From 5287063d4ad240bb76ebafe716c762b005bdac6a Mon Sep 17 00:00:00 2001
From: bmeeks8 <bmeeks8@bellsouth.net>
Date: Mon, 24 Feb 2014 20:40:46 -0500
Subject: Some bug fixes and replace $_GET with $_POST where possible.

---
 config/suricata/suricata_interfaces.php   | 127 +++++++++++++-----------------
 config/suricata/suricata_logs_browser.php |   2 +-
 2 files changed, 56 insertions(+), 73 deletions(-)

(limited to 'config')

diff --git a/config/suricata/suricata_interfaces.php b/config/suricata/suricata_interfaces.php
index 364abe62..88b426ba 100644
--- a/config/suricata/suricata_interfaces.php
+++ b/config/suricata/suricata_interfaces.php
@@ -27,7 +27,6 @@
  * POSSIBILITY OF SUCH DAMAGE.
  */
 
-$nocsrf = true;
 require_once("guiconfig.inc");
 require_once("/usr/local/pkg/suricata/suricata.inc");
 
@@ -37,16 +36,17 @@ $suricatadir = SURICATADIR;
 $suricatalogdir = SURICATALOGDIR;
 $rcdir = RCFILEPREFIX;
 
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if ($_POST['id'] && is_numeric($_POST['id']))
 	$id = $_POST['id'];
+else
+	$id = "";
 
 if (!is_array($config['installedpackages']['suricata']['rule']))
 	$config['installedpackages']['suricata']['rule'] = array();
 $a_nat = &$config['installedpackages']['suricata']['rule'];
 $id_gen = count($config['installedpackages']['suricata']['rule']);
 
-if (isset($_POST['del_x'])) {
+if ($_POST['del_x']) {
 	/* delete selected rules */
 	if (is_array($_POST['rule'])) {
 		conf_mount_rw();
@@ -103,11 +103,10 @@ if (isset($_POST['del_x'])) {
 		header("Location: /suricata/suricata_interfaces.php");
 		exit;
 	}
-
 }
 
 /* start/stop Barnyard2 */
-if ($_GET['act'] == 'bartoggle' && is_numeric($id)) {
+if ($_POST['bartoggle'] && is_numeric($id)) {
 	$suricatacfg = $config['installedpackages']['suricata']['rule'][$id];
 	$if_real = get_real_interface($suricatacfg['interface']);
 	$if_friendly = convert_friendly_interface_to_friendly_descr($suricatacfg['interface']);
@@ -127,7 +126,7 @@ if ($_GET['act'] == 'bartoggle' && is_numeric($id)) {
 }
 
 /* start/stop Suricata */
-if ($_GET['act'] == 'toggle' && is_numeric($id)) {
+if ($_POST['toggle'] && is_numeric($id)) {
 	$suricatacfg = $config['installedpackages']['suricata']['rule'][$id];
 	$if_real = get_real_interface($suricatacfg['interface']);
 	$if_friendly = convert_friendly_interface_to_friendly_descr($suricatacfg['interface']);
@@ -159,17 +158,14 @@ include_once("head.inc");
 ?>
 <body link="#000000" vlink="#000000" alink="#000000">
 
-<?php
-include_once("fbegin.inc");
-if ($pfsense_stable == 'yes')
-	echo '<p class="pgtitle">' . $pgtitle . '</p>';
-?>
+<?php include_once("fbegin.inc"); ?>
 
 <form action="suricata_interfaces.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
+<input type="hidden" name="id" id="id" value="">
 <?php
 	/* Display Alert message */
 	if ($input_errors)
-		print_input_errors($input_errors); // TODO: add checks
+		print_input_errors($input_errors);
 
 	if ($savemsg)
 		print_info_box($savemsg);
@@ -194,25 +190,32 @@ if ($pfsense_stable == 'yes')
 	<td>
 	<div id="mainarea">
 	<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
+
+		<colgroup>
+			<col width="3%" align="center">
+			<col width="12%">
+			<col width="14%">
+			<col width="120" align="center">
+			<col width="65" align="center">
+			<col width="14%">
+			<col>
+			<col width="20" align="center">
+		</colgroup>
+		<thead>
 		<tr id="frheader">
-			<td width="3%" class="list">&nbsp;</td>
-			<td width="10%" class="listhdrr"><?php echo gettext("Interface"); ?></td>
-			<td width="13%" class="listhdrr"><?php echo gettext("Suricata"); ?></td>
-			<td width="10%" class="listhdrr"><?php echo gettext("Pattern Match"); ?></td>
-			<td width="10%" class="listhdrr"><?php echo gettext("Block"); ?></td>
-			<td width="12%" class="listhdrr"><?php echo gettext("Barnyard2"); ?></td>
-			<td width="30%" class="listhdr"><?php echo gettext("Description"); ?></td>
-			<td width="3%" class="list">
-			<table border="0" cellspacing="0" cellpadding="0">
-				<tr>
-					<td></td>
-					<td align="center" valign="middle"><a href="suricata_interfaces_edit.php?id=<?php echo $id_gen;?>"><img
-					src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
-					width="17" height="17" border="0" title="<?php echo gettext('Add Suricata interface mapping');?>"></a></td>
-				</tr>
-			</table>
-			</td>
+			<th class="list">&nbsp;</td>
+			<th class="listhdrr"><?php echo gettext("Interface"); ?></th>
+			<th class="listhdrr"><?php echo gettext("Suricata"); ?></th>
+			<th class="listhdrr"><?php echo gettext("Pattern Matcher"); ?></th>
+			<th class="listhdrr"><?php echo gettext("Block"); ?></th>
+			<th class="listhdrr"><?php echo gettext("Barnyard2"); ?></th>
+			<th class="listhdr"><?php echo gettext("Description"); ?></th>
+			<th class="list"><a href="suricata_interfaces_edit.php?id=<?php echo $id_gen;?>">
+				<img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
+				width="17" height="17" border="0" title="<?php echo gettext('Add Suricata interface mapping');?>"></a>
+			</th>
 		</tr>
+		</thead>
 		<?php $nnats = $i = 0;
 
 		// Turn on buffering to speed up rendering
@@ -275,31 +278,30 @@ if ($pfsense_stable == 'yes')
 			<td class="listt">
 			<input type="checkbox" id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0;">
 			</td>
-			<td class="listr" 
-			id="frd<?=$nnats;?>" valign="middle" 
+			<td class="listr" valign="middle" 
+			id="frd<?=$nnats;?>" 
 			ondblclick="document.location='suricata_interfaces_edit.php?id=<?=$nnats;?>';">
 			<?php
 				echo $natend_friendly;
 			?>
 			</td>
-			<td class="listr"  
+			<td class="listr" valign="middle"   
 			id="frd<?=$nnats;?>"  
 			ondblclick="document.location='suricata_interfaces_edit.php?id=<?=$nnats;?>';">
 			<?php
 			$check_suricata_info = $config['installedpackages']['suricata']['rule'][$nnats]['enable'];
 			if ($check_suricata_info == "on") {
-				echo gettext("ENABLED");
-				echo "<a href='?act=toggle&id={$i}'>
-					<img src='../themes/{$g['theme']}/images/icons/icon_{$iconfn}.gif'
-					width='13' height='13' border='0' 
-					title='" . gettext($iconfn_msg1.$natend_friendly.$iconfn_msg2) . "'></a>";
+				echo gettext("ENABLED") . "&nbsp;";
+				echo "<input type='image' src='../themes/{$g['theme']}/images/icons/icon_{$iconfn}.gif' width='13' height='13' border='0' ";
+				echo "onClick='document.getElementById(\"id\").value=\"{$nnats}\";' name=\"toggle[]\" ";
+				echo "title='" . gettext($iconfn_msg1.$natend_friendly.$iconfn_msg2) . "'/>";
 				echo ($no_rules) ? "&nbsp;<img src=\"../themes/{$g['theme']}/images/icons/icon_frmfld_imp.png\" width=\"15\" height=\"15\" border=\"0\">" : "";
 			} else
 				echo gettext("DISABLED");
 			?>
 			</td>
 			<td class="listr" 
-			id="frd<?=$nnats;?>" valign="middle" 
+			id="frd<?=$nnats;?>" valign="middle" align="center" 
 			ondblclick="document.location='suricata_interfaces_edit.php?id=<?=$nnats;?>';">
 			<?php
 			$check_performance_info = $config['installedpackages']['suricata']['rule'][$nnats]['mpm_algo'];
@@ -311,7 +313,7 @@ if ($pfsense_stable == 'yes')
 			?> <?=strtoupper($check_performance);?>
 			</td>
 			<td class="listr" 
-			id="frd<?=$nnats;?>" valign="middle" 
+			id="frd<?=$nnats;?>" valign="middle" align="center" 
 			ondblclick="document.location='suricata_interfaces_edit.php?id=<?=$nnats;?>';">
 			<?php
 			$check_blockoffenders_info = $config['installedpackages']['suricata']['rule'][$nnats]['blockoffenders'];
@@ -329,11 +331,9 @@ if ($pfsense_stable == 'yes')
 			<?php
 			$check_suricatabarnyardlog_info = $config['installedpackages']['suricata']['rule'][$nnats]['barnyard_enable'];
 			if ($check_suricatabarnyardlog_info == "on") {
-				echo gettext("ENABLED");
-				echo "<a href='?act=bartoggle&id={$i}'>
-					<img src='../themes/{$g['theme']}/images/icons/icon_{$biconfn}.gif'
-					width='13' height='13' border='0' 
-					title='" . gettext($biconfn_msg1.$natend_friendly.$biconfn_msg2) . "'></a>";
+				echo gettext("ENABLED") . "&nbsp;";
+				echo "<input type='image' name='bartoggle[]' src='../themes/{$g['theme']}/images/icons/icon_{$biconfn}.gif' width='13' height='13' border='0' ";
+				echo "onClick='document.getElementById(\"id\").value=\"{$nnats}\"'; title='" . gettext($biconfn_msg1.$natend_friendly.$biconfn_msg2) . "'/>";
 			} else
 				echo gettext("DISABLED");
 			?>
@@ -343,14 +343,9 @@ if ($pfsense_stable == 'yes')
 			<font color="#ffffff"> <?=htmlspecialchars($natent['descr']);?>&nbsp;</font>
 			</td>
 			<td valign="middle" class="list" nowrap>
-			<table border="0" cellspacing="0" cellpadding="0">
-				<tr>
-					<td><a href="suricata_interfaces_edit.php?id=<?=$i;?>"><img
-						src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
-						width="17" height="17" border="0" title="<?php echo gettext('Edit Suricata interface mapping'); ?>"></a>
-					</td>
-				</tr>
-			</table>
+				<a href="suricata_interfaces_edit.php?id=<?=$i;?>">
+				<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
+				width="17" height="17" border="0" title="<?php echo gettext('Edit Suricata interface mapping'); ?>"></a>
 			</td>	
 		</tr>
 		<?php $i++; $nnats++; endforeach; ob_end_flush(); ?>
@@ -363,19 +358,13 @@ if ($pfsense_stable == 'yes')
 				<?php endif; ?>					 
 			</td>
 			<td class="list" valign="middle" nowrap>
-				<table border="0" cellspacing="0" cellpadding="0">
-					<tr>
-						<td><?php if ($nnats == 0): ?><img
-						src="../themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif"
-						width="17" height="17" " border="0">
-						<?php else: ?>
-						<input name="del" type="image"
-						src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif"
-						width="17" height="17" title="<?php echo gettext("Delete selected Suricata interface mapping(s)"); ?>"
-						onclick="return intf_del()">
-						<?php endif; ?></td>
-					</tr>
-				</table>
+				<?php if ($nnats == 0): ?>
+					<img src="../themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" " border="0">
+				<?php else: ?>
+					<input name="del" type="image" src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" 
+					width="17" height="17" title="<?php echo gettext("Delete selected Suricata interface mapping(s)"); ?>"
+					onclick="return intf_del()">
+				<?php endif; ?>
 			</td>
 		</tr>
 		<tr>
@@ -449,12 +438,6 @@ if ($pfsense_stable == 'yes')
 </form>
 
 <script type="text/javascript">
-<script language="javascript" type="text/javascript">
-
-var initiator = '';
-$(document).ready(function() {
-	$(":submit").click(function() { initiator = this.value });
-});
 
 function intf_del() {
 	var isSelected = false;
diff --git a/config/suricata/suricata_logs_browser.php b/config/suricata/suricata_logs_browser.php
index ab16a350..38310b9f 100644
--- a/config/suricata/suricata_logs_browser.php
+++ b/config/suricata/suricata_logs_browser.php
@@ -148,7 +148,7 @@ if ($input_errors) {
 					$selected = "";
 					if ($id == $instanceid)
 						$selected = "selected";
-					echo "<option value='{$id}' {$selected}> (" . convert_friendly_interface_to_friendly_descre($instance['interface']) . "){$instance['descr']}</option>\n";
+					echo "<option value='{$id}' {$selected}> (" . convert_friendly_interface_to_friendly_descr($instance['interface']) . "){$instance['descr']}</option>\n";
 				}
 			?>
 					</select>&nbsp;&nbsp;<?php echo gettext('Choose which instance logs you want to view.'); ?>
-- 
cgit v1.2.3