From c8b7c369d1b391fc687e4ad09ee156dbec37043a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ermal=20Luc=CC=A7i?= Date: Tue, 2 Aug 2011 00:26:30 +0200 Subject: First pass of sanitizing this code. Some more QA is needed to make sure what is selected is actually applied behind --- config/snort/snort_interfaces.php | 44 +++++++++++++-------------------------- 1 file changed, 15 insertions(+), 29 deletions(-) (limited to 'config/snort/snort_interfaces.php') diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php index 531312cc..b5db0857 100644 --- a/config/snort/snort_interfaces.php +++ b/config/snort/snort_interfaces.php @@ -39,18 +39,12 @@ global $g; $id = $_GET['id']; if (isset($_POST['id'])) -$id = $_POST['id']; + $id = $_POST['id']; if (!is_array($config['installedpackages']['snortglobal']['rule'])) -$config['installedpackages']['snortglobal']['rule'] = array(); - + $config['installedpackages']['snortglobal']['rule'] = array(); $a_nat = &$config['installedpackages']['snortglobal']['rule']; - -if (isset($config['installedpackages']['snortglobal']['rule'])) { - $id_gen = count($config['installedpackages']['snortglobal']['rule']); -}else{ - $id_gen = '0'; -} +$id_gen = count($config['installedpackages']['snortglobal']['rule']); /* alert file */ $d_snortconfdirty_path_ls = exec('/bin/ls /var/run/snort_conf_*.dirty'); @@ -59,20 +53,17 @@ $d_snortconfdirty_path_ls = exec('/bin/ls /var/run/snort_conf_*.dirty'); if ($_POST['apply']) { if ($d_snortconfdirty_path_ls != '') { - - write_config(); - + sync_snort_package_empty(); sync_snort_package(); - + exec('/bin/rm /var/run/snort_conf_*.dirty'); - + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); header( 'Cache-Control: no-store, no-cache, must-revalidate' ); header( 'Cache-Control: post-check=0, pre-check=0', false ); header( 'Pragma: no-cache' ); - sleep(2); header("Location: /snort/snort_interfaces.php"); exit; @@ -81,11 +72,11 @@ if ($_POST['apply']) { } - - if (isset($_POST['del_x'])) { /* delete selected rules */ - if (is_array($_POST['rule']) && count($_POST['rule'])) { + if (is_array($_POST['rule'])) { + conf_mount_rw(); + foreach ($_POST['rule'] as $rulei) { /* convert fake interfaces to real */ @@ -157,17 +148,15 @@ if (isset($_POST['del_x'])) { } } - + /* for every iface do these steps */ - conf_mount_rw(); exec("/bin/rm /var/log/snort/snort.u2_{$snort_uuid}_{$if_real}*"); exec("/bin/rm -r /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}"); - - conf_mount_ro(); - + unset($a_nat[$rulei]); } + conf_mount_ro(); write_config(); sleep(2); @@ -188,17 +177,15 @@ if (isset($_POST['del_x'])) { header( 'Cache-Control: no-store, no-cache, must-revalidate' ); header( 'Cache-Control: post-check=0, pre-check=0', false ); header( 'Pragma: no-cache' ); - sleep(2); header("Location: /snort/snort_interfaces.php"); - //exit; + exit; } } /* start/stop snort */ -if ($_GET['act'] == 'toggle' && $_GET['id'] != '') -{ +if ($_GET['act'] == 'toggle' && is_numeric($id)) { $if_real = convert_friendly_interface_to_real_interface_name2($config['installedpackages']['snortglobal']['rule'][$id]['interface']); $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; @@ -220,7 +207,6 @@ if ($_GET['act'] == 'toggle' && $_GET['id'] != '') header( 'Cache-Control: no-store, no-cache, must-revalidate' ); header( 'Cache-Control: post-check=0, pre-check=0', false ); header( 'Pragma: no-cache' ); - sleep(2); header("Location: /snort/snort_interfaces.php"); }else{ @@ -235,9 +221,9 @@ if ($_GET['act'] == 'toggle' && $_GET['id'] != '') header( 'Cache-Control: no-store, no-cache, must-revalidate' ); header( 'Cache-Control: post-check=0, pre-check=0', false ); header( 'Pragma: no-cache' ); - sleep(2); header("Location: /snort/snort_interfaces.php"); } + exit; } -- cgit v1.2.3