diff options
author | jim-p <jimp@pfsense.org> | 2014-08-08 11:22:40 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2014-08-08 11:22:40 -0400 |
commit | 889c83d7f1ad87c5b89e1ed9ef73be7c47cc90f2 (patch) | |
tree | 4ec2e102af571a03ed7635e17163eaae6169c32f | |
parent | 8108b4235b35dc1e21951d5754e6ea4f190e079f (diff) | |
download | pfsense-889c83d7f1ad87c5b89e1ed9ef73be7c47cc90f2.zip pfsense-889c83d7f1ad87c5b89e1ed9ef73be7c47cc90f2.tar.gz |
Require click-through POST confirmation when restoring or deleting a configuation from the backup history page.
-rwxr-xr-x | usr/local/www/diag_confbak.php | 66 |
1 files changed, 51 insertions, 15 deletions
diff --git a/usr/local/www/diag_confbak.php b/usr/local/www/diag_confbak.php index 08072fc..61aa09b 100755 --- a/usr/local/www/diag_confbak.php +++ b/usr/local/www/diag_confbak.php @@ -41,22 +41,24 @@ require("guiconfig.inc"); -if($_GET['newver'] != "") { - conf_mount_rw(); - $confvers = unserialize(file_get_contents($g['cf_conf_path'] . '/backup/backup.cache')); - if(config_restore($g['conf_path'] . '/backup/config-' . $_GET['newver'] . '.xml') == 0) - - $savemsg = sprintf(gettext('Successfully reverted to timestamp %1$s with description "%2$s".'), date(gettext("n/j/y H:i:s"), $_GET['newver']), $confvers[$_GET['newver']]['description']); - else - $savemsg = gettext("Unable to revert to the selected configuration."); - conf_mount_ro(); -} +if ($_POST) { + if (!isset($_POST['confirm']) || ($_POST['confirm'] != gettext("Confirm")) || (!isset($_POST['newver']) && !isset($_POST['rmver']))) { + header("Location: diag_confbak.php"); + return; + } -if($_GET['rmver'] != "") { conf_mount_rw(); $confvers = unserialize(file_get_contents($g['cf_conf_path'] . '/backup/backup.cache')); - unlink_if_exists($g['conf_path'] . '/backup/config-' . $_GET['rmver'] . '.xml'); - $savemsg = sprintf(gettext('Deleted backup with timestamp %1$s and description "%2$s".'), date(gettext("n/j/y H:i:s"), $_GET['rmver']),$confvers[$_GET['rmver']]['description']); + if($_POST['newver'] != "") { + if(config_restore($g['conf_path'] . '/backup/config-' . $_POST['newver'] . '.xml') == 0) + $savemsg = sprintf(gettext('Successfully reverted to timestamp %1$s with description "%2$s".'), date(gettext("n/j/y H:i:s"), $_POST['newver']), $confvers[$_POST['newver']]['description']); + else + $savemsg = gettext("Unable to revert to the selected configuration."); + } + if($_POST['rmver'] != "") { + unlink_if_exists($g['conf_path'] . '/backup/config-' . $_POST['rmver'] . '.xml'); + $savemsg = sprintf(gettext('Deleted backup with timestamp %1$s and description "%2$s".'), date(gettext("n/j/y H:i:s"), $_POST['rmver']),$confvers[$_POST['rmver']]['description']); + } conf_mount_ro(); } @@ -145,8 +147,40 @@ include("head.inc"); <tr> <td> <div id="mainarea"> +<?PHP if ($_GET["newver"] || $_GET["rmver"]): ?> + <form action="diag_confbak.php" method="post"> +<?PHP else: ?> <form action="diag_confbak.php" method="get"> +<?PHP endif; ?> <table class="tabcont" align="center" width="100%" border="0" cellpadding="6" cellspacing="0"> + +<?PHP if ($_GET["newver"] || $_GET["rmver"]): ?> + <tr> + <td colspan="2" valign="top" class="listtopic"><?PHP echo gettext("Confirm Action"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"> </td> + <td width="78%" class="vtable"> + + <strong><?PHP echo gettext("Please confirm the selected action"); ?></strong>: + <br /> + <br /><strong><?PHP echo gettext("Action"); ?>:</strong> + <?PHP if (!empty($_GET["newver"])) { + echo gettext("Restore from Configuration Backup"); + $target_config = $_GET["newver"]; ?> + <input type="hidden" name="newver" value="<?PHP echo htmlspecialchars($_GET["newver"]); ?>" /> + <?PHP } elseif (!empty($_GET["rmver"])) { + echo gettext("Remove Configuration Backup"); + $target_config = $_GET["rmver"]; ?> + <input type="hidden" name="rmver" value="<?PHP echo htmlspecialchars($_GET["rmver"]); ?>" /> + <?PHP } ?> + <br /><strong><?PHP echo gettext("Target Configuration"); ?>:</strong> + <?PHP echo sprintf(gettext('Timestamp %1$s'), date(gettext("n/j/y H:i:s"), $target_config)); ?> + <br /><input type="submit" name="confirm" value="<?PHP echo gettext("Confirm"); ?>" /> + </td> + </tr> +<?PHP else: ?> + <?php if (is_array($confvers)): ?> <tr> <td colspan="2" valign="middle" align="center" class="list" nowrap><input type="submit" name="diff" value="<?=gettext("Diff"); ?>"></td> @@ -188,12 +222,12 @@ include("head.inc"); <td class="listr"> <?= $version['version'] ?></td> <td class="listr"> <?= $version['description'] ?></td> <td valign="middle" class="list" nowrap> - <a href="diag_confbak.php?newver=<?=$version['time'];?>" onclick="return confirm('<?=gettext("Revert to this configuration?");?>'")> + <a href="diag_confbak.php?newver=<?=$version['time'];?>"> <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="<?=gettext("Revert to this configuration");?>" title="<?=gettext("Revert to this configuration");?>"> </a> </td> <td valign="middle" class="list" nowrap> - <a href="diag_confbak.php?rmver=<?=$version['time'];?>" onclick="return confirm('<?=gettext("Delete this configuration backup?");?>')"> + <a href="diag_confbak.php?rmver=<?=$version['time'];?>"> <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="<?=gettext("Remove this backup");?>" title="<?=gettext("Remove this backup");?>"> </a> </td> @@ -215,6 +249,8 @@ include("head.inc"); </td> </tr> <?php endif; ?> + +<?php endif; ?> </table> </form> </div> |