diff options
author | Steve Beaver <sbeaver@netgate.com> | 2017-02-13 10:47:47 -0500 |
---|---|---|
committer | Steve Beaver <sbeaver@netgate.com> | 2017-02-13 10:48:25 -0500 |
commit | 4611e283323f0eaf44bc4ded4ad4f7cf9d8cdbe1 (patch) | |
tree | 44a60f536cefad3d50cefccf780c98094e217d1a /src/usr/local/www/system_crlmanager.php | |
parent | ac4fe723a521e35a29fb55075cdfdb2230d74aa2 (diff) | |
download | pfsense-4611e283323f0eaf44bc4ded4ad4f7cf9d8cdbe1.zip pfsense-4611e283323f0eaf44bc4ded4ad4f7cf9d8cdbe1.tar.gz |
Revisions to GET/POST conversion limiting POSTs to save, apply, and delete functions
Diffstat (limited to 'src/usr/local/www/system_crlmanager.php')
-rw-r--r-- | src/usr/local/www/system_crlmanager.php | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/src/usr/local/www/system_crlmanager.php b/src/usr/local/www/system_crlmanager.php index 2dd7815..9cb7f20 100644 --- a/src/usr/local/www/system_crlmanager.php +++ b/src/usr/local/www/system_crlmanager.php @@ -37,8 +37,8 @@ $crl_methods = array( "internal" => gettext("Create an internal Certificate Revocation List"), "existing" => gettext("Import an existing Certificate Revocation List")); -if (isset($_POST['id']) && ctype_alnum($_POST['id'])) { - $id = $_POST['id']; +if (isset($_REQUEST['id']) && ctype_alnum($_REQUEST['id'])) { + $id = $_REQUEST['id']; } if (!is_array($config['ca'])) { @@ -65,7 +65,7 @@ foreach ($a_crl as $cid => $acrl) { } } -$act = $_POST['act']; +$act = $_REQUEST['act']; if (!empty($id)) { @@ -80,7 +80,7 @@ if (!$thiscrl && (($act != "") && ($act != "new"))) { $class = "danger"; } -if ($act == "del") { +if ($_POST['act'] == "del") { $name = htmlspecialchars($thiscrl['descr']); if (crl_in_use($id)) { $savemsg = sprintf(gettext("Certificate Revocation List %s is in use and cannot be deleted."), $name); @@ -98,8 +98,8 @@ if ($act == "del") { } if ($act == "new") { - $pconfig['method'] = $_POST['method']; - $pconfig['caref'] = $_POST['caref']; + $pconfig['method'] = $_REQUEST['method']; + $pconfig['caref'] = $_REQUEST['caref']; $pconfig['lifetime'] = "9999"; $pconfig['serial'] = "0"; } @@ -120,7 +120,7 @@ if ($act == "exp") { if ($act == "addcert") { unset($input_errors); - $pconfig = $_POST; + $pconfig = $_REQUEST; if (!$pconfig['crlref'] || !$pconfig['certref']) { pfSenseHeader("system_crlmanager.php"); @@ -161,7 +161,7 @@ if ($act == "delcert") { } $found = false; foreach ($thiscrl['cert'] as $acert) { - if ($acert['refid'] == $_POST['certref']) { + if ($acert['refid'] == $_REQUEST['certref']) { $found = true; $thiscert = $acert; } @@ -607,14 +607,14 @@ if ($act == "new" || $act == gettext("Save") || $input_errors) { <?php if ($cainternal == "YES"): ?> - <a href="system_crlmanager.php?act=new&caref=<?=$ca['refid']; ?>" class="btn btn-xs btn-success" usepost> + <a href="system_crlmanager.php?act=new&caref=<?=$ca['refid']; ?>" class="btn btn-xs btn-success"> <i class="fa fa-plus icon-embed-btn"></i> <?=gettext("Add or Import CRL")?> </a> <?php else: ?> - <a href="system_crlmanager.php?act=new&caref=<?=$ca['refid']; ?>&importonly=yes" class="btn btn-xs btn-success" usepost> + <a href="system_crlmanager.php?act=new&caref=<?=$ca['refid']; ?>&importonly=yes" class="btn btn-xs btn-success"> <i class="fa fa-plus icon-embed-btn"></i> <?=gettext("Add or Import CRL")?> </a> @@ -636,14 +636,14 @@ if ($act == "new" || $act == gettext("Save") || $input_errors) { <td><?=($internal) ? count($tmpcrl['cert']) : "Unknown (imported)"; ?></td> <td><i class="fa fa-<?=($inuse) ? "check" : "times"; ?>"></i></td> <td> - <a href="system_crlmanager.php?act=exp&id=<?=$tmpcrl['refid']?>" class="fa fa-download" title="<?=gettext("Export CRL")?>" usepost></a> + <a href="system_crlmanager.php?act=exp&id=<?=$tmpcrl['refid']?>" class="fa fa-download" title="<?=gettext("Export CRL")?>" ></a> <?php if ($internal): ?> - <a href="system_crlmanager.php?act=edit&id=<?=$tmpcrl['refid']?>" class="fa fa-pencil" title="<?=gettext("Edit CRL")?>" usepost></a> + <a href="system_crlmanager.php?act=edit&id=<?=$tmpcrl['refid']?>" class="fa fa-pencil" title="<?=gettext("Edit CRL")?>"></a> <?php else: ?> - <a href="system_crlmanager.php?act=editimported&id=<?=$tmpcrl['refid']?>" class="fa fa-pencil" title="<?=gettext("Edit CRL")?>" usepost></a> + <a href="system_crlmanager.php?act=editimported&id=<?=$tmpcrl['refid']?>" class="fa fa-pencil" title="<?=gettext("Edit CRL")?>"></a> <?php endif; if (!$inuse): ?> |