diff options
author | Steve Beaver <sbeaver@netgate.com> | 2017-02-13 15:30:08 -0500 |
---|---|---|
committer | Steve Beaver <sbeaver@netgate.com> | 2017-02-13 15:30:08 -0500 |
commit | 7f4268b62ddfb259e437dd0cb85fa41f5e98dff0 (patch) | |
tree | 0c73dfca4376a835f53886dab512b88905715f39 /src | |
parent | 84147b7ba599508d9ac089a28664145860dba8e5 (diff) | |
download | pfsense-7f4268b62ddfb259e437dd0cb85fa41f5e98dff0.zip pfsense-7f4268b62ddfb259e437dd0cb85fa41f5e98dff0.tar.gz |
Revisions to GET/POST conversion limiting POSTs to save, apply, and delete functions - Diagnostics
Diffstat (limited to 'src')
-rw-r--r-- | src/usr/local/www/diag_arp.php | 10 | ||||
-rwxr-xr-x | src/usr/local/www/diag_command.php | 5 | ||||
-rw-r--r-- | src/usr/local/www/diag_confbak.php | 55 | ||||
-rw-r--r-- | src/usr/local/www/diag_dump_states_sources.php | 2 | ||||
-rw-r--r-- | src/usr/local/www/diag_edit.php | 4 | ||||
-rw-r--r-- | src/usr/local/www/diag_smart.php | 3 | ||||
-rw-r--r-- | src/usr/local/www/diag_sockets.php | 2 |
7 files changed, 38 insertions, 43 deletions
diff --git a/src/usr/local/www/diag_arp.php b/src/usr/local/www/diag_arp.php index 4108192..75afeea 100644 --- a/src/usr/local/www/diag_arp.php +++ b/src/usr/local/www/diag_arp.php @@ -36,10 +36,10 @@ require_once("guiconfig.inc"); // delete arp entry -if (isset($_GET['deleteentry'])) { - $ip = $_GET['deleteentry']; +if (isset($_POST['deleteentry'])) { + $ip = $_POST['deleteentry']; if (is_ipaddrv4($ip)) { - $ret = mwexec("arp -d " . $_GET['deleteentry'], true); + $ret = mwexec("arp -d " . $_POST['deleteentry'], true); } else { $ret = 1; } @@ -53,7 +53,7 @@ if (isset($_GET['deleteentry'])) { } function leasecmp($a, $b) { - return strcmp($a[$_GET['order']], $b[$_GET['order']]); + return strcmp($a[$_REQUEST['order']], $b[$_REQUEST['order']]); } function adjust_gmt($dt) { @@ -360,7 +360,7 @@ $mac_man = load_mac_manufacturer_table(); <td><?=ucfirst($entry['status'])?></td> <td><?=$entry['linktype']?></td> <td> - <a class="fa fa-trash" title="<?=gettext('Delete arp cache entry')?>" href="diag_arp.php?deleteentry=<?=$entry['ip']?>"></a> + <a class="fa fa-trash" title="<?=gettext('Delete arp cache entry')?>" href="diag_arp.php?deleteentry=<?=$entry['ip']?>" usepost></a> </td> </tr> <?php endforeach?> diff --git a/src/usr/local/www/diag_command.php b/src/usr/local/www/diag_command.php index dc6037c..84c57e1 100755 --- a/src/usr/local/www/diag_command.php +++ b/src/usr/local/www/diag_command.php @@ -61,9 +61,6 @@ if ($_POST['submit'] == "DOWNLOAD" && file_exists($_POST['dlPath'])) { $ulmsg = sprintf(gettext('Uploaded file to %s.'), $g["tmp_path"] . "/" . htmlentities($_FILES['ulfile']['name'])); } -if ($_POST) { -} - // Function: is Blank // Returns true or false depending on blankness of argument. @@ -239,7 +236,7 @@ if ($_POST['submit'] == "EXEC" && !isBlank($_POST['txtCommand'])):?> <div class="panel-heading"><h2 class="panel-title"><?=gettext('Download File')?></h2></div> <div class="panel-body"> <div class="content"> - <input name="dlPath" type="text" id="dlPath" placeholder="File to download" class="col-sm-4" value="<?=htmlspecialchars($_GET['dlPath']);?>"/> + <input name="dlPath" type="text" id="dlPath" placeholder="File to download" class="col-sm-4" value="<?=htmlspecialchars($_REQUEST['dlPath']);?>"/> <br /><br /> <button name="submit" type="submit" class="btn btn-primary btn-sm" id="download" value="DOWNLOAD"> <i class="fa fa-download icon-embed-btn"></i> diff --git a/src/usr/local/www/diag_confbak.php b/src/usr/local/www/diag_confbak.php index b8175fb..39d2ed3 100644 --- a/src/usr/local/www/diag_confbak.php +++ b/src/usr/local/www/diag_confbak.php @@ -37,31 +37,28 @@ if (isset($_POST['backupcount'])) { unset($config['system']['backupcount']); $changedescr = gettext("(platform default)"); } + write_config(sprintf(gettext("Changed backup revision count to %s"), $changedescr)); -} elseif ($_GET) { - if (!isset($_GET['newver']) && !isset($_GET['rmver']) && !isset($_GET['getcfg']) && !isset($_GET['diff'])) { - header("Location: diag_confbak.php"); - return; - } +} - $confvers = unserialize(file_get_contents($g['cf_conf_path'] . '/backup/backup.cache')); +$confvers = unserialize(file_get_contents($g['cf_conf_path'] . '/backup/backup.cache')); - if ($_GET['newver'] != "") { - if (config_restore($g['conf_path'] . '/backup/config-' . $_GET['newver'] . '.xml') == 0) { - $savemsg = sprintf(gettext('Successfully reverted to timestamp %1$s with description "%2$s".'), date(gettext("n/j/y H:i:s"), $_GET['newver']), htmlspecialchars($confvers[$_GET['newver']]['description'])); - } else { - $savemsg = gettext("Unable to revert to the selected configuration."); - } - } - if ($_GET['rmver'] != "") { - unlink_if_exists($g['conf_path'] . '/backup/config-' . $_GET['rmver'] . '.xml'); - $savemsg = sprintf(gettext('Deleted backup with timestamp %1$s and description "%2$s".'), date(gettext("n/j/y H:i:s"), $_GET['rmver']), htmlspecialchars($confvers[$_GET['rmver']]['description'])); +if ($_POST['newver'] != "") { + if (config_restore($g['conf_path'] . '/backup/config-' . $_POST['newver'] . '.xml') == 0) { + $savemsg = sprintf(gettext('Successfully reverted to timestamp %1$s with description "%2$s".'), date(gettext("n/j/y H:i:s"), $_POST['newver']), htmlspecialchars($confvers[$_POST['newver']]['description'])); + } else { + $savemsg = gettext("Unable to revert to the selected configuration."); } } -if ($_GET['getcfg'] != "") { - $_GET['getcfg'] = basename($_GET['getcfg']); - $file = $g['conf_path'] . '/backup/config-' . $_GET['getcfg'] . '.xml'; +if ($_POST['rmver'] != "") { + unlink_if_exists($g['conf_path'] . '/backup/config-' . $_POST['rmver'] . '.xml'); + $savemsg = sprintf(gettext('Deleted backup with timestamp %1$s and description "%2$s".'), date(gettext("n/j/y H:i:s"), $_POST['rmver']), htmlspecialchars($confvers[$_POST['rmver']]['description'])); +} + +if ($_REQUEST['getcfg'] != "") { + $_REQUEST['getcfg'] = basename($_REQUEST['getcfg']); + $file = $g['conf_path'] . '/backup/config-' . $_REQUEST['getcfg'] . '.xml'; $exp_name = urlencode("config-{$config['system']['hostname']}.{$config['system']['domain']}-{$_GET['getcfg']}.xml"); $exp_data = file_get_contents($file); @@ -74,18 +71,18 @@ if ($_GET['getcfg'] != "") { exit; } -if (($_GET['diff'] == 'Diff') && isset($_GET['oldtime']) && isset($_GET['newtime']) && - (is_numeric($_GET['oldtime'])) && - (is_numeric($_GET['newtime']) || ($_GET['newtime'] == 'current'))) { +if (($_REQUEST['diff'] == 'Diff') && isset($_REQUEST['oldtime']) && isset($_REQUEST['newtime']) && + (is_numeric($_REQUEST['oldtime'])) && + (is_numeric($_REQUEST['newtime']) || ($_REQUEST['newtime'] == 'current'))) { $diff = ""; - $oldfile = $g['conf_path'] . '/backup/config-' . $_GET['oldtime'] . '.xml'; - $oldtime = $_GET['oldtime']; - if ($_GET['newtime'] == 'current') { + $oldfile = $g['conf_path'] . '/backup/config-' . $_REQUEST['oldtime'] . '.xml'; + $oldtime = $_REQUEST['oldtime']; + if ($_REQUEST['newtime'] == 'current') { $newfile = $g['conf_path'] . '/config.xml'; $newtime = $config['revision']['time']; } else { - $newfile = $g['conf_path'] . '/backup/config-' . $_GET['newtime'] . '.xml'; - $newtime = $_GET['newtime']; + $newfile = $g['conf_path'] . '/backup/config-' . $_REQUEST['newtime'] . '.xml'; + $newtime = $_REQUEST['newtime']; } if (file_exists($oldfile) && file_exists($newfile)) { exec("/usr/bin/diff -u " . escapeshellarg($oldfile) . " " . escapeshellarg($newfile), $diff); @@ -257,9 +254,9 @@ if (is_array($confvers)): <td><?= format_bytes($version['filesize']) ?></td> <td><?= htmlspecialchars($version['description']) ?></td> <td> - <a class="fa fa-undo" title="<?=gettext('Revert config')?>" href="diag_confbak.php?newver=<?=$version['time']?>" onclick="return confirm('<?=gettext("Confirmation Required to replace the current configuration with this backup.")?>')"></a> + <a class="fa fa-undo" title="<?=gettext('Revert config')?>" href="diag_confbak.php?newver=<?=$version['time']?>" onclick="return confirm('<?=gettext("Confirmation Required to replace the current configuration with this backup.")?>')" usepost></a> <a class="fa fa-download" title="<?=gettext('Download config')?>" href="diag_confbak.php?getcfg=<?=$version['time']?>"></a> - <a class="fa fa-trash" title="<?=gettext('Delete config')?>" href="diag_confbak.php?rmver=<?=$version['time']?>"></a> + <a class="fa fa-trash" title="<?=gettext('Delete config')?>" href="diag_confbak.php?rmver=<?=$version['time']?>" usepost></a> </td> </tr> <?php diff --git a/src/usr/local/www/diag_dump_states_sources.php b/src/usr/local/www/diag_dump_states_sources.php index e48b7e3..b5c7b39 100644 --- a/src/usr/local/www/diag_dump_states_sources.php +++ b/src/usr/local/www/diag_dump_states_sources.php @@ -44,7 +44,7 @@ if ($_POST['action']) { /* get our states */ if ($_POST['filter']) { - exec("/sbin/pfctl -s Sources | grep " . escapeshellarg(htmlspecialchars($_GET['filter'])), $sources); + exec("/sbin/pfctl -s Sources | grep " . escapeshellarg(htmlspecialchars($_POST['filter'])), $sources); } else { exec("/sbin/pfctl -s Sources", $sources); } diff --git a/src/usr/local/www/diag_edit.php b/src/usr/local/www/diag_edit.php index 24dedd7..1770c24 100644 --- a/src/usr/local/www/diag_edit.php +++ b/src/usr/local/www/diag_edit.php @@ -408,9 +408,9 @@ var Base64 = { }; - <?php if ($_GET['action'] == "load"): ?> + <?php if ($_POST['action'] == "load"): ?> events.push(function() { - $("#fbTarget").val("<?=htmlspecialchars($_GET['path'])?>"); + $("#fbTarget").val("<?=htmlspecialchars($_POST['path'])?>"); loadFile(); }); <?php endif; ?> diff --git a/src/usr/local/www/diag_smart.php b/src/usr/local/www/diag_smart.php index 97f54fa..49674c2 100644 --- a/src/usr/local/www/diag_smart.php +++ b/src/usr/local/www/diag_smart.php @@ -31,7 +31,7 @@ require_once("guiconfig.inc"); // What page, aka. action is being wanted // If they "get" a page but don't pass all arguments, smartctl will throw an error -$action = (isset($_POST['action']) ? $_POST['action'] : $_GET['action']); +$action = $_POST['action']; $pgtitle = array(gettext("Diagnostics"), gettext("S.M.A.R.T. Status")); $pglinks = array("", "@self", "@self"); @@ -41,6 +41,7 @@ if ($action != 'config') { } else { $pgtitle[] = gettext('Config'); } + $smartctl = "/usr/local/sbin/smartctl"; $valid_test_types = array("offline", "short", "long", "conveyance"); diff --git a/src/usr/local/www/diag_sockets.php b/src/usr/local/www/diag_sockets.php index ccc3d6f..8132832 100644 --- a/src/usr/local/www/diag_sockets.php +++ b/src/usr/local/www/diag_sockets.php @@ -32,7 +32,7 @@ $pgtitle = array(gettext("Diagnostics"), gettext("Sockets")); include('head.inc'); -$showAll = isset($_GET['showAll']); +$showAll = isset($_REQUEST['showAll']); $showAllText = $showAll ? gettext("Show only listening sockets") : gettext("Show all socket connections"); $showAllOption = $showAll ? "" : "?showAll"; |