diff options
-rwxr-xr-x | usr/local/www/diag_dump_states.php | 23 |
1 files changed, 13 insertions, 10 deletions
diff --git a/usr/local/www/diag_dump_states.php b/usr/local/www/diag_dump_states.php index 5ee7d13..2b3035f 100755 --- a/usr/local/www/diag_dump_states.php +++ b/usr/local/www/diag_dump_states.php @@ -28,31 +28,34 @@ require_once("guiconfig.inc"); -$pgtitle = array("Diagnostics","Show States"); -include("head.inc"); - -$srcip = escapeshellarg($_GET['srcip']); -$dstip = escapeshellarg($_GET['dstip']); -$action = escapeshellarg($_GET['action']); -$filter = escapeshellarg($_GET['filter']); /* handle AJAX operations */ if($_GET['action']) { - if($action == "remove") { - $retval = mwexec("/sbin/pfctl -k '{$srcip}' -k '{$dstip}'"); - echo "|{$srcip}|{$dstip}|{$retval}|"; + if($_GET['action'] == "remove") { + $srcip = $_GET['srcip']; + $dstip = $_GET['dstip']; + if (is_ipaddr($srcip) and is_ipaddr($dstip)) { + $retval = mwexec("/sbin/pfctl -k '{$srcip}' -k '{$dstip}'"); + echo "|{$srcip}|{$dstip}|{$retval}|"; + } else { + echo "invalid input"; + } exit; } } /* get our states */ if($_GET['filter']) { + $filter = escapeshellarg($_GET['filter']); exec("/sbin/pfctl -s state | grep " . escapeshellarg($_GET['filter']), $states); } else { exec("/sbin/pfctl -s state", $states); } +$pgtitle = array("Diagnostics","Show States"); +include("head.inc"); + ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="<?=$jsevents["body"]["onload"];?>"> |