dbd.so +LoadModule dumpio_module libexec/{$apache_version}/mod_dumpio.so +LoadModule buffer_module libexec/{$apache_version}/mod_buffer.so +LoadModule ratelimit_module libexec/{$apache_version}/mod_ratelimit.so +LoadModule reqtimeout_module libexec/{$apache_version}/mod_reqtimeout.so +LoadModule ext_filter_module libexec/{$apache_version}/mod_ext_filter.so +LoadModule request_module libexec/{$apache_version}/mod_request.so +LoadModule include_module libexec/{$apache_version}/mod_include.so +LoadModule filter_module libexec/{$apache_version}/mod_filter.so +#LoadModule substitute_module libexec/{$apache_version}/mod_substitute.so +#LoadModule sed_module libexec/{$apache_version}/mod_sed.so +LoadModule deflate_module libexec/{$apache_version}/mod_deflate.so +LoadModule mime_module libexec/{$apache_version}/mod_mime.so +LoadModule log_config_module libexec/{$apache_version}/mod_log_config.so +LoadModule log_debug_module libexec/{$apache_version}/mod_log_debug.so +LoadModule logio_module libexec/{$apache_version}/mod_logio.so +LoadModule env_module libexec/{$apache_version}/mod_env.so +LoadModule mime_magic_module libexec/{$apache_version}/mod_mime_magic.so +LoadModule cern_meta_module libexec/{$apache_version}/mod_cern_meta.so +LoadModule expires_module libexec/{$apache_version}/mod_expires.so +LoadModule headers_module libexec/{$apache_version}/mod_headers.so +LoadModule unique_id_module libexec/{$apache_version}/mod_unique_id.so +LoadModule setenvif_module libexec/{$apache_version}/mod_setenvif.so +LoadModule version_module libexec/{$apache_version}/mod_version.so +LoadModule remoteip_module libexec/{$apache_version}/mod_remoteip.so +LoadModule proxy_module libexec/{$apache_version}/mod_proxy.so +LoadModule proxy_connect_module libexec/{$apache_version}/mod_proxy_connect.so +LoadModule proxy_ftp_module libexec/{$apache_version}/mod_proxy_ftp.so +LoadModule proxy_http_module libexec/{$apache_version}/mod_proxy_http.so +#LoadModule proxy_fcgi_module libexec/{$apache_version}/mod_proxy_fcgi.so +#LoadModule proxy_scgi_module libexec/{$apache_version}/mod_proxy_scgi.so +#LoadModule proxy_wstunnel_module libexec/{$apache_version}/mod_proxy_wstunnel.so +LoadModule proxy_ajp_module libexec/{$apache_version}/mod_proxy_ajp.so +LoadModule proxy_balancer_module libexec/{$apache_version}/mod_proxy_balancer.so +#LoadModule proxy_express_module libexec/{$apache_version}/mod_proxy_express.so +LoadModule session_module libexec/{$apache_version}/mod_session.so +LoadModule session_cookie_module libexec/{$apache_version}/mod_session_cookie.so +LoadModule session_crypto_module libexec/{$apache_version}/mod_session_crypto.so +LoadModule ssl_module libexec/{$apache_version}/mod_ssl.so +LoadModule lbmethod_byrequests_module libexec/{$apache_version}/mod_lbmethod_byrequests.so +LoadModule lbmethod_bytraffic_module libexec/{$apache_version}/mod_lbmethod_bytraffic.so +LoadModule lbmethod_bybusyness_module libexec/{$apache_version}/mod_lbmethod_bybusyness.so +LoadModule unixd_module libexec/{$apache_version}/mod_unixd.so +LoadModule status_module libexec/{$apache_version}/mod_status.so +LoadModule autoindex_module libexec/{$apache_version}/mod_autoindex.so +LoadModule asis_module libexec/{$apache_version}/mod_asis.so +#LoadModule cgi_module libexec/{$apache_version}/mod_cgi.so +#LoadModule cgid_module libexec/{$apache_version}/mod_cgid.so +#LoadModule dav_fs_module libexec/{$apache_version}/mod_dav_fs.so +LoadModule vhost_alias_module libexec/{$apache_version}/mod_vhost_alias.so +LoadModule negotiation_module libexec/{$apache_version}/mod_negotiation.so +LoadModule dir_module libexec/{$apache_version}/mod_dir.so +LoadModule imagemap_module libexec/{$apache_version}/mod_imagemap.so +LoadModule actions_module libexec/{$apache_version}/mod_actions.so +LoadModule speling_module libexec/{$apache_version}/mod_speling.so +LoadModule userdir_module libexec/{$apache_version}/mod_userdir.so +LoadModule alias_module libexec/{$apache_version}/mod_alias.so +LoadModule rewrite_module libexec/{$apache_version}/mod_rewrite.so {$mod_mem_cache} {$mod_security_module} +LoadModule mpm_worker_module libexec/{$apache_version}/mod_mpm_worker.so + <IfModule !mpm_netware_module> <IfModule !mpm_winnt_module> # @@ -181,7 +213,7 @@ ServerName {$servername} # documents. By default, all requests are taken from this directory, but # symbolic links and aliases may be used to point to other locations. # -DocumentRoot "{$apache_dir}/www/apache22" +DocumentRoot "{$apache_dir}/www/{$apache_version}" # # Each directory to which Apache has access can be configured with respect @@ -327,7 +359,7 @@ LogLevel warn # # client. The same rules about trailing "/" apply to ScriptAlias # # directives as to Alias. # # -# ScriptAlias /cgi-bin/ "/usr/local/www/apache22/cgi-bin/" +# ScriptAlias /cgi-bin/ "/usr/local/www/{$apache_version}/cgi-bin/" # #</IfModule> @@ -340,33 +372,22 @@ LogLevel warn #</IfModule> # -# "/usr/local/www/apache22/cgi-bin" should be changed to whatever your ScriptAliased +# "/usr/local/www/{$apache_version}/cgi-bin" should be changed to whatever your ScriptAliased # CGI directory exists, if you have that configured. # -#<Directory "{$apache_dir}/www/apache22/cgi-bin"> +#<Directory "{$apache_dir}/www/{$apache_version}/cgi-bin"> # AllowOverride None # Options None # Order allow,deny # Allow from all #</Directory> -# -# DefaultType: the default MIME type the server will use for a document -# if it cannot otherwise determine one, such as from filename extensions. -# If your server contains mostly text or HTML documents, "text/plain" is -# a good value. If most of your content is binary, such as applications -# or images, you may want to use "application/octet-stream" instead to -# keep browsers from trying to display binary files as though they are -# text. -# -DefaultType text/plainm - <IfModule mime_module> # # TypesConfig points to the file containing the list of mappings from # filename extension to MIME-type. # - TypesConfig etc/apache22/mime.types + TypesConfig etc/{$apache_version}/mime.types # # AddType allows you to add to or override the MIME configuration @@ -414,7 +435,7 @@ DefaultType text/plainm # contents of the file itself to determine its type. The MIMEMagicFile # directive tells the module where the hint definitions are located. # -#MIMEMagicFile etc/apache22/magic +#MIMEMagicFile etc/{$apache_version}/magic # # Customizable error responses come in three flavors: @@ -443,43 +464,43 @@ DefaultType text/plainm # Supplemental configuration # -# The configuration files in the etc/apache22/extra/ directory can be +# The configuration files in the etc/{$apache_version}/extra/ directory can be # included to add extra features or to modify the default configuration of # the server, or you may simply copy their contents here and change as # necessary. # Server-pool management (MPM specific) -#Include etc/apache22/extra/httpd-mpm.conf +Include etc/{$apache_version}/extra/httpd-mpm.conf # Multi-language error messages -#Include etc/apache22/extra/httpd-multilang-errordoc.conf +#Include etc/{$apache_version}/extra/httpd-multilang-errordoc.conf # Fancy directory listings -#Include etc/apache22/extra/httpd-autoindex.conf +#Include etc/{$apache_version}/extra/httpd-autoindex.conf # Language settings -#Include etc/apache22/extra/httpd-languages.conf +#Include etc/{$apache_version}/extra/httpd-languages.conf # User home directories -#Include etc/apache22/extra/httpd-userdir.conf +#Include etc/{$apache_version}/extra/httpd-userdir.conf # Real-time info on requests and configuration -#Include etc/apache22/extra/httpd-info.conf +#Include etc/{$apache_version}/extra/httpd-info.conf # Virtual hosts -#Include etc/apache22/extra/httpd-vhosts.conf +#Include etc/{$apache_version}/extra/httpd-vhosts.conf # Local access to the Apache HTTP Server Manual -#Include etc/apache22/extra/httpd-manual.conf +#Include etc/{$apache_version}/extra/httpd-manual.conf # Distributed authoring and versioning (WebDAV) -#Include etc/apache22/extra/httpd-dav.conf +#Include etc/{$apache_version}/extra/httpd-dav.conf # Various default settings -#Include etc/apache22/extra/httpd-default.conf +#Include etc/{$apache_version}/extra/httpd-default.conf # Secure (SSL/TLS) connections -#Include etc/apache22/extra/httpd-ssl.conf +#Include etc/{$apache_version}/extra/httpd-ssl.conf # # Note: The following must must be present to support # starting without SSL on platforms with no /dev/random equivalent @@ -509,7 +530,7 @@ AcceptFilter https none # Include anything else -Include etc/apache22/Includes/*.conf +Include etc/{$apache_version}/Includes/*.conf EOF; diff --git a/config/apache_mod_security-dev/apache_mod_security.inc b/config/apache_mod_security-dev/apache_mod_security.inc index 2728e2e9..5d1e51bb 100644 --- a/config/apache_mod_security-dev/apache_mod_security.inc +++ b/config/apache_mod_security-dev/apache_mod_security.inc @@ -29,13 +29,18 @@ POSSIBILITY OF SUCH DAMAGE. */ +require_once("service-utils.inc"); + $shortcut_section = "apache"; // Check to find out on which system the package is running $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); if ($pf_version > 2.0) define('APACHEDIR', '/usr/pbi/proxy_mod_security-' . php_uname("m")); else - define('APACHEDIR', '/usr/local'); + define('APACHEDIR', '/usr/local'); + +define('APACHEVERSION', 'apache24'); + // End of system check define ('MODSECURITY_DIR','crs'); // Rules directory location @@ -158,7 +163,7 @@ function apache_mod_security_resync() { if (is_array($apache_sync[row])){ $rs = $apache_sync[row]; } else { - log_error("apache_mod_security_package: xmlrpc sync is enabled but there is no hosts to push on apache config."); + log_error("apache_mod_security_package: XMLRPC sync is enabled, but there is no local host to push on apache config."); return; } break; @@ -174,7 +179,7 @@ function apache_mod_security_resync() { $rs[0]['username'] = $system_carp['username']; $rs[0]['password'] = $system_carp['password']; } else { - log_error("apache_mod_security_package: xmlrpc sync is enabled but there is no system backup hosts to push apache config."); + log_error("apache_mod_security_package: XMLRPC sync is enabled, but there is no global backup host to push apache config."); return; } break; @@ -234,6 +239,7 @@ function apache_mod_security_do_xmlrpc_sync($sync_to_ip, $username, $password, $ $xml['apachemodsecurity'] = $config['installedpackages']['apachemodsecurity']; $xml['apachemodsecuritysettings'] = $config['installedpackages']['apachemodsecuritysettings']; $xml['apachebalancer'] = $config['installedpackages']['apachebalancer']; + $xml['apachelocation'] = $config['installedpackages']['apachelocation']; $xml['apachevirtualhost'] = $config['installedpackages']['apachevirtualhost']; $xml['apachelisten'] = $config['installedpackages']['apachelisten']; @@ -320,6 +326,8 @@ function generate_apache_configuration() { else $settings=array(); + log_error("apache_mod_security_package: Re-generating Apache configuration start."); + // Set global site e-mail if ($settings['globalsiteadminemail']){ $global_site_email = $settings['globalsiteadminemail']; @@ -411,7 +419,7 @@ function generate_apache_configuration() { $performance_settings .= "MaxRequestsPerChild {$settings['maxrequestsperchild']}\n"; // Setup mem_cache - if(file_exists(APACHEDIR ."/libexec/apache22/mod_memcache.so") && $settings['memcachesize'] != "0") { + if(file_exists(APACHEDIR ."/libexec/" . APACHEVERSION . "/mod_memcache.so") && $settings['memcachesize'] != "0") { //$mem_cache = "MCacheSize ".( $settings['memcachesize'] ? $settings['memcachesize'] : "100")."\n"; } @@ -442,52 +450,54 @@ function generate_apache_configuration() { #load conf template include("/usr/local/pkg/apache_balancer.template"); - #check balancer members - foreach ($config['installedpackages']['apachebalancer']['config'] as $balancer){ - if (is_array($balancer['row']) && $balancer['enable'] == 'on'){ - $balancer_config.="# {$balancer['description']}\n"; - $balancer_config.="<Proxy balancer://{$balancer['name']}>\n"; - foreach($balancer['row'] as $server){ - $options =($server['port'] ? ":{$server['port']}" : ""); - - $options.=($server['routeid'] ? " route={$server['routeid']}" : ""); - $options.=($server['loadfactor'] ? " loadfactor={$server['loadfactor']}" : ""); - if (isset($server['ping']) && $server['ping']!=""){ - $options.= " ping={$server['ping']}"; - $options.=($server['ttl'] ? " ttl={$server['ttl']}" : ""); + if (APACHEVERSION == 'apache22') { # Only define this here for apache22 + #check balancer members + foreach ($config['installedpackages']['apachebalancer']['config'] as $balancer){ + if (is_array($balancer['row']) && $balancer['enable'] == 'on'){ + $balancer_config.="# {$balancer['description']}\n"; + $balancer_config.="<Proxy balancer://{$balancer['name']}>\n"; + foreach($balancer['row'] as $server){ + $options =($server['port'] ? ":{$server['port']}" : ""); + $options.=($server['routeid'] ? " route={$server['routeid']}" : ""); + $options.=($server['loadfactor'] ? " loadfactor={$server['loadfactor']}" : ""); + if (isset($server['ping']) && $server['ping']!=""){ + $options.= " ping={$server['ping']}"; + $options.=($server['ttl'] ? " ttl={$server['ttl']}" : ""); } $balancer_config.=" BalancerMember {$balancer['proto']}://{$server['host']}{$options}\n"; } - #check if stick connections are set - if ($balancer['row'][0]['routeid'] !="") - $balancer_config.=" ProxySet stickysession=ROUTEID\n"; - $balancer_config.="</Proxy>\n\n"; + #check if stick connections are set + if ($balancer['row'][0]['routeid'] !="") + $balancer_config.=" ProxySet stickysession=ROUTEID\n"; + $balancer_config.="</Proxy>\n\n"; } } - //write balancer conf - file_put_contents(APACHEDIR."/etc/apache22/Includes/balancers.conf",$balancer_config,LOCK_EX); } + //write balancer conf + file_put_contents(APACHEDIR."/etc/" . APACHEVERSION . "/Includes/balancers.conf",$balancer_config,LOCK_EX); + } + // configure modsecurity group options //chroot apache http://forums.freebsd.org/showthread.php?t=6858 - if (is_array($config['installedpackages']['apachemodsecuritygroups'])){ - unset($mods_group); - foreach ($config['installedpackages']['apachemodsecuritygroups']['config'] as $mods_groups){ - //RULES_DIRECTORY - foreach (split(",",$mods_groups['baserules']) as $baserule){ - $mods_group[$mods_groups['name']].=" Include ".RULES_DIRECTORY ."/base_rules/{$baserule}.conf\n"; - } - foreach (split(",",$mods_groups['optionalrules']) as $baserule){ - $mods_group[$mods_groups['name']].=" Include ".RULES_DIRECTORY ."/optional_rules/{$baserule}.conf\n"; - } - foreach (split(",",$mods_groups['slrrules']) as $baserule){ - $mods_group[$mods_groups['name']].=" Include ".RULES_DIRECTORY ."/slr_rules/{$baserule}.conf\n"; - } - foreach (split(",",$mods_groups['experimentalrules']) as $baserule){ - $mods_group[$mods_groups['name']].=" Include ".RULES_DIRECTORY ."/experimental_rules/{$baserule}.conf\n"; - } + if (is_array($config['installedpackages']['apachemodsecuritygroups'])){ + unset($mods_group); + foreach ($config['installedpackages']['apachemodsecuritygroups']['config'] as $mods_groups){ + //RULES_DIRECTORY + foreach (split(",",$mods_groups['baserules']) as $baserule){ + $mods_group[$mods_groups['name']].=" Include ".RULES_DIRECTORY ."/base_rules/{$baserule}.conf\n"; + } + foreach (split(",",$mods_groups['optionalrules']) as $baserule){ + $mods_group[$mods_groups['name']].=" Include ".RULES_DIRECTORY ."/optional_rules/{$baserule}.conf\n"; + } + foreach (split(",",$mods_groups['slrrules']) as $baserule){ + $mods_group[$mods_groups['name']].=" Include ".RULES_DIRECTORY ."/slr_rules/{$baserule}.conf\n"; + } + foreach (split(",",$mods_groups['experimentalrules']) as $baserule){ + $mods_group[$mods_groups['name']].=" Include ".RULES_DIRECTORY ."/experimental_rules/{$baserule}.conf\n"; } } + } //print "<PRE>"; //var_dump($mods_group); @@ -561,23 +571,23 @@ EOF; $svr_cert = lookup_cert($virtualhost["ssl_cert"]); if ($svr_cert != false) { if(base64_decode($svr_cert['crt'])) { - file_put_contents(APACHEDIR . "/etc/apache22/{$virtualhost["ssl_cert"]}.crt",apache_textarea_decode($svr_cert['crt']),LOCK_EX); - $vh_config.= " SSLCertificateFile ". APACHEDIR . "/etc/apache22/{$virtualhost["ssl_cert"]}.crt\n"; + file_put_contents(APACHEDIR . "/etc/" . APACHEVERSION . "/{$virtualhost["ssl_cert"]}.crt",apache_textarea_decode($svr_cert['crt']),LOCK_EX); + $vh_config.= " SSLCertificateFile ". APACHEDIR . "/etc/" . APACHEVERSION . "/{$virtualhost["ssl_cert"]}.crt\n"; } if(base64_decode($svr_cert['prv'])) { - file_put_contents(APACHEDIR . "/etc/apache22/{$virtualhost["ssl_cert"]}.key",apache_textarea_decode($svr_cert['prv']),LOCK_EX); - $vh_config.= " SSLCertificateKeyFile ". APACHEDIR . "/etc/apache22/{$virtualhost["ssl_cert"]}.key\n"; + file_put_contents(APACHEDIR . "/etc/" . APACHEVERSION . "/{$virtualhost["ssl_cert"]}.key",apache_textarea_decode($svr_cert['prv']),LOCK_EX); + $vh_config.= " SSLCertificateKeyFile ". APACHEDIR . "/etc/" . APACHEVERSION . "/{$virtualhost["ssl_cert"]}.key\n"; } } $svr_ca =lookup_ca($virtualhost["ssl_cert_chain"]); if ($svr_ca != false) { - file_put_contents(APACHEDIR . "/etc/apache22/{$virtualhost["ssl_cert_chain"]}.crt",apache_textarea_decode($svr_ca['crt']),LOCK_EX); - $vh_config.= " SSLCertificateChainFile ". APACHEDIR . "/etc/apache22/{$virtualhost["ssl_cert_chain"]}.crt\n"; + file_put_contents(APACHEDIR . "/etc/" . APACHEVERSION . "/{$virtualhost["ssl_cert_chain"]}.crt",apache_textarea_decode($svr_ca['crt']),LOCK_EX); + $vh_config.= " SSLCertificateChainFile ". APACHEDIR . "/etc/" . APACHEVERSION . "/{$virtualhost["ssl_cert_chain"]}.crt\n"; } $cli_ca =lookup_ca($virtualhost["reverse_int_ca"]); if ($cli_ca != false) { - file_put_contents(APACHEDIR . "/etc/apache22/{$virtualhost["reverse_int_ca"]}.crt",apache_textarea_decode($cli_ca['crt']),LOCK_EX); - $vh_config.= " SSLCACertificateFile ". APACHEDIR . "/etc/apache22/{$virtualhost["reverse_int_ca"]}.crt\n"; + file_put_contents(APACHEDIR . "/etc/" . APACHEVERSION . "/{$virtualhost["reverse_int_ca"]}.crt",apache_textarea_decode($cli_ca['crt']),LOCK_EX); + $vh_config.= " SSLCACertificateFile ". APACHEDIR . "/etc/" . APACHEVERSION . "/{$virtualhost["reverse_int_ca"]}.crt\n"; } } #Custom Options @@ -587,7 +597,33 @@ EOF; foreach ($virtualhost['row'] as $be){ if ($be['location'] != "none"){ $backend=$apache_location[$be['location']]; + $vh_config.="# {$backend['name']}\n"; + if (APACHEVERSION == 'apache24') { # Only define this here for apache24 + foreach ($config['installedpackages']['apachebalancer']['config'] as $balancer){ + if (is_array($balancer['row']) && $balancer['enable'] == 'on' && $balancer['name'] == $backend['balancer']){ + $vh_config.="# {$balancer['description']}\n"; + $vh_config.=" <Proxy balancer://{$balancer['name']}>\n"; + foreach($balancer['row'] as $balancer_server){ + $balancer_options =($balancer_server['port'] ? ":{$balancer_server['port']}" : ""); + + $balancer_options.=($balancer_server['routeid'] ? " route={$balancer_server['routeid']}" : ""); + $balancer_options.=($balancer_server['loadfactor'] ? " loadfactor={$balancer_server['loadfactor']}" : ""); + if (isset($balancer_server['ping']) && $balancer_server['ping']!=""){ + $balancer_options.= " ping={$balancer_server['ping']}"; + $balancer_options.=($server['ttl'] ? " ttl={$balancer_server['ttl']}" : ""); + } + $vh_config.=" BalancerMember {$balancer['proto']}://{$balancer_server['host']}{$balancer_options}\n"; + } + #check if stick connections are set + if ($balancer['row'][0]['routeid'] !="") + $vh_config.=" ProxySet stickysession=ROUTEID\n"; + $vh_config.=" </Proxy>\n\n"; + break; + } + } + } + $vh_config.=" <Location ".($backend['sitepath'] ? $backend['sitepath'] : "/").">\n"; $vh_config.=" ProxyPass balancer://{$backend['balancer']}{$backend['backendpath']}\n"; $vh_config.=" ProxyPassReverse balancer://{$backend['balancer']}{$backend['backendpath']}\n"; @@ -613,7 +649,7 @@ EOF; } } //write balancer conf - file_put_contents(APACHEDIR."/etc/apache22/Includes/virtualhosts.conf",$vh_config,LOCK_EX); + file_put_contents(APACHEDIR."/etc/" . APACHEVERSION . "/Includes/virtualhosts.conf",$vh_config,LOCK_EX); } // check/fix perl version on mod_security util files $perl_files= array("httpd-guardian.pl","rules-updater.pl","runav.pl","arachni2modsec.pl","zap2modsec.pl","regression_tests/rulestest.pl"); @@ -704,7 +740,6 @@ EOF; foreach ($namevirtualhosts as $namevirtualhost){ // explicit bind if not global ip:port if ($namevirtualhost != $global_listen) { - $mod_proxy .= "NameVirtualHost {$namevirtualhost}\n"; $aliases .= "Listen $namevirtualhost\n"; // Automatically add this to configuration $aplisten=split(":",$namevirtualhost); @@ -806,11 +841,11 @@ EOF; if($siteurl == "HTTPS" && $certificatefile && $certificatekeyfile) { $mod_proxy .= " SSLEngine on\n"; if ($certificatefile) - $mod_proxy .= " SSLCertificateFile /usr/local/etc/apache22/$certificatefile\n"; + $mod_proxy .= " SSLCertificateFile /usr/local/etc/" . APACHEVERSION . "/$certificatefile\n"; if ($certificatekeyfile) - $mod_proxy .= " SSLCertificateKeyFile /usr/local/etc/apache22/$certificatekeyfile\n"; + $mod_proxy .= " SSLCertificateKeyFile /usr/local/etc/" . APACHEVERSION . "/$certificatekeyfile\n"; if ($certificatechainfile) - $mod_proxy .= " SSLCertificateChainFile /usr/local/etc/apache22/$certificatechainfile\n"; + $mod_proxy .= " SSLCertificateChainFile /usr/local/etc/" . APACHEVERSION . "/$certificatechainfile\n"; } if($sslproxyengine) $mod_proxy .= " {$sslproxyengine}\n"; @@ -849,9 +884,11 @@ EOF; #include file templates include ("/usr/local/pkg/apache_mod_security.template"); - include ("/usr/local/pkg/apache.template"); + include ("/usr/local/pkg/". APACHEVERSION .".template"); + + file_put_contents(APACHEDIR . "/etc/" . APACHEVERSION . "/httpd.conf",$apache_config,LOCK_EX); - file_put_contents(APACHEDIR . "/etc/apache22/httpd.conf",$apache_config,LOCK_EX); + log_error("apache_mod_security_package: Re-generating Apache configuration ending."); } ?> diff --git a/config/apache_mod_security-dev/apache_virtualhost.xml b/config/apache_mod_security-dev/apache_virtualhost.xml index 488eb822..8558c490 100644 --- a/config/apache_mod_security-dev/apache_virtualhost.xml +++ b/config/apache_mod_security-dev/apache_virtualhost.xml @@ -77,7 +77,7 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>https://packages.pfsense.org/packages/config/apache_mod_security-dev/apache.template</item> + <item>https://packages.pfsense.org/packages/config/apache_mod_security-dev/apache24.template</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> diff --git a/config/autoconfigbackup/autoconfigbackup.inc b/config/autoconfigbackup/autoconfigbackup.inc index 0ca3ebe9..b49b81fd 100644 --- a/config/autoconfigbackup/autoconfigbackup.inc +++ b/config/autoconfigbackup/autoconfigbackup.inc @@ -43,8 +43,17 @@ if(file_exists("/usr/local/pkg/parse_config/parse_config_upload.php")) function custom_php_validation_command($post, &$input_errors) { global $_POST, $savemsg, $config; + if(!$post['username']) + $input_errors[] = "Username is required."; + + if(!$post['password'] or !$post['passwordagain']) + $input_errors[] = "The subscription password is required."; + + if(!$post['crypto_password'] or !$post['crypto_password2']) + $input_errors[] = "The encryption password is required."; + if($post['password'] <> $post['passwordagain']) - $input_errors[] = "Sorry, the entered passwords do not match."; + $input_errors[] = "Sorry, the entered portal.pfsense.org passwords do not match."; if($post['crypto_password'] <> $post['crypto_password2']) $input_errors[] = "Sorry, the entered encryption passwords do not match."; diff --git a/config/autoconfigbackup/autoconfigbackup.xml b/config/autoconfigbackup/autoconfigbackup.xml index b0514e6a..ee125efc 100644 --- a/config/autoconfigbackup/autoconfigbackup.xml +++ b/config/autoconfigbackup/autoconfigbackup.xml @@ -34,7 +34,7 @@ */ ]]> </copyright> - <description>Automatically backs up your pfSense configuration. All contents are encrypted on the server. Requires Gold or Support Subscription from https://portal.pfsense.org</description> + <description>Automatically backs up your pfSense configuration. All contents are encrypted before being sent to the server. Requires Gold Subscription from https://portal.pfsense.org</description> <requirements>pfSense Portal subscription</requirements> <name>AutoConfigBackup</name> <version>1.25</version> diff --git a/config/bandwidthd/bandwidthd.inc b/config/bandwidthd/bandwidthd.inc index 16ce4ab1..b7ef3bbd 100644 --- a/config/bandwidthd/bandwidthd.inc +++ b/config/bandwidthd/bandwidthd.inc @@ -348,7 +348,9 @@ cd - EOD; } else { $rc['start'] = <<<EOD -/usr/local/bandwidthd/bandwidthd +cd {$bandwidthd_base_dir} +{$bandwidthd_runtime_library_env} {$bandwidthd_base_dir}/bandwidthd +cd - EOD; } } else { diff --git a/config/blinkled/blinkled.inc b/config/blinkled/blinkled.inc index 25403232..ffbc79b2 100644 --- a/config/blinkled/blinkled.inc +++ b/config/blinkled/blinkled.inc @@ -39,7 +39,7 @@ function blinkled_stop() { mwexec("/usr/bin/killall -9 blinkled"); } -function validate_form_blinkled($post, $input_errors) { +function validate_form_blinkled($post, &$input_errors) { /* Make sure both aren't using the same interface */ if (($post['iface_led2']) && ($post['iface_led3']) && (($post['enable_led2']) && ($post['enable_led3'])) && diff --git a/config/blinkled/blinkled.xml b/config/blinkled/blinkled.xml index fb0965c9..aa0c53e8 100644 --- a/config/blinkled/blinkled.xml +++ b/config/blinkled/blinkled.xml @@ -56,7 +56,7 @@ </field> </fields> <custom_php_validation_command> - validate_form_blinkled($_POST, &$input_errors); + validate_form_blinkled($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_blinkled(); diff --git a/config/dansguardian/dansguardian.xml b/config/dansguardian/dansguardian.xml index 55860775..2f87259b 100644 --- a/config/dansguardian/dansguardian.xml +++ b/config/dansguardian/dansguardian.xml @@ -377,7 +377,7 @@ dansguardian_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_dansguardian(); diff --git a/config/dansguardian/dansguardian_antivirus_acl.xml b/config/dansguardian/dansguardian_antivirus_acl.xml index 563d3f13..95876032 100755 --- a/config/dansguardian/dansguardian_antivirus_acl.xml +++ b/config/dansguardian/dansguardian_antivirus_acl.xml @@ -231,9 +231,9 @@ dansguardian_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_dansguardian(); </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/dansguardian/dansguardian_blacklist.xml b/config/dansguardian/dansguardian_blacklist.xml index e9cba862..c33b46f2 100644 --- a/config/dansguardian/dansguardian_blacklist.xml +++ b/config/dansguardian/dansguardian_blacklist.xml @@ -163,7 +163,7 @@ dansguardian_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_dansguardian(); diff --git a/config/dansguardian/dansguardian_config.xml b/config/dansguardian/dansguardian_config.xml index 342b52d7..399dec73 100644 --- a/config/dansguardian/dansguardian_config.xml +++ b/config/dansguardian/dansguardian_config.xml @@ -306,7 +306,7 @@ dansguardian_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_dansguardian(); diff --git a/config/dansguardian/dansguardian_content_acl.xml b/config/dansguardian/dansguardian_content_acl.xml index 8a1866af..cf5777e0 100755 --- a/config/dansguardian/dansguardian_content_acl.xml +++ b/config/dansguardian/dansguardian_content_acl.xml @@ -199,9 +199,9 @@ dansguardian_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_dansguardian(); </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/dansguardian/dansguardian_file_acl.xml b/config/dansguardian/dansguardian_file_acl.xml index ed4866c6..0aa01e0e 100755 --- a/config/dansguardian/dansguardian_file_acl.xml +++ b/config/dansguardian/dansguardian_file_acl.xml @@ -239,9 +239,9 @@ dansguardian_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_dansguardian(); </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/dansguardian/dansguardian_groups.xml b/config/dansguardian/dansguardian_groups.xml index aaa9bcd6..7d62d345 100755 --- a/config/dansguardian/dansguardian_groups.xml +++ b/config/dansguardian/dansguardian_groups.xml @@ -450,9 +450,9 @@ dansguardian_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_dansguardian(); </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/dansguardian/dansguardian_header_acl.xml b/config/dansguardian/dansguardian_header_acl.xml index 9ddb0c23..346ebf1a 100755 --- a/config/dansguardian/dansguardian_header_acl.xml +++ b/config/dansguardian/dansguardian_header_acl.xml @@ -219,9 +219,9 @@ dansguardian_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_dansguardian(); </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/dansguardian/dansguardian_ldap.xml b/config/dansguardian/dansguardian_ldap.xml index 4c2b60f7..5876bc65 100755 --- a/config/dansguardian/dansguardian_ldap.xml +++ b/config/dansguardian/dansguardian_ldap.xml @@ -164,9 +164,9 @@ dansguardian_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_dansguardian(); </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/dansguardian/dansguardian_limits.xml b/config/dansguardian/dansguardian_limits.xml index 2c147f1b..12bc98fa 100644 --- a/config/dansguardian/dansguardian_limits.xml +++ b/config/dansguardian/dansguardian_limits.xml @@ -173,7 +173,7 @@ dansguardian_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_dansguardian(); diff --git a/config/dansguardian/dansguardian_log.xml b/config/dansguardian/dansguardian_log.xml index 97cd5b0b..326abf85 100644 --- a/config/dansguardian/dansguardian_log.xml +++ b/config/dansguardian/dansguardian_log.xml @@ -246,7 +246,7 @@ dansguardian_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_dansguardian(); diff --git a/config/dansguardian/dansguardian_phrase_acl.xml b/config/dansguardian/dansguardian_phrase_acl.xml index c32f7720..c979022c 100755 --- a/config/dansguardian/dansguardian_phrase_acl.xml +++ b/config/dansguardian/dansguardian_phrase_acl.xml @@ -262,9 +262,9 @@ dansguardian_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_dansguardian(); </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/dansguardian/dansguardian_pics_acl.xml b/config/dansguardian/dansguardian_pics_acl.xml index c2f4b52c..7c192bc7 100644 --- a/config/dansguardian/dansguardian_pics_acl.xml +++ b/config/dansguardian/dansguardian_pics_acl.xml @@ -196,7 +196,7 @@ dansguardian_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_dansguardian(); diff --git a/config/dansguardian/dansguardian_search_acl.xml b/config/dansguardian/dansguardian_search_acl.xml index 9f9cfa49..71b0df7d 100755 --- a/config/dansguardian/dansguardian_search_acl.xml +++ b/config/dansguardian/dansguardian_search_acl.xml @@ -256,9 +256,9 @@ dansguardian_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_dansguardian(); </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/dansguardian/dansguardian_site_acl.xml b/config/dansguardian/dansguardian_site_acl.xml index 7804d9f6..bc386e7a 100755 --- a/config/dansguardian/dansguardian_site_acl.xml +++ b/config/dansguardian/dansguardian_site_acl.xml @@ -292,9 +292,9 @@ dansguardian_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_dansguardian(); </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/dansguardian/dansguardian_sync.xml b/config/dansguardian/dansguardian_sync.xml index 9401253c..11c13b87 100755 --- a/config/dansguardian/dansguardian_sync.xml +++ b/config/dansguardian/dansguardian_sync.xml @@ -158,7 +158,7 @@ dansguardian_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_dansguardian(); diff --git a/config/dansguardian/dansguardian_url_acl.xml b/config/dansguardian/dansguardian_url_acl.xml index 8adf46c0..8f266489 100755 --- a/config/dansguardian/dansguardian_url_acl.xml +++ b/config/dansguardian/dansguardian_url_acl.xml @@ -343,9 +343,9 @@ dansguardian_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_dansguardian(); </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/dansguardian/dansguardian_users_footer.template b/config/dansguardian/dansguardian_users_footer.template index 1288b919..1d1f054e 100644 --- a/config/dansguardian/dansguardian_users_footer.template +++ b/config/dansguardian/dansguardian_users_footer.template @@ -6,7 +6,7 @@ dansguardian_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_dansguardian(); diff --git a/config/haproxy-devel/haproxy_listeners_edit.php b/config/haproxy-devel/haproxy_listeners_edit.php index 6731731d..78423f6d 100644 --- a/config/haproxy-devel/haproxy_listeners_edit.php +++ b/config/haproxy-devel/haproxy_listeners_edit.php @@ -144,7 +144,11 @@ if ($_POST) { $reqdfieldsn = explode(",", "Name"); } - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); + if ($pf_version < 2.1) + $input_errors = eval('do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); return $input_errors;'); + else + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['name'])) $input_errors[] = "The field 'Name' contains invalid characters."; diff --git a/config/haproxy-devel/haproxy_pool_edit.php b/config/haproxy-devel/haproxy_pool_edit.php index 49eb4271..cabc6e52 100644 --- a/config/haproxy-devel/haproxy_pool_edit.php +++ b/config/haproxy-devel/haproxy_pool_edit.php @@ -128,16 +128,27 @@ if ($_POST) { $reqdfields = explode(" ", "name"); $reqdfieldsn = explode(",", "Name"); - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); + if ($pf_version < 2.1) + $input_errors = eval('do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); return $input_errors;'); + else + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if ($_POST['stats_enabled']) { $reqdfields = explode(" ", "name stats_uri"); $reqdfieldsn = explode(",", "Name,Stats Uri"); - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + if ($pf_version < 2.1) + $input_errors = eval('do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); return $input_errors;'); + else + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if ($_POST['stats_username']) { $reqdfields = explode(" ", "stats_password stats_realm"); $reqdfieldsn = explode(",", "Stats Password,Stats Realm"); - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + if ($pf_version < 2.1) + $input_errors = eval('do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); return $input_errors;'); + else + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); } } diff --git a/config/haproxy-stable/haproxy_global.php b/config/haproxy-stable/haproxy_global.php index c8b05d52..47c8d1ec 100755 --- a/config/haproxy-stable/haproxy_global.php +++ b/config/haproxy-stable/haproxy_global.php @@ -56,7 +56,11 @@ if ($_POST) { $reqdfieldsn = explode(",", "Maximum connections"); } - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); + if ($pf_version < 2.1) + $input_errors = eval('do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); return $input_errors;'); + else + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if ($_POST['maxconn'] && (!is_numeric($_POST['maxconn']))) $input_errors[] = "The maximum number of connections should be numeric."; diff --git a/config/haproxy-stable/haproxy_listeners_edit.php b/config/haproxy-stable/haproxy_listeners_edit.php index e9c6187c..3c698d4e 100755 --- a/config/haproxy-stable/haproxy_listeners_edit.php +++ b/config/haproxy-stable/haproxy_listeners_edit.php @@ -113,12 +113,20 @@ if ($_POST) { $reqdfieldsn = explode(",", "Name,Connection timeout,Server timeout"); } - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); + if ($pf_version < 2.1) + $input_errors = eval('do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); return $input_errors;'); + else + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); $reqdfields = explode(" ", "name type port max_connections client_timeout"); $reqdfieldsn = explode(",", "Name,Type,Port,Max connections,Client timeout"); - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); + if ($pf_version < 2.1) + $input_errors = eval('do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); return $input_errors;'); + else + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['name'])) $input_errors[] = "The field 'Name' contains invalid characters."; diff --git a/config/haproxy-stable/haproxy_pool_edit.php b/config/haproxy-stable/haproxy_pool_edit.php index 1e9958eb..51eb4e28 100755 --- a/config/haproxy-stable/haproxy_pool_edit.php +++ b/config/haproxy-stable/haproxy_pool_edit.php @@ -72,7 +72,11 @@ if ($_POST) { $reqdfields = explode(" ", "name"); $reqdfieldsn = explode(",", "Name"); - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); + if ($pf_version < 2.1) + $input_errors = eval('do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); return $input_errors;'); + else + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['name'])) $input_errors[] = "The field 'Name' contains invalid characters."; diff --git a/config/mailscanner/mailscanner.xml b/config/mailscanner/mailscanner.xml index a7115a5c..62f318cb 100644 --- a/config/mailscanner/mailscanner.xml +++ b/config/mailscanner/mailscanner.xml @@ -347,7 +347,7 @@ mailscanner_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - mailscanner_validate_input($_POST, &$input_errors); + mailscanner_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_mailscanner(); diff --git a/config/mailscanner/mailscanner_alerts.xml b/config/mailscanner/mailscanner_alerts.xml index 9d80bae6..ddc1112b 100644 --- a/config/mailscanner/mailscanner_alerts.xml +++ b/config/mailscanner/mailscanner_alerts.xml @@ -150,7 +150,7 @@ mailscanner_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - mailscanner_validate_input($_POST, &$input_errors); + mailscanner_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_mailscanner(); diff --git a/config/mailscanner/mailscanner_antispam.xml b/config/mailscanner/mailscanner_antispam.xml index 26295059..2902f36d 100644 --- a/config/mailscanner/mailscanner_antispam.xml +++ b/config/mailscanner/mailscanner_antispam.xml @@ -445,7 +445,7 @@ mailscanner_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - mailscanner_validate_input($_POST, &$input_errors); + mailscanner_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_mailscanner(); diff --git a/config/mailscanner/mailscanner_antivirus.xml b/config/mailscanner/mailscanner_antivirus.xml index 590a61f6..a6b08f8c 100644 --- a/config/mailscanner/mailscanner_antivirus.xml +++ b/config/mailscanner/mailscanner_antivirus.xml @@ -181,7 +181,7 @@ mailscanner_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - mailscanner_validate_input($_POST, &$input_errors); + mailscanner_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_mailscanner(); diff --git a/config/mailscanner/mailscanner_attachments.xml b/config/mailscanner/mailscanner_attachments.xml index e89fbd46..bcd14163 100644 --- a/config/mailscanner/mailscanner_attachments.xml +++ b/config/mailscanner/mailscanner_attachments.xml @@ -212,7 +212,7 @@ mailscanner_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - mailscanner_validate_input($_POST, &$input_errors); + mailscanner_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_mailscanner(); diff --git a/config/mailscanner/mailscanner_content.xml b/config/mailscanner/mailscanner_content.xml index 07342dce..1efe84f5 100644 --- a/config/mailscanner/mailscanner_content.xml +++ b/config/mailscanner/mailscanner_content.xml @@ -234,7 +234,7 @@ mailscanner_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - mailscanner_validate_input($_POST, &$input_errors); + mailscanner_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_mailscanner(); diff --git a/config/mailscanner/mailscanner_report.xml b/config/mailscanner/mailscanner_report.xml index e12ed341..2e0ca449 100644 --- a/config/mailscanner/mailscanner_report.xml +++ b/config/mailscanner/mailscanner_report.xml @@ -524,7 +524,7 @@ mailscanner_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - mailscanner_validate_input($_POST, &$input_errors); + mailscanner_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_mailscanner(); diff --git a/config/mailscanner/mailscanner_sync.xml b/config/mailscanner/mailscanner_sync.xml index 46f7dbfe..2bcca7d0 100644 --- a/config/mailscanner/mailscanner_sync.xml +++ b/config/mailscanner/mailscanner_sync.xml @@ -151,7 +151,7 @@ mailscanner_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - mailscanner_validate_input($_POST, &$input_errors); + mailscanner_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_mailscanner(); diff --git a/config/openvpn-client-export/vpn_openvpn_export.php b/config/openvpn-client-export/vpn_openvpn_export.php index 8d002397..086c2a52 100755 --- a/config/openvpn-client-export/vpn_openvpn_export.php +++ b/config/openvpn-client-export/vpn_openvpn_export.php @@ -131,10 +131,14 @@ if (!empty($act)) { else $nokeys = false; - if (empty($_GET['useaddr'])) { + $useaddr = ''; + if (isset($_GET['useaddr']) && !empty($_GET['useaddr'])) + $useaddr = trim($_GET['useaddr']); + + if (!(is_ipaddr($useaddr) || is_hostname($useaddr) || + in_array($useaddr, array("serveraddr", "servermagic", "servermagichost", "serverhostname")))) $input_errors[] = "You need to specify an IP or hostname."; - } else - $useaddr = $_GET['useaddr']; + $advancedoptions = $_GET['advancedoptions']; $openvpnmanager = $_GET['openvpnmanager']; diff --git a/config/pf-blocker/pfblocker.php b/config/pf-blocker/pfblocker.php index 17fb10e7..50214142 100644 --- a/config/pf-blocker/pfblocker.php +++ b/config/pf-blocker/pfblocker.php @@ -249,7 +249,7 @@ $xml= <<<EOF pfblocker_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - pfblocker_validate_input(\$_POST, &\$input_errors); + pfblocker_validate_input(\$_POST, \$input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_pfblocker(); diff --git a/config/pf-blocker/pfblocker.xml b/config/pf-blocker/pfblocker.xml index 44658bcb..ffc138f5 100755 --- a/config/pf-blocker/pfblocker.xml +++ b/config/pf-blocker/pfblocker.xml @@ -241,7 +241,7 @@ pfblocker_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - pfblocker_validate_input($_POST, &$input_errors); + pfblocker_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_pfblocker(); diff --git a/config/pf-blocker/pfblocker_lists.xml b/config/pf-blocker/pfblocker_lists.xml index f1798d36..50782ea1 100755 --- a/config/pf-blocker/pfblocker_lists.xml +++ b/config/pf-blocker/pfblocker_lists.xml @@ -246,7 +246,7 @@ pfblocker_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - pfblocker_validate_input($_POST, &$input_errors); + pfblocker_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_pfblocker(); diff --git a/config/pf-blocker/pfblocker_sync.xml b/config/pf-blocker/pfblocker_sync.xml index e2e19567..67b49db1 100644 --- a/config/pf-blocker/pfblocker_sync.xml +++ b/config/pf-blocker/pfblocker_sync.xml @@ -138,7 +138,7 @@ pfblocker_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - pfblocker_validate_input($_POST, &$input_errors); + pfblocker_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_pfblocker(); diff --git a/config/pf-blocker/pfblocker_topspammers.xml b/config/pf-blocker/pfblocker_topspammers.xml index 2536cf80..e7d95e21 100644 --- a/config/pf-blocker/pfblocker_topspammers.xml +++ b/config/pf-blocker/pfblocker_topspammers.xml @@ -158,7 +158,7 @@ pfblocker_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - pfblocker_validate_input($_POST, &$input_errors); + pfblocker_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_pfblocker(); diff --git a/config/postfix/postfix.xml b/config/postfix/postfix.xml index 59e58f41..46233828 100644 --- a/config/postfix/postfix.xml +++ b/config/postfix/postfix.xml @@ -354,7 +354,7 @@ postfix_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - postfix_validate_input($_POST, &$input_errors); + postfix_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_postfix(); diff --git a/config/postfix/postfix_acl.xml b/config/postfix/postfix_acl.xml index d704c189..60b23a22 100644 --- a/config/postfix/postfix_acl.xml +++ b/config/postfix/postfix_acl.xml @@ -221,7 +221,7 @@ postfix_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - postfix_validate_input($_POST, &$input_errors); + postfix_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_postfix(); diff --git a/config/postfix/postfix_antispam.xml b/config/postfix/postfix_antispam.xml index 94f52f35..6c3f5911 100644 --- a/config/postfix/postfix_antispam.xml +++ b/config/postfix/postfix_antispam.xml @@ -279,7 +279,7 @@ postfix_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - postfix_validate_input($_POST, &$input_errors); + postfix_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_postfix(); diff --git a/config/postfix/postfix_domains.xml b/config/postfix/postfix_domains.xml index 23d80e12..539ef60e 100644 --- a/config/postfix/postfix_domains.xml +++ b/config/postfix/postfix_domains.xml @@ -137,7 +137,7 @@ postfix_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - postfix_validate_input($_POST, &$input_errors); + postfix_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_postfix(); diff --git a/config/postfix/postfix_recipients.xml b/config/postfix/postfix_recipients.xml index 2b07bae8..d8f9707e 100644 --- a/config/postfix/postfix_recipients.xml +++ b/config/postfix/postfix_recipients.xml @@ -192,7 +192,7 @@ postfix_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - postfix_validate_input($_POST, &$input_errors); + postfix_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_postfix(); diff --git a/config/postfix/postfix_sync.xml b/config/postfix/postfix_sync.xml index 88617fbf..97a88e2c 100644 --- a/config/postfix/postfix_sync.xml +++ b/config/postfix/postfix_sync.xml @@ -193,7 +193,7 @@ postfix_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - postfix_validate_input($_POST, &$input_errors); + postfix_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_postfix(); diff --git a/config/sarg/sarg.xml b/config/sarg/sarg.xml index a0162e3b..9266d211 100644 --- a/config/sarg/sarg.xml +++ b/config/sarg/sarg.xml @@ -363,7 +363,7 @@ sarg_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - sarg_validate_input($_POST, &$input_errors); + sarg_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_sarg(); diff --git a/config/sarg/sarg_schedule.xml b/config/sarg/sarg_schedule.xml index 07e24d5c..6080e530 100644 --- a/config/sarg/sarg_schedule.xml +++ b/config/sarg/sarg_schedule.xml @@ -216,7 +216,7 @@ <custom_php_command_before_form> </custom_php_command_before_form> <custom_php_validation_command> - sarg_validate_input($_POST, &$input_errors); + sarg_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_delete_php_command> sync_package_sarg(); diff --git a/config/sarg/sarg_sync.xml b/config/sarg/sarg_sync.xml index 6cff7b6d..354d9991 100755 --- a/config/sarg/sarg_sync.xml +++ b/config/sarg/sarg_sync.xml @@ -138,7 +138,7 @@ sarg_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - sarg_validate_input($_POST, &$input_errors); + sarg_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sarg_resync(); diff --git a/config/sarg/sarg_users.xml b/config/sarg/sarg_users.xml index d038e5b3..39387007 100644 --- a/config/sarg/sarg_users.xml +++ b/config/sarg/sarg_users.xml @@ -211,7 +211,7 @@ <custom_php_deinstall_command> </custom_php_deinstall_command> <custom_php_validation_command> - sarg_validate_input($_POST, &$input_errors); + sarg_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_sarg(); diff --git a/config/snort/snort.inc b/config/snort/snort.inc index c0c5756c..47274e77 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -54,7 +54,7 @@ if (empty($snort_version)) $snort_version = "2.9.6.0"; /* Used to indicate latest version of this include file has been loaded */ -$pfSense_snort_version = "3.0.8"; +$pfSense_snort_version = "3.0.13"; /* get installed package version for display */ $snort_package_version = "Snort {$config['installedpackages']['package'][get_pkg_id("snort")]['version']}"; diff --git a/config/snort/snort.xml b/config/snort/snort.xml index ca99accf..977db98a 100755 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -47,7 +47,7 @@ <faq>Currently there are no FAQ items provided.</faq> <name>Snort</name> <version>2.9.6.0</version> - <title>Services:2.9.6.0 pkg v3.0.8</title> + <title>Services:2.9.6.0 pkg v3.0.13</title> <include_file>/usr/local/pkg/snort/snort.inc</include_file> <menu> <name>Snort</name> @@ -269,7 +269,7 @@ </custom_add_php_command> <custom_php_resync_config_command> <![CDATA[ - if ($GLOBALS['pfSense_snort_version'] == "3.0.8") + if ($GLOBALS['pfSense_snort_version'] == "3.0.13") sync_snort_package_config(); ]]> </custom_php_resync_config_command> diff --git a/config/snort/snort_import_aliases.php b/config/snort/snort_import_aliases.php index 80b3bb1d..ba71c9bf 100644 --- a/config/snort/snort_import_aliases.php +++ b/config/snort/snort_import_aliases.php @@ -32,13 +32,13 @@ require_once("functions.inc"); require_once("/usr/local/pkg/snort/snort.inc"); // Retrieve any passed QUERY STRING or POST variables -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; elseif (isset($_GET['id']) && is_numericint($_GET['id'])) $id = htmlspecialchars($_GET['id']); if (isset($_POST['eng'])) - $eng = $_POST['eng']; + $eng = htmlspecialchars($_POST['eng']); elseif (isset($_GET['eng'])) $eng = htmlspecialchars($_GET['eng']); diff --git a/config/snort/snort_interfaces_suppress_edit.php b/config/snort/snort_interfaces_suppress_edit.php index 986bfc38..ec4d9116 100644 --- a/config/snort/snort_interfaces_suppress_edit.php +++ b/config/snort/snort_interfaces_suppress_edit.php @@ -90,7 +90,12 @@ if ($_POST['save']) { $reqdfields = explode(" ", "name"); $reqdfieldsn = array("Name"); - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); + if ($pf_version < 2.1) + $input_errors = eval('do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); return $input_errors;'); + else + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if(strtolower($_POST['name']) == "defaultwhitelist") $input_errors[] = "Whitelist file names may not be named defaultwhitelist."; diff --git a/config/snort/snort_migrate_config.php b/config/snort/snort_migrate_config.php index d483ba47..d524e9f3 100644 --- a/config/snort/snort_migrate_config.php +++ b/config/snort/snort_migrate_config.php @@ -365,7 +365,7 @@ unset($r); // Write out the new configuration to disk if we changed anything if ($updated_cfg) { - $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.8"; + $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.13"; log_error("[Snort] Saving configuration settings in new format..."); write_config("Snort pkg: migrate existing settings to new format as part of package upgrade."); log_error("[Snort] Settings successfully migrated to new configuration format..."); diff --git a/config/snort/snort_passlist_edit.php b/config/snort/snort_passlist_edit.php index 3be776f4..f501e0fc 100644 --- a/config/snort/snort_passlist_edit.php +++ b/config/snort/snort_passlist_edit.php @@ -112,7 +112,12 @@ if ($_POST['save']) { /* input validation */ $reqdfields = explode(" ", "name"); $reqdfieldsn = explode(",", "Name"); - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); + if ($pf_version < 2.1) + $input_errors = eval('do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); return $input_errors;'); + else + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if(strtolower($_POST['name']) == "defaultpasslist") $input_errors[] = gettext("Pass List file names may not be named defaultpasslist."); diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php index 8d3c427d..6b645df5 100644 --- a/config/snort/snort_post_install.php +++ b/config/snort/snort_post_install.php @@ -1494,7 +1494,7 @@ if (stristr($config['widgets']['sequence'], "snort_alerts-container") === FALSE) $config['widgets']['sequence'] .= ",{$snort_widget_container}"; /* Update Snort package version in configuration */ -$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.8"; +$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.13"; write_config("Snort pkg: post-install configuration saved."); /* Done with post-install, so clear flag */ diff --git a/config/snort/snort_rules_flowbits.php b/config/snort/snort_rules_flowbits.php index daf1c4ef..d7c18a9d 100644 --- a/config/snort/snort_rules_flowbits.php +++ b/config/snort/snort_rules_flowbits.php @@ -53,7 +53,7 @@ if (is_null($id)) { // Set who called us so we can return to the correct page with // the RETURN ('cancel') button. -if ($_POST['referrer']) +if (isset($_POST['referrer']) && strpos($_POST['referrer'], '://'.$_SERVER['SERVER_NAME'].'/') !== FALSE) $referrer = $_POST['referrer']; else $referrer = $_SERVER['HTTP_REFERER']; diff --git a/config/snort/snort_select_alias.php b/config/snort/snort_select_alias.php index c632b388..de504b7f 100644 --- a/config/snort/snort_select_alias.php +++ b/config/snort/snort_select_alias.php @@ -47,29 +47,31 @@ else // Retrieve any passed QUERY STRING or POST variables if (isset($_POST['type'])) - $type = $_POST['type']; + $type = htmlspecialchars($_POST['type']); elseif (isset($_GET['type'])) $type = htmlspecialchars($_GET['type']); if (isset($_POST['varname'])) - $varname = $_POST['varname']; + $varname = htmlspecialchars($_POST['varname']); elseif (isset($_GET['varname'])) $varname = htmlspecialchars($_GET['varname']); if (isset($_POST['multi_ip'])) - $multi_ip = $_POST['multi_ip']; + $multi_ip = htmlspecialchars($_POST['multi_ip']); elseif (isset($_GET['multi_ip'])) $multi_ip = htmlspecialchars($_GET['multi_ip']); -if (isset($_POST['returl'])) +if (isset($_POST['returl']) && substr($_POST['returl'], 0, 1) == '/') $referrer = urldecode($_POST['returl']); -elseif (isset($_GET['returl'])) +elseif (isset($_GET['returl']) && substr($_GET['returl'], 0, 1) == '/') $referrer = urldecode($_GET['returl']); +else + $referrer = $_SERVER['HTTP_REFERER']; // Make sure we have a valid VARIABLE name // and ALIAS TYPE, or else bail out. if (is_null($type) || is_null($varname)) { - header("Location: http://{$referrer}?{$querystr}"); + header("Location: {$referrer}?{$querystr}"); exit; } @@ -132,8 +134,8 @@ include("head.inc"); <input type="hidden" name="varname" value="<?=$varname;?>"/> <input type="hidden" name="type" value="<?=$type;?>"/> <input type="hidden" name="multi_ip" value="<?=$multi_ip;?>"/> -<input type="hidden" name="returl" value="<?=$referrer;?>"/> -<input type="hidden" name="org_querystr" value="<?=$querystr;?>"/> +<input type="hidden" name="returl" value="<?=htmlspecialchars($referrer);?>"/> +<input type="hidden" name="org_querystr" value="<?=htmlspecialchars($querystr);?>"/> <?php if ($input_errors) print_input_errors($input_errors); ?> <div id="boxarea"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> diff --git a/config/squid-head/squid.inc b/config/squid-head/squid.inc index a735b33e..b647392c 100644 --- a/config/squid-head/squid.inc +++ b/config/squid-head/squid.inc @@ -112,7 +112,7 @@ function squid_deinstall_command() { mwexec('rm -rf ' . SQUID_CACHEDIR); } -function squid_before_form_general($pkg) { +function squid_before_form_general(&$pkg) { $values = get_dir(SQUID_CONFBASE . '/errors/'); // Get rid of '..' and '.' array_shift($values); @@ -133,7 +133,7 @@ function squid_before_form_general($pkg) { $field['options']['option'][] = array('name' => $names[$i], 'value' => $values[$i]); } -function squid_validate_general($post, $input_errors) { +function squid_validate_general($post, &$input_errors) { $icp_port = trim($post['icp_port']); if (!empty($icp_port) && !is_port($icp_port)) $input_errors[] = 'You must enter a valid port number in the \'ICP port\' field'; @@ -143,7 +143,7 @@ function squid_validate_general($post, $input_errors) { $input_errors[] = 'You must enter a valid number for the \'Redirect children\' field'; } -function squid_validate_upstream($post, $input_errors) { +function squid_validate_upstream($post, &$input_errors) { if ($post['proxy_forwarding'] == 'on') { $addr = trim($post['proxy_addr']); if (empty($addr)) @@ -165,7 +165,7 @@ function squid_validate_upstream($post, $input_errors) { } } -function squid_validate_cache($post, $input_errors) { +function squid_validate_cache($post, &$input_errors) { $num_fields = array( 'harddisk_cache_size' => 'Hard disk cache size', 'memory_cache_size' => 'Memory cache size', 'maximum_object_size' => 'Maximum object size', @@ -187,7 +187,7 @@ function squid_validate_cache($post, $input_errors) { } } -function squid_validate_nac($post, $input_errors) { +function squid_validate_nac($post, &$input_errors) { $allowed_subnets = explode(',', trim($post['allowed_subnets'])); foreach ($allowed_subnets as $subnet) { $subnet = trim($subnet); @@ -222,7 +222,7 @@ function squid_validate_nac($post, $input_errors) { } } -function squid_validate_traffic($post, $input_errors) { +function squid_validate_traffic($post, &$input_errors) { $num_fields = array( 'max_download_size' => 'Maximum download size', 'max_upload_size' => 'Maximum upload size', @@ -239,7 +239,7 @@ function squid_validate_traffic($post, $input_errors) { } } -function squid_validate_auth($post, $input_errors) { +function squid_validate_auth($post, &$input_errors) { $num_fields = array( array('auth_processes', 'Authentication processes', 1), array('auth_ttl', 'Authentication TTL', 0), ); diff --git a/config/squid-head/squid.xml b/config/squid-head/squid.xml index 6657e3af..4db431fc 100644 --- a/config/squid-head/squid.xml +++ b/config/squid-head/squid.xml @@ -198,10 +198,10 @@ </field> </fields> <custom_php_command_before_form> - squid_before_form_general(&$pkg); + squid_before_form_general($pkg); </custom_php_command_before_form> <custom_php_validation_command> - squid_validate_general($_POST, &$input_errors); + squid_validate_general($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid-head/squid_auth.xml b/config/squid-head/squid_auth.xml index 15910f97..ded7b516 100644 --- a/config/squid-head/squid_auth.xml +++ b/config/squid-head/squid_auth.xml @@ -188,7 +188,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_auth($_POST, &$input_errors); + squid_validate_auth($_POST, $input_errors); </custom_php_validation_command> <custom_php_after_form_command> squid_print_javascript_auth2(); diff --git a/config/squid-head/squid_cache.xml b/config/squid-head/squid_cache.xml index 3fe0475f..6bce3d6f 100644 --- a/config/squid-head/squid_cache.xml +++ b/config/squid-head/squid_cache.xml @@ -172,7 +172,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_cache($_POST, &$input_errors); + squid_validate_cache($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid-head/squid_nac.xml b/config/squid-head/squid_nac.xml index db49a1ba..00de75e2 100644 --- a/config/squid-head/squid_nac.xml +++ b/config/squid-head/squid_nac.xml @@ -139,7 +139,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_nac($_POST, &$input_errors); + squid_validate_nac($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid-head/squid_traffic.xml b/config/squid-head/squid_traffic.xml index d69f2510..b6865596 100644 --- a/config/squid-head/squid_traffic.xml +++ b/config/squid-head/squid_traffic.xml @@ -171,7 +171,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_traffic($_POST, &$input_errors); + squid_validate_traffic($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid-head/squid_upstream.xml b/config/squid-head/squid_upstream.xml index b02a21b4..ac33b31e 100644 --- a/config/squid-head/squid_upstream.xml +++ b/config/squid-head/squid_upstream.xml @@ -125,7 +125,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_upstream($_POST, &$input_errors); + squid_validate_upstream($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid/squid.inc b/config/squid/squid.inc index 9f7fe2b0..0ddd1645 100644 --- a/config/squid/squid.inc +++ b/config/squid/squid.inc @@ -278,7 +278,7 @@ function squid_deinstall_command() { filter_configure(); } -function squid_before_form_general($pkg) { +function squid_before_form_general(&$pkg) { $values = get_dir(SQUID_CONFBASE . '/errors/'); // Get rid of '..' and '.' array_shift($values); diff --git a/config/squid/squid.xml b/config/squid/squid.xml index 88bd94ec..67956229 100644 --- a/config/squid/squid.xml +++ b/config/squid/squid.xml @@ -320,7 +320,7 @@ </field> </fields> <custom_php_command_before_form> - squid_before_form_general(&$pkg); + squid_before_form_general($pkg); </custom_php_command_before_form> <custom_add_php_command> squid_resync(); diff --git a/config/squid3/31/squid.inc b/config/squid3/31/squid.inc index b8f1e3e1..ef346e1a 100644 --- a/config/squid3/31/squid.inc +++ b/config/squid3/31/squid.inc @@ -365,7 +365,7 @@ function squid_deinstall_command() { filter_configure(); } -function squid_before_form_general($pkg) { +function squid_before_form_general(&$pkg) { $values = get_dir(SQUID_CONFBASE . '/errors/'); // Get rid of '..' and '.' and ... array_shift($values); @@ -389,7 +389,7 @@ function squid_before_form_general($pkg) { $field['options']['option'][] = array('name' => $names[$i], 'value' => $values[$i]); } -function squid_validate_general($post, $input_errors) { +function squid_validate_general($post, &$input_errors) { global $config; if (is_array($config['installedpackages']['squid'])) $settings = $config['installedpackages']['squid']['config'][0]; @@ -452,7 +452,7 @@ function squid_validate_general($post, $input_errors) { }} } -function squid_validate_upstream($post, $input_errors) { +function squid_validate_upstream($post, &$input_errors) { if ($post['enabled'] == 'on') { $addr = trim($post['proxyaddr']); if (empty($addr)) @@ -474,7 +474,7 @@ function squid_validate_upstream($post, $input_errors) { } } -function squid_validate_cache($post, $input_errors) { +function squid_validate_cache($post, &$input_errors) { $num_fields = array( 'harddisk_cache_size' => 'Hard disk cache size', 'memory_cache_size' => 'Memory cache size', 'maximum_object_size' => 'Maximum object size', @@ -513,7 +513,7 @@ function squid_validate_cache($post, $input_errors) { } -function squid_validate_nac($post, $input_errors) { +function squid_validate_nac($post, &$input_errors) { $allowed_subnets = explode("\n", $post['allowed_subnets']); foreach ($allowed_subnets as $subnet) { $subnet = trim($subnet); @@ -559,7 +559,7 @@ function squid_validate_nac($post, $input_errors) { }} } -function squid_validate_traffic($post, $input_errors) { +function squid_validate_traffic($post, &$input_errors) { $num_fields = array( 'max_download_size' => 'Maximum download size', 'max_upload_size' => 'Maximum upload size', 'perhost_throttling' => 'Per-host bandwidth throttling', @@ -590,7 +590,7 @@ function squid_validate_traffic($post, $input_errors) { } } -function squid_validate_reverse($post, $input_errors) { +function squid_validate_reverse($post, &$input_errors) { if(!empty($post['reverse_ip'])) { $reverse_ip = explode(";", ($post['reverse_ip'])); @@ -641,7 +641,7 @@ function squid_validate_reverse($post, $input_errors) { } -function squid_validate_auth($post, $input_errors) { +function squid_validate_auth($post, &$input_errors) { $num_fields = array( array('auth_processes', 'Authentication processes', 1), array('auth_ttl', 'Authentication TTL', 0), ); diff --git a/config/squid3/31/squid.xml b/config/squid3/31/squid.xml index 53293acd..a05e9427 100644 --- a/config/squid3/31/squid.xml +++ b/config/squid3/31/squid.xml @@ -429,13 +429,13 @@ </field> </fields> <custom_php_command_before_form> - squid_before_form_general(&$pkg); + squid_before_form_general($pkg); </custom_php_command_before_form> <custom_add_php_command> squid_resync(); </custom_add_php_command> <custom_php_validation_command> - squid_validate_general($_POST, &$input_errors); + squid_validate_general($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/31/squid_auth.xml b/config/squid3/31/squid_auth.xml index 307669c5..8dbaae67 100644 --- a/config/squid3/31/squid_auth.xml +++ b/config/squid3/31/squid_auth.xml @@ -244,7 +244,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_auth($_POST, &$input_errors); + squid_validate_auth($_POST, $input_errors); </custom_php_validation_command> <custom_php_after_form_command> squid_print_javascript_auth2(); diff --git a/config/squid3/31/squid_cache.xml b/config/squid3/31/squid_cache.xml index 7f371f49..50c0dca0 100644 --- a/config/squid3/31/squid_cache.xml +++ b/config/squid3/31/squid_cache.xml @@ -287,7 +287,7 @@ } </custom_php_command_before_form> <custom_php_validation_command> - squid_validate_cache($_POST, &$input_errors); + squid_validate_cache($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/31/squid_nac.xml b/config/squid3/31/squid_nac.xml index 659d626f..de3d670c 100644 --- a/config/squid3/31/squid_nac.xml +++ b/config/squid3/31/squid_nac.xml @@ -178,7 +178,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_nac($_POST, &$input_errors); + squid_validate_nac($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/31/squid_reverse.xml b/config/squid3/31/squid_reverse.xml index bc51d033..40fb0ec1 100644 --- a/config/squid3/31/squid_reverse.xml +++ b/config/squid3/31/squid_reverse.xml @@ -354,10 +354,10 @@ </fields> <custom_php_command_before_form> - squid_before_form_general(&$pkg); + squid_before_form_general($pkg); </custom_php_command_before_form> <custom_php_validation_command> - squid_validate_reverse($_POST, &$input_errors); + squid_validate_reverse($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/31/squid_reverse_general.xml b/config/squid3/31/squid_reverse_general.xml index 8b2a8c9b..1795edf5 100644 --- a/config/squid3/31/squid_reverse_general.xml +++ b/config/squid3/31/squid_reverse_general.xml @@ -246,12 +246,12 @@ </field> </fields> <custom_php_command_before_form> - squid_before_form_general(&$pkg); + squid_before_form_general($pkg); </custom_php_command_before_form> <custom_php_validation_command> - squid_validate_reverse($_POST, &$input_errors); + squid_validate_reverse($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/squid3/31/squid_reverse_peer.xml b/config/squid3/31/squid_reverse_peer.xml index abfbf19b..b5a340e7 100644 --- a/config/squid3/31/squid_reverse_peer.xml +++ b/config/squid3/31/squid_reverse_peer.xml @@ -156,12 +156,12 @@ </field> </fields> <custom_php_command_before_form> - squid_before_form_general(&$pkg); + squid_before_form_general($pkg); </custom_php_command_before_form> <custom_php_validation_command> - squid_validate_reverse($_POST, &$input_errors); + squid_validate_reverse($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/squid3/31/squid_traffic.xml b/config/squid3/31/squid_traffic.xml index 62269792..786205c1 100644 --- a/config/squid3/31/squid_traffic.xml +++ b/config/squid3/31/squid_traffic.xml @@ -195,7 +195,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_traffic($_POST, &$input_errors); + squid_validate_traffic($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/31/squid_upstream.xml b/config/squid3/31/squid_upstream.xml index 049d301c..45e5576a 100644 --- a/config/squid3/31/squid_upstream.xml +++ b/config/squid3/31/squid_upstream.xml @@ -349,7 +349,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_upstream($_POST, &$input_errors); + squid_validate_upstream($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/33/squid.inc b/config/squid3/33/squid.inc index d006c0db..d9bb1549 100755 --- a/config/squid3/33/squid.inc +++ b/config/squid3/33/squid.inc @@ -382,7 +382,7 @@ function squid_deinstall_command() { filter_configure(); } -function squid_before_form_general($pkg) { +function squid_before_form_general(&$pkg) { $values = get_dir(SQUID_CONFBASE . '/errors/'); // Get rid of '..' and '.' and ... array_shift($values); @@ -406,7 +406,7 @@ function squid_before_form_general($pkg) { $field['options']['option'][] = array('name' => $names[$i], 'value' => $values[$i]); } -function squid_validate_general($post, $input_errors) { +function squid_validate_general($post, &$input_errors) { global $config; if (is_array($config['installedpackages']['squid'])) $settings = $config['installedpackages']['squid']['config'][0]; @@ -472,7 +472,7 @@ function squid_validate_general($post, $input_errors) { }} } -function squid_validate_upstream($post, $input_errors) { +function squid_validate_upstream($post, &$input_errors) { if ($post['enabled'] == 'on') { $addr = trim($post['proxyaddr']); if (empty($addr)) @@ -494,7 +494,7 @@ function squid_validate_upstream($post, $input_errors) { } } -function squid_validate_cache($post, $input_errors) { +function squid_validate_cache($post, &$input_errors) { $num_fields = array( 'harddisk_cache_size' => 'Hard disk cache size', 'memory_cache_size' => 'Memory cache size', 'maximum_object_size' => 'Maximum object size', @@ -533,7 +533,7 @@ function squid_validate_cache($post, $input_errors) { } -function squid_validate_nac($post, $input_errors) { +function squid_validate_nac($post, &$input_errors) { $allowed_subnets = explode("\n", $post['allowed_subnets']); foreach ($allowed_subnets as $subnet) { $subnet = trim($subnet); @@ -579,7 +579,7 @@ function squid_validate_nac($post, $input_errors) { }} } -function squid_validate_traffic($post, $input_errors) { +function squid_validate_traffic($post, &$input_errors) { $num_fields = array( 'max_download_size' => 'Maximum download size', 'max_upload_size' => 'Maximum upload size', 'perhost_throttling' => 'Per-host bandwidth throttling', @@ -610,7 +610,7 @@ function squid_validate_traffic($post, $input_errors) { } } -function squid_validate_reverse($post, $input_errors) { +function squid_validate_reverse($post, &$input_errors) { if(!empty($post['reverse_ip'])) { $reverse_ip = explode(";", ($post['reverse_ip'])); @@ -661,7 +661,7 @@ function squid_validate_reverse($post, $input_errors) { } -function squid_validate_auth($post, $input_errors) { +function squid_validate_auth($post, &$input_errors) { $num_fields = array( array('auth_processes', 'Authentication processes', 1), array('auth_ttl', 'Authentication TTL', 0), ); diff --git a/config/squid3/33/squid.xml b/config/squid3/33/squid.xml index bf740221..7e13e456 100644 --- a/config/squid3/33/squid.xml +++ b/config/squid3/33/squid.xml @@ -555,13 +555,13 @@ </field> </fields> <custom_php_command_before_form> - squid_before_form_general(&$pkg); + squid_before_form_general($pkg); </custom_php_command_before_form> <custom_add_php_command> squid_resync(); </custom_add_php_command> <custom_php_validation_command> - squid_validate_general($_POST, &$input_errors); + squid_validate_general($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/33/squid_auth.xml b/config/squid3/33/squid_auth.xml index e71a7e8d..c79bf873 100755 --- a/config/squid3/33/squid_auth.xml +++ b/config/squid3/33/squid_auth.xml @@ -250,7 +250,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_auth($_POST, &$input_errors); + squid_validate_auth($_POST, $input_errors); </custom_php_validation_command> <custom_php_after_form_command> squid_print_javascript_auth2(); diff --git a/config/squid3/33/squid_cache.xml b/config/squid3/33/squid_cache.xml index f60863c9..612e9b73 100755 --- a/config/squid3/33/squid_cache.xml +++ b/config/squid3/33/squid_cache.xml @@ -312,7 +312,7 @@ } </custom_php_command_before_form> <custom_php_validation_command> - squid_validate_cache($_POST, &$input_errors); + squid_validate_cache($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/33/squid_nac.xml b/config/squid3/33/squid_nac.xml index bffefb61..2e94ae58 100755 --- a/config/squid3/33/squid_nac.xml +++ b/config/squid3/33/squid_nac.xml @@ -183,7 +183,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_nac($_POST, &$input_errors); + squid_validate_nac($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/33/squid_reverse.xml b/config/squid3/33/squid_reverse.xml index bc51d033..40fb0ec1 100755 --- a/config/squid3/33/squid_reverse.xml +++ b/config/squid3/33/squid_reverse.xml @@ -354,10 +354,10 @@ </fields> <custom_php_command_before_form> - squid_before_form_general(&$pkg); + squid_before_form_general($pkg); </custom_php_command_before_form> <custom_php_validation_command> - squid_validate_reverse($_POST, &$input_errors); + squid_validate_reverse($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/33/squid_reverse_general.xml b/config/squid3/33/squid_reverse_general.xml index 8b2a8c9b..1795edf5 100755 --- a/config/squid3/33/squid_reverse_general.xml +++ b/config/squid3/33/squid_reverse_general.xml @@ -246,12 +246,12 @@ </field> </fields> <custom_php_command_before_form> - squid_before_form_general(&$pkg); + squid_before_form_general($pkg); </custom_php_command_before_form> <custom_php_validation_command> - squid_validate_reverse($_POST, &$input_errors); + squid_validate_reverse($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/squid3/33/squid_reverse_peer.xml b/config/squid3/33/squid_reverse_peer.xml index abfbf19b..b5a340e7 100755 --- a/config/squid3/33/squid_reverse_peer.xml +++ b/config/squid3/33/squid_reverse_peer.xml @@ -156,12 +156,12 @@ </field> </fields> <custom_php_command_before_form> - squid_before_form_general(&$pkg); + squid_before_form_general($pkg); </custom_php_command_before_form> <custom_php_validation_command> - squid_validate_reverse($_POST, &$input_errors); + squid_validate_reverse($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/squid3/33/squid_traffic.xml b/config/squid3/33/squid_traffic.xml index 82e849c1..85822fef 100755 --- a/config/squid3/33/squid_traffic.xml +++ b/config/squid3/33/squid_traffic.xml @@ -200,7 +200,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_traffic($_POST, &$input_errors); + squid_validate_traffic($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/33/squid_upstream.xml b/config/squid3/33/squid_upstream.xml index 407cedd8..f8e467b7 100755 --- a/config/squid3/33/squid_upstream.xml +++ b/config/squid3/33/squid_upstream.xml @@ -353,7 +353,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_upstream($_POST, &$input_errors); + squid_validate_upstream($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/old/squid.inc b/config/squid3/old/squid.inc index 784fea8f..ce196700 100644 --- a/config/squid3/old/squid.inc +++ b/config/squid3/old/squid.inc @@ -289,7 +289,7 @@ function squid_deinstall_command() { filter_configure(); } -function squid_before_form_general($pkg) { +function squid_before_form_general(&$pkg) { $values = get_dir(SQUID_CONFBASE . '/errors/'); // Get rid of '..' and '.' array_shift($values); @@ -310,7 +310,7 @@ function squid_before_form_general($pkg) { $field['options']['option'][] = array('name' => $names[$i], 'value' => $values[$i]); } -function squid_validate_general($post, $input_errors) { +function squid_validate_general($post, &$input_errors) { global $config; $settings = $config['installedpackages']['squid']['config'][0]; $port = ($settings['proxy_port'] ? $settings['proxy_port'] : 3128); @@ -367,7 +367,7 @@ function squid_validate_general($post, $input_errors) { }} } -function squid_validate_upstream($post, $input_errors) { +function squid_validate_upstream($post, &$input_errors) { if ($post['proxy_forwarding'] == 'on') { $addr = trim($post['proxy_addr']); if (empty($addr)) @@ -389,7 +389,7 @@ function squid_validate_upstream($post, $input_errors) { } } -function squid_validate_cache($post, $input_errors) { +function squid_validate_cache($post, &$input_errors) { $num_fields = array( 'harddisk_cache_size' => 'Hard disk cache size', 'memory_cache_size' => 'Memory cache size', 'maximum_object_size' => 'Maximum object size', @@ -428,7 +428,7 @@ function squid_validate_cache($post, $input_errors) { } -function squid_validate_nac($post, $input_errors) { +function squid_validate_nac($post, &$input_errors) { $allowed_subnets = explode("\n", $post['allowed_subnets']); foreach ($allowed_subnets as $subnet) { $subnet = trim($subnet); @@ -466,7 +466,7 @@ function squid_validate_nac($post, $input_errors) { }} } -function squid_validate_traffic($post, $input_errors) { +function squid_validate_traffic($post, &$input_errors) { $num_fields = array( 'max_download_size' => 'Maximum download size', 'max_upload_size' => 'Maximum upload size', 'perhost_throttling' => 'Per-host bandwidth throttling', @@ -498,7 +498,7 @@ function squid_validate_traffic($post, $input_errors) { } -function squid_validate_auth($post, $input_errors) { +function squid_validate_auth($post, &$input_errors) { $num_fields = array( array('auth_processes', 'Authentication processes', 1), array('auth_ttl', 'Authentication TTL', 0), ); diff --git a/config/squid3/old/squid.xml b/config/squid3/old/squid.xml index 5762efb1..83fb9bc0 100644 --- a/config/squid3/old/squid.xml +++ b/config/squid3/old/squid.xml @@ -315,13 +315,13 @@ </field> </fields> <custom_php_command_before_form> - squid_before_form_general(&$pkg); + squid_before_form_general($pkg); </custom_php_command_before_form> <custom_add_php_command> squid_resync(); </custom_add_php_command> <custom_php_validation_command> - squid_validate_general($_POST, &$input_errors); + squid_validate_general($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); @@ -339,4 +339,4 @@ exec("/bin/rm -f /usr/local/etc/rc.d/squid*"); </custom_php_deinstall_command> <filter_rules_needed>squid_generate_rules</filter_rules_needed> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/squid3/old/squid_auth.xml b/config/squid3/old/squid_auth.xml index c8e34553..db26756b 100644 --- a/config/squid3/old/squid_auth.xml +++ b/config/squid3/old/squid_auth.xml @@ -220,7 +220,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_auth($_POST, &$input_errors); + squid_validate_auth($_POST, $input_errors); </custom_php_validation_command> <custom_php_after_form_command> squid_print_javascript_auth2(); diff --git a/config/squid3/old/squid_cache.xml b/config/squid3/old/squid_cache.xml index 881f15b3..a765d911 100644 --- a/config/squid3/old/squid_cache.xml +++ b/config/squid3/old/squid_cache.xml @@ -214,7 +214,7 @@ } </custom_php_command_before_form> <custom_php_validation_command> - squid_validate_cache($_POST, &$input_errors); + squid_validate_cache($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/old/squid_nac.xml b/config/squid3/old/squid_nac.xml index 193a89c6..0d914dca 100644 --- a/config/squid3/old/squid_nac.xml +++ b/config/squid3/old/squid_nac.xml @@ -135,7 +135,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_nac($_POST, &$input_errors); + squid_validate_nac($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/old/squid_traffic.xml b/config/squid3/old/squid_traffic.xml index d560a7ad..f34eec19 100644 --- a/config/squid3/old/squid_traffic.xml +++ b/config/squid3/old/squid_traffic.xml @@ -169,7 +169,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_traffic($_POST, &$input_errors); + squid_validate_traffic($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/old/squid_upstream.xml b/config/squid3/old/squid_upstream.xml index ad494524..b9a14dc8 100644 --- a/config/squid3/old/squid_upstream.xml +++ b/config/squid3/old/squid_upstream.xml @@ -125,7 +125,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_upstream($_POST, &$input_errors); + squid_validate_upstream($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squidGuard-devel/squidguard.inc b/config/squidGuard-devel/squidguard.inc index d58dfb79..0be94a6f 100644 --- a/config/squidGuard-devel/squidguard.inc +++ b/config/squidGuard-devel/squidguard.inc @@ -101,12 +101,12 @@ sg_init(convert_pfxml_to_sgxml()); # ============================================================================== # Validations # ============================================================================== -function squidguard_validate($post, $input_errors) +function squidguard_validate($post, &$input_errors) { $submit = isset($_GET['submit']) ? $_GET['submit'] : $_POST['submit']; # check config if 'Apply' - if ($submit === APPLY_BTN) sg_check_config_data(&$input_errors); + if ($submit === APPLY_BTN) sg_check_config_data($input_errors); } # ------------------------------------------------------------------------------ @@ -114,13 +114,13 @@ function squidguard_validate($post, $input_errors) # ------------------------------------------------------------------------------ function squidguard_validate_default($post, $input_errors) { - squidguard_validate_acl($post, &$input_errors); + squidguard_validate_acl($post, $input_errors); } # ------------------------------------------------------------------------------ # validate acl # ------------------------------------------------------------------------------ -function squidguard_validate_acl($post, $input_errors) +function squidguard_validate_acl(&$post, &$input_errors) { $pass_up = array(); $deny_up = array(); @@ -134,7 +134,7 @@ function squidguard_validate_acl($post, $input_errors) $name = trim($post[F_NAME]); if(!empty($name)) { # validate name format - check_name_format($name, &$input_errors); + check_name_format($name, $input_errors); # check unique name if (!sg_check_unique_name(F_ACLS, $name)) @@ -148,7 +148,7 @@ function squidguard_validate_acl($post, $input_errors) $sgx = array(); $sgx[F_NAME] = $post[F_NAME]; $sgx[F_SOURCE] = $post[F_SOURCE]; - sg_check_src($sgx, &$input_errors); + sg_check_src($sgx, $input_errors); } # store destinations to 'dest' value @@ -192,7 +192,7 @@ function squidguard_validate_acl($post, $input_errors) # check redirect $errmsg = ''; - if (!sg_check_redirect($post[F_RMOD], $post[F_REDIRECT], &$errmsg)) { + if (!sg_check_redirect($post[F_RMOD], $post[F_REDIRECT], $errmsg)) { $input_errors[] = "Redirect info error. $errmsg"; } } @@ -203,14 +203,14 @@ function squidguard_validate_acl($post, $input_errors) # date: <date(or range)><time (or range)> -- days not parsed (reset to *) # weekly: <day or *><time or range> -- dates not parsed (reset to '') # ------------------------------------------------------------------------------ -function squidguard_validate_times($post, $input_errors) +function squidguard_validate_times(&$post, &$input_errors) { $id = get_item_id(); # check name $name = trim($post[F_NAME]); if(!empty($name)) { - check_name_format($name, &$input_errors); + check_name_format($name, $input_errors); # check unique name if (!sg_check_unique_name(F_TIMES, $name)) @@ -246,18 +246,18 @@ function squidguard_validate_times($post, $input_errors) $sgx[F_ITEM][] = $sgx_row; } # - sg_check_time($sgx, &$input_errors); + sg_check_time($sgx, $input_errors); } # ------------------------------------------------------------------------------ # validate destinations # ------------------------------------------------------------------------------ -function squidguard_validate_destination($post, $input_errors) { +function squidguard_validate_destination($post, &$input_errors) { # check name $name = trim($post[F_NAME]); if(!empty($name)) { - check_name_format($name, &$input_errors); + check_name_format($name, $input_errors); # check unique name if (!sg_check_unique_name(F_DESTINATIONS, $name)) @@ -277,18 +277,18 @@ function squidguard_validate_destination($post, $input_errors) { $sgx[F_RMOD] = $post[F_RMOD]; $sgx[F_REDIRECT] = $post[F_REDIRECT]; # - sg_check_dest($sgx, &$input_errors); + sg_check_dest($sgx, $input_errors); } # ------------------------------------------------------------------------------ # validate rewrites # ------------------------------------------------------------------------------ -function squidguard_validate_rewrite($post, $input_errors) { +function squidguard_validate_rewrite($post, &$input_errors) { # check name $name = trim($post[F_NAME]); if(!empty($name)) { # check name format <char><symbols without space> - Ab123 - check_name_format($name, &$input_errors); + check_name_format($name, $input_errors); # check unique name if (!sg_check_unique_name(F_REWRITES, $name)) @@ -447,7 +447,7 @@ function get_sgconf_items_list($data_group, $fieldname) { # ============================================================================== # squidguard_before_form # ------------------------------------------------------------------------------ -function squidguard_before_form($pkg) { +function squidguard_before_form(&$pkg) { $i=0; foreach($pkg['fields']['field'] as $field) { @@ -470,7 +470,7 @@ function squidguard_before_form($pkg) { # ----------------------------------------------------------------------------- # squidguard_before_form_acl # ----------------------------------------------------------------------------- -function squidguard_before_form_acl($pkg, $is_acl=true) { +function squidguard_before_form_acl(&$pkg, $is_acl=true) { global $g; global $squidguard_config; @@ -638,7 +638,7 @@ function squidguard_before_form_acl($pkg, $is_acl=true) { # ----------------------------------------------------------------------------- # squidguard_before_form_dest # ----------------------------------------------------------------------------- -function squidguard_before_form_dest($pkg) { +function squidguard_before_form_dest(&$pkg) { global $g, $squidguard_config; $destination_items = get_sgconf_items_list(F_DESTINATIONS, 'name'); //var_dump($squidguard_config); @@ -1301,12 +1301,12 @@ function squidguard_adt_rewrite_safesrch() $res[F_NAME] = SAFESEARCH; $res[F_DESCRIPTION] = "Google, Yandex safesearch"; $res[F_LOG] = 'on'; - squidguard_adt_safesrch_add(&$res[F_ITEM]); + squidguard_adt_safesrch_add($res[F_ITEM]); return $res; } -function squidguard_adt_safesrch_add($rewrite_item) +function squidguard_adt_safesrch_add(&$rewrite_item) { if (!is_array($rewrite_item)) $rewrite_item = array(); @@ -1331,7 +1331,7 @@ function squidguard_adt_safesrch_add($rewrite_item) } # log dump -function squidguard_logdump($filename, $lnoffset, $lncount, $reverse) +function squidguard_logdump($filename, &$lnoffset, $lncount, $reverse) { define('LOGSHOW_BUFSIZE', '262144'); $cnt = ''; @@ -1371,10 +1371,10 @@ function squidguard_logdump($filename, $lnoffset, $lncount, $reverse) } # dump SG log -function squidguard_filterdump($lnoffset, $lncount, $reverse) +function squidguard_filterdump(&$lnoffset, $lncount, $reverse) { $res = array(); - $cont = squidguard_logdump(SQUIDGUARD_LOGDIR . '/squidGuard.log', &$lnoffset, $lncount, $reverse); + $cont = squidguard_logdump(SQUIDGUARD_LOGDIR . '/squidGuard.log', $lnoffset, $lncount, $reverse); foreach($cont as $cn) { $cn = explode(" ", trim($cn), 4); @@ -1385,10 +1385,10 @@ function squidguard_filterdump($lnoffset, $lncount, $reverse) } # dump SG Gui log -function squidguard_guidump($lnoffset, $lncount, $reverse) +function squidguard_guidump(&$lnoffset, $lncount, $reverse) { $res = array(); - $cont = squidguard_logdump(SQUIDGUARD_LOGDIR . SQUIDGUARD_CONFLOGFILE, &$lnoffset, $lncount, $reverse); + $cont = squidguard_logdump(SQUIDGUARD_LOGDIR . SQUIDGUARD_CONFLOGFILE, $lnoffset, $lncount, $reverse); foreach($cont as $cn) { $cn = explode(" ", trim($cn), 4); @@ -1399,10 +1399,10 @@ function squidguard_guidump($lnoffset, $lncount, $reverse) } # dump SG blocked -function squidguard_blockdump($lnoffset, $lncount, $reverse) +function squidguard_blockdump(&$lnoffset, $lncount, $reverse) { $res = array(); - $cont = squidguard_logdump(SQUIDGUARD_LOGDIR . '/' . SQUIDGUARD_LOGFILE, &$lnoffset, $lncount, $reverse); + $cont = squidguard_logdump(SQUIDGUARD_LOGDIR . '/' . SQUIDGUARD_LOGFILE, $lnoffset, $lncount, $reverse); foreach($cont as $cn) { $cn = explode(" ", trim($cn), 9); diff --git a/config/squidGuard-devel/squidguard.xml b/config/squidGuard-devel/squidguard.xml index d5f2b82d..3c91402a 100644 --- a/config/squidGuard-devel/squidguard.xml +++ b/config/squidGuard-devel/squidguard.xml @@ -239,10 +239,10 @@ </fields> <custom_add_php_command/> <custom_php_validation_command> - squidguard_validate(&$_POST, &$input_errors); + squidguard_validate($_POST, $input_errors); </custom_php_validation_command> <custom_php_command_before_form> - squidguard_before_form(&$pkg); + squidguard_before_form($pkg); </custom_php_command_before_form> <custom_php_after_form_command> squidGuard_print_javascript(); diff --git a/config/squidGuard-devel/squidguard_acl.xml b/config/squidGuard-devel/squidguard_acl.xml index cd3e8016..b074a830 100644 --- a/config/squidGuard-devel/squidguard_acl.xml +++ b/config/squidGuard-devel/squidguard_acl.xml @@ -224,10 +224,10 @@ </field> </fields> <custom_php_validation_command> - squidguard_validate_acl(&$_POST, &$input_errors); + squidguard_validate_acl($_POST, $input_errors); </custom_php_validation_command> <custom_php_command_before_form> - squidguard_before_form_acl(&$pkg); + squidguard_before_form_acl($pkg); </custom_php_command_before_form> <custom_php_after_form_command> squidGuard_print_javascript(); diff --git a/config/squidGuard-devel/squidguard_configurator.inc b/config/squidGuard-devel/squidguard_configurator.inc index 3cf7bc61..493606d7 100644 --- a/config/squidGuard-devel/squidguard_configurator.inc +++ b/config/squidGuard-devel/squidguard_configurator.inc @@ -846,7 +846,7 @@ function sg_create_config() } # check configuration data - if (!sg_check_config_data(&$error_res)) { + if (!sg_check_config_data($error_res)) { sg_addlog("sg_create_config", "Bad config data. It's all error_res: $error_res", SQUIDGUARD_ERROR); sg_addlog("sg_create_config", "Terminated.", SQUIDGUARD_ERROR); return sg_create_simple_config('', '', "Error! Check squidGuard configuration data." . " (sg_create_config: [2])."); @@ -1071,8 +1071,8 @@ function sg_create_config() # delete blacklist entries from 'pass' if blacklist disabled if ($squidguard_config[F_BLACKLISTENABLED] !== 'on') { - acl_remove_blacklist_items(&$acl[F_DESTINATIONNAME]); - acl_remove_blacklist_items(&$acl[F_OVERDESTINATIONNAME]); + acl_remove_blacklist_items($acl[F_DESTINATIONNAME]); + acl_remove_blacklist_items($acl[F_OVERDESTINATIONNAME]); } # not allowing IP in URL @@ -1128,7 +1128,7 @@ function sg_create_config() # delete blacklist entries from 'pass' if blacklist disabled if ($squidguard_config[F_BLACKLISTENABLED] !== 'on') - acl_remove_blacklist_items(&$def[F_DESTINATIONNAME]); + acl_remove_blacklist_items($def[F_DESTINATIONNAME]); # not allowing IP in URL if ($def[F_NOTALLOWINGIP]) @@ -1254,7 +1254,7 @@ function sg_redirector_base_url($rdr_info, $redirect_mode) # check redirect $errmsg = ''; - if (!sg_check_redirect($redirect_mode, $rdr_info, &$errmsg)) { + if (!sg_check_redirect($redirect_mode, $rdr_info, $errmsg)) { $redirect_mode = RMOD_INT_ERRORPAGE; $rdr_info = "Bad redirect settings. $errmsg Check you configuration."; sg_addlog("sg_redirector_base_url", "$errmsg", SQUIDGUARD_ERROR); @@ -1310,7 +1310,7 @@ function sg_aclpass_reorder($pass) # ------------------------------------------------------------ # sg_check_config_data # ------------------------------------------------------------ -function sg_check_config_data ($input_errors) +function sg_check_config_data (&$input_errors) { global $squidguard_config; $elog = array(); @@ -1327,14 +1327,14 @@ function sg_check_config_data ($input_errors) # check name as unique and name format $tm_name = $tm[F_NAME]; $err_s = ''; - if (!check_name_format($tm_name, &$err_s)) + if (!check_name_format($tm_name, $err_s)) $elog[] = "(T1) TIME '$tm_name' error: >>> $err_s"; if ($key_tm[$tm_name] > 1) $elog[] = "(T2) TIME '$tm_name' error: duplicate time name '$tm_name'"; # check time items format - sg_check_time($tm, &$elog); + sg_check_time($tm, $elog); } } @@ -1345,7 +1345,7 @@ function sg_check_config_data ($input_errors) # check name as unique and name format $src_name = $src[F_NAME]; $err_s = ''; - if (!check_name_format($src_name, &$err_s)) + if (!check_name_format($src_name, $err_s)) $elog[] = "(A1) ACL '$src_name'error: $err_s"; if ($key_src[$src_name] > 1) @@ -1362,13 +1362,13 @@ function sg_check_config_data ($input_errors) # check name as unique and name format $dst_name = $dst[F_NAME]; $err_s = ''; - if (!check_name_format($dst_name, &$err_s)) + if (!check_name_format($dst_name, $err_s)) $elog[] = "(D1) DEST '$dst_name' error: $err_s"; if ($key_dst[$dst_name] > 1) $elog[] = "(D2) DEST '$dst_name' error: duplicate destination name '$dst_name'"; # - sg_check_dest($dst, &$elog); + sg_check_dest($dst, $elog); } } @@ -1396,7 +1396,7 @@ function sg_check_config_data ($input_errors) # check check name as unique and name format $rw_name = $rw[F_NAME]; $err_s = ''; - if (!check_name_format($rw_name, &$err_s)) + if (!check_name_format($rw_name, $err_s)) $elog[] = "(R1) REWRITE '$rw_name' error: $err_s"; if ($key_rw[$rw_name] > 1) @@ -1674,7 +1674,7 @@ function is_username($username) # ------------------------------------------------------------------------------ # check name # ------------------------------------------------------------------------------ -function check_name_format ($name, $input_errors) +function check_name_format ($name, &$input_errors) { $elog = array(); $val = trim($name); @@ -1698,7 +1698,7 @@ function check_name_format ($name, $input_errors) # ****************************************************************************** # check redirect # ------------------------------------------------------------------------------ -function sg_check_redirect($rdr_mode, $rdr_info, $err_msg) +function sg_check_redirect($rdr_mode, $rdr_info, &$err_msg) { $res = true; switch($rdr_mode) { @@ -1720,7 +1720,7 @@ function sg_check_redirect($rdr_mode, $rdr_info, $err_msg) # ------------------------------------------------------------------------------ # sg_check_time # ------------------------------------------------------------------------------ -function sg_check_time($sgtime, $input_errors) +function sg_check_time($sgtime, &$input_errors) { $err = ''; $days = array("*", "mon", "tue", "wed", "thu", "fri", "sat", "sun"); @@ -1746,14 +1746,14 @@ function sg_check_time($sgtime, $input_errors) # ------------------------------------------------------------------------------ # sg_check_dest # ------------------------------------------------------------------------------ -function sg_check_dest($sgx, $input_errors) +function sg_check_dest($sgx, &$input_errors) { $elog = array(); $dm = explode(" ", $sgx[F_DOMAINS]); # $ex = explode(" ", $sgx[F_EXPRESSIONS]); $ur = explode(" ", $sgx[F_URLS]); - array_packitems(&$dm); - array_packitems(&$ur); + array_packitems($dm); + array_packitems($ur); # domain or ip foreach ($dm as $d_it) { @@ -1765,7 +1765,7 @@ function sg_check_dest($sgx, $input_errors) if ($u_it && !is_dest_url($u_it)) $elog[] = "Item '$u_it' is not a url."; # check redirect - sg_check_redirect($sgx[F_RMOD], $sgx[F_REDIRECT], &$elog); + sg_check_redirect($sgx[F_RMOD], $sgx[F_REDIRECT], $elog); # update log if (!empty($elog)) { @@ -1780,7 +1780,7 @@ function sg_check_dest($sgx, $input_errors) # ------------------------------------------------------------------------------ # sg_check_src # ------------------------------------------------------------------------------ -function sg_check_src($sgx, $input_errors) +function sg_check_src($sgx, &$input_errors) { $elog = array(); @@ -1822,7 +1822,7 @@ function str_packspaces($str) while(strpos($str, ' ')) $str = str_replace(' ', ' ', $str); } -function array_packitems($arval) +function array_packitems(&$arval) { if (is_array($arval)) { $arval = array_map("trim", $arval); # trim all items @@ -1894,7 +1894,7 @@ function check_time($time) # ----------------------------------------------------------------------------- # acl_remove_blacklist_items # ----------------------------------------------------------------------------- -function acl_remove_blacklist_items($items) +function acl_remove_blacklist_items(&$items) { # add !items and ^items $db_entries = sg_entries_blacklist(); @@ -2206,7 +2206,7 @@ function sg_update_blacklist($from_file) $blk_list = array(); # scan blacklist items - scan_blacklist_cat($tmp_unpack_dir, "blk", & $blk_items); + scan_blacklist_cat($tmp_unpack_dir, "blk", $blk_items); # move blacklist catalog structure to 'one level' (from tmp_DB to arch_DB) foreach ($blk_items as $key => $val) { @@ -2415,7 +2415,7 @@ function squidguard_blacklist_restore_arcdb() # ["urls"] urls file path # ["expressions"] expressions file path # ------------------------------------------------------------------------------ -function scan_blacklist_cat($curdir, $key_name, $cat_array) +function scan_blacklist_cat($curdir, $key_name, &$cat_array) { if (file_exists($curdir) and is_dir($curdir)) { @@ -2448,7 +2448,7 @@ function scan_blacklist_cat($curdir, $key_name, $cat_array) $fls_key = $key_name . "_" . $fls; # recursive call - scan_blacklist_cat($fls_file, $fls_key, & $cat_array); + scan_blacklist_cat($fls_file, $fls_key, $cat_array); } } } diff --git a/config/squidGuard-devel/squidguard_default.xml b/config/squidGuard-devel/squidguard_default.xml index 01380ea5..4a03c2b6 100644 --- a/config/squidGuard-devel/squidguard_default.xml +++ b/config/squidGuard-devel/squidguard_default.xml @@ -134,10 +134,10 @@ </field> </fields> <custom_php_validation_command> - squidguard_validate_acl(&$_POST, &$input_errors); + squidguard_validate_acl($_POST, $input_errors); </custom_php_validation_command> <custom_php_command_before_form> - squidguard_before_form_acl(&$pkg, false); + squidguard_before_form_acl($pkg, false); </custom_php_command_before_form> <custom_php_after_form_command> squidGuard_print_javascript(); diff --git a/config/squidGuard-devel/squidguard_dest.xml b/config/squidGuard-devel/squidguard_dest.xml index 3525098e..5f128a49 100644 --- a/config/squidGuard-devel/squidguard_dest.xml +++ b/config/squidGuard-devel/squidguard_dest.xml @@ -172,10 +172,10 @@ </field> </fields> <custom_php_command_before_form> - squidguard_before_form_dest(&$pkg); + squidguard_before_form_dest($pkg); </custom_php_command_before_form> <custom_php_validation_command> - squidguard_validate_destination($_POST, &$input_errors); + squidguard_validate_destination($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squidguard_resync_dest(); diff --git a/config/squidGuard-devel/squidguard_log.php b/config/squidGuard-devel/squidguard_log.php index 8eba2311..562feb96 100644 --- a/config/squidGuard-devel/squidguard_log.php +++ b/config/squidGuard-devel/squidguard_log.php @@ -77,14 +77,14 @@ function squidguard_log_AJAX_response( $request ) $res = squidguard_prep_textareacont($cont); break; case 'guilog': - $res = squidguard_logrep(squidguard_guidump( &$offset, 50, true)); + $res = squidguard_logrep(squidguard_guidump( $offset, 50, true)); break; case 'filterlog': - $res = squidguard_logrep(squidguard_filterdump( &$offset, 50, true)); + $res = squidguard_logrep(squidguard_filterdump( $offset, 50, true)); break; case "blocked": default: - $res = squidguard_logrep(squidguard_blockdump( &$offset, 50, true)); + $res = squidguard_logrep(squidguard_blockdump( $offset, 50, true)); break; } diff --git a/config/squidGuard-devel/squidguard_rewr.xml b/config/squidGuard-devel/squidguard_rewr.xml index c21cb1c0..4b55292d 100644 --- a/config/squidGuard-devel/squidguard_rewr.xml +++ b/config/squidGuard-devel/squidguard_rewr.xml @@ -136,7 +136,7 @@ squidGuard_print_javascript(); </custom_php_after_form_command> <custom_php_validation_command> - squidguard_validate_rewrite($_POST, &$input_errors); + squidguard_validate_rewrite($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> // squidguard_resync_rewrite(); diff --git a/config/squidGuard-devel/squidguard_time.xml b/config/squidGuard-devel/squidguard_time.xml index dfd589aa..7f682174 100644 --- a/config/squidGuard-devel/squidguard_time.xml +++ b/config/squidGuard-devel/squidguard_time.xml @@ -136,7 +136,7 @@ squidGuard_print_javascript(); </custom_php_after_form_command> <custom_php_validation_command> - squidguard_validate_times(&$_POST, &$input_errors); + squidguard_validate_times($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> // squidguard_resync_time(); diff --git a/config/suricata/suricata.xml b/config/suricata/suricata.xml index a2acd49e..6aae2d93 100644 --- a/config/suricata/suricata.xml +++ b/config/suricata/suricata.xml @@ -51,7 +51,7 @@ <description>Suricata IDS/IPS Package</description> <requirements>None</requirements> <name>suricata</name> - <version>1.4.6 pkg v1.0.2</version> + <version>1.4.6 pkg v1.0.6</version> <title>Services: Suricata IDS</title> <include_file>/usr/local/pkg/suricata/suricata.inc</include_file> <menu> diff --git a/config/suricata/suricata_rules_flowbits.php b/config/suricata/suricata_rules_flowbits.php index c5193a8b..8d0fd5d3 100644 --- a/config/suricata/suricata_rules_flowbits.php +++ b/config/suricata/suricata_rules_flowbits.php @@ -65,7 +65,7 @@ if (is_null($id)) { // Set who called us so we can return to the correct page with // the RETURN ('cancel') button. -if ($_POST['referrer']) +if (isset($_POST['referrer']) && strpos($_POST['referrer'], '://'.$_SERVER['SERVER_NAME'].'/') !== FALSE) $referrer = $_POST['referrer']; else $referrer = $_SERVER['HTTP_REFERER']; diff --git a/config/suricata/suricata_select_alias.php b/config/suricata/suricata_select_alias.php index 527412d1..c11802c2 100644 --- a/config/suricata/suricata_select_alias.php +++ b/config/suricata/suricata_select_alias.php @@ -47,29 +47,31 @@ else // Retrieve any passed QUERY STRING or POST variables if (isset($_POST['type'])) - $type = $_POST['type']; + $type = htmlspecialchars($_POST['type']); elseif (isset($_GET['type'])) $type = htmlspecialchars($_GET['type']); if (isset($_POST['varname'])) - $varname = $_POST['varname']; + $varname = htmlspecialchars($_POST['varname']); elseif (isset($_GET['varname'])) $varname = htmlspecialchars($_GET['varname']); if (isset($_POST['multi_ip'])) - $multi_ip = $_POST['multi_ip']; + $multi_ip = htmlspecialchars($_POST['multi_ip']); elseif (isset($_GET['multi_ip'])) $multi_ip = htmlspecialchars($_GET['multi_ip']); -if (isset($_POST['returl'])) +if (isset($_POST['returl']) && substr($_POST['returl'], 0, 1) == '/') $referrer = urldecode($_POST['returl']); -elseif (isset($_GET['returl'])) +elseif (isset($_GET['returl']) && substr($_GET['returl'], 0, 1) == '/') $referrer = urldecode($_GET['returl']); +else + $referrer = $_SERVER['HTTP_REFERER']; // Make sure we have a valid VARIABLE name // and ALIAS TYPE, or else bail out. if (is_null($type) || is_null($varname)) { - header("Location: http://{$referrer}?{$querystr}"); + header("Location: {$referrer}?{$querystr}"); exit; } @@ -132,8 +134,8 @@ include("head.inc"); <input type="hidden" name="varname" value="<?=$varname;?>"/> <input type="hidden" name="type" value="<?=$type;?>"/> <input type="hidden" name="multi_ip" value="<?=$multi_ip;?>"/> -<input type="hidden" name="returl" value="<?=$referrer;?>"/> -<input type="hidden" name="org_querystr" value="<?=$querystr;?>"/> +<input type="hidden" name="returl" value="<?=htmlspecialchars($referrer);?>"/> +<input type="hidden" name="org_querystr" value="<?=htmlspecialchars($querystr);?>"/> <?php if ($input_errors) print_input_errors($input_errors); ?> <div id="boxarea"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> |