diff options
author | Steve Beaver <sbeaver@netgate.com> | 2017-02-14 15:33:13 -0500 |
---|---|---|
committer | Steve Beaver <sbeaver@netgate.com> | 2017-02-14 15:33:13 -0500 |
commit | 9f2bbdb44c5700384a37a9586d260492f14f7602 (patch) | |
tree | 89fb08a438d5db045de32f6e5b8e2fe153929983 /src/usr/local/www/services_captiveportal_hostname.php | |
parent | 13541a81e1173fc02af9af8ab7fe46df2a51007d (diff) | |
download | pfsense-9f2bbdb44c5700384a37a9586d260492f14f7602.zip pfsense-9f2bbdb44c5700384a37a9586d260492f14f7602.tar.gz |
GET/POST conversion
Diffstat (limited to 'src/usr/local/www/services_captiveportal_hostname.php')
-rw-r--r-- | src/usr/local/www/services_captiveportal_hostname.php | 17 |
1 files changed, 8 insertions, 9 deletions
diff --git a/src/usr/local/www/services_captiveportal_hostname.php b/src/usr/local/www/services_captiveportal_hostname.php index aee4a71..3c83a3c 100644 --- a/src/usr/local/www/services_captiveportal_hostname.php +++ b/src/usr/local/www/services_captiveportal_hostname.php @@ -40,10 +40,8 @@ require_once("filter.inc"); require_once("shaper.inc"); require_once("captiveportal.inc"); -$cpzone = $_GET['zone']; -if (isset($_POST['zone'])) { - $cpzone = $_POST['zone']; -} +$cpzone = $_REQUEST['zone']; + $cpzone = strtolower(htmlspecialchars($cpzone)); if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { @@ -54,6 +52,7 @@ if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { if (!is_array($config['captiveportal'])) { $config['captiveportal'] = array(); } + $a_cp =& $config['captiveportal']; if (isset($cpzone) && !empty($cpzone) && isset($a_cp[$cpzone]['zoneid'])) { @@ -64,10 +63,10 @@ $pgtitle = array(gettext("Services"), gettext("Captive Portal"), $a_cp[$cpzone][ $pglinks = array("", "services_captiveportal_zones.php", "services_captiveportal.php?zone=" . $cpzone, "@self"); $shortcut_section = "captiveportal"; -if ($_GET['act'] == "del" && !empty($cpzone) && isset($cpzoneid)) { +if ($_POST['act'] == "del" && !empty($cpzone) && isset($cpzoneid)) { $a_allowedhostnames =& $a_cp[$cpzone]['allowedhostname']; - if ($a_allowedhostnames[$_GET['id']]) { - $ipent = $a_allowedhostnames[$_GET['id']]; + if ($a_allowedhostnames[$_POST['id']]) { + $ipent = $a_allowedhostnames[$_POST['id']]; if (isset($a_cp[$cpzone]['enable'])) { if (is_ipaddr($ipent['hostname'])) { @@ -90,7 +89,7 @@ if ($_GET['act'] == "del" && !empty($cpzone) && isset($cpzoneid)) { } } - unset($a_allowedhostnames[$_GET['id']]); + unset($a_allowedhostnames[$_POST['id']]); write_config(); captiveportal_allowedhostname_configure(); header("Location: services_captiveportal_hostname.php?zone={$cpzone}"); @@ -134,7 +133,7 @@ foreach ($a_cp[$cpzone]['allowedhostname'] as $ip): ?> </td> <td> <a class="fa fa-pencil" title="<?=gettext("Edit hostname"); ?>" href="services_captiveportal_hostname_edit.php?zone=<?=$cpzone?>&id=<?=$i?>"></a> - <a class="fa fa-trash" title="<?=gettext("Delete hostname")?>" href="services_captiveportal_hostname.php?zone=<?=$cpzone?>&act=del&id=<?=$i?>"></a> + <a class="fa fa-trash" title="<?=gettext("Delete hostname")?>" href="services_captiveportal_hostname.php?zone=<?=$cpzone?>&act=del&id=<?=$i?>" usepost></a> </td> </tr> <?php |