From de040922497c3ff0f1a77451063de25b3b579393 Mon Sep 17 00:00:00 2001
From: bmeeks8 <bmeeks8@bellsouth.net>
Date: Sat, 22 Feb 2014 00:33:26 -0500
Subject: Continue change of $_GET to $_POST wherever possible.

---
 config/suricata/suricata_rules.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'config/suricata/suricata_rules.php')

diff --git a/config/suricata/suricata_rules.php b/config/suricata/suricata_rules.php
index 94e43fc7..428bc9be 100644
--- a/config/suricata/suricata_rules.php
+++ b/config/suricata/suricata_rules.php
@@ -40,7 +40,8 @@ if (!is_array($config['installedpackages']['suricata']['rule']))
 	$config['installedpackages']['suricata']['rule'] = array();
 $a_rule = &$config['installedpackages']['suricata']['rule'];
 
-$id = $_GET['id'];
+if (is_numeric($_GET['id']))
+	$id = $_GET['id'];
 if (isset($_POST['id']))
 	$id = $_POST['id'];
 if (is_null($id)) {
@@ -108,7 +109,7 @@ $etpro = $config['installedpackages']['suricata']['config'][0]['enable_etpro_rul
 $categories = explode("||", $pconfig['rulesets']);
 
 if ($_GET['openruleset'])
-	$currentruleset = $_GET['openruleset'];
+	$currentruleset = htmlspecialchars($_GET['openruleset'], ENT_QUOTES | ENT_HTML401);
 else if ($_POST['openruleset'])
 	$currentruleset = $_POST['openruleset'];
 else
-- 
cgit v1.2.3