From c1717f2d9752d19c54e86e1bcb6cb81f5b253710 Mon Sep 17 00:00:00 2001
From: bmeeks8 <bmeeks8@bellsouth.net>
Date: Mon, 24 Feb 2014 00:45:10 -0500
Subject: Bug fixes and replace $_GET with $_POST where possible.

---
 config/suricata/suricata_import_aliases.php | 191 +++++-----------------------
 1 file changed, 33 insertions(+), 158 deletions(-)

(limited to 'config/suricata/suricata_import_aliases.php')

diff --git a/config/suricata/suricata_import_aliases.php b/config/suricata/suricata_import_aliases.php
index c16ac65d..a93d2d64 100644
--- a/config/suricata/suricata_import_aliases.php
+++ b/config/suricata/suricata_import_aliases.php
@@ -1,5 +1,4 @@
 <?php
-/* $Id$ */
 /*
 	suricata_import_aliases.php
 	Copyright (C) 2014 Bill Meeks
@@ -27,160 +26,39 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
-require("guiconfig.inc");
-require_once("functions.inc");
-require_once("/usr/local/pkg/suricata/suricata.inc");
+/************************************************************************************
+	This file contains code for selecting and importing an existing Alias.
+	It is included and injected inline from other Suricata PHP pages that
+	use the Import Alias functionality.
 
-// Retrieve any passed QUERY STRING or POST variables
-$id = $_GET['id'];
-$eng = $_GET['eng'];
-if (isset($_POST['id']))
-	$id = $_POST['id'];
-if (isset($_POST['eng']))
-	$eng = $_POST['eng'];
+	The following variables are assumed to exist and must be initialized
+	as necessary in order to utilize this page.
 
-// Make sure we have a valid rule ID and ENGINE name, or
-// else bail out to top-level menu. 
-if (is_null($id) || is_null($eng)) {
- 	header("Location: /suricata/suricata_interfaces.php");
-	exit;
-}
+	$g --> system global variables array
+	$config --> global variable pointing to configuration information
+	$a_aliases --> $config['aliases']['alias'] array
+	$title --> title string for import alias engine type
+	$used --> array of currently used engine 'bind_to' Alias names
 
-// Used to track if any selectable Aliases are found
-$selectablealias = false;
-
-// Initialize required array variables as necessary
-if (!is_array($config['aliases']['alias']))
-	$config['aliases']['alias'] = array();
-$a_aliases = $config['aliases']['alias'];
-if (!is_array($config['installedpackages']['suricata']['rule']))
-	$config['installedpackages']['suricata']['rule'] = array();
-
-// The $eng variable points to the specific Suricata config section
-// engine we are importing values into.  Initialize the config.xml
-// array if necessary.
-if (!is_array($config['installedpackages']['suricata']['rule'][$id][$eng]['item']))
-	$config['installedpackages']['suricata']['rule'][$id][$eng]['item'] = array();
-
-// Initialize a pointer to the Suricata config section engine we are
-// importing values into.
-$a_nat = &$config['installedpackages']['suricata']['rule'][$id][$eng]['item'];
-
-// Build a lookup array of currently used engine 'bind_to' Aliases 
-// so we can screen matching Alias names from the list.
-$used = array();
-foreach ($a_nat as $v)
-	$used[$v['bind_to']] = true;
-
-// Construct the correct return URL based on the Suricata config section
-// engine we were called with.  This lets us return to the page we were
-// called from.
-switch ($eng) {
-	case "host_os_policy":
-		$returl = "/suricata/suricata_flow_stream.php";
-		$multi_ip = true;
-		$title = "Host Operating System Policy";
-		break;
-	case "libhtp_policy":
-		$returl = "/suricata/suricata_app_parsers.php";
-		$multi_ip = true;
-		$title = "HTTP Server Policy";
-		break;
-	default:
-		$returl = "/suricata/suricata_interface_edit";
-		$multi_ip = true;
-		$title = "";
-}
-
-if ($_POST['cancel']) {
-	header("Location: {$returl}?id={$id}");
-	exit;
-}
-
-if ($_POST['save']) {
-
-	// Define default engine configurations for each of the supported engines.
-	$def_os_policy = array( "name" => "", "bind_to" => "", "policy" => "bsd" );
-
-	$def_libhtp_policy = array( "name" => "default", "bind_to" => "all", "personality" => "IDS", 
-				    "request-body-limit" => 4096, "response-body-limit" => 4096, 
-				    "double-decode-path" => "no", "double-decode-query" => "no" );
-
-	// Figure out which engine type we are importing and set up default engine array
-	$engine = array();
-	switch ($eng) {
-		case "host_os_policy":
-			$engine = $def_os_policy;
-			break;
-		case "libhtp_policy":
-			$engine = $def_libhtp_policy;
-			break;
-		default:
-			$engine = "";
-			$input_errors[] = gettext("Invalid ENGINE TYPE passed in query string.  Aborting operation.");
-	}
-
-	// See if anything was checked to import
-	if (is_array($_POST['toimport']) && count($_POST['toimport']) > 0) {
-		foreach ($_POST['toimport'] as $item) {
-			$engine['name'] = strtolower($item);
-			$engine['bind_to'] = $item;
-			$a_nat[] = $engine;
-		}
-	}
-	else
-		$input_errors[] = gettext("No entries were selected for import.  Please select one or more Aliases for import and click SAVE.");
-
-	// if no errors, write new entry to conf
-	if (!$input_errors) {
-		// Reorder the engine array to ensure the 
-		// 'bind_to=all' entry is at the bottom if 
-		// the array contains more than one entry.
-		if (count($a_nat) > 1) {
-			$i = -1;
-			foreach ($a_nat as $f => $v) {
-				if ($v['bind_to'] == "all") {
-					$i = $f;
-					break;
-				}
-			}
-			// Only relocate the entry if we 
-			// found it, and it's not already 
-			// at the end.
-			if ($i > -1 && ($i < (count($a_nat) - 1))) {
-				$tmp = $a_nat[$i];
-				unset($a_nat[$i]);
-				$a_nat[] = $tmp;
-			}
-		}
-
-		// Now write the new engine array to conf and return
-		write_config();
-
-		header("Location: {$returl}?id={$id}");
-		exit;
-	}
-}
-
-$pgtitle = gettext("Suricata: Import Host/Network Alias for {$title}");
-include("head.inc");
+	Information is returned from this page via the following form fields:
 
+	aliastoimport[] --> checkbox array containing selected alias names
+	save_import_alias --> Submit button for save operation and exit
+	cancel_import_alias --> Submit button to cancel operation and exit
+ ************************************************************************************/
 ?>
 
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<?php include("fbegin.inc"); ?>
-<form action="suricata_import_aliases.php" method="post">
-<input type="hidden" name="id" value="<?=$id;?>">
-<input type="hidden" name="eng" value="<?=$eng;?>">
-<?php if ($input_errors) print_input_errors($input_errors); ?>
-<div id="boxarea">
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<?php	$selectablealias = false;
+	if (!is_array($a_aliases))
+		$a_aliases = array();
+?>
+<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
 <tr>
-	<td class="tabcont"><strong><?=gettext("Select one or more Aliases to use as {$title} targets from the list below.");?></strong><br/>
+	<td class="listtopic" align="center"><?=gettext("Select one or more Aliases to use as {$title} targets from the list below.");?>
 	</td>
 </tr>
 <tr>
-	<td class="tabcont">
+	<td>
 		<table id="sortabletable1" style="table-layout: fixed;" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0">
 			<colgroup>
 				<col width="5%" align="center">
@@ -221,7 +99,7 @@ include("head.inc");
 			  <td class="listlr" align="center"><img src="../themes/<?=$g['theme'];?>/images/icons/icon_block_d.gif" width="11" height"11" border="0"/>
 			<?php else: ?>
 			<tr>
-			  <td class="listlr" align="center"><input type="checkbox" name="toimport[]" value="<?=htmlspecialchars($alias['name']);?>" title="<?=$tooltip;?>"/></td>
+			  <td class="listlr" align="center"><input type="checkbox" name="aliastoimport[]" value="<?=htmlspecialchars($alias['name']);?>" title="<?=$tooltip;?>"/></td>
 			<?php endif; ?>
 			  <td class="listr" align="left"><?=$textss . htmlspecialchars($alias['name']) . $textse;?></td>
 			  <td class="listr" align="left">
@@ -244,29 +122,26 @@ include("head.inc");
 </tr>
 <?php if (!$selectablealias): ?>
 <tr>
-	<td class="tabcont" align="center"><b><?php echo gettext("There are currently no defined Aliases eligible for import.");?></b></td>
+	<td align="center"><b><?php echo gettext("There are currently no defined Aliases eligible for import.");?></b></td>
 </tr>
 <tr>
-	<td class="tabcont" align="center">
-	<input type="Submit" name="cancel" value="Cancel" id="cancel" class="formbtn" title="<?=gettext("Cancel import operation and return");?>"/>
+	<td align="center" valign="middle">
+	<input type="Submit" name="cancel_import_alias" value="Cancel" id="cancel_import_alias" class="formbtn" title="<?=gettext("Cancel import operation and return");?>"/>
 	</td>
 </tr>
 <?php else: ?>
 <tr>
-	<td class="tabcont" align="center">
-	<input type="Submit" name="save" value="Save" id="save" class="formbtn" title="<?=gettext("Import selected item and return");?>"/>&nbsp;&nbsp;&nbsp;
-	<input type="Submit" name="cancel" value="Cancel" id="cancel" class="formbtn" title="<?=gettext("Cancel import operation and return");?>"/>
+	<td align="center" valign="middle">
+	<input type="Submit" name="save_import_alias" value="Save" id="save_import_alias" class="formbtn" title="<?=gettext("Import selected item and return");?>"/>&nbsp;&nbsp;
+	<input type="Submit" name="cancel_import_alias" value="Cancel" id="cancel_import_alias" class="formbtn" title="<?=gettext("Cancel import operation and return");?>"/>
 	</td>
 </tr>
 <?php endif; ?>
 <tr>
-	<td class="tabcont">
+	<td>
 	<span class="vexpl"><span class="red"><strong><?=gettext("Note:"); ?><br></strong></span><?=gettext("Fully-Qualified Domain Name (FQDN) host Aliases cannot be used as Suricata configuration parameters.  Aliases resolving to a single FQDN value are disabled in the list above.  In the case of nested Aliases where one or more of the nested values is a FQDN host, the FQDN host will not be included in the {$title} configuration.");?></span>
 	</td>
 </tr>
 </table>
-</div>
-</form>
-<?php include("fend.inc"); ?>
-</body>
-</html>
+
+
-- 
cgit v1.2.3