summaryrefslogtreecommitdiffstats
path: root/usr/local/www/widgets/widgets
diff options
context:
space:
mode:
authorRenato Botelho <garga@FreeBSD.org>2014-06-18 16:39:11 -0300
committerRenato Botelho <garga@FreeBSD.org>2014-06-18 16:39:11 -0300
commitd1dda498173f09ca0deb5331d6be77abbe8d6e61 (patch)
treed3c29f6bc732e77214b8066c751e2276ebe007d4 /usr/local/www/widgets/widgets
parentf1a13a7fce25768488e5d92294fe928669201fcf (diff)
downloadpfsense-d1dda498173f09ca0deb5331d6be77abbe8d6e61.zip
pfsense-d1dda498173f09ca0deb5331d6be77abbe8d6e61.tar.gz
Simplify logic, add some protection to user input parameters
Diffstat (limited to 'usr/local/www/widgets/widgets')
-rw-r--r--usr/local/www/widgets/widgets/log.widget.php50
1 files changed, 23 insertions, 27 deletions
diff --git a/usr/local/www/widgets/widgets/log.widget.php b/usr/local/www/widgets/widgets/log.widget.php
index 9667500..fc0f67e 100644
--- a/usr/local/www/widgets/widgets/log.widget.php
+++ b/usr/local/www/widgets/widgets/log.widget.php
@@ -40,33 +40,28 @@ require_once("functions.inc");
/* In an effort to reduce duplicate code, many shared functions have been moved here. */
require_once("filter_log.inc");
-if($_POST['filterlogentries']) {
- unset($config['widgets']['filterlogentries']);
- if( ($_POST['filterlogentries']) and ($_POST['filterlogentries'] != ' ') ) $config['widgets']['filterlogentries'] = $_POST['filterlogentries'];
+if(is_numeric($_POST['filterlogentries'])) {
+ $config['widgets']['filterlogentries'] = $_POST['filterlogentries'];
- unset($config['widgets']['filterlogentriesacts']);
- if($_POST['actpass']) $config['widgets']['filterlogentriesacts'] .= $_POST['actpass'] . " ";
- if($_POST['actblock']) $config['widgets']['filterlogentriesacts'] .= $_POST['actblock'] . " ";
- if($_POST['actreject']) $config['widgets']['filterlogentriesacts'] .= $_POST['actreject'] . " ";
- if (isset($config['widgets']['filterlogentriesacts'])) $config['widgets']['filterlogentriesacts'] = trim($config['widgets']['filterlogentriesacts']);
+ $acts = array();
+ if ($_POST['actpass']) $acts[] = "Pass";
+ if ($_POST['actblock']) $acts[] = "Block";
+ if ($_POST['actreject']) $acts[] = "Reject";
- unset($config['widgets']['filterlogentriesinterfaces']);
- if( ($_POST['filterlogentriesinterfaces']) and ($_POST['filterlogentriesinterfaces'] != "All") ) $config['widgets']['filterlogentriesinterfaces'] = $_POST['filterlogentriesinterfaces'];
- if (isset($config['widgets']['filterlogentriesinterfaces'])) $config['widgets']['filterlogentriesinterfaces'] = trim($config['widgets']['filterlogentriesinterfaces']);
+ if (!empty($acts))
+ $config['widgets']['filterlogentriesacts'] = implode(" ", $acts);
+ else
+ unset($config['widgets']['filterlogentriesacts']);
+ unset($acts);
+
+ if( ($_POST['filterlogentriesinterfaces']) and ($_POST['filterlogentriesinterfaces'] != "All") )
+ $config['widgets']['filterlogentriesinterfaces'] = trim($_POST['filterlogentriesinterfaces']);
+ else
+ unset($config['widgets']['filterlogentriesinterfaces']);
write_config("Saved Filter Log Entries via Dashboard");
- $filename = $_SERVER['HTTP_REFERER'];
- if(headers_sent($file, $line)){
- echo '<script type="text/javascript">';
- echo '//<![CDATA[';
- echo 'window.location.href="'.$filename.'";';
- echo '//]]>';
- echo '</script>';
- echo '<noscript>';
- echo '<meta http-equiv="refresh" content="0;url='.$filename.'" />';
- echo '</noscript>';
- }
Header("Location: /");
+ exit(0);
}
$nentries = isset($config['widgets']['filterlogentries']) ? $config['widgets']['filterlogentries'] : 5;
@@ -76,9 +71,10 @@ $nentries = isset($config['widgets']['filterlogentries']) ? $config['widgets']['
$nentriesacts = isset($config['widgets']['filterlogentriesacts']) ? $config['widgets']['filterlogentriesacts'] : 'All';
$nentriesinterfaces = isset($config['widgets']['filterlogentriesinterfaces']) ? $config['widgets']['filterlogentriesinterfaces'] : 'All';
-$filterfieldsarray = array("act", "interface");
-$filterfieldsarray['act'] = $nentriesacts;
-$filterfieldsarray['interface'] = $nentriesinterfaces;
+$filterfieldsarray = array(
+ "act" => $nentriesacts,
+ "interface" => $nentriesinterfaces
+);
$filter_logfile = "{$g['varlog_path']}/filter.log";
$filterlog = conv_log_filter($filter_logfile, $nentries, 50, $filterfieldsarray); //Get log entries
@@ -139,7 +135,7 @@ function format_log_line(row) {
</select>
<?php
- $Include_Act = explode(",", str_replace(" ", ",", $nentriesacts));
+ $Include_Act = explode(" ", $nentriesacts);
if ($nentriesinterfaces == "All") $nentriesinterfaces = "";
?>
<input id="actpass" name="actpass" type="checkbox" value="Pass" <?php if (in_arrayi('Pass', $Include_Act)) echo "checked=\"checked\""; ?> /> Pass
@@ -147,7 +143,7 @@ function format_log_line(row) {
<input id="actreject" name="actreject" type="checkbox" value="Reject" <?php if (in_arrayi('Reject', $Include_Act)) echo "checked=\"checked\""; ?> /> Reject
<br/>
Interfaces:
- <input id="filterlogentriesinterfaces" name="filterlogentriesinterfaces" class="formfld unknown" type="text" size="20" value="<?= $nentriesinterfaces ?>" />
+ <input id="filterlogentriesinterfaces" name="filterlogentriesinterfaces" class="formfld unknown" type="text" size="20" value="<?= htmlspecialchars($nentriesinterfaces) ?>" />
&nbsp; &nbsp; &nbsp;
<input id="submita" name="submita" type="submit" class="formbtn" value="Save" />
</form>
OpenPOWER on IntegriCloud