diff options
| author | Steve Beaver <sbeaver@netgate.com> | 2017-02-13 10:47:47 -0500 |
|---|---|---|
| committer | Steve Beaver <sbeaver@netgate.com> | 2017-02-13 10:48:25 -0500 |
| commit | 4611e283323f0eaf44bc4ded4ad4f7cf9d8cdbe1 (patch) | |
| tree | 44a60f536cefad3d50cefccf780c98094e217d1a | |
| parent | ac4fe723a521e35a29fb55075cdfdb2230d74aa2 (diff) | |
| download | pfsense-4611e283323f0eaf44bc4ded4ad4f7cf9d8cdbe1.zip pfsense-4611e283323f0eaf44bc4ded4ad4f7cf9d8cdbe1.tar.gz | |
Revisions to GET/POST conversion limiting POSTs to save, apply, and delete functions
| -rw-r--r-- | src/usr/local/www/system_advanced_sysctl.php | 9 | ||||
| -rw-r--r-- | src/usr/local/www/system_authservers.php | 10 | ||||
| -rw-r--r-- | src/usr/local/www/system_camanager.php | 20 | ||||
| -rw-r--r-- | src/usr/local/www/system_certmanager.php | 28 | ||||
| -rw-r--r-- | src/usr/local/www/system_crlmanager.php | 26 | ||||
| -rw-r--r-- | src/usr/local/www/system_gateway_groups.php | 41 | ||||
| -rw-r--r-- | src/usr/local/www/system_gateway_groups_edit.php | 10 | ||||
| -rw-r--r-- | src/usr/local/www/system_gateways.php | 56 | ||||
| -rw-r--r-- | src/usr/local/www/system_gateways_edit.php | 10 | ||||
| -rw-r--r-- | src/usr/local/www/system_groupmanager.php | 22 | ||||
| -rw-r--r-- | src/usr/local/www/system_groupmanager_addprivs.php | 2 | ||||
| -rw-r--r-- | src/usr/local/www/system_routes.php | 14 | ||||
| -rw-r--r-- | src/usr/local/www/system_routes_edit.php | 8 | ||||
| -rw-r--r-- | src/usr/local/www/system_usermanager.php | 15 | ||||
| -rw-r--r-- | src/usr/local/www/system_usermanager_addprivs.php | 4 |
15 files changed, 139 insertions, 136 deletions
diff --git a/src/usr/local/www/system_advanced_sysctl.php b/src/usr/local/www/system_advanced_sysctl.php index 745cd52..3dc14af 100644 --- a/src/usr/local/www/system_advanced_sysctl.php +++ b/src/usr/local/www/system_advanced_sysctl.php @@ -47,7 +47,7 @@ if (isset($_POST['id'])) { $id = htmlspecialchars_decode($_POST['id']); } -$act = $_POST['act']; +$act = $_REQUEST['act']; if ($act == "edit") { if (isset($a_tunable[$id])) { @@ -62,7 +62,7 @@ if ($act == "edit") { } } -if ($act == "del") { +if ($_POST['act'] == "del") { if ($a_tunable[$id]) { if (!$input_errors) { unset($a_tunable[$id]); @@ -118,6 +118,7 @@ if ($act == "edit") { $pgtitle[] = gettext('Edit'); $pglinks[] = "@self"; } + include("head.inc"); if ($input_errors) { @@ -155,7 +156,7 @@ if ($act != "edit"): ?> <th class="col-sm-3"><?=gettext("Tunable Name"); ?></th> <th><?=gettext("Description"); ?></th> <th class="col-sm-1"><?=gettext("Value"); ?></th> - <th><a class="btn btn-xs btn-success" href="system_advanced_sysctl.php?act=edit" usepost><i class="fa fa-plus icon-embed-btn"></i><?=gettext('New'); ?></a></th> + <th><a class="btn btn-xs btn-success" href="system_advanced_sysctl.php?act=edit"><i class="fa fa-plus icon-embed-btn"></i><?=gettext('New'); ?></a></th> </tr> </thead> <?php @@ -175,7 +176,7 @@ if ($act != "edit"): ?> ?> </td> <td> - <a class="fa fa-pencil" title="<?=gettext("Edit tunable"); ?>" href="system_advanced_sysctl.php?act=edit&id=<?=$i;?>" usepost></a> + <a class="fa fa-pencil" title="<?=gettext("Edit tunable"); ?>" href="system_advanced_sysctl.php?act=edit&id=<?=$i;?>"></a> <?php if (isset($tunable['modified'])): ?> <a class="fa fa-trash" title="<?=gettext("Delete/Reset tunable")?>" href="system_advanced_sysctl.php?act=del&id=<?=$i;?>" usepost></a> <?php endif; ?> diff --git a/src/usr/local/www/system_authservers.php b/src/usr/local/www/system_authservers.php index 11e061a..8a3c671 100644 --- a/src/usr/local/www/system_authservers.php +++ b/src/usr/local/www/system_authservers.php @@ -96,7 +96,7 @@ if ($_REQUEST['ajax']) { exit; } -$id = $_POST['id']; +$id = $_REQUEST['id']; if (!is_array($config['system']['authserver'])) { $config['system']['authserver'] = array(); @@ -114,9 +114,9 @@ if (!is_array($config['ca'])) { $a_ca =& $config['ca']; -$act = $_POST['act']; +$act = $_REQUEST['act']; -if ($act == "del") { +if ($_POST['act'] == "del") { if (!$a_server[$_POST['id']]) { pfSenseHeader("system_authservers.php"); @@ -446,7 +446,7 @@ if (!($act == "new" || $act == "edit" || $input_errors)) { <td><?=htmlspecialchars($server['host'])?></td> <td> <?php if ($i < (count($a_server) - 1)): ?> - <a class="fa fa-pencil" title="<?=gettext("Edit server"); ?>" href="system_authservers.php?act=edit&id=<?=$i?>" usepost></a> + <a class="fa fa-pencil" title="<?=gettext("Edit server"); ?>" href="system_authservers.php?act=edit&id=<?=$i?>"></a> <a class="fa fa-trash" title="<?=gettext("Delete server")?>" href="system_authservers.php?act=del&id=<?=$i?>" usepost></a> <?php endif?> </td> @@ -459,7 +459,7 @@ if (!($act == "new" || $act == "edit" || $input_errors)) { </div> <nav class="action-buttons"> - <a href="?act=new" class="btn btn-success btn-sm" usepost> + <a href="?act=new" class="btn btn-success btn-sm"> <i class="fa fa-plus icon-embed-btn"></i> <?=gettext("Add")?> </a> diff --git a/src/usr/local/www/system_camanager.php b/src/usr/local/www/system_camanager.php index f46ba7e..dbcbd6d 100644 --- a/src/usr/local/www/system_camanager.php +++ b/src/usr/local/www/system_camanager.php @@ -38,8 +38,8 @@ $ca_methods = array( $ca_keylens = array("512", "1024", "2048", "3072", "4096", "7680", "8192", "15360", "16384"); $openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512", "whirlpool"); -if (isset($_POST['id']) && is_numericint($_POST['id'])) { - $id = $_POST['id']; +if (isset($_REQUEST['id']) && is_numericint($_REQUEST['id'])) { + $id = $_REQUEST['id']; } if (!is_array($config['ca'])) { @@ -60,11 +60,11 @@ if (!is_array($config['crl'])) { $a_crl =& $config['crl']; -if ($_POST['act']) { - $act = $_POST['act']; +if ($_REQUEST['act']) { + $act = $_REQUEST['act']; } -if ($act == "del") { +if ($_POST['act'] == "del") { if (!isset($a_ca[$id])) { pfSenseHeader("system_camanager.php"); @@ -153,7 +153,7 @@ if ($act == "expkey") { exit; } -if ($_POST && ($_POST['save'] == 'Save')) { +if ($_POST['save'] == 'Save') { unset($input_errors); $input_errors = array(); @@ -426,10 +426,10 @@ foreach ($a_ca as $i => $ca): <?php endif?> </td> <td class="text-nowrap"> - <a class="fa fa-pencil" title="<?=gettext("Edit CA")?>" href="system_camanager.php?act=edit&id=<?=$i?>" usepost></a> - <a class="fa fa-certificate" title="<?=gettext("Export CA")?>" href="system_camanager.php?act=exp&id=<?=$i?>" usepost></a> + <a class="fa fa-pencil" title="<?=gettext("Edit CA")?>" href="system_camanager.php?act=edit&id=<?=$i?>"></a> + <a class="fa fa-certificate" title="<?=gettext("Export CA")?>" href="system_camanager.php?act=exp&id=<?=$i?>"></a> <?php if ($ca['prv']): ?> - <a class="fa fa-key" title="<?=gettext("Export key")?>" href="system_camanager.php?act=expkey&id=<?=$i?>" usepost></a> + <a class="fa fa-key" title="<?=gettext("Export key")?>" href="system_camanager.php?act=expkey&id=<?=$i?>"></a> <?php endif?> <?php if (!ca_in_use($ca['refid'])): ?> <a class="fa fa-trash" title="<?=gettext("Delete CA and its CRLs")?>" href="system_camanager.php?act=del&id=<?=$i?>" usepost ></a> @@ -444,7 +444,7 @@ foreach ($a_ca as $i => $ca): </div> <nav class="action-buttons"> - <a href="?act=new" class="btn btn-success btn-sm" usepost> + <a href="?act=new" class="btn btn-success btn-sm"> <i class="fa fa-plus icon-embed-btn"></i> <?=gettext("Add")?> </a> diff --git a/src/usr/local/www/system_certmanager.php b/src/usr/local/www/system_certmanager.php index 2f43ab0..5a55af4 100644 --- a/src/usr/local/www/system_certmanager.php +++ b/src/usr/local/www/system_certmanager.php @@ -44,8 +44,8 @@ $cert_types = array( $altname_types = array("DNS", "IP", "email", "URI"); $openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512", "whirlpool"); -if (isset($_POST['userid']) && is_numericint($_POST['userid'])) { - $userid = $_POST['userid']; +if (isset($_REQUEST['userid']) && is_numericint(REQUEST['userid'])) { + $userid = $_REQUEST['userid']; } if (isset($userid)) { @@ -56,8 +56,8 @@ if (isset($userid)) { $a_user =& $config['system']['user']; } -if (isset($_POST['id']) && is_numericint($_POST['id'])) { - $id = $_POST['id']; +if (isset($_REQUEST['id']) && is_numericint($_REQUEST['id'])) { + $id = $_REQUEST['id']; } if (!is_array($config['ca'])) { @@ -79,10 +79,10 @@ foreach ($a_ca as $ca) { } } -$act = $_POST['act']; +$act = $_REQUEST['act']; -if ($act == "del") { +if ($_POST['act'] == "del") { if (!isset($a_cert[$id])) { pfSenseHeader("system_certmanager.php"); @@ -200,7 +200,7 @@ if ($act == "csr") { $pconfig['csr'] = base64_decode($a_cert[$id]['csr']); } -if ($_POST['save'] == "Save") { +if ($_POST['save']) { // This is just the blank alternate name that is added for display purposes. We don't want to validate/save it if ($_POST['altname_value0'] == "") { unset($_POST['altname_type0']); @@ -1057,13 +1057,13 @@ foreach ($a_cert as $i => $cert): </td> <td> <?php if (!$cert['csr']): ?> - <a href="system_certmanager.php?act=exp&id=<?=$i?>" class="fa fa-certificate" title="<?=gettext("Export Certificate")?>" usepost></a> - <a href="system_certmanager.php?act=key&id=<?=$i?>" class="fa fa-key" title="<?=gettext("Export Key")?>" usepost></a> - <a href="system_certmanager.php?act=p12&id=<?=$i?>" class="fa fa-archive" title="<?=gettext("Export P12")?>" usepost></a> + <a href="system_certmanager.php?act=exp&id=<?=$i?>" class="fa fa-certificate" title="<?=gettext("Export Certificate")?>"></a> + <a href="system_certmanager.php?act=key&id=<?=$i?>" class="fa fa-key" title="<?=gettext("Export Key")?>"></a> + <a href="system_certmanager.php?act=p12&id=<?=$i?>" class="fa fa-archive" title="<?=gettext("Export P12")?>"></a> <?php else: ?> - <a href="system_certmanager.php?act=csr&id=<?=$i?>" class="fa fa-pencil" title="<?=gettext("Update CSR")?>" usep></a> - <a href="system_certmanager.php?act=req&id=<?=$i?>" class="fa fa-sign-in" title="<?=gettext("Export Request")?>" usepost></a> - <a href="system_certmanager.php?act=key&id=<?=$i?>" class="fa fa-key" title="<?=gettext("Export Key")?>" usepost></a> + <a href="system_certmanager.php?act=csr&id=<?=$i?>" class="fa fa-pencil" title="<?=gettext("Update CSR")?>"></a> + <a href="system_certmanager.php?act=req&id=<?=$i?>" class="fa fa-sign-in" title="<?=gettext("Export Request")?>"></a> + <a href="system_certmanager.php?act=key&id=<?=$i?>" class="fa fa-key" title="<?=gettext("Export Key")?>"></a> <?php endif?> <?php if (!cert_in_use($cert['refid'])): ?> <a href="system_certmanager.php?act=del&id=<?=$i?>" class="fa fa-trash" title="<?=gettext("Delete Certificate")?>" usepost></a> @@ -1080,7 +1080,7 @@ foreach ($a_cert as $i => $cert): </div> <nav class="action-buttons"> - <a href="?act=new" class="btn btn-success btn-sm" usepost> + <a href="?act=new" class="btn btn-success btn-sm"> <i class="fa fa-plus icon-embed-btn"></i> <?=gettext("Add")?> </a> diff --git a/src/usr/local/www/system_crlmanager.php b/src/usr/local/www/system_crlmanager.php index 2dd7815..9cb7f20 100644 --- a/src/usr/local/www/system_crlmanager.php +++ b/src/usr/local/www/system_crlmanager.php @@ -37,8 +37,8 @@ $crl_methods = array( "internal" => gettext("Create an internal Certificate Revocation List"), "existing" => gettext("Import an existing Certificate Revocation List")); -if (isset($_POST['id']) && ctype_alnum($_POST['id'])) { - $id = $_POST['id']; +if (isset($_REQUEST['id']) && ctype_alnum($_REQUEST['id'])) { + $id = $_REQUEST['id']; } if (!is_array($config['ca'])) { @@ -65,7 +65,7 @@ foreach ($a_crl as $cid => $acrl) { } } -$act = $_POST['act']; +$act = $_REQUEST['act']; if (!empty($id)) { @@ -80,7 +80,7 @@ if (!$thiscrl && (($act != "") && ($act != "new"))) { $class = "danger"; } -if ($act == "del") { +if ($_POST['act'] == "del") { $name = htmlspecialchars($thiscrl['descr']); if (crl_in_use($id)) { $savemsg = sprintf(gettext("Certificate Revocation List %s is in use and cannot be deleted."), $name); @@ -98,8 +98,8 @@ if ($act == "del") { } if ($act == "new") { - $pconfig['method'] = $_POST['method']; - $pconfig['caref'] = $_POST['caref']; + $pconfig['method'] = $_REQUEST['method']; + $pconfig['caref'] = $_REQUEST['caref']; $pconfig['lifetime'] = "9999"; $pconfig['serial'] = "0"; } @@ -120,7 +120,7 @@ if ($act == "exp") { if ($act == "addcert") { unset($input_errors); - $pconfig = $_POST; + $pconfig = $_REQUEST; if (!$pconfig['crlref'] || !$pconfig['certref']) { pfSenseHeader("system_crlmanager.php"); @@ -161,7 +161,7 @@ if ($act == "delcert") { } $found = false; foreach ($thiscrl['cert'] as $acert) { - if ($acert['refid'] == $_POST['certref']) { + if ($acert['refid'] == $_REQUEST['certref']) { $found = true; $thiscert = $acert; } @@ -607,14 +607,14 @@ if ($act == "new" || $act == gettext("Save") || $input_errors) { <?php if ($cainternal == "YES"): ?> - <a href="system_crlmanager.php?act=new&caref=<?=$ca['refid']; ?>" class="btn btn-xs btn-success" usepost> + <a href="system_crlmanager.php?act=new&caref=<?=$ca['refid']; ?>" class="btn btn-xs btn-success"> <i class="fa fa-plus icon-embed-btn"></i> <?=gettext("Add or Import CRL")?> </a> <?php else: ?> - <a href="system_crlmanager.php?act=new&caref=<?=$ca['refid']; ?>&importonly=yes" class="btn btn-xs btn-success" usepost> + <a href="system_crlmanager.php?act=new&caref=<?=$ca['refid']; ?>&importonly=yes" class="btn btn-xs btn-success"> <i class="fa fa-plus icon-embed-btn"></i> <?=gettext("Add or Import CRL")?> </a> @@ -636,14 +636,14 @@ if ($act == "new" || $act == gettext("Save") || $input_errors) { <td><?=($internal) ? count($tmpcrl['cert']) : "Unknown (imported)"; ?></td> <td><i class="fa fa-<?=($inuse) ? "check" : "times"; ?>"></i></td> <td> - <a href="system_crlmanager.php?act=exp&id=<?=$tmpcrl['refid']?>" class="fa fa-download" title="<?=gettext("Export CRL")?>" usepost></a> + <a href="system_crlmanager.php?act=exp&id=<?=$tmpcrl['refid']?>" class="fa fa-download" title="<?=gettext("Export CRL")?>" ></a> <?php if ($internal): ?> - <a href="system_crlmanager.php?act=edit&id=<?=$tmpcrl['refid']?>" class="fa fa-pencil" title="<?=gettext("Edit CRL")?>" usepost></a> + <a href="system_crlmanager.php?act=edit&id=<?=$tmpcrl['refid']?>" class="fa fa-pencil" title="<?=gettext("Edit CRL")?>"></a> <?php else: ?> - <a href="system_crlmanager.php?act=editimported&id=<?=$tmpcrl['refid']?>" class="fa fa-pencil" title="<?=gettext("Edit CRL")?>" usepost></a> + <a href="system_crlmanager.php?act=editimported&id=<?=$tmpcrl['refid']?>" class="fa fa-pencil" title="<?=gettext("Edit CRL")?>"></a> <?php endif; if (!$inuse): ?> diff --git a/src/usr/local/www/system_gateway_groups.php b/src/usr/local/www/system_gateway_groups.php index 3a8f447..d91626c 100644 --- a/src/usr/local/www/system_gateway_groups.php +++ b/src/usr/local/www/system_gateway_groups.php @@ -41,29 +41,28 @@ $a_gateway_groups = &$config['gateways']['gateway_group']; $a_gateways = &$config['gateways']['gateway_item']; $changedesc = gettext("Gateway Groups") . ": "; -if ($_POST) { - $pconfig = $_POST; - if ($_POST['apply']) { +$pconfig = $_REQUEST; - $retval = 0; +if ($_POST['apply']) { - $retval |= system_routing_configure(); - send_multiple_events(array("service reload dyndnsall", "service reload ipsecdns", "filter reload")); + $retval = 0; - /* reconfigure our gateway monitor */ - setup_gateways_monitor(); + $retval |= system_routing_configure(); + send_multiple_events(array("service reload dyndnsall", "service reload ipsecdns", "filter reload")); - if ($retval == 0) { - clear_subsystem_dirty('staticroutes'); - } + /* reconfigure our gateway monitor */ + setup_gateways_monitor(); - foreach ($a_gateway_groups as $gateway_group) { - $gw_subsystem = 'gwgroup.' . $gateway_group['name']; - if (is_subsystem_dirty($gw_subsystem)) { - openvpn_resync_gwgroup($gateway_group['name']); - clear_subsystem_dirty($gw_subsystem); - } + if ($retval == 0) { + clear_subsystem_dirty('staticroutes'); + } + + foreach ($a_gateway_groups as $gateway_group) { + $gw_subsystem = 'gwgroup.' . $gateway_group['name']; + if (is_subsystem_dirty($gw_subsystem)) { + openvpn_resync_gwgroup($gateway_group['name']); + clear_subsystem_dirty($gw_subsystem); } } } @@ -72,7 +71,7 @@ if ($_POST['act'] == "del") { if ($a_gateway_groups[$_POST['id']]) { $changedesc .= sprintf(gettext("removed gateway group %s"), $_POST['id']); foreach ($config['filter']['rule'] as $idx => $rule) { - if ($rule['gateway'] == $a_gateway_groups[$_POST['id']]['name']) { + if ($rule['gateway'] == $a_gateway_groups[$_REQUEST['id']]['name']) { unset($config['filter']['rule'][$idx]['gateway']); } } @@ -166,8 +165,8 @@ foreach ($a_gateway_groups as $gateway_group): <?=htmlspecialchars($gateway_group['descr'])?> </td> <td> - <a href="system_gateway_groups_edit.php?id=<?=$i?>" class="fa fa-pencil" title="<?=gettext('Edit gateway group')?>" usepost></a> - <a href="system_gateway_groups_edit.php?dup=<?=$i?>" class="fa fa-clone" title="<?=gettext('Copy gateway group')?>" usepost></a> + <a href="system_gateway_groups_edit.php?id=<?=$i?>" class="fa fa-pencil" title="<?=gettext('Edit gateway group')?>"></a> + <a href="system_gateway_groups_edit.php?dup=<?=$i?>" class="fa fa-clone" title="<?=gettext('Copy gateway group')?>"></a> <a href="system_gateway_groups.php?act=del&id=<?=$i?>" class="fa fa-trash" title="<?=gettext('Delete gateway group')?>" usepost></a> </td> </tr> @@ -182,7 +181,7 @@ endforeach; </div> <nav class="action-buttons"> - <a href="system_gateway_groups_edit.php" class="btn btn-success btn-sm" usepost> + <a href="system_gateway_groups_edit.php" class="btn btn-success btn-sm"> <i class="fa fa-plus icon-embed-btn"></i> <?=gettext('Add')?> </a> diff --git a/src/usr/local/www/system_gateway_groups_edit.php b/src/usr/local/www/system_gateway_groups_edit.php index 5e3c18a..f1baf02 100644 --- a/src/usr/local/www/system_gateway_groups_edit.php +++ b/src/usr/local/www/system_gateway_groups_edit.php @@ -44,12 +44,12 @@ $categories = array( 'downlatency' => gettext("High Latency"), 'downlosslatency' => gettext("Packet Loss or High Latency")); -if (isset($_POST['id']) && is_numericint($_POST['id'])) { - $id = $_POST['id']; +if (isset($_REQUEST['id']) && is_numericint($_REQUEST['id'])) { + $id = $_REQUEST['id']; } -if (isset($_POST['dup']) && is_numericint($_POST['dup'])) { - $id = $_POST['dup']; +if (isset($_REQUEST['dup']) && is_numericint($_REQUEST['dup'])) { + $id = $_REQUEST['dup']; } if (isset($id) && $a_gateway_groups[$id]) { @@ -59,7 +59,7 @@ if (isset($id) && $a_gateway_groups[$id]) { $pconfig['trigger'] = $a_gateway_groups[$id]['trigger']; } -if (isset($_POST['dup']) && is_numericint($_POST['dup'])) { +if (isset($_REQUEST['dup']) && is_numericint($_REQUEST['dup'])) { unset($id); } diff --git a/src/usr/local/www/system_gateways.php b/src/usr/local/www/system_gateways.php index 89c8923..62b350a 100644 --- a/src/usr/local/www/system_gateways.php +++ b/src/usr/local/www/system_gateways.php @@ -45,28 +45,26 @@ if (!is_array($config['gateways']['gateway_item'])) { $a_gateway_item = &$config['gateways']['gateway_item']; -if ($_POST) { +$pconfig = $_REQUEST; - $pconfig = $_POST; - - if ($_POST['apply']) { +if ($_POST['apply']) { - $retval = 0; + $retval = 0; - $retval |= system_routing_configure(); - $retval |= system_resolvconf_generate(); - $retval |= filter_configure(); - /* reconfigure our gateway monitor */ - setup_gateways_monitor(); - /* Dynamic DNS on gw groups may have changed */ - send_event("service reload dyndnsall"); + $retval |= system_routing_configure(); + $retval |= system_resolvconf_generate(); + $retval |= filter_configure(); + /* reconfigure our gateway monitor */ + setup_gateways_monitor(); + /* Dynamic DNS on gw groups may have changed */ + send_event("service reload dyndnsall"); - if ($retval == 0) { - clear_subsystem_dirty('staticroutes'); - } + if ($retval == 0) { + clear_subsystem_dirty('staticroutes'); } } + function can_delete_disable_gateway_item($id, $disable = false) { global $config, $input_errors, $a_gateways; @@ -154,10 +152,10 @@ function delete_gateway_item($id) { } unset($input_errors); -if ($_POST['act'] == "del") { - if (can_delete_disable_gateway_item($_POST['id'])) { - $realid = $a_gateways[$_POST['id']]['attribute']; - delete_gateway_item($_POST['id']); +if ($_REQUEST['act'] == "del") { + if (can_delete_disable_gateway_item($_REQUEST['id'])) { + $realid = $a_gateways[$_REQUEST['id']]['attribute']; + delete_gateway_item($_REQUEST['id']); write_config("Gateways: removed gateway {$realid}"); mark_subsystem_dirty('staticroutes'); header("Location: system_gateways.php"); @@ -165,10 +163,10 @@ if ($_POST['act'] == "del") { } } -if (isset($_POST['del_x'])) { +if (isset($_REQUEST['del_x'])) { /* delete selected items */ - if (is_array($_POST['rule']) && count($_POST['rule'])) { - foreach ($_POST['rule'] as $rulei) { + if (is_array($_REQUEST['rule']) && count($_REQUEST['rule'])) { + foreach ($_REQUEST['rule'] as $rulei) { if (!can_delete_disable_gateway_item($rulei)) { break; } @@ -176,7 +174,7 @@ if (isset($_POST['del_x'])) { if (!isset($input_errors)) { $items_deleted = ""; - foreach ($_POST['rule'] as $rulei) { + foreach ($_REQUEST['rule'] as $rulei) { delete_gateway_item($rulei); $items_deleted .= "{$rulei} "; } @@ -189,12 +187,12 @@ if (isset($_POST['del_x'])) { } } -} else if ($_POST['act'] == "toggle" && $a_gateways[$_POST['id']]) { - $realid = $a_gateways[$_POST['id']]['attribute']; +} else if ($_REQUEST['act'] == "toggle" && $a_gateways[$_REQUEST['id']]) { + $realid = $a_gateways[$_REQUEST['id']]['attribute']; $disable_gw = !isset($a_gateway_item[$realid]['disabled']); if ($disable_gw) { // The user wants to disable the gateway, so check if that is OK. - $ok_to_toggle = can_delete_disable_gateway_item($_POST['id'], $disable_gw); + $ok_to_toggle = can_delete_disable_gateway_item($_REQUEST['id'], $disable_gw); } else { // The user wants to enable the gateway. That is always OK. $ok_to_toggle = true; @@ -302,8 +300,8 @@ foreach ($a_gateways as $i => $gateway): <?=htmlspecialchars($gateway['descr'])?> </td> <td> - <a href="system_gateways_edit.php?id=<?=$i?>" class="fa fa-pencil" title="<?=gettext('Edit gateway');?>" usepost></a> - <a href="system_gateways_edit.php?dup=<?=$i?>" class="fa fa-clone" title="<?=gettext('Copy gateway')?>" usepost></a> + <a href="system_gateways_edit.php?id=<?=$i?>" class="fa fa-pencil" title="<?=gettext('Edit gateway');?>"></a> + <a href="system_gateways_edit.php?dup=<?=$i?>" class="fa fa-clone" title="<?=gettext('Copy gateway')?>"></a> <?php if (is_numeric($gateway['attribute'])): ?> <?php if (isset($gateway['disabled'])) { @@ -327,7 +325,7 @@ foreach ($a_gateways as $i => $gateway): </div> <nav class="action-buttons"> - <a href="system_gateways_edit.php" role="button" class="btn btn-success" usepost> + <a href="system_gateways_edit.php" role="button" class="btn btn-success"> <i class="fa fa-plus icon-embed-btn"></i> <?=gettext("Add");?> </a> diff --git a/src/usr/local/www/system_gateways_edit.php b/src/usr/local/www/system_gateways_edit.php index c18b471..6c3f46f 100644 --- a/src/usr/local/www/system_gateways_edit.php +++ b/src/usr/local/www/system_gateways_edit.php @@ -49,12 +49,12 @@ if (!is_array($config['gateways']['gateway_item'])) { $a_gateway_item = &$config['gateways']['gateway_item']; $dpinger_default = return_dpinger_defaults(); -if (is_numericint($_POST['id'])) { - $id = $_POST['id']; +if (is_numericint($_REQUEST['id'])) { + $id = $_REQUEST['id']; } -if (isset($_POST['dup']) && is_numericint($_POST['dup'])) { - $id = $_POST['dup']; +if (isset($_REQUEST['dup']) && is_numericint($_REQUEST['dup'])) { + $id = $_REQUEST['dup']; } if (isset($id) && $a_gateways[$id]) { @@ -88,7 +88,7 @@ if (isset($id) && $a_gateways[$id]) { $pconfig['disabled'] = isset($a_gateways[$id]['disabled']); } -if (isset($_POST['dup']) && is_numericint($_POST['dup'])) { +if (isset($_REQUEST['dup']) && is_numericint($_REQUEST['dup'])) { unset($id); unset($pconfig['attribute']); } diff --git a/src/usr/local/www/system_groupmanager.php b/src/usr/local/www/system_groupmanager.php index 43bd653..11d2cf9 100644 --- a/src/usr/local/www/system_groupmanager.php +++ b/src/usr/local/www/system_groupmanager.php @@ -42,8 +42,8 @@ if (!is_array($config['system']['group'])) { $a_group = &$config['system']['group']; unset($id); -$id = $_POST['groupid']; -$act = (isset($_POST['act']) ? $_POST['act'] : ''); +$id = $_REQUEST['groupid']; +$act = (isset($_REQUEST['act']) ? $_REQUEST['act'] : ''); function cpusercmp($a, $b) { return strcasecmp($a['name'], $b['name']); @@ -59,9 +59,9 @@ function admin_groups_sort() { usort($a_group, "cpusercmp"); } -if ($act == "delgroup") { +if ($_POST['act'] == "delgroup") { - if (!isset($id) || !isset($_POST['groupname']) || !isset($a_group[$id]) || ($_POST['groupname'] != $a_group[$id]['name'])) { + if (!isset($id) || !isset($_REQUEST['groupname']) || !isset($a_group[$id]) || ($_REQUEST['groupname'] != $a_group[$id]['name'])) { pfSenseHeader("system_groupmanager.php"); exit; } @@ -73,15 +73,15 @@ if ($act == "delgroup") { $savemsg = sprintf(gettext("Group %s successfully deleted."), $groupdeleted); } -if ($act == "delpriv") { +if ($_POST['act'] == "delpriv") { if (!isset($id) || !isset($a_group[$id])) { pfSenseHeader("system_groupmanager.php"); exit; } - $privdeleted = $priv_list[$a_group[$id]['priv'][$_POST['privid']]]['name']; - unset($a_group[$id]['priv'][$_POST['privid']]); + $privdeleted = $priv_list[$a_group[$id]['priv'][$_REQUEST['privid']]]['name']; + unset($a_group[$id]['priv'][$_REQUEST['privid']]); if (is_array($a_group[$id]['member'])) { foreach ($a_group[$id]['member'] as $uid) { @@ -259,7 +259,7 @@ function build_priv_table() { $privhtml .= '</div>'; $privhtml .= '<nav class="action-buttons">'; - $privhtml .= '<a href="system_groupmanager_addprivs.php?groupid=' . $id . '" class="btn btn-success" usepost><i class="fa fa-plus icon-embed-btn"></i>' . gettext("Add") . '</a>'; + $privhtml .= '<a href="system_groupmanager_addprivs.php?groupid=' . $id . '" class="btn btn-success"><i class="fa fa-plus icon-embed-btn"></i>' . gettext("Add") . '</a>'; $privhtml .= '</nav>'; return($privhtml); @@ -290,7 +290,7 @@ $tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.ph $tab_array[] = array(gettext("Authentication Servers"), false, "system_authservers.php"); display_top_tabs($tab_array); -if (!($_POST['act'] == "new" || $_POST['act'] == "edit")) { +if (!($act == "new" || $act == "edit")) { ?> <div class="panel panel-default"> <div class="panel-heading"><h2 class="panel-title"><?=gettext('Groups')?></h2></div> @@ -325,7 +325,7 @@ if (!($_POST['act'] == "new" || $_POST['act'] == "edit")) { <?=$groupcount?> </td> <td> - <a class="fa fa-pencil" title="<?=gettext("Edit group"); ?>" href="?act=edit&groupid=<?=$i?>" usepost></a> + <a class="fa fa-pencil" title="<?=gettext("Edit group"); ?>" href="?act=edit&groupid=<?=$i?>"></a> <?php if ($group['scope'] != "system"): ?> <a class="fa fa-trash" title="<?=gettext("Delete group")?>" href="?act=delgroup&groupid=<?=$i?>&groupname=<?=$group['name']?>" usepost></a> <?php endif;?> @@ -341,7 +341,7 @@ if (!($_POST['act'] == "new" || $_POST['act'] == "edit")) { </div> <nav class="action-buttons"> - <a href="?act=new" class="btn btn-success btn-sm" usepost> + <a href="?act=new" class="btn btn-success btn-sm"> <i class="fa fa-plus icon-embed-btn"></i> <?=gettext("Add")?> </a> diff --git a/src/usr/local/www/system_groupmanager_addprivs.php b/src/usr/local/www/system_groupmanager_addprivs.php index b19739b..3aec82b 100644 --- a/src/usr/local/www/system_groupmanager_addprivs.php +++ b/src/usr/local/www/system_groupmanager_addprivs.php @@ -34,7 +34,7 @@ require_once("guiconfig.inc"); -$groupid = $_POST['groupid']; +$groupid = $_REQUEST['groupid']; $pgtitle = array(gettext("System"), gettext("User Manager"), gettext("Groups"), gettext("Edit"), gettext("Add Privileges")); $pglinks = array("", "system_usermanager.php", "system_groupmanager.php", "system_groupmanager.php?act=edit&groupid=" . $groupid, "@self"); diff --git a/src/usr/local/www/system_routes.php b/src/usr/local/www/system_routes.php index 070e13d..c04cca3 100644 --- a/src/usr/local/www/system_routes.php +++ b/src/usr/local/www/system_routes.php @@ -125,7 +125,9 @@ if (isset($_POST['del_x'])) { exit; } -} else if ($_POST['act'] == "toggle") { +} + +if ($_POST['act'] == "toggle") { if ($a_routes[$_POST['id']]) { $do_update_config = true; if (isset($a_routes[$_POST['id']]['disabled'])) { @@ -151,7 +153,9 @@ if (isset($_POST['del_x'])) { exit; } } -} else { +} + +if($_POST['save']) { /* yuck - IE won't send value attributes for image buttons, while Mozilla does - so we use .x/.y to find move button clicks instead... */ unset($movebtn); foreach ($_POST as $pn => $pd) { @@ -266,9 +270,9 @@ foreach ($a_routes as $i => $route): <?=htmlspecialchars($route['descr'])?> </td> <td> - <a href="system_routes_edit.php?id=<?=$i?>" class="fa fa-pencil" title="<?=gettext('Edit route')?>" usepost></a> + <a href="system_routes_edit.php?id=<?=$i?>" class="fa fa-pencil" title="<?=gettext('Edit route')?>"></a> - <a href="system_routes_edit.php?dup=<?=$i?>" class="fa fa-clone" title="<?=gettext('Copy route')?>" usepost></a> + <a href="system_routes_edit.php?dup=<?=$i?>" class="fa fa-clone" title="<?=gettext('Copy route')?>"></a> <?php if (isset($route['disabled'])) { ?> @@ -289,7 +293,7 @@ foreach ($a_routes as $i => $route): </div> <nav class="action-buttons"> - <a href="system_routes_edit.php" role="button" class="btn btn-success btn-sm" usepost> + <a href="system_routes_edit.php" role="button" class="btn btn-success btn-sm"> <i class="fa fa-plus icon-embed-btn"></i> <?=gettext("Add")?> </a> diff --git a/src/usr/local/www/system_routes_edit.php b/src/usr/local/www/system_routes_edit.php index f650085..45b26c1 100644 --- a/src/usr/local/www/system_routes_edit.php +++ b/src/usr/local/www/system_routes_edit.php @@ -44,10 +44,10 @@ if (!is_array($config['staticroutes']['route'])) { $a_routes = &$config['staticroutes']['route']; $a_gateways = return_gateways_array(true, true); -$id = $_POST['id']; +$id = $_REQUEST['id']; -if (isset($_POST['dup']) && is_numericint($_POST['dup'])) { - $id = $_POST['dup']; +if (isset($_REQUEST['dup']) && is_numericint($_REQUEST['dup'])) { + $id = $_REQUEST['dup']; } if (isset($id) && $a_routes[$id]) { @@ -58,7 +58,7 @@ if (isset($id) && $a_routes[$id]) { $pconfig['disabled'] = isset($a_routes[$id]['disabled']); } -if (isset($_POST['dup']) && is_numericint($_POST['dup'])) { +if (isset($_REQUEST['dup']) && is_numericint($_REQUEST['dup'])) { unset($id); } diff --git a/src/usr/local/www/system_usermanager.php b/src/usr/local/www/system_usermanager.php index a67d051..28f8045 100644 --- a/src/usr/local/www/system_usermanager.php +++ b/src/usr/local/www/system_usermanager.php @@ -37,8 +37,8 @@ require_once("certs.inc"); require_once("guiconfig.inc"); // start admin user code -if (isset($_POST['userid']) && is_numericint($_POST['userid'])) { - $id = $_POST['userid']; +if (isset($_REQUEST['userid']) && is_numericint($_REQUEST['userid'])) { + $id = $_REQUEST['userid']; } if (!isset($config['system']['user']) || !is_array($config['system']['user'])) { @@ -46,7 +46,7 @@ if (!isset($config['system']['user']) || !is_array($config['system']['user'])) { } $a_user = &$config['system']['user']; -$act = $_POST['act']; +$act = $_REQUEST['act']; if (isset($_SERVER['HTTP_REFERER'])) { $referer = $_SERVER['HTTP_REFERER']; @@ -487,7 +487,7 @@ function build_priv_table() { $privhtml .= '</div>'; $privhtml .= '<nav class="action-buttons">'; - $privhtml .= '<a href="system_usermanager_addprivs.php?userid=' . $id . '" class="btn btn-success" usepost><i class="fa fa-plus icon-embed-btn"></i>' . gettext("Add") . '</a>'; + $privhtml .= '<a href="system_usermanager_addprivs.php?userid=' . $id . '" class="btn btn-success"><i class="fa fa-plus icon-embed-btn"></i>' . gettext("Add") . '</a>'; $privhtml .= '</nav>'; return($privhtml); @@ -533,7 +533,7 @@ function build_cert_table() { $certhtml .= '</div>'; $certhtml .= '<nav class="action-buttons">'; - $certhtml .= '<a href="system_certmanager.php?act=new&userid=' . $id . '" class="btn btn-success" usepost><i class="fa fa-plus icon-embed-btn"></i>' . gettext("Add") . '</a>'; + $certhtml .= '<a href="system_certmanager.php?act=new&userid=' . $id . '" class="btn btn-success"><i class="fa fa-plus icon-embed-btn"></i>' . gettext("Add") . '</a>'; $certhtml .= '</nav>'; return($certhtml); @@ -546,6 +546,7 @@ if ($act == "new" || $act == "edit" || $input_errors) { $pgtitle[] = gettext('Edit'); $pglinks[] = "@self"; } + include("head.inc"); if ($delete_errors) { @@ -608,7 +609,7 @@ foreach ($a_user as $i => $userent): <td><?php if (isset($userent['disabled'])) echo "*"?></td> <td><?=implode(",", local_user_get_groups($userent))?></td> <td> - <a class="fa fa-pencil" title="<?=gettext("Edit user"); ?>" href="?act=edit&userid=<?=$i?>" usepost></a> + <a class="fa fa-pencil" title="<?=gettext("Edit user"); ?>" href="?act=edit&userid=<?=$i?>"></a> <?php if (($userent['scope'] != "system") && ($userent['name'] != $_SESSION['Username'])): ?> <a class="fa fa-trash" title="<?=gettext("Delete user")?>" href="?act=deluser&userid=<?=$i?>&username=<?=$userent['name']?>" usepost></a> <?php endif; ?> @@ -621,7 +622,7 @@ foreach ($a_user as $i => $userent): </div> </div> <nav class="action-buttons"> - <a href="?act=new" class="btn btn-sm btn-success" usepost> + <a href="?act=new" class="btn btn-sm btn-success"> <i class="fa fa-plus icon-embed-btn"></i> <?=gettext("Add")?> </a> diff --git a/src/usr/local/www/system_usermanager_addprivs.php b/src/usr/local/www/system_usermanager_addprivs.php index dec52b6..21b077d 100644 --- a/src/usr/local/www/system_usermanager_addprivs.php +++ b/src/usr/local/www/system_usermanager_addprivs.php @@ -34,8 +34,8 @@ function admusercmp($a, $b) { require_once("guiconfig.inc"); -if (isset($_POST['userid']) && is_numericint($_POST['userid'])) { - $userid = $_POST['userid']; +if (isset($_REQUEST['userid']) && is_numericint($_REQUEST['userid'])) { + $userid = $_REQUEST['userid']; } $pgtitle = array(gettext("System"), gettext("User Manager"), gettext("Users"), gettext("Edit"), gettext("Add Privileges")); |
