diff options
author | Stephen Beaver <sbeaver@netgate.com> | 2015-10-03 14:48:55 -0400 |
---|---|---|
committer | Stephen Beaver <sbeaver@netgate.com> | 2015-10-03 14:48:55 -0400 |
commit | d42b970ed8fb67491bfbbda0bd44e6d3fa0ab95f (patch) | |
tree | 313210543fb4869b34317c66d90fe26d50a562bb /src/usr | |
parent | 44fad9cc86fb89f51466c8524c87ebf5cbd869a5 (diff) | |
download | pfsense-d42b970ed8fb67491bfbbda0bd44e6d3fa0ab95f.zip pfsense-d42b970ed8fb67491bfbbda0bd44e6d3fa0ab95f.tar.gz |
Converted interfaces_vlan.php from GET to POST for security
Added Bootstrap attributes to table
Diffstat (limited to 'src/usr')
-rw-r--r-- | src/usr/local/www/interfaces_vlan.php | 153 |
1 files changed, 99 insertions, 54 deletions
diff --git a/src/usr/local/www/interfaces_vlan.php b/src/usr/local/www/interfaces_vlan.php index d7a8ae2..bdd7898 100644 --- a/src/usr/local/www/interfaces_vlan.php +++ b/src/usr/local/www/interfaces_vlan.php @@ -2,33 +2,59 @@ /* $Id$ */ /* interfaces_vlan.php - part of m0n0wall (http://m0n0.ch/wall) - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2013-2015 Electric Sheep Fencing, LP - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. */ +/* ==================================================================== + * Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved. + * Copyright (c) 2004, 2005 Scott Ullrich + * Copyright (c) 2003-2004 Manuel Kasper <mk@neon1.net> + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgment: + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution. (http://www.pfsense.org/). + * + * 4. The names "pfSense" and "pfSense Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * coreteam@pfsense.org. + * + * 5. Products derived from this software may not be called "pfSense" + * nor may "pfSense" appear in their names without prior written + * permission of the Electric Sheep Fencing, LLC. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution (http://www.pfsense.org/). + * + * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + * ==================================================================== + * + */ /* pfSense_BUILDER_BINARIES: /sbin/ifconfig pfSense_MODULE: interfaces @@ -62,19 +88,19 @@ function vlan_inuse($num) { return false; } -if ($_GET['act'] == "del") { - if (!isset($_GET['id'])) { +if ($_POST['act'] == "del") { + if (!isset($_POST['id'])) { $input_errors[] = gettext("Wrong parameters supplied"); - } else if (empty($a_vlans[$_GET['id']])) { + } else if (empty($a_vlans[$_POST['id']])) { $input_errors[] = gettext("Wrong index supplied"); /* check if still in use */ - } else if (vlan_inuse($_GET['id'])) { + } else if (vlan_inuse($_POST['id'])) { $input_errors[] = gettext("This VLAN cannot be deleted because it is still being used as an interface."); } else { - if (does_interface_exist($a_vlans[$_GET['id']]['vlanif'])) { - pfSense_interface_destroy($a_vlans[$_GET['id']]['vlanif']); + if (does_interface_exist($a_vlans[$_POST['id']]['vlanif'])) { + pfSense_interface_destroy($a_vlans[$_POST['id']]['vlanif']); } - unset($a_vlans[$_GET['id']]); + unset($a_vlans[$_POST['id']]); write_config(); @@ -108,34 +134,53 @@ print_info_box(sprintf(gettext('NOTE: Not all drivers/NICs support 802.1Q '. 'tagging will still work, but the reduced MTU may cause problems.<br />See the '. '%s handbook for information on supported cards.'),$g['product_name'])); ?> -<div class="table-responsive"> - <table class="table"> - <tr> - <th><?=gettext('Interface');?></th> - <th><?=gettext('VLAN tag');?></th> - <th><?=gettext('Description');?></th> - </tr> +<form action="interfaces_vlan.php" method="post"> + <input id="act" type="hidden" name="act" value="" /> + <input id="id" type="hidden" name="id" value=""/> + + <div class="table-responsive"> + <table class="table table-striped table-hover table-condensed"> + <tr> + <th><?=gettext('Interface');?></th> + <th><?=gettext('VLAN tag');?></th> + <th><?=gettext('Description');?></th> + </tr> <?php $i = 0; foreach ($a_vlans as $vlan) { ?> - <tr> - <td><?=htmlspecialchars($vlan['if']);?></td> - <td><?=htmlspecialchars($vlan['tag']);?></td> - <td><?=htmlspecialchars($vlan['descr']);?></td> - <td> - <a class="btn btn-primary btn-xs" role="button" href="interfaces_vlan_edit.php?id=<?=$i?>"><?=gettext('Edit')?></a> - <a class="btn btn-danger btn-xs" role="button" href="interfaces_vlan.php?act=del&id=<?=$i?>"><?=gettext('Delete')?></a></td> - </td> - </tr> + <tr> + <td><?=htmlspecialchars($vlan['if']);?></td> + <td><?=htmlspecialchars($vlan['tag']);?></td> + <td><?=htmlspecialchars($vlan['descr']);?></td> + <td> + <a class="btn btn-primary btn-xs" role="button" href="interfaces_vlan_edit.php?id=<?=$i?>"><?=gettext('Edit')?></a> +<!-- <a class="btn btn-danger btn-xs" role="button" href="interfaces_vlan.php?act=del&id=<?=$i?>"><?=gettext('Delete')?></a></td> --> + <a class="btn btn-danger btn-xs" role="button" id="del-<?=$i?>"><?=gettext('Delete')?></a></td> + </td> + </tr> <?php $i++; } ?> - </table> - <nav class="action-buttons"> - <a class="btn btn-success" role="button" href="interfaces_vlan_edit.php"><?=gettext('Add VLAN'); ?></a> - </nav> -</div> + </table> + <nav class="action-buttons"> + <a class="btn btn-success" role="button" href="interfaces_vlan_edit.php"><?=gettext('Add VLAN'); ?></a> + </nav> + </div> +</form> + +<script> +//<![CDATA[ +events.push(function(){ + // Select 'delete button' clicks, extract the id, set the hidden input values and submit + $('[id^=del-]').click(function(event) { + $('#act').val('del'); + $('#id').val(this.id.replace("del-", "")); + $(this).parents('form').submit(); + }); +}); +//]]> +</script> <?php include("foot.inc"); |