From c88494af6b8a845218030028fd424f7eb048cd69 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Wed, 2 Apr 2014 15:24:03 -0400 Subject: Use $_POST for config changes and add misc fixes and improvements. --- config/snort/snort_import_aliases.php | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) (limited to 'config/snort/snort_import_aliases.php') diff --git a/config/snort/snort_import_aliases.php b/config/snort/snort_import_aliases.php index 77cd5490..7edadea7 100644 --- a/config/snort/snort_import_aliases.php +++ b/config/snort/snort_import_aliases.php @@ -2,7 +2,7 @@ /* $Id$ */ /* snort_import_aliases.php - Copyright (C) 2013 Bill Meeks + Copyright (C) 2013, 2014 Bill Meeks All rights reserved. Redistribution and use in source and binary forms, with or without @@ -32,12 +32,15 @@ require_once("functions.inc"); require_once("/usr/local/pkg/snort/snort.inc"); // Retrieve any passed QUERY STRING or POST variables -$id = $_GET['id']; -$eng = $_GET['eng']; if (isset($_POST['id'])) $id = $_POST['id']; +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + if (isset($_POST['eng'])) $eng = $_POST['eng']; +elseif (isset($_GET['eng'])) + $eng = htmlspecialchars($_GET['eng']); // Make sure we have a valid rule ID and ENGINE name, or // else bail out to top-level menu. @@ -46,7 +49,10 @@ if (is_null($id) || is_null($eng)) { exit; } -// Used to track if any selectable Aliases are found +// Used to track if any selectable Aliases are found. Selectable +// means aliases matching the requirements of the configuration +// engine we are importing into (e.g., single IP only or +// multiple IP alias). $selectablealias = false; // Initialize required array variables as necessary @@ -89,7 +95,7 @@ switch ($eng) { break; case "stream5_tcp_engine": $anchor = "#stream5_row"; - $multi_ip = true; + $multi_ip = false; $title = "Stream5 TCP Engine"; break; case "ftp_server_engine": @@ -269,7 +275,7 @@ include("head.inc"); ?> - + -- cgit v1.2.3