diff options
| author | Steve Beaver <sbeaver@netgate.com> | 2017-02-14 16:06:48 -0500 |
|---|---|---|
| committer | Steve Beaver <sbeaver@netgate.com> | 2017-02-14 16:06:48 -0500 |
| commit | cbb82e6b6ca03d59209ef8f76968249ca390a9a2 (patch) | |
| tree | 0423a998336ecf21d9542877fa7ada393709bf43 /src | |
| parent | 9f2bbdb44c5700384a37a9586d260492f14f7602 (diff) | |
| download | pfsense-cbb82e6b6ca03d59209ef8f76968249ca390a9a2.zip pfsense-cbb82e6b6ca03d59209ef8f76968249ca390a9a2.tar.gz | |
GET/POST conversions
Diffstat (limited to 'src')
22 files changed, 123 insertions, 149 deletions
diff --git a/src/usr/local/www/bandwidth_by_ip.php b/src/usr/local/www/bandwidth_by_ip.php index d380322..9259924 100644 --- a/src/usr/local/www/bandwidth_by_ip.php +++ b/src/usr/local/www/bandwidth_by_ip.php @@ -27,8 +27,9 @@ require_once('util.inc'); $listedIPs = ""; //get interface IP and break up into an array -$interface = $_GET['if']; +$interface = $_REQUEST['if']; $real_interface = get_real_interface($interface); + if (!does_interface_exist($real_interface)) { echo gettext("Wrong Interface"); return; @@ -40,7 +41,7 @@ $netmask = find_interface_subnet($real_interface); $intsubnet = gen_subnet($intip, $netmask) . "/$netmask"; // see if they want local, remote or all IPs returned -$filter = $_GET['filter']; +$filter = $_REQUEST['filter']; if ($filter == "") { $filter = "local"; @@ -56,7 +57,7 @@ if ($filter == "local") { } //get the sort method -$sort = $_GET['sort']; +$sort = $_REQUEST['sort']; if ($sort == "out") { $sort_method = "-T"; } else { @@ -64,7 +65,7 @@ if ($sort == "out") { } // get the desired format for displaying the host name or IP -$hostipformat = $_GET['hostipformat']; +$hostipformat = $_REQUEST['hostipformat']; $iplookup = array(); // If hostname, description or FQDN is requested then load the locally-known IP address - host/description mappings into an array keyed by IP address. if ($hostipformat != "") { diff --git a/src/usr/local/www/diag_confbak.php b/src/usr/local/www/diag_confbak.php index 39d2ed3..5c3e3c9 100644 --- a/src/usr/local/www/diag_confbak.php +++ b/src/usr/local/www/diag_confbak.php @@ -60,7 +60,7 @@ if ($_REQUEST['getcfg'] != "") { $_REQUEST['getcfg'] = basename($_REQUEST['getcfg']); $file = $g['conf_path'] . '/backup/config-' . $_REQUEST['getcfg'] . '.xml'; - $exp_name = urlencode("config-{$config['system']['hostname']}.{$config['system']['domain']}-{$_GET['getcfg']}.xml"); + $exp_name = urlencode("config-{$config['system']['hostname']}.{$config['system']['domain']}-{$_REQUEST['getcfg']}.xml"); $exp_data = file_get_contents($file); $exp_size = strlen($exp_data); diff --git a/src/usr/local/www/diag_dump_states_sources.php b/src/usr/local/www/diag_dump_states_sources.php index b5c7b39..f618981 100644 --- a/src/usr/local/www/diag_dump_states_sources.php +++ b/src/usr/local/www/diag_dump_states_sources.php @@ -34,7 +34,7 @@ if ($_POST['action']) { if ($_POST['action'] == "remove") { if (is_ipaddr($_POST['srcip']) && is_ipaddr($_POST['dstip'])) { $retval = mwexec("/sbin/pfctl -K " . escapeshellarg($_POST['srcip']) . " -K " . escapeshellarg($_POST['dstip'])); - echo htmlentities("|{$_GET['srcip']}|{$_POST['dstip']}|{$retval}|"); + echo htmlentities("|{$_POST['srcip']}|{$_POST['dstip']}|{$retval}|"); } else { echo gettext("invalid input"); } diff --git a/src/usr/local/www/diag_gmirror.php b/src/usr/local/www/diag_gmirror.php index 0deaa09..e11587f 100644 --- a/src/usr/local/www/diag_gmirror.php +++ b/src/usr/local/www/diag_gmirror.php @@ -162,7 +162,7 @@ foreach ($unused_disks as $disk) { if ($input_errors) { print_input_errors($input_errors); } -if ($_GET["error"] && ($_GET["error"] != 0)) { +if ($_REQUEST["error"] && ($_REQUEST["error"] != 0)) { print_info_box(gettext("There was an error performing the chosen mirror operation. Check the System Log for details.")); } @@ -171,26 +171,26 @@ if ($_GET["error"] && ($_GET["error"] != 0)) { <!-- Confirmation screen --> <?php -if ($_GET["action"]): ?> +if ($_REQUEST["action"]): ?> <div class="panel panel-default"> <div class="panel-heading"><h2 class="panel-title"><?=gettext('Confirm Action')?></h2></div> <div class="panel-body"> <strong><?=gettext('Please confirm the selected action: '); ?></strong> - <span style="color:green"><?=$action_list[$_GET["action"]]; ?></span> - <input type="hidden" name="action" value="<?=htmlspecialchars($_GET['action']); ?>" /> + <span style="color:green"><?=$action_list[$_REQUEST["action"]]; ?></span> + <input type="hidden" name="action" value="<?=htmlspecialchars($_REQUEST['action']); ?>" /> <?php - if (!empty($_GET["mirror"])): ?> + if (!empty($_REQUEST["mirror"])): ?> <br /><strong><?=gettext("Mirror: "); ?></strong> - <?=htmlspecialchars($_GET['mirror']); ?> - <input type="hidden" name="mirror" value="<?=htmlspecialchars($_GET['mirror']); ?>" /> + <?=htmlspecialchars($_REQUEST['mirror']); ?> + <input type="hidden" name="mirror" value="<?=htmlspecialchars($_REQUEST['mirror']); ?>" /> <?php endif; ?> <?php - if (!empty($_GET["consumer"])): ?> + if (!empty($_REQUEST["consumer"])): ?> <br /><strong><?=gettext("Consumer"); ?>:</strong> - <?=htmlspecialchars($_GET["consumer"]); ?> - <input type="hidden" name="consumer" value="<?=htmlspecialchars($_GET["consumer"]); ?>" /> + <?=htmlspecialchars($_REQUEST["consumer"]); ?> + <input type="hidden" name="consumer" value="<?=htmlspecialchars($_REQUEST["consumer"]); ?>" /> <?php endif; ?> <br /> diff --git a/src/usr/local/www/diag_sockets.php b/src/usr/local/www/diag_sockets.php index 8132832..f6c3370 100644 --- a/src/usr/local/www/diag_sockets.php +++ b/src/usr/local/www/diag_sockets.php @@ -45,7 +45,7 @@ $showAllOption = $showAll ? "" : "?showAll"; <br /> <?php - if (isset($_GET['showAll'])) { + if (isset($_REQUEST['showAll'])) { $internet4 = shell_exec('sockstat -4'); $internet6 = shell_exec('sockstat -6'); } else { diff --git a/src/usr/local/www/easyrule.php b/src/usr/local/www/easyrule.php index d63fe6c..b7afaaf 100644 --- a/src/usr/local/www/easyrule.php +++ b/src/usr/local/www/easyrule.php @@ -75,34 +75,34 @@ if ($input_errors) { <div class="content"> <?php if (!$confirmed && !empty($_REQUEST['action'])) { ?> - <?php if ($_GET['action'] == 'block'): ?> - <b><?=gettext("Rule Type")?>:</b> <?=htmlspecialchars(ucfirst(gettext($_GET['action'])))?> - <br/><b><?=gettext("Interface")?>:</b> <?=htmlspecialchars(strtoupper($_GET['int']))?> - <input type="hidden" name="int" value="<?=htmlspecialchars($_GET['int'])?>" /> - <br/><b><?= gettext("Source") ?>:</b> <?=htmlspecialchars($_GET['src'])?> - <input type="hidden" name="src" value="<?=htmlspecialchars($_GET['src'])?>" /> - <br/><b><?=gettext("IP Protocol")?>:</b> <?=htmlspecialchars(ucfirst($_GET['ipproto']))?> - <input type="hidden" name="ipproto" value="<?=htmlspecialchars($_GET['ipproto'])?>" /> - <?php elseif ($_GET['action'] == 'pass'): ?> - <b><?=gettext("Rule Type")?>:</b> <?=htmlspecialchars(ucfirst(gettext($_GET['action'])))?> - <br/><b><?=gettext("Interface")?>:</b> <?=htmlspecialchars(strtoupper($_GET['int']))?> - <input type="hidden" name="int" value="<?=htmlspecialchars($_GET['int'])?>" /> - <br/><b><?=gettext("Protocol")?>:</b> <?=htmlspecialchars(strtoupper($_GET['proto']))?> - <input type="hidden" name="proto" value="<?=htmlspecialchars($_GET['proto'])?>" /> - <br/><b><?=gettext("Source")?>:</b> <?=htmlspecialchars($_GET['src'])?> - <input type="hidden" name="src" value="<?=htmlspecialchars($_GET['src'])?>" /> - <br/><b><?=gettext("Destination")?>:</b> <?=htmlspecialchars($_GET['dst'])?> - <input type="hidden" name="dst" value="<?=htmlspecialchars($_GET['dst'])?>" /> - <br/><b><?=gettext("Destination Port")?>:</b> <?=htmlspecialchars($_GET['dstport'])?> - <input type="hidden" name="dstport" value="<?=htmlspecialchars($_GET['dstport'])?>" /> - <br/><b><?=gettext("IP Protocol")?>:</b> <?=htmlspecialchars(ucfirst($_GET['ipproto']))?> - <input type="hidden" name="ipproto" value="<?=htmlspecialchars($_GET['ipproto'])?>" /> + <?php if ($_REQUEST['action'] == 'block'): ?> + <b><?=gettext("Rule Type")?>:</b> <?=htmlspecialchars(ucfirst(gettext($_REQUEST['action'])))?> + <br/><b><?=gettext("Interface")?>:</b> <?=htmlspecialchars(strtoupper($_REQUEST['int']))?> + <input type="hidden" name="int" value="<?=htmlspecialchars($_REQUEST['int'])?>" /> + <br/><b><?= gettext("Source") ?>:</b> <?=htmlspecialchars($_REQUEST['src'])?> + <input type="hidden" name="src" value="<?=htmlspecialchars($_REQUEST['src'])?>" /> + <br/><b><?=gettext("IP Protocol")?>:</b> <?=htmlspecialchars(ucfirst($_REQUEST['ipproto']))?> + <input type="hidden" name="ipproto" value="<?=htmlspecialchars($_REQUEST['ipproto'])?>" /> + <?php elseif ($_REQUEST['action'] == 'pass'): ?> + <b><?=gettext("Rule Type")?>:</b> <?=htmlspecialchars(ucfirst(gettext($_REQUEST['action'])))?> + <br/><b><?=gettext("Interface")?>:</b> <?=htmlspecialchars(strtoupper($_REQUEST['int']))?> + <input type="hidden" name="int" value="<?=htmlspecialchars($_REQUEST['int'])?>" /> + <br/><b><?=gettext("Protocol")?>:</b> <?=htmlspecialchars(strtoupper($_REQUEST['proto']))?> + <input type="hidden" name="proto" value="<?=htmlspecialchars($_REQUEST['proto'])?>" /> + <br/><b><?=gettext("Source")?>:</b> <?=htmlspecialchars($_REQUEST['src'])?> + <input type="hidden" name="src" value="<?=htmlspecialchars($_REQUEST['src'])?>" /> + <br/><b><?=gettext("Destination")?>:</b> <?=htmlspecialchars($_REQUEST['dst'])?> + <input type="hidden" name="dst" value="<?=htmlspecialchars($_REQUEST['dst'])?>" /> + <br/><b><?=gettext("Destination Port")?>:</b> <?=htmlspecialchars($_REQUEST['dstport'])?> + <input type="hidden" name="dstport" value="<?=htmlspecialchars($_REQUEST['dstport'])?>" /> + <br/><b><?=gettext("IP Protocol")?>:</b> <?=htmlspecialchars(ucfirst($_REQUEST['ipproto']))?> + <input type="hidden" name="ipproto" value="<?=htmlspecialchars($_REQUEST['ipproto'])?>" /> <?php else: $message = gettext("Invalid action specified."); endif; ?> <br/><br/> <?php if (empty($message)): ?> - <input type="hidden" name="action" value="<?=htmlspecialchars($_GET['action'])?>" /> + <input type="hidden" name="action" value="<?=htmlspecialchars($_REQUEST['action'])?>" /> <input type="hidden" name="confirmed" value="true" /> <button type="submit" class="btn btn-success" name="erconfirm" id="erconfirm" value="<?=gettext("Confirm")?>"> <i class="fa fa-check icon-embed-btn"></i> diff --git a/src/usr/local/www/getserviceproviders.php b/src/usr/local/www/getserviceproviders.php index 12e3fa1..b9fd2b1 100644 --- a/src/usr/local/www/getserviceproviders.php +++ b/src/usr/local/www/getserviceproviders.php @@ -124,15 +124,15 @@ function provider_plans_list($country, $provider) { } } -$_GET_OR_POST = ($_SERVER['REQUEST_METHOD'] === 'POST') ? $_POST : $_GET; +$_REQ_OR_POST = ($_SERVER['REQUEST_METHOD'] === 'POST') ? $_POST : $_REQUEST; -if (isset($_GET_OR_POST['country']) && !isset($_GET_OR_POST['provider'])) { - providers_list($_GET_OR_POST['country']); -} elseif (isset($_GET_OR_POST['country']) && isset($_GET_OR_POST['provider'])) { - if (isset($_GET_OR_POST['plan'])) { - provider_plan_data($_GET_OR_POST['country'], $_GET_OR_POST['provider'], $_GET_OR_POST['plan']); +if (isset($_REQ_OR_POST['country']) && !isset($_REQ_OR_POST['provider'])) { + providers_list($_REQ_OR_POST['country']); +} elseif (isset($_REQ_OR_POST['country']) && isset($_REQ_OR_POST['provider'])) { + if (isset($_REQ_OR_POST['plan'])) { + provider_plan_data($_REQ_OR_POST['country'], $_REQ_OR_POST['provider'], $_REQ_OR_POST['plan']); } else { - provider_plans_list($_GET_OR_POST['country'], $_GET_OR_POST['provider']); + provider_plans_list($_REQ_OR_POST['country'], $_REQ_OR_POST['provider']); } } else { country_list(); diff --git a/src/usr/local/www/graph.php b/src/usr/local/www/graph.php index 1ab5ec7..2d3c1f8 100644 --- a/src/usr/local/www/graph.php +++ b/src/usr/local/www/graph.php @@ -41,10 +41,10 @@ header("Cache-Control: no-cache, no-store, must-revalidate"); // HTTP/1.1 header("Pragma: no-cache"); // HTTP/1.0 header("Content-type: image/svg+xml"); -/********** HTTP GET Based Conf ***********/ -$ifnum = @$_GET["ifnum"]; // BSD / SNMP interface name / number +/********** HTTP REQUEST Based Conf ***********/ +$ifnum = @$_REQUEST["ifnum"]; // BSD / SNMP interface name / number $ifnum = get_real_interface($ifnum); -$ifname = @$_GET["ifname"]?$_GET["ifname"]:"Interface $ifnum"; //Interface name that will be showed on top right of graph +$ifname = @$_REQUEST["ifname"]?$_REQUEST["ifname"]:"Interface $ifnum"; //Interface name that will be showed on top right of graph /********* Other conf *******/ if (isset($config["widgets"]["trafficgraphs"]["scale_type"])) { @@ -54,14 +54,14 @@ if (isset($config["widgets"]["trafficgraphs"]["scale_type"])) { } $nb_plot=120; //NB plot in graph -if ($_GET["timeint"]) { - $time_interval = $_GET["timeint"]; //Refresh time Interval +if ($_REQUEST["timeint"]) { + $time_interval = $_REQUEST["timeint"]; //Refresh time Interval } else { $time_interval = 3; } -if ($_GET["initdelay"]) { - $init_delay = $_GET["initdelay"]; //Initial Delay +if ($_REQUEST["initdelay"]) { + $init_delay = $_REQUEST["initdelay"]; //Initial Delay } else { $init_delay = 3; } @@ -161,7 +161,7 @@ if (typeof getURL == 'undefined') { contentType : http_request.getResponseHeader("Content-Type") } ); } } - http_request.open('GET', url, true); + http_request.open('REQUEST', url, true); http_request.send(null); } } diff --git a/src/usr/local/www/help.php b/src/usr/local/www/help.php index 9c4b9a6..ed657d4 100644 --- a/src/usr/local/www/help.php +++ b/src/usr/local/www/help.php @@ -328,8 +328,8 @@ $helppages = array( $pagename = ""; /* Check for parameter "page". */ -if ($_GET && isset($_GET['page'])) { - $pagename = $_GET['page']; +if ($_REQUEST && isset($_REQUEST['page'])) { + $pagename = $_REQUEST['page']; } /* If "page" is not found, check referring URL */ diff --git a/src/usr/local/www/ifstats.php b/src/usr/local/www/ifstats.php index c06c51d..dd10b93 100644 --- a/src/usr/local/www/ifstats.php +++ b/src/usr/local/www/ifstats.php @@ -81,7 +81,7 @@ if($_POST['if']) { } else { - $if = $_GET['if']; + $if = $_REQUEST['if']; $realif = get_real_interface($if); diff --git a/src/usr/local/www/index.php b/src/usr/local/www/index.php index 4e393b3..cfd4578 100644 --- a/src/usr/local/www/index.php +++ b/src/usr/local/www/index.php @@ -48,8 +48,8 @@ if (isset($_POST['closenotice'])) { exit; } -if (isset($_GET['closenotice'])) { - close_notice($_GET['closenotice']); +if (isset($_REQUEST['closenotice'])) { + close_notice($_REQUEST['closenotice']); sleep(1); } diff --git a/src/usr/local/www/load_balancer_monitor.php b/src/usr/local/www/load_balancer_monitor.php index f33052a..726af6b 100644 --- a/src/usr/local/www/load_balancer_monitor.php +++ b/src/usr/local/www/load_balancer_monitor.php @@ -35,24 +35,23 @@ if (!is_array($config['load_balancer']['monitor_type'])) { } $a_monitor = &$config['load_balancer']['monitor_type']; -if ($_POST) { - $pconfig = $_POST; +$pconfig = $_POST; - if ($_POST['apply']) { - $retval = 0; - $retval |= filter_configure(); - $retval |= relayd_configure(); +if ($_POST['apply']) { + $retval = 0; + $retval |= filter_configure(); + $retval |= relayd_configure(); - clear_subsystem_dirty('loadbalancer'); - } + clear_subsystem_dirty('loadbalancer'); } -if ($_GET['act'] == "del") { - if (array_key_exists($_GET['id'], $a_monitor)) { + +if ($_POST['act'] == "del") { + if (array_key_exists($_POST['id'], $a_monitor)) { /* make sure no pools reference this entry */ if (is_array($config['load_balancer']['lbpool'])) { foreach ($config['load_balancer']['lbpool'] as $pool) { - if ($pool['monitor'] == $a_monitor[$_GET['id']]['name']) { + if ($pool['monitor'] == $a_monitor[$_POST['id']]['name']) { $input_errors[] = gettext("This entry cannot be deleted because it is still referenced by at least one pool."); break; } @@ -60,7 +59,7 @@ if ($_GET['act'] == "del") { } if (!$input_errors) { - unset($a_monitor[$_GET['id']]); + unset($a_monitor[$_POST['id']]); write_config(); mark_subsystem_dirty('loadbalancer'); header("Location: load_balancer_monitor.php"); @@ -127,7 +126,7 @@ foreach ($a_monitor as $monitor) { <td> <a class="fa fa-pencil" title="<?=gettext('Edit monitor')?>" href="load_balancer_monitor_edit.php?id=<?=$idx?>"></a> <a class="fa fa-clone" title="<?=gettext('Copy monitor')?>" href="load_balancer_monitor_edit.php?act=dup&id=<?=$idx?>"></a> - <a class="fa fa-trash" title="<?=gettext('Delete monitor')?>" href="load_balancer_monitor.php?act=del&id=<?=$idx?>"></a> + <a class="fa fa-trash" title="<?=gettext('Delete monitor')?>" href="load_balancer_monitor.php?act=del&id=<?=$idx?>" usepost></a> </td> </tr> <?php diff --git a/src/usr/local/www/load_balancer_monitor_edit.php b/src/usr/local/www/load_balancer_monitor_edit.php index 8637f89..f0f4ce6 100644 --- a/src/usr/local/www/load_balancer_monitor_edit.php +++ b/src/usr/local/www/load_balancer_monitor_edit.php @@ -36,14 +36,7 @@ if (!is_array($config['load_balancer']['monitor_type'])) { } $a_monitor = &$config['load_balancer']['monitor_type']; - -if (is_numericint($_GET['id'])) { - $id = $_GET['id']; -} - -if (isset($_POST['id']) && is_numericint($_POST['id'])) { - $id = $_POST['id']; -} +$id = $_REQUEST['id']; if (isset($id) && $a_monitor[$id]) { $pconfig['name'] = $a_monitor[$id]['name']; @@ -57,14 +50,14 @@ if (isset($id) && $a_monitor[$id]) { $pconfig['options']['code'] = 200; } -if ($_GET['act'] == "dup") { +if ($_REQUEST['act'] == "dup") { unset($id); } $changedesc = gettext("Load Balancer: Monitor:") . " "; $changecount = 0; -if ($_POST) { +if ($_POST['save']) { $changecount++; unset($input_errors); diff --git a/src/usr/local/www/load_balancer_pool.php b/src/usr/local/www/load_balancer_pool.php index d2ade6a..42bdd8d 100644 --- a/src/usr/local/www/load_balancer_pool.php +++ b/src/usr/local/www/load_balancer_pool.php @@ -39,7 +39,7 @@ if (!is_array($config['load_balancer']['lbpool'])) { $a_pool = &$config['load_balancer']['lbpool']; -if ($_POST) { +if ($_POST['save']) { $pconfig = $_POST; if ($_POST['apply']) { @@ -51,12 +51,12 @@ if ($_POST) { } } -if ($_GET['act'] == "del") { - if (array_key_exists($_GET['id'], $a_pool)) { +if ($_POST['act'] == "del") { + if (array_key_exists($_POST['id'], $a_pool)) { /* make sure no virtual servers reference this entry */ if (is_array($config['load_balancer']['virtual_server'])) { foreach ($config['load_balancer']['virtual_server'] as $vs) { - if ($vs['poolname'] == $a_pool[$_GET['id']]['name']) { + if ($vs['poolname'] == $a_pool[$_POST['id']]['name']) { $input_errors[] = gettext("This entry cannot be deleted because it is still referenced by at least one virtual server."); break; } @@ -64,7 +64,7 @@ if ($_GET['act'] == "del") { } if (!$input_errors) { - unset($a_pool[$_GET['id']]); + unset($a_pool[$_POST['id']]); write_config(); mark_subsystem_dirty('loadbalancer'); header("Location: load_balancer_pool.php"); @@ -162,7 +162,7 @@ foreach ($a_pool as $pool) { <td> <a class="fa fa-pencil" title="<?=gettext('Edit pool')?>" href="load_balancer_pool_edit.php?id=<?=$idx?>"></a> <a class="fa fa-clone" title="<?=gettext('Copy pool')?>" href="load_balancer_pool_edit.php?act=dup&id=<?=$idx?>"></a> - <a class="fa fa-trash" title="<?=gettext('Delete pool')?>" href="load_balancer_pool.php?act=del&id=<?=$idx?>"></a> + <a class="fa fa-trash" title="<?=gettext('Delete pool')?>" href="load_balancer_pool.php?act=del&id=<?=$idx?>" usepost></a> </td> </tr> <?php diff --git a/src/usr/local/www/load_balancer_pool_edit.php b/src/usr/local/www/load_balancer_pool_edit.php index 6e1d0fb..6478d8c 100644 --- a/src/usr/local/www/load_balancer_pool_edit.php +++ b/src/usr/local/www/load_balancer_pool_edit.php @@ -39,12 +39,8 @@ if (!is_array($config['load_balancer']['lbpool'])) { $a_pool = &$config['load_balancer']['lbpool']; -if (is_numericint($_GET['id'])) { - $id = $_GET['id']; -} -if (isset($_POST['id']) && is_numericint($_POST['id'])) { - $id = $_POST['id']; -} +$id = $_REQUEST['id']; + if (isset($id) && $a_pool[$id]) { $pconfig['name'] = $a_pool[$id]['name']; @@ -62,7 +58,7 @@ $changecount = 0; $allowed_modes = array("loadbalance", "failover"); -if ($_POST) { +if ($_POST['save']) { $changecount++; unset($input_errors); @@ -451,7 +447,7 @@ $group->add(new Form_Button( $section->add($group); -if (isset($id) && $a_pool[$id] && $_GET['act'] != 'dup') { +if (isset($id) && $a_pool[$id] && $_REQUEST['act'] != 'dup') { $section->addInput(new Form_Input( 'id', null, diff --git a/src/usr/local/www/load_balancer_virtual_server.php b/src/usr/local/www/load_balancer_virtual_server.php index ed52ecc..7eaefa2 100644 --- a/src/usr/local/www/load_balancer_virtual_server.php +++ b/src/usr/local/www/load_balancer_virtual_server.php @@ -36,9 +36,10 @@ require_once("vslb.inc"); if (!is_array($config['load_balancer']['virtual_server'])) { $config['load_balancer']['virtual_server'] = array(); } + $a_vs = &$config['load_balancer']['virtual_server']; -if ($_POST) { +if ($_POST['save']) { $pconfig = $_POST; if ($_POST['apply']) { @@ -51,12 +52,12 @@ if ($_POST) { } } -if ($_GET['act'] == "del") { - if (array_key_exists($_GET['id'], $a_vs)) { +if ($_POST['act'] == "del") { + if (array_key_exists($_POST['id'], $a_vs)) { if (!$input_errors) { - cleanup_lb_mark_anchor($a_vs[$_GET['id']]['name']); - unset($a_vs[$_GET['id']]); + cleanup_lb_mark_anchor($a_vs[$_POST['id']]['name']); + unset($a_vs[$_POST['id']]); write_config(); mark_subsystem_dirty('loadbalancer'); header("Location: load_balancer_virtual_server.php"); @@ -177,7 +178,7 @@ if (!empty($a_vs)) { <td> <a class="fa fa-pencil" title="<?=gettext('Edit virtual server')?>" href="load_balancer_virtual_server_edit.php?id=<?=$i?>"></a> <a class="fa fa-clone" title="<?=gettext('Copy virtual server')?>" href="load_balancer_virtual_server_edit.php?act=dup&id=<?=$i?>"></a> - <a class="fa fa-trash" title="<?=gettext('Delete virtual server')?>" href="load_balancer_virtual_server.php?act=del&id=<?=$i?>"></a> + <a class="fa fa-trash" title="<?=gettext('Delete virtual server')?>" href="load_balancer_virtual_server.php?act=del&id=<?=$i?>" usepost></a> </td> </tr> <?php diff --git a/src/usr/local/www/load_balancer_virtual_server_edit.php b/src/usr/local/www/load_balancer_virtual_server_edit.php index c3e1d1e..17fd92a 100644 --- a/src/usr/local/www/load_balancer_virtual_server_edit.php +++ b/src/usr/local/www/load_balancer_virtual_server_edit.php @@ -38,14 +38,9 @@ if (isset($_POST['referer'])) { if (!is_array($config['load_balancer']['virtual_server'])) { $config['load_balancer']['virtual_server'] = array(); } -$a_vs = &$config['load_balancer']['virtual_server']; -if (is_numericint($_GET['id'])) { - $id = $_GET['id']; -} -if (isset($_POST['id']) && is_numericint($_POST['id'])) { - $id = $_POST['id']; -} +$a_vs = &$config['load_balancer']['virtual_server']; +$id = $_REQUEST['id']; if (isset($id) && $a_vs[$id]) { $pconfig = $a_vs[$id]; @@ -59,7 +54,7 @@ $changecount = 0; $allowed_protocols = array("tcp", "dns"); -if ($_POST) { +if ($_POST['save']) { unset($input_errors); $pconfig = $_POST; @@ -257,7 +252,7 @@ $section->addInput(new Form_Select( ['tcp' => 'TCP', 'dns' => 'DNS'] )); -if (isset($id) && $a_vs[$id] && $_GET['act'] != 'dup') { +if (isset($id) && $a_vs[$id] && $_REQUEST['act'] != 'dup') { $section->addInput(new Form_Input( 'id', null, diff --git a/src/usr/local/www/status_captiveportal.php b/src/usr/local/www/status_captiveportal.php index 06bbb87..cc16819 100644 --- a/src/usr/local/www/status_captiveportal.php +++ b/src/usr/local/www/status_captiveportal.php @@ -58,7 +58,7 @@ function print_details($cpent) { } /* print idle time and time left before disconnection if idle timeout is set */ - if ($_GET['showact']) { + if ($_REQUEST['showact']) { $last_act = captiveportal_get_last_activity($cpent[2], $cpent[3]); /* if the user never sent traffic, set last activity time to the login time */ @@ -86,15 +86,12 @@ function print_details($cpent) { printf("%s</a>", htmlspecialchars($cpent[4])); } -$cpzone = $_GET['zone']; -if (isset($_POST['zone'])) { - $cpzone = $_POST['zone']; -} -$cpzone = strtolower($cpzone); +$cpzone = strtolower($_REQUEST['zone']); if (!is_array($config['captiveportal'])) { $config['captiveportal'] = array(); } + $a_cp =& $config['captiveportal']; if (count($a_cp) == 1) { @@ -110,10 +107,10 @@ if (isset($cpzone) && !empty($cpzone) && isset($a_cp[$cpzone]['zoneid'])) { $cpzoneid = $a_cp[$cpzone]['zoneid']; } -if ($_GET['act'] == "del" && !empty($cpzone) && isset($cpzoneid) && isset($_GET['id'])) { - captiveportal_disconnect_client($_GET['id'], 6); +if ($_POST['act'] == "del" && !empty($cpzone) && isset($cpzoneid) && isset($_POST['id'])) { + captiveportal_disconnect_client($_POST['id'], 6); /* keep displaying last activity times */ - if ($_GET['showact']) { + if ($_POST['showact']) { header("Location: status_captiveportal.php?zone={$cpzone}&showact=1"); } else { header("Location: status_captiveportal.php?zone={$cpzone}"); @@ -121,7 +118,7 @@ if ($_GET['act'] == "del" && !empty($cpzone) && isset($cpzoneid) && isset($_GET[ exit; } -if ($_GET['deleteall'] && !empty($cpzone) && isset($cpzoneid)) { +if ($POST['deleteall'] && !empty($cpzone) && isset($cpzoneid)) { captiveportal_disconnect_all(); header("Location: status_captiveportal.php?zone={$cpzone}"); exit; @@ -200,7 +197,7 @@ if (!empty($cpzone)): ?> <th><?=gettext("Username")?></th> <th><?=gettext("Session start")?></th> <?php - if ($_GET['showact']): + if ($_REQUEST['showact']): ?> <th><?=gettext("Last activity")?></th> <?php @@ -235,7 +232,7 @@ if (!empty($cpzone)): ?> ?> <td><?php print_details($cpent); ?></td> <?php - if ($_GET['showact']): + if ($_REQUEST['showact']): $last_act = captiveportal_get_last_activity($cpent[2], $cpent[3]); /* if the user never sent traffic, set last activity time to the login time */ $last_act = $last_act ? $last_act : $cpent[0]; @@ -254,7 +251,7 @@ if (!empty($cpzone)): ?> endif; ?> <td> - <a href="?zone=<?=htmlspecialchars($cpzone)?>&showact=<?=htmlspecialchars($_GET['showact'])?>&act=del&id=<?=htmlspecialchars($cpent[5])?>"><i class="fa fa-trash" title="<?=gettext("Disconnect this User")?>"></i></a> + <a href="?zone=<?=htmlspecialchars($cpzone)?>&showact=<?=htmlspecialchars($_REQUEST['showact'])?>&act=del&id=<?=htmlspecialchars($cpent[5])?>" usepost><i class="fa fa-trash" title="<?=gettext("Disconnect this User")?>"></i></a> </td> </tr> <?php @@ -276,7 +273,7 @@ endif; <nav class="action-buttons"> <?php if (!empty($cpzone)): - if ($_GET['showact']): ?> + if ($_REQUEST['showact']): ?> <a href="status_captiveportal.php?zone=<?=htmlspecialchars($cpzone)?>&showact=0" role="button" class="btn btn-info" title="<?=gettext("Don't show last activity")?>"> <i class="fa fa-minus-circle icon-embed-btn"></i> <?=gettext("Hide Last Activity")?> @@ -291,7 +288,7 @@ if (!empty($cpzone)): <?php endif; ?> - <a href="status_captiveportal.php?zone=<?=htmlspecialchars($cpzone)?>&deleteall=1" role="button" class="btn btn-danger" title="<?=gettext("Disconnect all active users")?>"> + <a href="status_captiveportal.php?zone=<?=htmlspecialchars($cpzone)?>&deleteall=1" role="button" class="btn btn-danger" title="<?=gettext("Disconnect all active users")?>" usepost> <i class="fa fa-trash icon-embed-btn"></i> <?=gettext("Disconnect All Users")?> </a> diff --git a/src/usr/local/www/status_captiveportal_expire.php b/src/usr/local/www/status_captiveportal_expire.php index 29b030b..3030d1e 100644 --- a/src/usr/local/www/status_captiveportal_expire.php +++ b/src/usr/local/www/status_captiveportal_expire.php @@ -34,16 +34,14 @@ require_once("shaper.inc"); require_once("captiveportal.inc"); require_once("voucher.inc"); -$cpzone = $_GET['zone']; -if (isset($_POST['zone'])) { - $cpzone = $_POST['zone']; -} -$cpzone = strtolower($cpzone); +$cpzone = strtolower($_REQUEST['zone']); if (!is_array($config['captiveportal'])) { $config['captiveportal'] = array(); } + $a_cp =& $config['captiveportal']; + /* If the zone does not exist, do not display the invalid zone */ if (!array_key_exists($cpzone, $a_cp)) { $cpzone = ""; @@ -59,7 +57,7 @@ $pglinks = array("", "status_captiveportal.php", "status_captiveportal.php?zone= include("head.inc"); -if ($_POST) { +if ($_POST['save']) { if ($_POST['vouchers']) { if (voucher_expire($_POST['vouchers'])) { print_info_box(gettext('Voucher(s) successfully marked.'), 'success', false); diff --git a/src/usr/local/www/status_captiveportal_test.php b/src/usr/local/www/status_captiveportal_test.php index 5436bd3..71a5625 100644 --- a/src/usr/local/www/status_captiveportal_test.php +++ b/src/usr/local/www/status_captiveportal_test.php @@ -34,16 +34,14 @@ require_once("shaper.inc"); require_once("captiveportal.inc"); require_once("voucher.inc"); -$cpzone = $_GET['zone']; -if (isset($_POST['zone'])) { - $cpzone = $_POST['zone']; -} -$cpzone = strtolower($cpzone); +$cpzone = strtolower($_REQUEST['zone']); if (!is_array($config['captiveportal'])) { $config['captiveportal'] = array(); } + $a_cp =& $config['captiveportal']; + /* If the zone does not exist, do not display the invalid zone */ if (!array_key_exists($cpzone, $a_cp)) { $cpzone = ""; @@ -60,7 +58,7 @@ $shortcut_section = "captiveportal-vouchers"; include("head.inc"); -if ($_POST) { +if ($_POST['save']) { if ($_POST['vouchers']) { $test_results = voucher_auth($_POST['vouchers'], 1); $output = ""; diff --git a/src/usr/local/www/status_captiveportal_voucher_rolls.php b/src/usr/local/www/status_captiveportal_voucher_rolls.php index e5ffefc..c730498 100644 --- a/src/usr/local/www/status_captiveportal_voucher_rolls.php +++ b/src/usr/local/www/status_captiveportal_voucher_rolls.php @@ -34,16 +34,14 @@ require_once("shaper.inc"); require_once("captiveportal.inc"); require_once("voucher.inc"); -$cpzone = $_GET['zone']; -if (isset($_POST['zone'])) { - $cpzone = $_POST['zone']; -} -$cpzone = strtolower($cpzone); +$cpzone = strtolower($_REQUEST['zone']); if (!is_array($config['captiveportal'])) { $config['captiveportal'] = array(); } + $a_cp =& $config['captiveportal']; + /* If the zone does not exist, do not display the invalid zone */ if (!array_key_exists($cpzone, $a_cp)) { $cpzone = ""; diff --git a/src/usr/local/www/status_captiveportal_vouchers.php b/src/usr/local/www/status_captiveportal_vouchers.php index fafe544..043ac57 100644 --- a/src/usr/local/www/status_captiveportal_vouchers.php +++ b/src/usr/local/www/status_captiveportal_vouchers.php @@ -34,16 +34,14 @@ require_once("shaper.inc"); require_once("captiveportal.inc"); require_once("voucher.inc"); -$cpzone = $_GET['zone']; -if (isset($_POST['zone'])) { - $cpzone = $_POST['zone']; -} -$cpzone = strtolower($cpzone); +$cpzone = strtolower($_REQUEST['zone']); if (!is_array($config['captiveportal'])) { $config['captiveportal'] = array(); } + $a_cp =& $config['captiveportal']; + /* If the zone does not exist, do not display the invalid zone */ if (!array_key_exists($cpzone, $a_cp)) { $cpzone = ""; |
