GET/POST conversion vpn_ipsec*

author: Steve Beaver <sbeaver@netgate.com> 2017-02-10 12:22:50 -0500
committer: Steve Beaver <sbeaver@netgate.com> 2017-02-10 12:22:50 -0500
commit: 7603794b910e6f4bd8b76c71d89e818b7b1ac044 (patch)
tree: d1564a576fefe9d558e4aa2659d6f4ac142f2d02 /src
parent: 3312b65f74e3c18d22c0bb0f68c999036f12b275 (diff)
download: pfsense-7603794b910e6f4bd8b76c71d89e818b7b1ac044.zip
pfsense-7603794b910e6f4bd8b76c71d89e818b7b1ac044.tar.gz
5 files changed, 31 insertions, 33 deletions
diff --git a/src/usr/local/www/vpn_ipsec.php b/src/usr/local/www/vpn_ipsec.php
index 317571c..1b9fa16 100644
--- a/src/usr/local/www/vpn_ipsec.php
+++ b/src/usr/local/www/vpn_ipsec.php
@@ -350,9 +350,9 @@ if (is_subsystem_dirty('ipsec')) {
 						<td style="cursor: pointer;">
 <!--							<a	class="fa fa-anchor" id="Xmove_<?=$i?>" title="<?=gettext("Move checked entries to here")?>"></a> -->
 							<button style="display: none;" class="btn btn-default btn-xs" type="submit" id="move_<?=$i?>" name="move_<?=$i?>" value="move_<?=$i?>"><?=gettext("Move checked entries to here")?></button>
-							<a class="fa fa-pencil" href="vpn_ipsec_phase1.php?p1index=<?=$i?>" title="<?=gettext("Edit phase1 entry"); ?>"></a>
+							<a class="fa fa-pencil" href="vpn_ipsec_phase1.php?p1index=<?=$i?>" title="<?=gettext("Edit phase1 entry"); ?>" usepost></a>
 <?php if (!isset($ph1ent['mobile'])): ?>
-							<a class="fa fa-clone" href="vpn_ipsec_phase1.php?dup=<?=$i?>" title="<?=gettext("Copy phase1 entry"); ?>"></a>
+							<a class="fa fa-clone" href="vpn_ipsec_phase1.php?dup=<?=$i?>" title="<?=gettext("Copy phase1 entry"); ?>" usepost></a>
 <?php endif; ?>
 							<a	class="fa fa-trash no-confirm" id="Xdel_<?=$i?>" title="<?=gettext('Delete phase1 entry'); ?>"></a>
 							<button style="display: none;" class="btn btn-xs btn-warning" type="submit" id="del_<?=$i?>" name="del_<?=$i?>" value="del_<?=$i?>" title="<?=gettext('Delete phase1 entry'); ?>">delete</button>
@@ -472,8 +472,8 @@ if (is_subsystem_dirty('ipsec')) {
 											</td>
 											<td style="cursor: pointer;">
 <!--												<button class="fa fa-anchor button-icon" type="submit" name="movep2_<?=$j?>" value="movep2_<?=$j?>" title="<?=gettext("Move checked P2s here")?>"></button> -->
-												<a class="fa fa-pencil" href="vpn_ipsec_phase2.php?p2index=<?=$ph2ent['uniqid']?>" title="<?=gettext("Edit phase2 entry"); ?>"></a>
-												<a class="fa fa-clone" href="vpn_ipsec_phase2.php?dup=<?=$ph2ent['uniqid']?>" title="<?=gettext("Add a new Phase 2 based on this one"); ?>"></a>
+												<a class="fa fa-pencil" href="vpn_ipsec_phase2.php?p2index=<?=$ph2ent['uniqid']?>" title="<?=gettext("Edit phase2 entry"); ?>" usepost></a>
+												<a class="fa fa-clone" href="vpn_ipsec_phase2.php?dup=<?=$ph2ent['uniqid']?>" title="<?=gettext("Add a new Phase 2 based on this one"); ?>" usepost></a>
 												<a	class="fa fa-trash no-confirm" id="Xdelp2_<?=$ph2index?>" title="<?=gettext('Delete phase2 entry'); ?>"></a>
 												<button style="display: none;" class="btn btn-xs btn-warning" type="submit" id="delp2_<?=$ph2index?>" name="delp2_<?=$ph2index?>" value="delp2_<?=$ph2index?>" title="<?=gettext('delete phase2 entry'); ?>">delete</button>
 											</td>
@@ -482,7 +482,7 @@ if (is_subsystem_dirty('ipsec')) {
 										<tr>
 											<td></td>
 											<td>
-												<a class="btn btn-xs btn-success" href="vpn_ipsec_phase2.php?ikeid=<?=$ph1ent['ikeid']?><?php if (isset($ph1ent['mobile'])) echo "&amp;mobile=true"?>">
+												<a class="btn btn-xs btn-success" href="vpn_ipsec_phase2.php?ikeid=<?=$ph1ent['ikeid']?><?php if (isset($ph1ent['mobile'])) echo "&amp;mobile=true"?>" usepost>
 													<i class="fa fa-plus icon-embed-btn"></i>
 													<?=gettext("Add P2")?>
 												</a>
@@ -511,7 +511,7 @@ if (is_subsystem_dirty('ipsec')) {
 <?php endif;
 */
 ?>
-		<a href="vpn_ipsec_phase1.php" class="btn btn-success btn-sm">
+		<a href="vpn_ipsec_phase1.php" class="btn btn-success btn-sm"  usepost>
 			<i class="fa fa-plus icon-embed-btn"></i>
 			<?=gettext("Add P1")?>
 		</a>
diff --git a/src/usr/local/www/vpn_ipsec_keys.php b/src/usr/local/www/vpn_ipsec_keys.php
index 60113b9..39e2d36 100644
--- a/src/usr/local/www/vpn_ipsec_keys.php
+++ b/src/usr/local/www/vpn_ipsec_keys.php
@@ -59,9 +59,9 @@ if (isset($_POST['apply'])) {
 	}
 }
 
-if ($_GET['act'] == "del") {
-	if ($a_secret[$_GET['id']]) {
-		unset($a_secret[$_GET['id']]);
+if ($_POST['act'] == "del") {
+	if ($a_secret[$_POST['id']]) {
+		unset($a_secret[$_POST['id']]);
 		write_config(gettext("Deleted IPsec Pre-Shared Key"));
 		mark_subsystem_dirty('ipsec');
 		header("Location: vpn_ipsec_keys.php");
@@ -152,8 +152,8 @@ if (is_subsystem_dirty('ipsec')) {
 							<?=htmlspecialchars($secretent['pre-shared-key'])?>
 						</td>
 						<td>
-							<a class="fa fa-pencil"	title="<?=gettext('Edit key')?>" href="vpn_ipsec_keys_edit.php?id=<?=$i?>"></a>
-							<a class="fa fa-trash"	title="<?=gettext('Delete key')?>" href="vpn_ipsec_keys.php?act=del&amp;id=<?=$i?>"></a>
+							<a class="fa fa-pencil"	title="<?=gettext('Edit key')?>" href="vpn_ipsec_keys_edit.php?id=<?=$i?>" usepost></a>
+							<a class="fa fa-trash"	title="<?=gettext('Delete key')?>" href="vpn_ipsec_keys.php?act=del&amp;id=<?=$i?>" usepost></a>
 						</td>
 					</tr>
 <?php $i++; endforeach; ?>
@@ -164,7 +164,7 @@ if (is_subsystem_dirty('ipsec')) {
 </div>
 
 <nav class="action-buttons">
-	<a class="btn btn-success btn-sm" href="vpn_ipsec_keys_edit.php">
+	<a class="btn btn-success btn-sm" href="vpn_ipsec_keys_edit.php" usepost>
 		<i class="fa fa-plus icon-embed-btn"></i>
 		<?=gettext("Add")?>
 	</a>
diff --git a/src/usr/local/www/vpn_ipsec_keys_edit.php b/src/usr/local/www/vpn_ipsec_keys_edit.php
index c5c515c..bf6b24d 100644
--- a/src/usr/local/www/vpn_ipsec_keys_edit.php
+++ b/src/usr/local/www/vpn_ipsec_keys_edit.php
@@ -41,10 +41,7 @@ if (!is_array($config['ipsec']['mobilekey'])) {
 ipsec_mobilekey_sort();
 $a_secret = &$config['ipsec']['mobilekey'];
 
-if (is_numericint($_GET['id'])) {
-	$id = $_GET['id'];
-}
-if (isset($_POST['id']) && is_numericint($_POST['id'])) {
+if (is_numericint($_POST['id'])) {
 	$id = $_POST['id'];
 }
 
@@ -54,7 +51,7 @@ if (isset($id) && $a_secret[$id]) {
 	$pconfig['psk'] = $a_secret[$id]['pre-shared-key'];
 }
 
-if ($_POST) {
+if ($_POST['save']) {
 	$userids = array();
 	foreach ($config['system']['user'] as $uid => $user) {
 		$userids[$user['name']] = $uid;
diff --git a/src/usr/local/www/vpn_ipsec_phase1.php b/src/usr/local/www/vpn_ipsec_phase1.php
index ac823d9..bad3ae5 100644
--- a/src/usr/local/www/vpn_ipsec_phase1.php
+++ b/src/usr/local/www/vpn_ipsec_phase1.php
@@ -48,20 +48,20 @@ if (!is_array($config['ipsec']['phase2'])) {
 $a_phase1 = &$config['ipsec']['phase1'];
 $a_phase2 = &$config['ipsec']['phase2'];
 
-if (is_numericint($_GET['p1index'])) {
-	$p1index = $_GET['p1index'];
+if (is_numericint($_POST['p1index'])) {
+	$p1index = $_POST['p1index'];
 }
 if (isset($_POST['p1index']) && is_numericint($_POST['p1index'])) {
 	$p1index = $_POST['p1index'];
 }
 
-if (isset($_GET['dup']) && is_numericint($_GET['dup'])) {
-	$p1index = $_GET['dup'];
+if (is_numericint($_POST['dup'])) {
+	$p1index = $_POST['dup'];
 }
 
 if (isset($p1index) && $a_phase1[$p1index]) {
 	// don't copy the ikeid on dup
-	if (!isset($_GET['dup']) || !is_numericint($_GET['dup'])) {
+	if (!isset($_POST['dup']) || !is_numericint($_POST['dup'])) {
 		$pconfig['ikeid'] = $a_phase1[$p1index]['ikeid'];
 	}
 
@@ -160,17 +160,17 @@ if (isset($p1index) && $a_phase1[$p1index]) {
 	$pconfig['iketype'] = "ikev1";
 
 	/* mobile client */
-	if ($_GET['mobile']) {
+	if ($_POST['mobile']) {
 		$pconfig['mobile'] = true;
 		$pconfig['mode'] = "aggressive";
 	}
 }
 
-if (isset($_GET['dup']) && is_numericint($_GET['dup'])) {
+if (isset($_POST['dup']) && is_numericint($_POST['dup'])) {
 	unset($p1index);
 }
 
-if ($_POST) {
+if ($_POST['save']) {
 	unset($input_errors);
 	$pconfig = $_POST;
 
diff --git a/src/usr/local/www/vpn_ipsec_phase2.php b/src/usr/local/www/vpn_ipsec_phase2.php
index 43027af..26a4d0d 100644
--- a/src/usr/local/www/vpn_ipsec_phase2.php
+++ b/src/usr/local/www/vpn_ipsec_phase2.php
@@ -53,15 +53,16 @@ if (!is_array($config['ipsec']['phase2'])) {
 $a_phase1 = &$config['ipsec']['phase1'];
 $a_phase2 = &$config['ipsec']['phase2'];
 
-if (!empty($_GET['p2index'])) {
-	$uindex = $_GET['p2index'];
+if (!empty($_POST['p2index'])) {
+	$uindex = $_POST['p2index'];
 }
+
 if (!empty($_POST['uniqid'])) {
 	$uindex = $_POST['uniqid'];
 }
 
-if (!empty($_GET['dup'])) {
-	$uindex = $_GET['dup'];
+if (!empty($_POST['dup'])) {
+	$uindex = $_POST['dup'];
 }
 
 $ph2found = false;
@@ -100,7 +101,7 @@ if ($ph2found === true) {
 		$pconfig['remoteid_type'] = "mobile";
 	}
 } else {
-	$pconfig['ikeid'] = $_GET['ikeid'];
+	$pconfig['ikeid'] = $_POST['ikeid'];
 
 	/* defaults */
 	$pconfig['localid_type'] = "lan";
@@ -113,21 +114,21 @@ if ($ph2found === true) {
 	$pconfig['uniqid'] = uniqid();
 
 	/* mobile client */
-	if ($_GET['mobile']) {
+	if ($_POST['mobile']) {
 		$pconfig['mobile']=true;
 		$pconfig['remoteid_type'] = "mobile";
 	}
 }
 
 unset($ph2);
-if (!empty($_GET['dup'])) {
+if (!empty($_POST['dup'])) {
 	unset($uindex);
 	unset($p2index);
 	$pconfig['uniqid'] = uniqid();
 	$pconfig['reqid'] = ipsec_new_reqid();
 }
 
-if ($_POST) {
+if ($_POST['save']) {
 
 	unset($input_errors);
 	$pconfig = $_POST;
author	Steve Beaver <sbeaver@netgate.com>	2017-02-10 12:22:50 -0500
committer	Steve Beaver <sbeaver@netgate.com>	2017-02-10 12:22:50 -0500
commit	7603794b910e6f4bd8b76c71d89e818b7b1ac044 (patch)
tree	d1564a576fefe9d558e4aa2659d6f4ac142f2d02 /src
parent	3312b65f74e3c18d22c0bb0f68c999036f12b275 (diff)
download	pfsense-7603794b910e6f4bd8b76c71d89e818b7b1ac044.zip pfsense-7603794b910e6f4bd8b76c71d89e818b7b1ac044.tar.gz