diff options
author | Steve Beaver <sbeaver@netgate.com> | 2017-02-14 15:33:13 -0500 |
---|---|---|
committer | Steve Beaver <sbeaver@netgate.com> | 2017-02-14 15:33:13 -0500 |
commit | 9f2bbdb44c5700384a37a9586d260492f14f7602 (patch) | |
tree | 89fb08a438d5db045de32f6e5b8e2fe153929983 | |
parent | 13541a81e1173fc02af9af8ab7fe46df2a51007d (diff) | |
download | pfsense-9f2bbdb44c5700384a37a9586d260492f14f7602.zip pfsense-9f2bbdb44c5700384a37a9586d260492f14f7602.tar.gz |
GET/POST conversion
12 files changed, 88 insertions, 122 deletions
diff --git a/src/usr/local/www/services_captiveportal.php b/src/usr/local/www/services_captiveportal.php index 0a08480..3141c88 100644 --- a/src/usr/local/www/services_captiveportal.php +++ b/src/usr/local/www/services_captiveportal.php @@ -35,7 +35,7 @@ require_once("filter.inc"); require_once("shaper.inc"); require_once("captiveportal.inc"); -if (substr($_GET['act'], 0, 3) == "get") { +if (substr($_REQUEST['act'], 0, 3) == "get") { $nocsrf = true; } @@ -45,10 +45,8 @@ global $cpzone; global $cpzoneid; $cpzoneid = 1; /* Just a default */ -$cpzone = $_GET['zone']; -if (isset($_POST['zone'])) { - $cpzone = $_POST['zone']; -} +$cpzone = $_REQUEST['zone']; + $cpzone = strtolower($cpzone); if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { @@ -59,18 +57,19 @@ if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { if (!is_array($config['captiveportal'])) { $config['captiveportal'] = array(); } + $a_cp =& $config['captiveportal']; $pgtitle = array(gettext("Services"), gettext("Captive Portal"), $a_cp[$cpzone]['zone'], gettext("Configuration")); $pglinks = array("", "services_captiveportal_zones.php", "@self", "@self"); $shortcut_section = "captiveportal"; -if ($_GET['act'] == "viewhtml") { +if ($_REQUEST['act'] == "viewhtml") { if ($a_cp[$cpzone] && $a_cp[$cpzone]['page']['htmltext']) { echo base64_decode($a_cp[$cpzone]['page']['htmltext']); } exit; -} else if ($_GET['act'] == "gethtmlhtml" && $a_cp[$cpzone] && $a_cp[$cpzone]['page']['htmltext']) { +} else if ($_REQUEST['act'] == "gethtmlhtml" && $a_cp[$cpzone] && $a_cp[$cpzone]['page']['htmltext']) { $file_data = base64_decode($a_cp[$cpzone]['page']['htmltext']); $file_size = strlen($file_data); @@ -80,17 +79,17 @@ if ($_GET['act'] == "viewhtml") { echo $file_data; exit; -} else if ($_GET['act'] == "delhtmlhtml" && $a_cp[$cpzone] && $a_cp[$cpzone]['page']['htmltext']) { +} else if ($_REQUEST['act'] == "delhtmlhtml" && $a_cp[$cpzone] && $a_cp[$cpzone]['page']['htmltext']) { unset($a_cp[$cpzone]['page']['htmltext']); write_config(sprintf(gettext("Captive Portal: zone %s: Restore default portal page"), $cpzone)); header("Location: services_captiveportal.php?zone={$cpzone}"); exit; -} else if ($_GET['act'] == "viewerrhtml") { +} else if ($_REQUEST['act'] == "viewerrhtml") { if ($a_cp[$cpzone] && $a_cp[$cpzone]['page']['errtext']) { echo base64_decode($a_cp[$cpzone]['page']['errtext']); } exit; -} else if ($_GET['act'] == "geterrhtml" && $a_cp[$cpzone] && $a_cp[$cpzone]['page']['errtext']) { +} else if ($_REQUEST['act'] == "geterrhtml" && $a_cp[$cpzone] && $a_cp[$cpzone]['page']['errtext']) { $file_data = base64_decode($a_cp[$cpzone]['page']['errtext']); $file_size = strlen($file_data); @@ -100,17 +99,17 @@ if ($_GET['act'] == "viewhtml") { echo $file_data; exit; -} else if ($_GET['act'] == "delerrhtml" && $a_cp[$cpzone] && $a_cp[$cpzone]['page']['errtext']) { +} else if ($_REQUEST['act'] == "delerrhtml" && $a_cp[$cpzone] && $a_cp[$cpzone]['page']['errtext']) { unset($a_cp[$cpzone]['page']['errtext']); write_config(sprintf(gettext("Captive Portal: zone %s: Restore default error page"), $cpzone)); header("Location: services_captiveportal.php?zone={$cpzone}"); exit; -} else if ($_GET['act'] == "viewlogouthtml") { +} else if ($_REQUEST['act'] == "viewlogouthtml") { if ($a_cp[$cpzone] && $a_cp[$cpzone]['page']['logouttext']) { echo base64_decode($a_cp[$cpzone]['page']['logouttext']); } exit; -} else if ($_GET['act'] == "getlogouthtml" && $a_cp[$cpzone] && $a_cp[$cpzone]['page']['logouttext']) { +} else if ($_REQUEST['act'] == "getlogouthtml" && $a_cp[$cpzone] && $a_cp[$cpzone]['page']['logouttext']) { $file_data = base64_decode($a_cp[$cpzone]['page']['logouttext']); $file_size = strlen($file_data); @@ -120,7 +119,7 @@ if ($_GET['act'] == "viewhtml") { echo $file_data; exit; -} else if ($_GET['act'] == "dellogouthtml" && $a_cp[$cpzone] && $a_cp[$cpzone]['page']['logouttext']) { +} else if ($_REQUEST['act'] == "dellogouthtml" && $a_cp[$cpzone] && $a_cp[$cpzone]['page']['logouttext']) { unset($a_cp[$cpzone]['page']['logouttext']); write_config(sprintf(gettext("Captive Portal: zone %s: Restore default logout page"), $cpzone)); header("Location: services_captiveportal.php?zone={$cpzone}"); @@ -205,7 +204,7 @@ if ($a_cp[$cpzone]) { } } -if ($_POST) { +if ($_POST['save']) { unset($input_errors); $pconfig = $_POST; diff --git a/src/usr/local/www/services_captiveportal_filemanager.php b/src/usr/local/www/services_captiveportal_filemanager.php index 3320662..4240402 100644 --- a/src/usr/local/www/services_captiveportal_filemanager.php +++ b/src/usr/local/www/services_captiveportal_filemanager.php @@ -48,10 +48,8 @@ require_once("filter.inc"); require_once("shaper.inc"); require_once("captiveportal.inc"); -$cpzone = $_GET['zone']; -if (isset($_POST['zone'])) { - $cpzone = $_POST['zone']; -} +$cpzone = $_REQUEST['zone']; + $cpzone = strtolower(htmlspecialchars($cpzone)); if (empty($cpzone)) { @@ -62,6 +60,7 @@ if (empty($cpzone)) { if (!is_array($config['captiveportal'])) { $config['captiveportal'] = array(); } + $a_cp =& $config['captiveportal']; $pgtitle = array(gettext("Services"), gettext("Captive Portal"), $a_cp[$cpzone]['zone'], gettext("File Manager")); @@ -71,6 +70,7 @@ $shortcut_section = "captiveportal"; if (!is_array($a_cp[$cpzone]['element'])) { $a_cp[$cpzone]['element'] = array(); } + $a_element =& $a_cp[$cpzone]['element']; // Calculate total size of all files @@ -79,7 +79,7 @@ foreach ($a_element as $element) { $total_size += $element['size']; } -if ($_POST) { +if ($_POST['Submit']) { unset($input_errors); if (is_uploaded_file($_FILES['new']['tmp_name'])) { @@ -120,10 +120,10 @@ if ($_POST) { exit; } } -} else if (($_GET['act'] == "del") && !empty($cpzone) && $a_element[$_GET['id']]) { - @unlink("{$g['captiveportal_element_path']}/" . $a_element[$_GET['id']]['name']); - @unlink("{$g['captiveportal_path']}/" . $a_element[$_GET['id']]['name']); - unset($a_element[$_GET['id']]); +} else if (($_POST['act'] == "del") && !empty($cpzone) && $a_element[$_POST['id']]) { + @unlink("{$g['captiveportal_element_path']}/" . $a_element[$_POST['id']]['name']); + @unlink("{$g['captiveportal_path']}/" . $a_element[$_POST['id']]['name']); + unset($a_element[$_POST['id']]); write_config(); header("Location: services_captiveportal_filemanager.php?zone={$cpzone}"); exit; @@ -144,7 +144,7 @@ $tab_array[] = array(gettext("Vouchers"), false, "services_captiveportal_voucher $tab_array[] = array(gettext("File Manager"), true, "services_captiveportal_filemanager.php?zone={$cpzone}"); display_top_tabs($tab_array, true); -if ($_GET['act'] == 'add') { +if ($_REQUEST['act'] == 'add') { $form = new Form(false); @@ -200,7 +200,7 @@ if (is_array($a_cp[$cpzone]['element'])): <td><?=htmlspecialchars($element['name'])?></td> <td><?=format_bytes($element['size'])?></td> <td> - <a class="fa fa-trash" title="<?=gettext("Delete file")?>" href="services_captiveportal_filemanager.php?zone=<?=$cpzone?>&act=del&id=<?=$i?>"></a> + <a class="fa fa-trash" title="<?=gettext("Delete file")?>" href="services_captiveportal_filemanager.php?zone=<?=$cpzone?>&act=del&id=<?=$i?>" usepost></a> </td> </tr> <?php @@ -229,7 +229,7 @@ endif; ?> <nav class="action-buttons"> -<?php if (!$_GET['act'] == 'add'): ?> +<?php if (!$_REQUEST['act'] == 'add'): ?> <a href="services_captiveportal_filemanager.php?zone=<?=$cpzone?>&act=add" class="btn btn-success"> <i class="fa fa-plus icon-embed-btn"></i> <?=gettext("Add")?> diff --git a/src/usr/local/www/services_captiveportal_hostname.php b/src/usr/local/www/services_captiveportal_hostname.php index aee4a71..3c83a3c 100644 --- a/src/usr/local/www/services_captiveportal_hostname.php +++ b/src/usr/local/www/services_captiveportal_hostname.php @@ -40,10 +40,8 @@ require_once("filter.inc"); require_once("shaper.inc"); require_once("captiveportal.inc"); -$cpzone = $_GET['zone']; -if (isset($_POST['zone'])) { - $cpzone = $_POST['zone']; -} +$cpzone = $_REQUEST['zone']; + $cpzone = strtolower(htmlspecialchars($cpzone)); if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { @@ -54,6 +52,7 @@ if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { if (!is_array($config['captiveportal'])) { $config['captiveportal'] = array(); } + $a_cp =& $config['captiveportal']; if (isset($cpzone) && !empty($cpzone) && isset($a_cp[$cpzone]['zoneid'])) { @@ -64,10 +63,10 @@ $pgtitle = array(gettext("Services"), gettext("Captive Portal"), $a_cp[$cpzone][ $pglinks = array("", "services_captiveportal_zones.php", "services_captiveportal.php?zone=" . $cpzone, "@self"); $shortcut_section = "captiveportal"; -if ($_GET['act'] == "del" && !empty($cpzone) && isset($cpzoneid)) { +if ($_POST['act'] == "del" && !empty($cpzone) && isset($cpzoneid)) { $a_allowedhostnames =& $a_cp[$cpzone]['allowedhostname']; - if ($a_allowedhostnames[$_GET['id']]) { - $ipent = $a_allowedhostnames[$_GET['id']]; + if ($a_allowedhostnames[$_POST['id']]) { + $ipent = $a_allowedhostnames[$_POST['id']]; if (isset($a_cp[$cpzone]['enable'])) { if (is_ipaddr($ipent['hostname'])) { @@ -90,7 +89,7 @@ if ($_GET['act'] == "del" && !empty($cpzone) && isset($cpzoneid)) { } } - unset($a_allowedhostnames[$_GET['id']]); + unset($a_allowedhostnames[$_POST['id']]); write_config(); captiveportal_allowedhostname_configure(); header("Location: services_captiveportal_hostname.php?zone={$cpzone}"); @@ -134,7 +133,7 @@ foreach ($a_cp[$cpzone]['allowedhostname'] as $ip): ?> </td> <td> <a class="fa fa-pencil" title="<?=gettext("Edit hostname"); ?>" href="services_captiveportal_hostname_edit.php?zone=<?=$cpzone?>&id=<?=$i?>"></a> - <a class="fa fa-trash" title="<?=gettext("Delete hostname")?>" href="services_captiveportal_hostname.php?zone=<?=$cpzone?>&act=del&id=<?=$i?>"></a> + <a class="fa fa-trash" title="<?=gettext("Delete hostname")?>" href="services_captiveportal_hostname.php?zone=<?=$cpzone?>&act=del&id=<?=$i?>" usepost></a> </td> </tr> <?php diff --git a/src/usr/local/www/services_captiveportal_hostname_edit.php b/src/usr/local/www/services_captiveportal_hostname_edit.php index 28a3de7..bca314d 100644 --- a/src/usr/local/www/services_captiveportal_hostname_edit.php +++ b/src/usr/local/www/services_captiveportal_hostname_edit.php @@ -43,10 +43,8 @@ require_once("captiveportal.inc"); global $cpzone, $cpzoneid; -$cpzone = $_GET['zone']; -if (isset($_POST['zone'])) { - $cpzone = $_POST['zone']; -} +$cpzone = $_REQUEST['zone']; + $cpzone = strtolower(htmlspecialchars($cpzone)); $cpzoneid = $config['captiveportal'][$cpzone]['zoneid']; @@ -59,22 +57,20 @@ if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { if (!is_array($config['captiveportal'])) { $config['captiveportal'] = array(); } + $a_cp =& $config['captiveportal']; $pgtitle = array(gettext("Services"), gettext("Captive Portal"), $a_cp[$cpzone]['zone'], gettext("Allowed Hostnames"), gettext("Edit")); $pglinks = array("", "services_captiveportal_zones.php", "services_captiveportal.php?zone=" . $cpzone, "services_captiveportal_hostname.php?zone=" . $cpzone, "@self"); $shortcut_section = "captiveportal"; -if (is_numericint($_GET['id'])) { - $id = $_GET['id']; -} -if (isset($_POST['id']) && is_numericint($_POST['id'])) { - $id = $_POST['id']; -} +$id = $_REQUEST['id']; + if (!is_array($a_cp[$cpzone]['allowedhostname'])) { $a_cp[$cpzone]['allowedhostname'] = array(); } + $a_allowedhostnames = &$a_cp[$cpzone]['allowedhostname']; if (isset($id) && $a_allowedhostnames[$id]) { @@ -87,7 +83,7 @@ if (isset($id) && $a_allowedhostnames[$id]) { $pconfig['descr'] = $a_allowedhostnames[$id]['descr']; } -if ($_POST) { +if ($_POST['save']) { unset($input_errors); $pconfig = $_POST; diff --git a/src/usr/local/www/services_captiveportal_ip.php b/src/usr/local/www/services_captiveportal_ip.php index 9b2e0da..0823611 100644 --- a/src/usr/local/www/services_captiveportal_ip.php +++ b/src/usr/local/www/services_captiveportal_ip.php @@ -39,11 +39,7 @@ require_once("filter.inc"); require_once("shaper.inc"); require_once("captiveportal.inc"); -$cpzone = $_GET['zone']; -if (isset($_POST['zone'])) { - $cpzone = $_POST['zone']; -} -$cpzone = strtolower(htmlspecialchars($cpzone)); +$cpzone = strtolower(htmlspecialchars($_REQUEST['zone'])); if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { header("Location: services_captiveportal_zones.php"); @@ -53,6 +49,7 @@ if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { if (!is_array($config['captiveportal'])) { $config['captiveportal'] = array(); } + $a_cp =& $config['captiveportal']; if (isset($cpzone) && !empty($cpzone) && isset($a_cp[$cpzone]['zoneid'])) { @@ -63,11 +60,11 @@ $pgtitle = array(gettext("Services"), gettext("Captive Portal"), $a_cp[$cpzone][ $pglinks = array("", "services_captiveportal_zones.php", "services_captiveportal.php?zone=" . $cpzone, "@self"); $shortcut_section = "captiveportal"; -if ($_GET['act'] == "del" && !empty($cpzone) && isset($cpzoneid)) { +if ($_POST['act'] == "del" && !empty($cpzone) && isset($cpzoneid)) { $a_allowedips =& $config['captiveportal'][$cpzone]['allowedip']; - if ($a_allowedips[$_GET['id']]) { - $ipent = $a_allowedips[$_GET['id']]; + if ($a_allowedips[$_POST['id']]) { + $ipent = $a_allowedips[$_POST['id']]; if (isset($config['captiveportal'][$cpzone]['enable'])) { $mask = (!empty($ipent['sn'])) ? $ipent['sn'] : 32; @@ -84,7 +81,7 @@ if ($_GET['act'] == "del" && !empty($cpzone) && isset($cpzoneid)) { } } - unset($a_allowedips[$_GET['id']]); + unset($a_allowedips[$_POST['id']]); write_config(); header("Location: services_captiveportal_ip.php?zone={$cpzone}"); exit; @@ -129,7 +126,7 @@ if (is_array($a_cp[$cpzone]['allowedip'])): ?> </td> <td> <a class="fa fa-pencil" title="<?=gettext("Edit IP"); ?>" href="services_captiveportal_ip_edit.php?zone=<?=$cpzone?>&id=<?=$i?>"></a> - <a class="fa fa-trash" title="<?=gettext("Delete IP")?>" href="services_captiveportal_ip.php?zone=<?=$cpzone?>&act=del&id=<?=$i?>"></a> + <a class="fa fa-trash" title="<?=gettext("Delete IP")?>" href="services_captiveportal_ip.php?zone=<?=$cpzone?>&act=del&id=<?=$i?>" usepost></a> </td> </tr> <?php diff --git a/src/usr/local/www/services_captiveportal_ip_edit.php b/src/usr/local/www/services_captiveportal_ip_edit.php index 9bfa581..5665b23 100644 --- a/src/usr/local/www/services_captiveportal_ip_edit.php +++ b/src/usr/local/www/services_captiveportal_ip_edit.php @@ -47,11 +47,7 @@ require_once("filter.inc"); require_once("shaper.inc"); require_once("captiveportal.inc"); -$cpzone = $_GET['zone']; -if (isset($_POST['zone'])) { - $cpzone = $_POST['zone']; -} -$cpzone = strtolower(htmlspecialchars($cpzone)); +$cpzone = strtolower(htmlspecialchars($_REQUEST['zone'])); if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { header("Location: services_captiveportal_zones.php"); @@ -61,22 +57,18 @@ if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { if (!is_array($config['captiveportal'])) { $config['captiveportal'] = array(); } + $a_cp =& $config['captiveportal']; $pgtitle = array(gettext("Services"), gettext("Captive Portal"), $a_cp[$cpzone]['zone'], gettext("Allowed IP Addresses"), gettext("Edit")); $pglinks = array("", "services_captiveportal_zones.php", "services_captiveportal.php?zone=" . $cpzone, "services_captiveportal_ip.php?zone=" . $cpzone, "@self"); $shortcut_section = "captiveportal"; - -if (is_numericint($_GET['id'])) { - $id = $_GET['id']; -} -if (isset($_POST['id']) && is_numericint($_POST['id'])) { - $id = $_POST['id']; -} +$id = $_REQUEST['id']; if (!is_array($config['captiveportal'][$cpzone]['allowedip'])) { $config['captiveportal'][$cpzone]['allowedip'] = array(); } + $a_allowedips =& $config['captiveportal'][$cpzone]['allowedip']; if (isset($id) && $a_allowedips[$id]) { @@ -88,7 +80,7 @@ if (isset($id) && $a_allowedips[$id]) { $pconfig['descr'] = $a_allowedips[$id]['descr']; } -if ($_POST) { +if ($_POST['save']) { unset($input_errors); $pconfig = $_POST; diff --git a/src/usr/local/www/services_captiveportal_mac.php b/src/usr/local/www/services_captiveportal_mac.php index e4aa160..45e9259 100644 --- a/src/usr/local/www/services_captiveportal_mac.php +++ b/src/usr/local/www/services_captiveportal_mac.php @@ -40,11 +40,7 @@ require_once("captiveportal.inc"); global $cpzone; global $cpzoneid; -$cpzone = $_GET['zone']; -if (isset($_POST['zone'])) { - $cpzone = $_POST['zone']; -} -$cpzone = strtolower(htmlspecialchars($cpzone)); +$cpzone = strtolower(htmlspecialchars($_REQUEST['zone'])); if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { header("Location: services_captiveportal_zones.php"); @@ -54,6 +50,7 @@ if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { if (!is_array($config['captiveportal'])) { $config['captiveportal'] = array(); } + $a_cp =& $config['captiveportal']; $pgtitle = array(gettext("Services"), gettext("Captive Portal"), $a_cp[$cpzone]['zone'], gettext("MACs")); @@ -63,7 +60,7 @@ $shortcut_section = "captiveportal"; $actsmbl = array('pass' => '<i class="fa fa-check text-success"></i> ' . gettext("Pass"), 'block' => '<i class="fa fa-times text-danger"></i> ' . gettext("Block")); -if ($_POST) { +if ($_POST['save']) { $pconfig = $_POST; if ($_POST['apply']) { @@ -133,17 +130,17 @@ if ($_POST) { } } -if ($_GET['act'] == "del") { +if ($_POST['act'] == "del") { $a_passthrumacs =& $a_cp[$cpzone]['passthrumac']; - if ($a_passthrumacs[$_GET['id']]) { + if ($a_passthrumacs[$_POST['id']]) { $cpzoneid = $a_cp[$cpzone]['zoneid']; - $rules = captiveportal_passthrumac_delete_entry($a_passthrumacs[$_GET['id']]); + $rules = captiveportal_passthrumac_delete_entry($a_passthrumacs[$_POST['id']]); $uniqid = uniqid("{$cpzone}_mac"); file_put_contents("{$g['tmp_path']}/{$uniqid}_tmp", $rules); mwexec("/sbin/ipfw -q {$g['tmp_path']}/{$uniqid}_tmp"); @unlink("{$g['tmp_path']}/{$uniqid}_tmp"); - unset($a_passthrumacs[$_GET['id']]); + unset($a_passthrumacs[$_POST['id']]); write_config(); header("Location: services_captiveportal_mac.php?zone={$cpzone}"); exit; @@ -198,7 +195,7 @@ foreach ($a_cp[$cpzone]['passthrumac'] as $mac): ?> </td> <td> <a class="fa fa-pencil" title="<?=gettext("Edit MAC address"); ?>" href="services_captiveportal_mac_edit.php?zone=<?=$cpzone?>&id=<?=$i?>"></a> - <a class="fa fa-trash" title="<?=gettext("Delete MAC address")?>" href="services_captiveportal_mac.php?zone=<?=$cpzone?>&act=del&id=<?=$i?>"></a> + <a class="fa fa-trash" title="<?=gettext("Delete MAC address")?>" href="services_captiveportal_mac.php?zone=<?=$cpzone?>&act=del&id=<?=$i?>"usepost></a> </td> </tr> <?php diff --git a/src/usr/local/www/services_captiveportal_mac_edit.php b/src/usr/local/www/services_captiveportal_mac_edit.php index cea3bbc..8dcc0ce 100644 --- a/src/usr/local/www/services_captiveportal_mac_edit.php +++ b/src/usr/local/www/services_captiveportal_mac_edit.php @@ -50,11 +50,7 @@ require_once("captiveportal.inc"); global $cpzone; global $cpzoneid; -$cpzone = $_GET['zone']; -if (isset($_POST['zone'])) { - $cpzone = $_POST['zone']; -} -$cpzone = strtolower(htmlspecialchars($cpzone)); +$cpzone = strtolower(htmlspecialchars($_REQUEST['zone'])); if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { header("Location: services_captiveportal_zones.php"); @@ -64,22 +60,21 @@ if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { if (!is_array($config['captiveportal'])) { $config['captiveportal'] = array(); } + $a_cp =& $config['captiveportal']; $pgtitle = array(gettext("Services"), gettext("Captive Portal"), $a_cp[$cpzone]['zone'], gettext("MACs"), gettext("Edit")); $pglinks = array("", "services_captiveportal_zones.php", "services_captiveportal.php?zone=" . $cpzone, "services_captiveportal_mac.php?zone=" . $cpzone, "@self"); $shortcut_section = "captiveportal"; -if (is_numericint($_GET['id'])) { - $id = $_GET['id']; -} -if (isset($_POST['id']) && is_numericint($_POST['id'])) { - $id = $_POST['id']; +if (is_numericint($_REQUEST['id'])) { + $id = $_REQUEST['id']; } if (!is_array($a_cp[$cpzone]['passthrumac'])) { $a_cp[$cpzone]['passthrumac'] = array(); } + $a_passthrumacs = &$a_cp[$cpzone]['passthrumac']; if (isset($id) && $a_passthrumacs[$id]) { @@ -91,7 +86,7 @@ if (isset($id) && $a_passthrumacs[$id]) { $pconfig['username'] = $a_passthrumacs[$id]['username']; } -if ($_POST) { +if ($_POST['save']) { unset($input_errors); $pconfig = $_POST; @@ -126,7 +121,7 @@ if ($_POST) { $input_errors[] = gettext("Upload speed must be between 1 and 999999"); } if ($_POST['bw_down'] && ($_POST['bw_down'] > 999999 || $_POST['bw_down'] < 1)) { - $input_errors[] = gettext("Download speed must be between 1 and 999999"); + $input_errors[] = gettext("Download speed must be between 1 and 999999"); } foreach ($a_passthrumacs as $macent) { diff --git a/src/usr/local/www/services_captiveportal_vouchers.php b/src/usr/local/www/services_captiveportal_vouchers.php index c2506e7..590c43d 100644 --- a/src/usr/local/www/services_captiveportal_vouchers.php +++ b/src/usr/local/www/services_captiveportal_vouchers.php @@ -38,12 +38,7 @@ require_once("shaper.inc"); require_once("captiveportal.inc"); require_once("voucher.inc"); -$cpzone = $_GET['zone']; - -if (isset($_POST['zone'])) { - $cpzone = $_POST['zone']; -} -$cpzone = strtolower(htmlspecialchars($cpzone)); +$cpzone = strtolower(htmlspecialchars($_REQUEST['zone'])); if ($_REQUEST['generatekey']) { exec("/usr/bin/openssl genrsa 64 > /tmp/key64.private"); @@ -63,6 +58,7 @@ if (empty($cpzone)) { if (!is_array($config['captiveportal'])) { $config['captiveportal'] = array(); } + $a_cp =& $config['captiveportal']; if (!is_array($config['voucher'])) { @@ -128,14 +124,15 @@ if (!isset($config['voucher'][$cpzone]['publickey'])) { if (!isset($config['voucher'][$cpzone]['descrmsgnoaccess'])) { $config['voucher'][$cpzone]['descrmsgnoaccess'] = gettext("Voucher invalid"); } + if (!isset($config['voucher'][$cpzone]['descrmsgexpired'])) { $config['voucher'][$cpzone]['descrmsgexpired'] = gettext("Voucher expired"); } $a_roll = &$config['voucher'][$cpzone]['roll']; -if ($_GET['act'] == "del") { - $id = $_GET['id']; +if ($_POST['act'] == "del") { + $id = $_POST['id']; if ($a_roll[$id]) { $roll = $a_roll[$id]['number']; $voucherlck = lock("voucher{$cpzone}"); @@ -146,7 +143,7 @@ if ($_GET['act'] == "del") { } header("Location: services_captiveportal_vouchers.php?zone={$cpzone}"); exit; -} else if ($_GET['act'] == "csv") { +} else if ($_REQUEST['act'] == "csv") { /* print all vouchers of the selected roll */ $privkey = base64_decode($config['voucher'][$cpzone]['privatekey']); if (strstr($privkey, "BEGIN RSA PRIVATE KEY")) { @@ -158,7 +155,7 @@ if ($_GET['act'] == "del") { fwrite($fd, $privkey); fclose($fd); $a_voucher = &$config['voucher'][$cpzone]['roll']; - $id = $_GET['id']; + $id = $_REQUEST['id']; if (isset($id) && $a_voucher[$id]) { $number = $a_voucher[$id]['number']; $count = $a_voucher[$id]['count']; @@ -194,7 +191,7 @@ $pconfig['vouchersyncport'] = $config['voucher'][$cpzone]['vouchersyncport']; $pconfig['vouchersyncpass'] = $config['voucher'][$cpzone]['vouchersyncpass']; $pconfig['vouchersyncusername'] = $config['voucher'][$cpzone]['vouchersyncusername']; -if ($_POST) { +if ($_POST['save']) { unset($input_errors); if ($_POST['postafterlogin']) { @@ -303,7 +300,7 @@ EOF; require_once("xmlrpc_client.inc"); $rpc_client = new pfsense_xmlrpc_client(); $rpc_client->setConnectionData( - $newvoucher['vouchersyncdbip'], $newvoucher['vouchersyncport'], + $newvoucher['vouchersyncdbip'], $newvoucher['vouchersyncport'], $newvoucher['vouchersyncusername'], $newvoucher['vouchersyncpass']); $rpc_client->set_noticefile("CaptivePortalVoucherSync"); $resp = $rpc_client->xmlrpc_exec_php($execcmd); @@ -361,6 +358,7 @@ EOF; } } } + include("head.inc"); if ($input_errors) { @@ -409,7 +407,7 @@ foreach ($a_roll as $rollent): <td> <!-- These buttons are hidden/shown on checking the 'enable' checkbox --> <a class="fa fa-pencil" title="<?=gettext("Edit voucher roll"); ?>" href="services_captiveportal_vouchers_edit.php?zone=<?=$cpzone?>&id=<?=$i; ?>"></a> - <a class="fa fa-trash" title="<?=gettext("Delete voucher roll")?>" href="services_captiveportal_vouchers.php?zone=<?=$cpzone?>&act=del&id=<?=$i; ?>"></a> + <a class="fa fa-trash" title="<?=gettext("Delete voucher roll")?>" href="services_captiveportal_vouchers.php?zone=<?=$cpzone?>&act=del&id=<?=$i; ?>" usepost></a> <a class="fa fa-file-excel-o" title="<?=gettext("Export vouchers for this roll to a .csv file")?>" href="services_captiveportal_vouchers.php?zone=<?=$cpzone?>&act=csv&id=<?=$i; ?>"></a> </td> </tr> diff --git a/src/usr/local/www/services_captiveportal_vouchers_edit.php b/src/usr/local/www/services_captiveportal_vouchers_edit.php index 07792a6..f502dcf 100644 --- a/src/usr/local/www/services_captiveportal_vouchers_edit.php +++ b/src/usr/local/www/services_captiveportal_vouchers_edit.php @@ -34,11 +34,7 @@ require_once("shaper.inc"); require_once("captiveportal.inc"); require_once("voucher.inc"); -$cpzone = $_GET['zone']; -if (isset($_POST['zone'])) { - $cpzone = $_POST['zone']; -} -$cpzone = strtolower(htmlspecialchars($cpzone)); +$cpzone = strtolower(htmlspecialchars($_REQUEST['zone'])); if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { header("Location: services_captiveportal_zones.php"); @@ -48,6 +44,7 @@ if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { if (!is_array($config['captiveportal'])) { $config['captiveportal'] = array(); } + $a_cp =& $config['captiveportal']; $pgtitle = array(gettext("Services"), gettext("Captive Portal"), $a_cp[$cpzone]['zone'], gettext("Vouchers"), gettext("Edit")); @@ -63,13 +60,8 @@ if (!is_array($config['voucher'][$cpzone]['roll'])) { } $a_roll = &$config['voucher'][$cpzone]['roll']; +$id = $_REQUEST['id']; -if (is_numericint($_GET['id'])) { - $id = $_GET['id']; -} -if (isset($_POST['id']) && is_numericint($_POST['id'])) { - $id = $_POST['id']; -} if (isset($id) && $a_roll[$id]) { $pconfig['zone'] = $a_roll[$id]['zone']; @@ -82,7 +74,7 @@ if (isset($id) && $a_roll[$id]) { $maxnumber = (1<<$config['voucher'][$cpzone]['rollbits']) -1; // Highest Roll# $maxcount = (1<<$config['voucher'][$cpzone]['ticketbits']) -1; // Highest Ticket# -if ($_POST) { +if ($_POST['save']) { unset($input_errors); $pconfig = $_POST; diff --git a/src/usr/local/www/services_captiveportal_zones.php b/src/usr/local/www/services_captiveportal_zones.php index 6454a2a..9842281 100644 --- a/src/usr/local/www/services_captiveportal_zones.php +++ b/src/usr/local/www/services_captiveportal_zones.php @@ -40,8 +40,8 @@ if (!is_array($config['captiveportal'])) { } $a_cp = &$config['captiveportal']; -if ($_GET['act'] == "del" && !empty($_GET['zone'])) { - $cpzone = strtolower(htmlspecialchars($_GET['zone'])); +if ($_POST['act'] == "del" && !empty($_POST['zone'])) { + $cpzone = strtolower(htmlspecialchars($_POST['zone'])); if ($a_cp[$cpzone]) { $cpzoneid = $a_cp[$cpzone]['zoneid']; unset($a_cp[$cpzone]['enable']); @@ -100,7 +100,7 @@ if (is_subsystem_dirty('captiveportal')) { <td><?=htmlspecialchars($cpitem['descr']);?> </td> <td> <a class="fa fa-pencil" title="<?=gettext("Edit zone"); ?>" href="services_captiveportal.php?zone=<?=$cpzone?>"></a> - <a class="fa fa-trash" title="<?=gettext("Delete zone")?>" href="services_captiveportal_zones.php?act=del&zone=<?=$cpzone;?>"></a> + <a class="fa fa-trash" title="<?=gettext("Delete zone")?>" href="services_captiveportal_zones.php?act=del&zone=<?=$cpzone;?>" usepost></a> </td> </tr> <?php diff --git a/src/usr/local/www/services_captiveportal_zones_edit.php b/src/usr/local/www/services_captiveportal_zones_edit.php index 2d71251..5aea1fe 100644 --- a/src/usr/local/www/services_captiveportal_zones_edit.php +++ b/src/usr/local/www/services_captiveportal_zones_edit.php @@ -39,9 +39,10 @@ $shortcut_section = "captiveportal"; if (!is_array($config['captiveportal'])) { $config['captiveportal'] = array(); } + $a_cp =& $config['captiveportal']; -if ($_POST) { +if ($_POST['Submit']) { unset($input_errors); $pconfig = $_POST; |