diff options
| author | Renato Botelho <garga@FreeBSD.org> | 2014-09-17 11:10:00 -0300 |
|---|---|---|
| committer | Renato Botelho <garga@FreeBSD.org> | 2014-09-17 11:10:00 -0300 |
| commit | ac5934dfd1014c5fd5d5e435abfc1a7b9b0ae7c5 (patch) | |
| tree | 85b34677d3cdc7fc2c591b8bf9b867b9d5a623de /usr/local/www | |
| parent | 729b9f018d28d3823c8d653aab8d18114ce55437 (diff) | |
| download | pfsense-ac5934dfd1014c5fd5d5e435abfc1a7b9b0ae7c5.zip pfsense-ac5934dfd1014c5fd5d5e435abfc1a7b9b0ae7c5.tar.gz | |
While I'm touching this file, replace GET by POST
Diffstat (limited to 'usr/local/www')
| -rwxr-xr-x | usr/local/www/diag_dump_states.php | 49 |
1 files changed, 27 insertions, 22 deletions
diff --git a/usr/local/www/diag_dump_states.php b/usr/local/www/diag_dump_states.php index 6b5388a..40ab24b 100755 --- a/usr/local/www/diag_dump_states.php +++ b/usr/local/www/diag_dump_states.php @@ -43,23 +43,21 @@ require_once("guiconfig.inc"); require_once("interfaces.inc"); /* handle AJAX operations */ -if($_GET['action']) { - if($_GET['action'] == "remove") { - if (is_ipaddr($_GET['srcip']) and is_ipaddr($_GET['dstip'])) { - $retval = mwexec("/sbin/pfctl -k " . escapeshellarg($_GET['srcip']) . " -k " . escapeshellarg($_GET['dstip'])); - echo htmlentities("|{$_GET['srcip']}|{$_GET['dstip']}|{$retval}|"); - } else { - echo gettext("invalid input"); - } - return; +if(isset($_POST['action']) && $_POST['action'] == "remove") { + if (isset($_POST['srcip']) && isset($_POST['dstip']) && is_ipaddr($_POST['srcip']) && is_ipaddr($_POST['dstip'])) { + $retval = mwexec("/sbin/pfctl -k " . escapeshellarg($_POST['srcip']) . " -k " . escapeshellarg($_POST['dstip'])); + echo htmlentities("|{$_POST['srcip']}|{$_POST['dstip']}|{$retval}|"); + } else { + echo gettext("invalid input"); } + return; } -if ($_GET['filter'] && ($_GET['killfilter'] == "Kill")) { - if (is_ipaddr($_GET['filter'])) { - $tokill = escapeshellarg($_GET['filter'] . "/32"); - } elseif (is_subnet($_GET['filter'])) { - $tokill = escapeshellarg($_GET['filter']); +if (isset($_POST['filter']) && isset($_POST['killfilter'])) { + if (is_ipaddr($_POST['filter'])) { + $tokill = escapeshellarg($_POST['filter'] . "/32"); + } elseif (is_subnet($_POST['filter'])) { + $tokill = escapeshellarg($_POST['filter']); } else { // Invalid filter $tokill = ""; @@ -90,9 +88,16 @@ include("head.inc"); jQuery('img[name="i:' + srcip + ":" + dstip + '"]').each(busy); jQuery.ajax( - "<?=$_SERVER['SCRIPT_NAME'];?>" + - "?action=remove&srcip=" + srcip + "&dstip=" + dstip, - { type: "get", complete: removeComplete } + "<?=$_SERVER['SCRIPT_NAME'];?>", + { + type: "post", + data: { + action: "remove", + srcip: srcip, + dstip: dstip + }, + complete: removeComplete + } ); } @@ -136,7 +141,7 @@ include("head.inc"); <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0" summary="states"> <tr> <td> - <form action="<?=$_SERVER['SCRIPT_NAME'];?>" method="get" name="iform"> + <form action="<?=$_SERVER['SCRIPT_NAME'];?>" method="post" name="iform"> <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0" summary="filter"> <tr> <td> @@ -144,9 +149,9 @@ include("head.inc"); </td> <td style="font-weight:bold;" align="right"> <?=gettext("Filter expression:");?> - <input type="text" name="filter" class="formfld search" value="<?=htmlspecialchars($_GET['filter']);?>" size="30" /> + <input type="text" name="filter" class="formfld search" value="<?=htmlspecialchars($_POST['filter']);?>" size="30" /> <input type="submit" class="formbtn" value="<?=gettext("Filter");?>" /> - <?php if (is_ipaddr($_GET['filter']) || is_subnet($_GET['filter'])): ?> + <?php if (isset($_POST['filter']) && (is_ipaddr($_POST['filter']) || is_subnet($_POST['filter']))): ?> <input type="submit" class="formbtn" name="killfilter" value="<?=gettext("Kill");?>" /> <?php endif; ?> </td> @@ -171,7 +176,7 @@ include("head.inc"); <?php $row = 0; /* get our states */ -$grepline = ($_GET['filter']) ? "| /usr/bin/egrep " . escapeshellarg(htmlspecialchars($_GET['filter'])) : ""; +$grepline = (isset($_POST['filter'])) ? "| /usr/bin/egrep " . escapeshellarg(htmlspecialchars($_POST['filter'])) : ""; $fd = popen("/sbin/pfctl -s state {$grepline}", "r" ); while ($line = chop(fgets($fd))) { if($row >= 10000) @@ -227,7 +232,7 @@ pclose($fd); </tr> <tr> <td class="list" colspan="4" align="center" valign="top"> - <?php if (!empty($_GET['filter'])): ?> + <?php if (isset($_POST['filter']) && !empty($_POST['filter'])): ?> <?=gettext("States matching current filter")?>: <?= $row ?> <?php endif; ?> </td> |
