diff options
author | Steve Beaver <sbeaver@netgate.com> | 2017-02-13 14:29:42 -0500 |
---|---|---|
committer | Steve Beaver <sbeaver@netgate.com> | 2017-02-13 14:29:42 -0500 |
commit | 84147b7ba599508d9ac089a28664145860dba8e5 (patch) | |
tree | 7bab7a270be6f831f67f65aaa7f0c4e727a6ba85 /src | |
parent | 4401107f36d5029f1196e564c3598c589d6e7a79 (diff) | |
download | pfsense-84147b7ba599508d9ac089a28664145860dba8e5.zip pfsense-84147b7ba599508d9ac089a28664145860dba8e5.tar.gz |
Revisions to GET/POST conversion limiting POSTs to save, apply, and delete functions - Firewall
Diffstat (limited to 'src')
-rw-r--r-- | src/usr/local/www/firewall_aliases.php | 6 | ||||
-rw-r--r-- | src/usr/local/www/firewall_aliases_edit.php | 4 | ||||
-rw-r--r-- | src/usr/local/www/firewall_nat.php | 34 | ||||
-rw-r--r-- | src/usr/local/www/firewall_nat_1to1.php | 11 | ||||
-rw-r--r-- | src/usr/local/www/firewall_nat_1to1_edit.php | 16 | ||||
-rw-r--r-- | src/usr/local/www/firewall_nat_edit.php | 21 | ||||
-rw-r--r-- | src/usr/local/www/firewall_nat_npt.php | 16 | ||||
-rw-r--r-- | src/usr/local/www/firewall_nat_npt_edit.php | 16 | ||||
-rw-r--r-- | src/usr/local/www/firewall_nat_out.php | 22 | ||||
-rw-r--r-- | src/usr/local/www/firewall_nat_out_edit.php | 16 | ||||
-rw-r--r-- | src/usr/local/www/firewall_rules.php | 30 | ||||
-rw-r--r-- | src/usr/local/www/firewall_rules_edit.php | 28 | ||||
-rw-r--r-- | src/usr/local/www/firewall_schedule.php | 4 | ||||
-rw-r--r-- | src/usr/local/www/firewall_schedule_edit.php | 4 | ||||
-rw-r--r-- | src/usr/local/www/firewall_virtual_ip.php | 10 | ||||
-rw-r--r-- | src/usr/local/www/firewall_virtual_ip_edit.php | 4 |
16 files changed, 119 insertions, 123 deletions
diff --git a/src/usr/local/www/firewall_aliases.php b/src/usr/local/www/firewall_aliases.php index 21b12cb..54ac0d8 100644 --- a/src/usr/local/www/firewall_aliases.php +++ b/src/usr/local/www/firewall_aliases.php @@ -252,7 +252,7 @@ display_top_tabs($tab_array); <?=htmlspecialchars($alias['descr'])?> </td> <td> - <a class="fa fa-pencil" title="<?=gettext("Edit alias"); ?>" href="firewall_aliases_edit.php?id=<?=$i?>" usepost></a> + <a class="fa fa-pencil" title="<?=gettext("Edit alias"); ?>" href="firewall_aliases_edit.php?id=<?=$i?>"></a> <a class="fa fa-trash" title="<?=gettext("Delete alias")?>" href="?act=del&tab=<?=$tab?>&id=<?=$i?>" usepost></a> </td> </tr> @@ -266,14 +266,14 @@ display_top_tabs($tab_array); </div> <nav class="action-buttons"> - <a href="firewall_aliases_edit.php?tab=<?=$tab?>" role="button" class="btn btn-success btn-sm" usepost> + <a href="firewall_aliases_edit.php?tab=<?=$tab?>" role="button" class="btn btn-success btn-sm"> <i class="fa fa-plus icon-embed-btn"></i> <?=gettext("Add");?> </a> <?php if (($tab == "ip") || ($tab == "port") || ($tab == "all")): ?> - <a href="firewall_aliases_import.php?tab=<?=$tab?>" role="button" class="btn btn-primary btn-sm" usepost> + <a href="firewall_aliases_import.php?tab=<?=$tab?>" role="button" class="btn btn-primary btn-sm"> <i class="fa fa-upload icon-embed-btn"></i> <?=gettext("Import");?> </a> diff --git a/src/usr/local/www/firewall_aliases_edit.php b/src/usr/local/www/firewall_aliases_edit.php index e67924e..fc4b8b0 100644 --- a/src/usr/local/www/firewall_aliases_edit.php +++ b/src/usr/local/www/firewall_aliases_edit.php @@ -99,8 +99,8 @@ function alias_same_type($name, $type) { return true; } -if (isset($_POST['id']) && is_numericint($_POST['id'])) { - $id = $_POST['id']; +if (isset($_REQUEST['id']) && is_numericint($_REQUEST['id'])) { + $id = $_REQUEST['id']; } if (isset($id) && $a_aliases[$id]) { diff --git a/src/usr/local/www/firewall_nat.php b/src/usr/local/www/firewall_nat.php index 4bf2316..c443e6a 100644 --- a/src/usr/local/www/firewall_nat.php +++ b/src/usr/local/www/firewall_nat.php @@ -43,8 +43,8 @@ if (!is_array($config['nat']['rule'])) { $a_nat = &$config['nat']['rule']; /* update rule order, POST[rule] is an array of ordered IDs */ -if (array_key_exists('order-store', $_POST)) { - if (is_array($_POST['rule']) && !empty($_POST['rule'])) { +if (array_key_exists('order-store', $_REQUEST)) { + if (is_array($_REQUEST['rule']) && !empty($_REQUEST['rule'])) { $a_nat_new = array(); // if a rule is not in POST[rule], it has been deleted by the user @@ -74,12 +74,8 @@ if (array_key_exists('order-store', $_POST)) { } /* if a custom message has been passed along, lets process it */ -if ($_POST['savemsg']) { - $savemsg = $_POST['savemsg']; -} - -if ($_POST) { - $pconfig = $_POST; +if ($_REQUEST['savemsg']) { + $savemsg = $_REQUEST['savemsg']; } if ($_POST['apply']) { @@ -104,6 +100,7 @@ if ($_POST['act'] == "del") { delete_id($a_nat[$_POST['id']]['associated-rule-id'], $config['filter']['rule']); $want_dirty_filter = true; } + unset($a_nat[$_POST['id']]); // Update the separators @@ -125,6 +122,7 @@ if ($_POST['act'] == "del") { } if (isset($_POST['del_x'])) { + /* delete selected rules */ if (is_array($_POST['rule']) && count($_POST['rule'])) { $a_separators = &$config['nat']['separator']; @@ -331,7 +329,7 @@ foreach ($a_nat as $natent): <?php if (isset($alias['src'])): ?> - <a href="/firewall_aliases_edit.php?id=<?=$alias['src']?>" data-toggle="popover" data-trigger="hover focus" title="<?=gettext('Alias details')?>" data-content="<?=alias_info_popup($alias['src'])?>" data-html="true" usepost> + <a href="/firewall_aliases_edit.php?id=<?=$alias['src']?>" data-toggle="popover" data-trigger="hover focus" title="<?=gettext('Alias details')?>" data-content="<?=alias_info_popup($alias['src'])?>" data-html="true"> <?php endif; ?> @@ -348,7 +346,7 @@ foreach ($a_nat as $natent): <?php if (isset($alias['srcport'])): ?> - <a href="/firewall_aliases_edit.php?id=<?=$alias['srcport']?>" data-toggle="popover" data-trigger="hover focus" title="<?=gettext('Alias details')?>" data-content="<?=alias_info_popup($alias['srcport'])?>" data-html="true" usepost> + <a href="/firewall_aliases_edit.php?id=<?=$alias['srcport']?>" data-toggle="popover" data-trigger="hover focus" title="<?=gettext('Alias details')?>" data-content="<?=alias_info_popup($alias['srcport'])?>" data-html="true"> <?php endif; ?> @@ -366,7 +364,7 @@ foreach ($a_nat as $natent): <?php if (isset($alias['dst'])): ?> - <a href="/firewall_aliases_edit.php?id=<?=$alias['dst']?>" data-toggle="popover" data-trigger="hover focus" title="<?=gettext('Alias details')?>" data-content="<?=alias_info_popup($alias['dst'])?>" data-html="true" usepost> + <a href="/firewall_aliases_edit.php?id=<?=$alias['dst']?>" data-toggle="popover" data-trigger="hover focus" title="<?=gettext('Alias details')?>" data-content="<?=alias_info_popup($alias['dst'])?>" data-html="true"> <?php endif; ?> @@ -383,7 +381,7 @@ foreach ($a_nat as $natent): <?php if (isset($alias['dstport'])): ?> - <a href="/firewall_aliases_edit.php?id=<?=$alias['dstport']?>" data-toggle="popover" data-trigger="hover focus" title="<?=gettext('Alias details')?>" data-content="<?=alias_info_popup($alias['dstport'])?>" data-html="true" usepost> + <a href="/firewall_aliases_edit.php?id=<?=$alias['dstport']?>" data-toggle="popover" data-trigger="hover focus" title="<?=gettext('Alias details')?>" data-content="<?=alias_info_popup($alias['dstport'])?>" data-html="true"> <?php endif; ?> @@ -400,7 +398,7 @@ foreach ($a_nat as $natent): <?php if (isset($alias['target'])): ?> - <a href="/firewall_aliases_edit.php?id=<?=$alias['target']?>" data-toggle="popover" data-trigger="hover focus" title="<?=gettext('Alias details')?>" data-content="<?=alias_info_popup($alias['target'])?>" data-html="true" usepost> + <a href="/firewall_aliases_edit.php?id=<?=$alias['target']?>" data-toggle="popover" data-trigger="hover focus" title="<?=gettext('Alias details')?>" data-content="<?=alias_info_popup($alias['target'])?>" data-html="true" > <?php endif; ?> @@ -418,7 +416,7 @@ foreach ($a_nat as $natent): <?php if (isset($alias['targetport'])): ?> - <a href="/firewall_aliases_edit.php?id=<?=$alias['targetport']?>" data-toggle="popover" data-trigger="hover focus" title="<?=gettext('Alias details')?>" data-content="<?=alias_info_popup($alias['targetport'])?>" data-html="true" usepost> + <a href="/firewall_aliases_edit.php?id=<?=$alias['targetport']?>" data-toggle="popover" data-trigger="hover focus" title="<?=gettext('Alias details')?>" data-content="<?=alias_info_popup($alias['targetport'])?>" data-html="true"> <?php endif; ?> @@ -436,8 +434,8 @@ foreach ($a_nat as $natent): <?=htmlspecialchars($natent['descr'])?> </td> <td> - <a class="fa fa-pencil" title="<?=gettext("Edit rule"); ?>" href="firewall_nat_edit.php?id=<?=$i?>" usepost></a> - <a class="fa fa-clone" title="<?=gettext("Add a new NAT based on this one")?>" href="firewall_nat_edit.php?dup=<?=$i?>" usepost></a> + <a class="fa fa-pencil" title="<?=gettext("Edit rule"); ?>" href="firewall_nat_edit.php?id=<?=$i?>"></a> + <a class="fa fa-clone" title="<?=gettext("Add a new NAT based on this one")?>" href="firewall_nat_edit.php?dup=<?=$i?>"></a> <a class="fa fa-trash" title="<?=gettext("Delete rule")?>" href="firewall_nat.php?act=del&id=<?=$i?>" usepost></a> </td> </tr> @@ -458,11 +456,11 @@ if ($seprows[$nnats]) { </div> <nav class="action-buttons"> - <a href="firewall_nat_edit.php?after=-1" class="btn btn-sm btn-success" title="<?=gettext('Add rule to the top of the list')?>" usepost> + <a href="firewall_nat_edit.php?after=-1" class="btn btn-sm btn-success" title="<?=gettext('Add rule to the top of the list')?>"> <i class="fa fa-level-up icon-embed-btn"></i> <?=gettext('Add')?> </a> - <a href="firewall_nat_edit.php" class="btn btn-sm btn-success" title="<?=gettext('Add rule to the end of the list')?>" usepost> + <a href="firewall_nat_edit.php" class="btn btn-sm btn-success" title="<?=gettext('Add rule to the end of the list')?>"> <i class="fa fa-level-down icon-embed-btn"></i> <?=gettext('Add')?> </a> diff --git a/src/usr/local/www/firewall_nat_1to1.php b/src/usr/local/www/firewall_nat_1to1.php index 0f19e7f..d779da8 100644 --- a/src/usr/local/www/firewall_nat_1to1.php +++ b/src/usr/local/www/firewall_nat_1to1.php @@ -62,7 +62,6 @@ if (array_key_exists('order-store', $_POST)) { } } -$pconfig = $_POST; if ($_POST['apply']) { $retval = 0; @@ -172,7 +171,7 @@ display_top_tabs($tab_array); </td> <td> - <a href="?act=toggle&id=<?=$i?>"> + <a href="?act=toggle&id=<?=$i?>" usepost> <i class="fa <?= ($iconfn == "pass") ? "fa-check":"fa-times"?>" title="<?=gettext("click to toggle enabled/disabled status")?>"></i> <?php if (isset($natent['nobinat'])) { ?> <i class="fa fa-hand-stop-o text-danger" title="<?=gettext("Negated: This rule excludes NAT from a later rule")?>"></i> @@ -214,8 +213,8 @@ display_top_tabs($tab_array); </td> <td> - <a class="fa fa-pencil" title="<?=gettext("Edit mapping")?>" href="firewall_nat_1to1_edit.php?id=<?=$i?>" usepost></a> - <a class="fa fa-clone" title="<?=gettext("Add a new mapping based on this one")?>" href="firewall_nat_1to1_edit.php?dup=<?=$i?>" usepost></a> + <a class="fa fa-pencil" title="<?=gettext("Edit mapping")?>" href="firewall_nat_1to1_edit.php?id=<?=$i?>"></a> + <a class="fa fa-clone" title="<?=gettext("Add a new mapping based on this one")?>" href="firewall_nat_1to1_edit.php?dup=<?=$i?>"></a> <a class="fa fa-trash" title="<?=gettext("Delete mapping")?>" href="firewall_nat_1to1.php?act=del&id=<?=$i?>" usepost></a> </td> @@ -230,11 +229,11 @@ display_top_tabs($tab_array); </div> <nav class="action-buttons"> - <a href="firewall_nat_1to1_edit.php?after=-1" class="btn btn-sm btn-success" title="<?=gettext('Add mapping to the top of the list')?>" usepost> + <a href="firewall_nat_1to1_edit.php?after=-1" class="btn btn-sm btn-success" title="<?=gettext('Add mapping to the top of the list')?>"> <i class="fa fa-level-up icon-embed-btn"></i> <?=gettext('Add')?> </a> - <a href="firewall_nat_1to1_edit.php" class="btn btn-sm btn-success" title="<?=gettext('Add mapping to the end of the list')?>" usepost> + <a href="firewall_nat_1to1_edit.php" class="btn btn-sm btn-success" title="<?=gettext('Add mapping to the end of the list')?>"> <i class="fa fa-level-down icon-embed-btn"></i> <?=gettext('Add')?> </a> diff --git a/src/usr/local/www/firewall_nat_1to1_edit.php b/src/usr/local/www/firewall_nat_1to1_edit.php index 832e9b9..e27d433 100644 --- a/src/usr/local/www/firewall_nat_1to1_edit.php +++ b/src/usr/local/www/firewall_nat_1to1_edit.php @@ -56,17 +56,17 @@ if (!is_array($config['nat']['onetoone'])) { $a_1to1 = &$config['nat']['onetoone']; -if (isset($_POST['id']) && is_numericint($_POST['id'])) { - $id = $_POST['id']; +if (isset($_REQUEST['id']) && is_numericint($_REQUEST['id'])) { + $id = $_REQUEST['id']; } -if (isset($_POST['after'])) { - $after = $_POST['after']; +if (isset($_REQUEST['after'])) { + $after = $_REQUEST['after']; } -if (isset($_POST['dup'])) { - $id = $_POST['dup']; - $after = $_POST['dup']; +if (isset($_REQUEST['dup'])) { + $id = $_REQUEST['dup']; + $after = $_REQUEST['dup']; } if (isset($id) && $a_1to1[$id]) { @@ -93,7 +93,7 @@ if (isset($id) && $a_1to1[$id]) { $pconfig['interface'] = "wan"; } -if (isset($_POST['dup'])) { +if (isset($_REQUEST['dup'])) { unset($id); } diff --git a/src/usr/local/www/firewall_nat_edit.php b/src/usr/local/www/firewall_nat_edit.php index ba6d86b..96869b5 100644 --- a/src/usr/local/www/firewall_nat_edit.php +++ b/src/usr/local/www/firewall_nat_edit.php @@ -52,17 +52,17 @@ if (!is_array($config['nat']['rule'])) { $a_nat = &$config['nat']['rule']; -if (isset($_POST['id']) && is_numericint($_POST['id'])) { - $id = $_POST['id']; +if (isset($_REQUEST['id']) && is_numericint($_REQUEST['id'])) { + $id = $_REQUEST['id']; } -if (isset($_POST['after']) && (is_numericint($_POST['after']) || $_POST['after'] == "-1")) { - $after = $_POST['after']; +if (isset($_REQUEST['after']) && (is_numericint($_REQUEST['after']) || $_REQUEST['after'] == "-1")) { + $after = $_REQUEST['after']; } -if (isset($_POST['dup']) && is_numericint($_POST['dup'])) { - $id = $_POST['dup']; - $after = $_POST['dup']; +if (isset($_REQUEST['dup']) && is_numericint($_REQUEST['dup'])) { + $id = $_REQUEST['dup']; + $after = $_REQUEST['dup']; } if (isset($id) && $a_nat[$id]) { @@ -104,7 +104,7 @@ if (isset($id) && $a_nat[$id]) { $pconfig['srcendport'] = "any"; } -if (isset($_POST['dup']) && is_numericint($_POST['dup'])) { +if (isset($_REQUEST['dup']) && is_numericint($_REQUEST['dup'])) { unset($id); } @@ -113,9 +113,10 @@ if (isset($_POST['dup']) && is_numericint($_POST['dup'])) { */ unset($input_errors); -foreach ($_POST as $key => $value) { +foreach ($_REQUEST as $key => $value) { $temp = $value; $newpost = htmlentities($temp); + if ($newpost != $temp) { $input_errors[] = sprintf(gettext("Invalid characters detected %s. Please remove invalid characters and save again."), $temp); } @@ -914,7 +915,7 @@ if (isset($id) && $a_nat[$id] && (!isset($_POST['dup']) || !is_numericint($_POST $rulelist[$filter_rule['associated-rule-id']] = sprintf(gettext('Rule %s'), $filter_rule['descr']); if ($filter_rule['associated-rule-id'] == $pconfig['associated-rule-id']) { - $hlpstr = '<a href="firewall_rules_edit.php?id=' . $filter_id . '" usepost>' . gettext("View the filter rule") . '</a><br />'; + $hlpstr = '<a href="firewall_rules_edit.php?id=' . $filter_id . '">' . gettext("View the filter rule") . '</a><br />'; } } } diff --git a/src/usr/local/www/firewall_nat_npt.php b/src/usr/local/www/firewall_nat_npt.php index f836095..a12fe40 100644 --- a/src/usr/local/www/firewall_nat_npt.php +++ b/src/usr/local/www/firewall_nat_npt.php @@ -43,12 +43,12 @@ if (!is_array($config['nat']['npt'])) { $a_npt = &$config['nat']['npt']; /* update rule order, POST[rule] is an array of ordered IDs */ -if (array_key_exists('order-store', $_POST)) { - if (is_array($_POST['rule']) && !empty($_POST['rule'])) { +if (array_key_exists('order-store', $_REQUEST)) { + if (is_array($_POST['rule']) && !empty($_REQUEST['rule'])) { $a_npt_new = array(); // if a rule is not in POST[rule], it has been deleted by the user - foreach ($_POST['rule'] as $id) { + foreach ($_REQUEST['rule'] as $id) { $a_npt_new[] = $a_npt[$id]; } @@ -63,8 +63,6 @@ if (array_key_exists('order-store', $_POST)) { } } -$pconfig = $_POST; - if ($_POST['apply']) { $retval = 0; $retval |= filter_configure(); @@ -204,8 +202,8 @@ display_top_tabs($tab_array); ?> </td> <td> - <a class="fa fa-pencil" title="<?=gettext("Edit mapping")?>" href="firewall_nat_npt_edit.php?id=<?=$i?>" usepost></a> - <a class="fa fa-clone" title="<?=gettext("Add a new mapping based on this one")?>" href="firewall_nat_npt_edit.php?dup=<?=$i?>" usepost></a> + <a class="fa fa-pencil" title="<?=gettext("Edit mapping")?>" href="firewall_nat_npt_edit.php?id=<?=$i?>"></a> + <a class="fa fa-clone" title="<?=gettext("Add a new mapping based on this one")?>" href="firewall_nat_npt_edit.php?dup=<?=$i?>"></a> <a class="fa fa-trash" title="<?=gettext("Delete mapping")?>" href="firewall_nat_npt.php?act=del&id=<?=$i?>" usepost></a> </td> </tr> @@ -219,11 +217,11 @@ endforeach; </div> <nav class="action-buttons"> - <a href="firewall_nat_npt_edit.php?after=-1" class="btn btn-sm btn-success" title="<?=gettext('Add mapping to the top of the list')?>" usepost> + <a href="firewall_nat_npt_edit.php?after=-1" class="btn btn-sm btn-success" title="<?=gettext('Add mapping to the top of the list')?>"> <i class="fa fa-level-up icon-embed-btn"></i> <?=gettext('Add')?> </a> - <a href="firewall_nat_npt_edit.php" class="btn btn-sm btn-success" title="<?=gettext('Add mapping to the end of the list')?>" usepost> + <a href="firewall_nat_npt_edit.php" class="btn btn-sm btn-success" title="<?=gettext('Add mapping to the end of the list')?>"> <i class="fa fa-level-down icon-embed-btn"></i> <?=gettext('Add')?> </a> diff --git a/src/usr/local/www/firewall_nat_npt_edit.php b/src/usr/local/www/firewall_nat_npt_edit.php index 0340755..8bc53bd 100644 --- a/src/usr/local/www/firewall_nat_npt_edit.php +++ b/src/usr/local/www/firewall_nat_npt_edit.php @@ -47,17 +47,17 @@ if (!is_array($config['nat']['npt'])) { $a_npt = &$config['nat']['npt']; -if (isset($_POST['id']) && is_numericint($_POST['id'])) { - $id = $_POST['id']; +if (isset($_REQUEST['id']) && is_numericint($_REQUEST['id'])) { + $id = $_REQUEST['id']; } -if (isset($_POST['after'])) { - $after = $_POST['after']; +if (isset($_REQUEST['after'])) { + $after = $_REQUEST['after']; } -if (isset($_POST['dup'])) { - $id = $_POST['dup']; - $after = $_POST['dup']; +if (isset($_REQUEST['dup'])) { + $id = $_REQUEST['dup']; + $after = $_REQUEST['dup']; } if (isset($id) && $a_npt[$id]) { @@ -81,7 +81,7 @@ if (isset($id) && $a_npt[$id]) { $pconfig['interface'] = "wan"; } -if (isset($_POST['dup'])) { +if (isset($_REQUEST['dup'])) { unset($id); } diff --git a/src/usr/local/www/firewall_nat_out.php b/src/usr/local/www/firewall_nat_out.php index 7166fc1..44e0cea 100644 --- a/src/usr/local/www/firewall_nat_out.php +++ b/src/usr/local/www/firewall_nat_out.php @@ -50,13 +50,13 @@ $a_out = &$config['nat']['outbound']['rule']; // update rule order, POST[rule] is an array of ordered IDs // All rule are 'checked' before posting -if (isset($_POST['order-store'])) { - if (is_array($_POST['rule']) && !empty($_POST['rule'])) { +if (isset($_REQUEST['order-store'])) { + if (is_array($_REQUEST['rule']) && !empty($_REQUEST['rule'])) { $a_out_new = array(); // if a rule is not in POST[rule], it has been deleted by the user - foreach ($_POST['rule'] as $id) { + foreach ($_REQUEST['rule'] as $id) { $a_out_new[] = $a_out[$id]; } @@ -346,7 +346,7 @@ print($form); if (isset($alias['src'])): ?> - <a href="/firewall_aliases_edit.php?id=<?=$alias['src']?>" data-toggle="popover" data-trigger="hover focus" title="Alias details" data-content="<?=alias_info_popup($alias['src'])?>" data-html="true" usepost> + <a href="/firewall_aliases_edit.php?id=<?=$alias['src']?>" data-toggle="popover" data-trigger="hover focus" title="Alias details" data-content="<?=alias_info_popup($alias['src'])?>" data-html="true"> <?php endif; ?> @@ -369,7 +369,7 @@ print($form); if (isset($alias['srcport'])): ?> - <a href="/firewall_aliases_edit.php?id=<?=$alias['srcport']?>" data-toggle="popover" data-trigger="hover focus" title="Alias details" data-content="<?=alias_info_popup($alias['srcport'])?>" data-html="true" usepost> + <a href="/firewall_aliases_edit.php?id=<?=$alias['srcport']?>" data-toggle="popover" data-trigger="hover focus" title="Alias details" data-content="<?=alias_info_popup($alias['srcport'])?>" data-html="true" > <?php endif; ?> @@ -396,7 +396,7 @@ print($form); if (isset($alias['dst'])): ?> - <a href="/firewall_aliases_edit.php?id=<?=$alias['dst']?>" data-toggle="popover" data-trigger="hover focus" title="Alias details" data-content="<?=alias_info_popup($alias['dst'])?>" data-html="true" usepost> + <a href="/firewall_aliases_edit.php?id=<?=$alias['dst']?>" data-toggle="popover" data-trigger="hover focus" title="Alias details" data-content="<?=alias_info_popup($alias['dst'])?>" data-html="true" > <?php endif; ?> @@ -420,7 +420,7 @@ print($form); } else { if (isset($alias['dstport'])): ?> - <a href="/firewall_aliases_edit.php?id=<?=$alias['dstport']?>" data-toggle="popover" data-trigger="hover focus" title="Alias details" data-content="<?=alias_info_popup($alias['dstport'])?>" data-html="true" usepost> + <a href="/firewall_aliases_edit.php?id=<?=$alias['dstport']?>" data-toggle="popover" data-trigger="hover focus" title="Alias details" data-content="<?=alias_info_popup($alias['dstport'])?>" data-html="true" > <?php endif; ?> @@ -474,8 +474,8 @@ print($form); <!-- Action icons --> <td> - <a class="fa fa-pencil" title="<?=gettext("Edit mapping")?>" href="firewall_nat_out_edit.php?id=<?=$i?>" usepost></a> - <a class="fa fa-clone" title="<?=gettext("Add a new mapping based on this one")?>" href="firewall_nat_out_edit.php?dup=<?=$i?>" usepost></a> + <a class="fa fa-pencil" title="<?=gettext("Edit mapping")?>" href="firewall_nat_out_edit.php?id=<?=$i?>"></a> + <a class="fa fa-clone" title="<?=gettext("Add a new mapping based on this one")?>" href="firewall_nat_out_edit.php?dup=<?=$i?>"></a> <a class="fa fa-trash" title="<?=gettext("Delete mapping")?>" href="firewall_nat_out.php?act=del&id=<?=$i?>" usepost></a> </td> </tr> @@ -489,11 +489,11 @@ print($form); </div> <nav class="action-buttons"> - <a href="firewall_nat_out_edit.php?after=-1" class="btn btn-sm btn-success" title="<?=gettext('Add new mapping to the top of the list')?>" usepost> + <a href="firewall_nat_out_edit.php?after=-1" class="btn btn-sm btn-success" title="<?=gettext('Add new mapping to the top of the list')?>"> <i class="fa fa-level-up icon-embed-btn"></i> <?=gettext('Add')?> </a> - <a href="firewall_nat_out_edit.php" class="btn btn-sm btn-success" title="<?=gettext('Add new mapping to the end of the list')?>" usepost> + <a href="firewall_nat_out_edit.php" class="btn btn-sm btn-success" title="<?=gettext('Add new mapping to the end of the list')?>"> <i class="fa fa-level-down icon-embed-btn"></i> <?=gettext('Add')?> </a> diff --git a/src/usr/local/www/firewall_nat_out_edit.php b/src/usr/local/www/firewall_nat_out_edit.php index 3f182ca..92f9060 100644 --- a/src/usr/local/www/firewall_nat_out_edit.php +++ b/src/usr/local/www/firewall_nat_out_edit.php @@ -51,17 +51,17 @@ if (!is_array($config['aliases']['alias'])) { $a_aliases = &$config['aliases']['alias']; -if (isset($_POST['id']) && is_numericint($_POST['id'])) { - $id = $_POST['id']; +if (isset($_REQUEST['id']) && is_numericint($_REQUEST['id'])) { + $id = $_REQUEST['id']; } -if (isset($_POST['after']) && (is_numericint($_POST['after']) || $_POST['after'] == "-1")) { - $after = $_POST['after']; +if (isset($_REQUEST['after']) && (is_numericint($_REQUEST['after']) || $_REQUEST['after'] == "-1")) { + $after = $_REQUEST['after']; } -if (isset($_POST['dup']) && is_numericint($_POST['dup'])) { - $id = $_POST['dup']; - $after = $_POST['dup']; +if (isset($_REQUEST['dup']) && is_numericint($_REQUEST['dup'])) { + $id = $_REQUEST['dup']; + $after = $_REQUEST['dup']; } if (isset($id) && $a_out[$id]) { @@ -122,7 +122,7 @@ if (isset($id) && $a_out[$id]) { $pconfig['interface'] = "wan"; } -if (isset($_POST['dup']) && is_numericint($_POST['dup'])) { +if (isset($_REQUEST['dup']) && is_numericint($_REQUEST['dup'])) { unset($id); } diff --git a/src/usr/local/www/firewall_rules.php b/src/usr/local/www/firewall_rules.php index cf5efc9..d9e5f0c 100644 --- a/src/usr/local/www/firewall_rules.php +++ b/src/usr/local/www/firewall_rules.php @@ -114,8 +114,8 @@ if (!is_array($config['filter']['rule'])) { filter_rules_sort(); $a_filter = &$config['filter']['rule']; -if ($_POST['if']) { - $if = $_POST['if']; +if ($_REQUEST['if']) { + $if = $_REQUEST['if']; } $ifdescs = get_configured_interface_with_descr(); @@ -167,8 +167,6 @@ if (!$if || !isset($iflist[$if])) { } } -$pconfig = $_POST; - if ($_POST['apply']) { $retval = 0; $retval |= filter_configure(); @@ -630,7 +628,7 @@ foreach ($a_filter as $filteri => $filterent): #FIXME $sched_caption_escaped = str_replace("'", "\'", $schedule['descr']); $schedule_span_begin = '<a href="/firewall_schedule_edit.php?id=' . $idx . '" data-toggle="popover" data-trigger="hover focus" title="' . $schedule['name'] . '" data-content="' . - $sched_caption_escaped . '" data-html="true" usepost>'; + $sched_caption_escaped . '" data-html="true">'; $schedule_span_end = "</a>"; } $idx++; @@ -705,7 +703,7 @@ foreach ($a_filter as $filteri => $filterent): </td> <td> <?php if (isset($alias['src'])): ?> - <a href="/firewall_aliases_edit.php?id=<?=$alias['src']?>" data-toggle="popover" data-trigger="hover focus" title="<?=gettext('Alias details')?>" data-content="<?=alias_info_popup($alias['src'])?>" data-html="true" usepost> + <a href="/firewall_aliases_edit.php?id=<?=$alias['src']?>" data-toggle="popover" data-trigger="hover focus" title="<?=gettext('Alias details')?>" data-content="<?=alias_info_popup($alias['src'])?>" data-html="true"> <?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_address($filterent['source'])))?> </a> <?php else: ?> @@ -714,7 +712,7 @@ foreach ($a_filter as $filteri => $filterent): </td> <td> <?php if (isset($alias['srcport'])): ?> - <a href="/firewall_aliases_edit.php?id=<?=$alias['srcport']?>" data-toggle="popover" data-trigger="hover focus" title="<?=gettext('Alias details')?>" data-content="<?=alias_info_popup($alias['srcport'])?>" data-html="true" usepost> + <a href="/firewall_aliases_edit.php?id=<?=$alias['srcport']?>" data-toggle="popover" data-trigger="hover focus" title="<?=gettext('Alias details')?>" data-content="<?=alias_info_popup($alias['srcport'])?>" data-html="true"> <?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_port($filterent['source']['port'])))?> </a> <?php else: ?> @@ -723,7 +721,7 @@ foreach ($a_filter as $filteri => $filterent): </td> <td> <?php if (isset($alias['dst'])): ?> - <a href="/firewall_aliases_edit.php?id=<?=$alias['dst']?>" data-toggle="popover" data-trigger="hover focus" title="<?=gettext('Alias details')?>" data-content="<?=alias_info_popup($alias['dst'])?>" data-html="true" usepost> + <a href="/firewall_aliases_edit.php?id=<?=$alias['dst']?>" data-toggle="popover" data-trigger="hover focus" title="<?=gettext('Alias details')?>" data-content="<?=alias_info_popup($alias['dst'])?>" data-html="true"> <?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_address($filterent['destination'])))?> </a> <?php else: ?> @@ -732,7 +730,7 @@ foreach ($a_filter as $filteri => $filterent): </td> <td> <?php if (isset($alias['dstport'])): ?> - <a href="/firewall_aliases_edit.php?id=<?=$alias['dstport']?>" data-toggle="popover" data-trigger="hover focus" title="<?=gettext('Alias details')?>" data-content="<?=alias_info_popup($alias['dstport'])?>" data-html="true" usepost> + <a href="/firewall_aliases_edit.php?id=<?=$alias['dstport']?>" data-toggle="popover" data-trigger="hover focus" title="<?=gettext('Alias details')?>" data-content="<?=alias_info_popup($alias['dstport'])?>" data-html="true"> <?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_port($filterent['destination']['port'])))?> </a> <?php else: ?> @@ -750,12 +748,12 @@ foreach ($a_filter as $filteri => $filterent): <?php if (isset($filterent['ackqueue']) && isset($filterent['defaultqueue'])) { $desc = str_replace('_', ' ', $filterent['ackqueue']); - echo "<a href=\"firewall_shaper_queues.php?queue={$filterent['ackqueue']}&action=show\" usepost>{$desc}</a>"; + echo "<a href=\"firewall_shaper_queues.php?queue={$filterent['ackqueue']}&action=show\">{$desc}</a>"; $desc = str_replace('_', '_<wbr>', $filterent['defaultqueue']); - echo "/<a href=\"firewall_shaper_queues.php?queue={$filterent['defaultqueue']}&action=show\" usepost>{$desc}</a>"; + echo "/<a href=\"firewall_shaper_queues.php?queue={$filterent['defaultqueue']}&action=show\">{$desc}</a>"; } else if (isset($filterent['defaultqueue'])) { $desc = str_replace('_', '_<wbr>', $filterent['defaultqueue']); - echo "<a href=\"firewall_shaper_queues.php?queue={$filterent['defaultqueue']}&action=show\" usepost>{$desc}</a>"; + echo "<a href=\"firewall_shaper_queues.php?queue={$filterent['defaultqueue']}&action=show\">{$desc}</a>"; } else { echo gettext("none"); } @@ -773,8 +771,8 @@ foreach ($a_filter as $filteri => $filterent): <td class="action-icons"> <!-- <?=(isset($filterent['disabled']) ? 'enable' : 'disable')?> --> <a class="fa fa-anchor icon-pointer" id="Xmove_<?=$filteri?>" title="<?=$XmoveTitle?>"></a> - <a href="firewall_rules_edit.php?id=<?=$filteri;?>" class="fa fa-pencil" title="<?=gettext('Edit')?>" usepost></a> - <a href="firewall_rules_edit.php?dup=<?=$filteri;?>" class="fa fa-clone" title="<?=gettext('Copy')?>" usepost></a> + <a href="firewall_rules_edit.php?id=<?=$filteri;?>" class="fa fa-pencil" title="<?=gettext('Edit')?>"></a> + <a href="firewall_rules_edit.php?dup=<?=$filteri;?>" class="fa fa-clone" title="<?=gettext('Copy')?>"></a> <?php if (isset($filterent['disabled'])) { ?> <a href="?act=toggle&if=<?=htmlspecialchars($if);?>&id=<?=$filteri;?>" class="fa fa-check-square-o" title="<?=gettext('Enable')?>" usepost></a> @@ -816,11 +814,11 @@ if ($seprows[$nrules]) { <?php endif;?> <nav class="action-buttons"> - <a href="firewall_rules_edit.php?if=<?=htmlspecialchars($if);?>&after=-1" role="button" class="btn btn-sm btn-success" title="<?=gettext('Add rule to the top of the list')?>" usepost> + <a href="firewall_rules_edit.php?if=<?=htmlspecialchars($if);?>&after=-1" role="button" class="btn btn-sm btn-success" title="<?=gettext('Add rule to the top of the list')?>"> <i class="fa fa-level-up icon-embed-btn"></i> <?=gettext("Add");?> </a> - <a href="firewall_rules_edit.php?if=<?=htmlspecialchars($if);?>" role="button" class="btn btn-sm btn-success" title="<?=gettext('Add rule to the end of the list')?>" usepost> + <a href="firewall_rules_edit.php?if=<?=htmlspecialchars($if);?>" role="button" class="btn btn-sm btn-success" title="<?=gettext('Add rule to the end of the list')?>"> <i class="fa fa-level-down icon-embed-btn"></i> <?=gettext("Add");?> </a> diff --git a/src/usr/local/www/firewall_rules_edit.php b/src/usr/local/www/firewall_rules_edit.php index d4d6e29..e23048f 100644 --- a/src/usr/local/www/firewall_rules_edit.php +++ b/src/usr/local/www/firewall_rules_edit.php @@ -39,6 +39,7 @@ require_once("shaper.inc"); $icmptypes4 = array('any' => gettext('any')); $icmptypes6 = array('any' => gettext('any')); $icmptypes46 = array('any' => gettext('any')); + foreach ($icmptypes as $k => $v) { if ($v['valid4']) { $icmptypes4[$k] = $v['descrip']; @@ -50,6 +51,7 @@ foreach ($icmptypes as $k => $v) { $icmptypes6[$k] = $v['descrip']; } } + $icmplookup = array( 'inet' => array('name' => 'IPv4', 'icmptypes' => $icmptypes4, 'helpmsg' => gettext('For ICMP rules on IPv4, one or more of these ICMP subtypes may be specified.')), 'inet6' => array('name' => 'IPv6', 'icmptypes' => $icmptypes6, 'helpmsg' => gettext('For ICMP rules on IPv6, one or more of these ICMP subtypes may be specified.')), @@ -128,6 +130,7 @@ if (count($ostypes) > 2) { $specialsrcdst = explode(" ", "any (self) pptp pppoe l2tp openvpn"); $ifdisp = get_configured_interface_with_descr(); + foreach ($ifdisp as $kif => $kdescr) { $specialsrcdst[] = "{$kif}"; $specialsrcdst[] = "{$kif}ip"; @@ -136,20 +139,21 @@ foreach ($ifdisp as $kif => $kdescr) { if (!is_array($config['filter']['rule'])) { $config['filter']['rule'] = array(); } + filter_rules_sort(); $a_filter = &$config['filter']['rule']; -if (isset($_POST['id']) && is_numericint($_POST['id'])) { - $id = $_POST['id']; +if (isset($_REQUEST['id']) && is_numericint($_REQUEST['id'])) { + $id = $_REQUEST['id']; } -if (isset($_POST['after']) && (is_numericint($_POST['after']) || $_POST['after'] == "-1")) { - $after = $_POST['after']; +if (isset($_REQUEST['after']) && (is_numericint($_REQUEST['after']) || $_REQUEST['after'] == "-1")) { + $after = $_REQUEST['after']; } -if (isset($_POST['dup']) && is_numericint($_POST['dup'])) { - $id = $_POST['dup']; - $after = $_POST['dup']; +if (isset($_REQUEST['dup']) && is_numericint($_REQUEST['dup'])) { + $id = $_REQUEST['dup']; + $after = $_REQUEST['dup']; } if (isset($id) && $a_filter[$id]) { @@ -278,7 +282,7 @@ if (isset($id) && $a_filter[$id]) { $pconfig['sched'] = (($a_filter[$id]['sched'] == "none") ? '' : $a_filter[$id]['sched']); $pconfig['vlanprio'] = (($a_filter[$id]['vlanprio'] == "none") ? '' : $a_filter[$id]['vlanprio']); $pconfig['vlanprioset'] = (($a_filter[$id]['vlanprioset'] == "none") ? '' : $a_filter[$id]['vlanprioset']); - if (!isset($_POST['dup']) || !is_numericint($_POST['dup'])) { + if (!isset($_REQUEST['dup']) || !is_numericint($_REQUEST['dup'])) { $pconfig['associated-rule-id'] = $a_filter[$id]['associated-rule-id']; } @@ -286,8 +290,8 @@ if (isset($id) && $a_filter[$id]) { } else { /* defaults */ - if ($_POST['if']) { - $pconfig['interface'] = $_POST['if']; + if ($_REQUEST['if']) { + $pconfig['interface'] = $_REQUEST['if']; } $pconfig['type'] = "pass"; $pconfig['proto'] = "tcp"; // for new blank rules, default=tcp, also ensures ports fields are visible @@ -297,7 +301,7 @@ if (isset($id) && $a_filter[$id]) { /* Allow the FloatingRules to work */ $if = $pconfig['interface']; -if (isset($_POST['dup']) && is_numericint($_POST['dup'])) { +if (isset($_REQUEST['dup']) && is_numericint($_REQUEST['dup'])) { unset($id); } @@ -1189,7 +1193,7 @@ if ($edit_disabled) { $extra = ''; foreach ($config['nat']['rule'] as $index => $nat_rule) { if ($nat_rule['associated-rule-id'] === $pconfig['associated-rule-id']) { - $extra = '<br/><a href="firewall_nat_edit.php?id='. $index .'" usepost>'. gettext('View the NAT rule') .'</a>'; + $extra = '<br/><a href="firewall_nat_edit.php?id='. $index .'">'. gettext('View the NAT rule') .'</a>'; } } diff --git a/src/usr/local/www/firewall_schedule.php b/src/usr/local/www/firewall_schedule.php index b759aba..066ae24 100644 --- a/src/usr/local/www/firewall_schedule.php +++ b/src/usr/local/www/firewall_schedule.php @@ -223,7 +223,7 @@ foreach ($a_schedules as $schedule): </td> <td> - <a class="fa fa-pencil" title="<?=gettext("Edit schedule"); ?>" href="firewall_schedule_edit.php?id=<?=$i?>" usepost></a> + <a class="fa fa-pencil" title="<?=gettext("Edit schedule"); ?>" href="firewall_schedule_edit.php?id=<?=$i?>"></a> <a class="fa fa-trash" title="<?=gettext("Delete schedule")?>" href="firewall_schedule.php?act=del&id=<?=$i?>" usepost></a> </td> @@ -240,7 +240,7 @@ endforeach; <?=($i > 0) ? CLOCK . gettext(' Indicates that the schedule is currently active.'):''?> <nav class="action-buttons"> - <a href="firewall_schedule_edit.php" class="btn btn-sm btn-success" usepost> + <a href="firewall_schedule_edit.php" class="btn btn-sm btn-success"> <i class="fa fa-plus icon-embed-btn"></i> <?=gettext("Add")?> </a> diff --git a/src/usr/local/www/firewall_schedule_edit.php b/src/usr/local/www/firewall_schedule_edit.php index 1e950b7..7267079 100644 --- a/src/usr/local/www/firewall_schedule_edit.php +++ b/src/usr/local/www/firewall_schedule_edit.php @@ -63,8 +63,8 @@ if (!is_array($config['schedules']['schedule'])) { $a_schedules = &$config['schedules']['schedule']; -if (isset($_POST['id']) && is_numericint($_POST['id'])) { - $id = $_POST['id']; +if (isset($_REQUEST['id']) && is_numericint($_REQUEST['id'])) { + $id = $_REQUEST['id']; } if (isset($id) && $a_schedules[$id]) { diff --git a/src/usr/local/www/firewall_virtual_ip.php b/src/usr/local/www/firewall_virtual_ip.php index 51c36ee..d4ea401 100644 --- a/src/usr/local/www/firewall_virtual_ip.php +++ b/src/usr/local/www/firewall_virtual_ip.php @@ -42,8 +42,6 @@ if (!is_array($config['virtualip']['vip'])) { $a_vip = &$config['virtualip']['vip']; -$pconfig = $_POST; - if ($_POST['apply']) { $check_carp = false; if (file_exists("{$g['tmp_path']}/.firewall_virtual_ip.apply")) { @@ -222,8 +220,8 @@ if ($_POST['act'] == "del") { exit; } } -} else if ($_POST['changes'] == "mods" && is_numericint($_POST['id'])) { - $id = $_POST['id']; +} else if ($_REQUEST['changes'] == "mods" && is_numericint($_REQUEST['id'])) { + $id = $_REQUEST['id']; } $types = array('proxyarp' => gettext('Proxy ARP'), @@ -315,7 +313,7 @@ foreach ($a_vip as $vipent): <?=htmlspecialchars($vipent['descr'])?> </td> <td> - <a class="fa fa-pencil" title="<?=gettext("Edit virtual ip"); ?>" href="firewall_virtual_ip_edit.php?id=<?=$i?>" usepost></a> + <a class="fa fa-pencil" title="<?=gettext("Edit virtual ip"); ?>" href="firewall_virtual_ip_edit.php?id=<?=$i?>"></a> <a class="fa fa-trash" title="<?=gettext("Delete virtual ip")?>" href="firewall_virtual_ip.php?act=del&id=<?=$i?>" usepost></a> </td> </tr> @@ -330,7 +328,7 @@ endforeach; </div> <nav class="action-buttons"> - <a href="firewall_virtual_ip_edit.php" class="btn btn-sm btn-success" usepost> + <a href="firewall_virtual_ip_edit.php" class="btn btn-sm btn-success"> <i class="fa fa-plus icon-embed-btn"></i> <?=gettext('Add')?> </a> diff --git a/src/usr/local/www/firewall_virtual_ip_edit.php b/src/usr/local/www/firewall_virtual_ip_edit.php index 9d33597..6a76e0b 100644 --- a/src/usr/local/www/firewall_virtual_ip_edit.php +++ b/src/usr/local/www/firewall_virtual_ip_edit.php @@ -41,8 +41,8 @@ if (!is_array($config['virtualip']['vip'])) { $a_vip = &$config['virtualip']['vip']; -if (isset($_POST['id']) && is_numericint($_POST['id'])) { - $id = $_POST['id']; +if (isset($_REQUEST['id']) && is_numericint($_REQUEST['id'])) { + $id = $_REQUEST['id']; } function return_first_two_octets($ip) { |