From 3a343d7384fbf78f987e8c4c2d9f307d22c8a072 Mon Sep 17 00:00:00 2001 From: jim-p Date: Tue, 9 Oct 2012 15:07:06 -0400 Subject: Refine saving/applying on more pages - don't show apply or take an action unless the user is allowed to do that. --- usr/local/www/firewall_aliases.php | 7 ++-- usr/local/www/firewall_aliases_edit.php | 5 ++- usr/local/www/firewall_aliases_import.php | 5 +-- usr/local/www/firewall_nat.php | 23 +++++++----- usr/local/www/firewall_nat_1to1.php | 4 +-- usr/local/www/firewall_nat_1to1_edit.php | 6 ++-- usr/local/www/firewall_nat_edit.php | 5 ++- usr/local/www/firewall_nat_npt.php | 4 +-- usr/local/www/firewall_nat_npt_edit.php | 5 ++- usr/local/www/firewall_nat_out.php | 16 ++++----- usr/local/www/firewall_nat_out_edit.php | 4 +-- usr/local/www/firewall_rules.php | 12 +++---- usr/local/www/firewall_rules_edit.php | 3 +- usr/local/www/firewall_schedule_edit.php | 7 ++-- usr/local/www/firewall_shaper.php | 45 ++++++++++++------------ usr/local/www/firewall_shaper_layer7.php | 8 ++--- usr/local/www/firewall_shaper_queues.php | 8 ++--- usr/local/www/firewall_shaper_vinterface.php | 52 ++++++++++++++-------------- usr/local/www/firewall_virtual_ip.php | 6 ++++ usr/local/www/firewall_virtual_ip_edit.php | 8 ++--- 20 files changed, 118 insertions(+), 115 deletions(-) diff --git a/usr/local/www/firewall_aliases.php b/usr/local/www/firewall_aliases.php index 5d13ec2..18314cd 100755 --- a/usr/local/www/firewall_aliases.php +++ b/usr/local/www/firewall_aliases.php @@ -107,9 +107,10 @@ if ($_GET['act'] == "del") { $savemsg = sprintf(gettext("Cannot delete alias. Currently in use by %s"), $referenced_by); } else { unset($a_aliases[$_GET['id']]); - write_config(); - filter_configure(); - mark_subsystem_dirty('aliases'); + if (write_config()) { + filter_configure(); + mark_subsystem_dirty('aliases'); + } header("Location: firewall_aliases.php"); exit; } diff --git a/usr/local/www/firewall_aliases_edit.php b/usr/local/www/firewall_aliases_edit.php index 194d445..7672d75 100755 --- a/usr/local/www/firewall_aliases_edit.php +++ b/usr/local/www/firewall_aliases_edit.php @@ -350,12 +350,11 @@ if ($_POST) { } else $a_aliases[] = $alias; - mark_subsystem_dirty('aliases'); - // Sort list $a_aliases = msort($a_aliases, "name"); - write_config(); + if (write_config()) + mark_subsystem_dirty('aliases'); if($_POST['tab']) header("Location: firewall_aliases.php?tab=" . htmlspecialchars ($_POST['tab'])); diff --git a/usr/local/www/firewall_aliases_import.php b/usr/local/www/firewall_aliases_import.php index 39311c4..b42bbe8 100755 --- a/usr/local/www/firewall_aliases_import.php +++ b/usr/local/www/firewall_aliases_import.php @@ -109,8 +109,9 @@ if($_POST['aliasimport'] <> "") { // Sort list $a_aliases = msort($a_aliases, "name"); - write_config(); - + if (write_config()) + mark_subsystem_dirty('aliases'); + } pfSenseHeader("firewall_aliases.php"); exit; diff --git a/usr/local/www/firewall_nat.php b/usr/local/www/firewall_nat.php index b9eb91a..75d675d 100755 --- a/usr/local/www/firewall_nat.php +++ b/usr/local/www/firewall_nat.php @@ -82,13 +82,18 @@ if ($_POST) { if ($_GET['act'] == "del") { if ($a_nat[$_GET['id']]) { + if (isset($a_nat[$_GET['id']]['associated-rule-id'])) { delete_id($a_nat[$_GET['id']]['associated-rule-id'], $config['filter']['rule']); - mark_subsystem_dirty('filter'); + $want_dirty_filter = true; } unset($a_nat[$_GET['id']]); - write_config(); - mark_subsystem_dirty('natconf'); + + if (write_config()) { + mark_subsystem_dirty('natconf'); + if ($want_dirty_filter) + mark_subsystem_dirty('filter'); + } header("Location: firewall_nat.php"); exit; } @@ -107,10 +112,10 @@ if (isset($_POST['del_x'])) { } unset($a_nat[$rulei]); } - write_config(); - mark_subsystem_dirty('natconf'); - header("Location: firewall_nat.php"); - exit; + if (write_config()) + mark_subsystem_dirty('natconf'); + header("Location: firewall_nat.php"); + exit; } } else { @@ -150,8 +155,8 @@ if (isset($_POST['del_x'])) { $a_nat_new[] = $a_nat[$i]; } $a_nat = $a_nat_new; - write_config(); - mark_subsystem_dirty('natconf'); + if (write_config()) + mark_subsystem_dirty('natconf'); header("Location: firewall_nat.php"); exit; } diff --git a/usr/local/www/firewall_nat_1to1.php b/usr/local/www/firewall_nat_1to1.php index 567dc54..0582269 100755 --- a/usr/local/www/firewall_nat_1to1.php +++ b/usr/local/www/firewall_nat_1to1.php @@ -68,8 +68,8 @@ if ($_POST) { if ($_GET['act'] == "del") { if ($a_1to1[$_GET['id']]) { unset($a_1to1[$_GET['id']]); - write_config(); - mark_subsystem_dirty('natconf'); + if (write_config()) + mark_subsystem_dirty('natconf'); header("Location: firewall_nat_1to1.php"); exit; } diff --git a/usr/local/www/firewall_nat_1to1_edit.php b/usr/local/www/firewall_nat_1to1_edit.php index db79f6f..371db9c 100755 --- a/usr/local/www/firewall_nat_1to1_edit.php +++ b/usr/local/www/firewall_nat_1to1_edit.php @@ -211,10 +211,8 @@ if ($_POST) { $a_1to1[] = $natent; nat_1to1_rules_sort(); - mark_subsystem_dirty('natconf'); - - write_config(); - + if (write_config()) + mark_subsystem_dirty('natconf'); header("Location: firewall_nat_1to1.php"); exit; } diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php index 1ac2270..768fb8f 100755 --- a/usr/local/www/firewall_nat_edit.php +++ b/usr/local/www/firewall_nat_edit.php @@ -433,9 +433,8 @@ if ($_POST) { $a_nat[] = $natent; } - mark_subsystem_dirty('natconf'); - - write_config(); + if (write_config()) + mark_subsystem_dirty('natconf'); header("Location: firewall_nat.php"); exit; diff --git a/usr/local/www/firewall_nat_npt.php b/usr/local/www/firewall_nat_npt.php index 4534931..ad035fa 100644 --- a/usr/local/www/firewall_nat_npt.php +++ b/usr/local/www/firewall_nat_npt.php @@ -68,8 +68,8 @@ if ($_POST) { if ($_GET['act'] == "del") { if ($a_npt[$_GET['id']]) { unset($a_npt[$_GET['id']]); - write_config(); - mark_subsystem_dirty('natconf'); + if (write_config()) + mark_subsystem_dirty('natconf'); header("Location: firewall_nat_npt.php"); exit; } diff --git a/usr/local/www/firewall_nat_npt_edit.php b/usr/local/www/firewall_nat_npt_edit.php index ee03792..ae880b0 100644 --- a/usr/local/www/firewall_nat_npt_edit.php +++ b/usr/local/www/firewall_nat_npt_edit.php @@ -133,9 +133,8 @@ if ($_POST) { $a_npt[] = $natent; nat_npt_rules_sort(); - mark_subsystem_dirty('natconf'); - - write_config(); + if (write_config()) + mark_subsystem_dirty('natconf'); header("Location: firewall_nat_npt.php"); exit; diff --git a/usr/local/www/firewall_nat_out.php b/usr/local/www/firewall_nat_out.php index 5098532..1a6734f 100755 --- a/usr/local/www/firewall_nat_out.php +++ b/usr/local/www/firewall_nat_out.php @@ -214,8 +214,8 @@ if (isset($_POST['save']) && $_POST['save'] == "Save") { } break; } - write_config(); - mark_subsystem_dirty('natconf'); + if (write_config()) + mark_subsystem_dirty('natconf'); header("Location: firewall_nat_out.php"); exit; } @@ -223,8 +223,8 @@ if (isset($_POST['save']) && $_POST['save'] == "Save") { if ($_GET['act'] == "del") { if ($a_out[$_GET['id']]) { unset($a_out[$_GET['id']]); - write_config(); - mark_subsystem_dirty('natconf'); + if (write_config()) + mark_subsystem_dirty('natconf'); header("Location: firewall_nat_out.php"); exit; } @@ -236,8 +236,8 @@ if (isset($_POST['del_x'])) { foreach ($_POST['rule'] as $rulei) { unset($a_out[$rulei]); } - write_config(); - mark_subsystem_dirty('natconf'); + if (write_config()) + mark_subsystem_dirty('natconf'); header("Location: firewall_nat_out.php"); exit; } @@ -283,8 +283,8 @@ if (isset($_POST['del_x'])) { else unset($config['nat']['advancedoutbound']); - write_config(); - mark_subsystem_dirty('natconf'); + if (write_config()) + mark_subsystem_dirty('natconf'); header("Location: firewall_nat_out.php"); exit; } diff --git a/usr/local/www/firewall_nat_out_edit.php b/usr/local/www/firewall_nat_out_edit.php index 62d0ecc..d62de63 100755 --- a/usr/local/www/firewall_nat_out_edit.php +++ b/usr/local/www/firewall_nat_out_edit.php @@ -303,8 +303,8 @@ if ($_POST) { } } - mark_subsystem_dirty('natconf'); - write_config(); + if (write_config()) + mark_subsystem_dirty('natconf'); header("Location: firewall_nat_out.php"); exit; } diff --git a/usr/local/www/firewall_rules.php b/usr/local/www/firewall_rules.php index ea5dfe7..85e4eff 100755 --- a/usr/local/www/firewall_rules.php +++ b/usr/local/www/firewall_rules.php @@ -210,8 +210,7 @@ if ($_GET['act'] == "del") { delete_nat_association($a_filter[$_GET['id']]['associated-rule-id']); } unset($a_filter[$_GET['id']]); - $retval = write_config(); - if ($retval) + if (write_config()) mark_subsystem_dirty('filter'); header("Location: firewall_rules.php?if={$if}"); exit; @@ -229,8 +228,7 @@ if (isset($_POST['del_x'])) { delete_nat_association($a_filter[$rulei]['associated-rule-id']); unset($a_filter[$rulei]); } - $retval = write_config(); - if ($retval) + if (write_config()) mark_subsystem_dirty('filter'); header("Location: firewall_rules.php?if={$if}"); exit; @@ -241,8 +239,7 @@ if (isset($_POST['del_x'])) { unset($a_filter[$_GET['id']]['disabled']); else $a_filter[$_GET['id']]['disabled'] = true; - $retval = write_config(); - if ($retval) + if (write_config()) mark_subsystem_dirty('filter'); header("Location: firewall_rules.php?if={$if}"); exit; @@ -286,8 +283,7 @@ if (isset($_POST['del_x'])) { } $a_filter = $a_filter_new; - $retval = write_config(); - if ($retval) + if (write_config()) mark_subsystem_dirty('filter'); header("Location: firewall_rules.php?if={$if}"); exit; diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index 5420d19..d46c9f0 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -643,8 +643,7 @@ if ($_POST) { filter_rules_sort(); - $retval = write_config(); - if ($retval) + if (write_config()) mark_subsystem_dirty('filter'); if (isset($_POST['floating'])) diff --git a/usr/local/www/firewall_schedule_edit.php b/usr/local/www/firewall_schedule_edit.php index 08b8b8c..8e81d1b 100644 --- a/usr/local/www/firewall_schedule_edit.php +++ b/usr/local/www/firewall_schedule_edit.php @@ -183,10 +183,9 @@ if ($_POST) { $a_schedules[] = $schedule; } schedule_sort(); - write_config(); - - filter_configure(); - + if (write_config()) + filter_configure(); + header("Location: firewall_schedule.php"); exit; diff --git a/usr/local/www/firewall_shaper.php b/usr/local/www/firewall_shaper.php index 38a013b..6ac8538 100755 --- a/usr/local/www/firewall_shaper.php +++ b/usr/local/www/firewall_shaper.php @@ -94,8 +94,8 @@ if ($_GET) { case "delete": if ($queue) { $queue->delete_queue(); - write_config(); - mark_subsystem_dirty('shaper'); + if (write_config()) + mark_subsystem_dirty('shaper'); } header("Location: firewall_shaper.php"); exit; @@ -118,17 +118,18 @@ if ($_GET) { if (isset($rule['wizard']) && $rule['wizard'] == "yes") unset($config['filter']['rule'][$key]); } - write_config(); - - $retval = 0; - $retval |= filter_configure(); - $savemsg = get_std_save_message($retval); + if (write_config()) { + $retval = 0; + $retval |= filter_configure(); + $savemsg = get_std_save_message($retval); - if (stristr($retval, "error") <> true) - $savemsg = get_std_save_message($retval); - else - $savemsg = $retval; - + if (stristr($retval, "error") <> true) + $savemsg = get_std_save_message($retval); + else + $savemsg = $retval; + } else { + $savemsg = gettext("Unable to write config.xml (Access Denied?)"); + } $output_form = $default_shaper_message; break; @@ -178,8 +179,8 @@ if ($_GET) { if ($queue) { $queue->SetEnabled("on"); $output_form .= $queue->build_form(); - write_config(); - mark_subsystem_dirty('shaper'); + if (write_config()) + mark_subsystem_dirty('shaper'); } else $input_errors[] = gettext("Queue not found!"); break; @@ -187,8 +188,8 @@ if ($_GET) { if ($queue) { $queue->SetEnabled(""); $output_form .= $queue->build_form(); - write_config(); - mark_subsystem_dirty('shaper'); + if (write_config()) + mark_subsystem_dirty('shaper'); } else $input_errors[] = gettext("Queue not found!"); break; @@ -230,8 +231,8 @@ if ($_GET) { $tmppath[] = $altq->GetInterface(); $altq->SetLink(&$tmppath); $altq->wconfig(); - write_config(); - mark_subsystem_dirty('shaper'); + if (write_config()) + mark_subsystem_dirty('shaper'); $can_enable = true; $can_add = true; } @@ -255,8 +256,8 @@ if ($_GET) { $can_add = true; } else $can_add = false; - write_config(); - mark_subsystem_dirty('shaper'); + if (write_config()) + mark_subsystem_dirty('shaper'); $can_enable = true; if ($altq->GetScheduler() != "PRIQ") /* XXX */ if ($tmp->GetDefault() <> "") @@ -301,8 +302,8 @@ if ($_GET) { if (!$input_errors) { $queue->update_altq_queue_data($_POST); $queue->wconfig(); - write_config(); - mark_subsystem_dirty('shaper'); + if (write_config()) + mark_subsystem_dirty('shaper'); $dontshow = false; } read_altq_config(); diff --git a/usr/local/www/firewall_shaper_layer7.php b/usr/local/www/firewall_shaper_layer7.php index 0cb8e30..44c659f 100755 --- a/usr/local/www/firewall_shaper_layer7.php +++ b/usr/local/www/firewall_shaper_layer7.php @@ -151,8 +151,8 @@ else if ($_POST) { unset($non_dupes); if(sizeof($dupes) == 0 && !$input_errors) { $l7r->wconfig(); - write_config(); - mark_subsystem_dirty('shaper'); + if (write_config()) + mark_subsystem_dirty('shaper'); read_layer7_config(); } @@ -195,8 +195,8 @@ else if ($_POST) { } } else if ($_POST['delete']) { $container->delete_l7c(); - write_config(); - mark_subsystem_dirty('shaper'); + if (write_config()) + mark_subsystem_dirty('shaper'); unset($container); header("Location: firewall_shaper_layer7.php"); diff --git a/usr/local/www/firewall_shaper_queues.php b/usr/local/www/firewall_shaper_queues.php index 68989e1..7eadc7b 100755 --- a/usr/local/www/firewall_shaper_queues.php +++ b/usr/local/www/firewall_shaper_queues.php @@ -81,8 +81,8 @@ if ($_GET) { $qtmp =& $altq->find_queue("", $qname); if ($qtmp) { $qtmp->delete_queue(); - write_config(); - mark_subsystem_dirty('shaper'); + if (write_config()) + mark_subsystem_dirty('shaper'); } header("Location: firewall_shaper_queues.php"); exit; @@ -119,8 +119,8 @@ if ($_GET) { $newroot['queue'][] = $copycfg; $config['shaper']['queue'][] = $newroot; } - write_config(); - mark_subsystem_dirty('shaper'); + if (write_config()) + mark_subsystem_dirty('shaper'); break; } } diff --git a/usr/local/www/firewall_shaper_vinterface.php b/usr/local/www/firewall_shaper_vinterface.php index b2f2e1d..baeafe4 100644 --- a/usr/local/www/firewall_shaper_vinterface.php +++ b/usr/local/www/firewall_shaper_vinterface.php @@ -104,8 +104,8 @@ if ($_GET) { } if (!$input_errors) { $queue->delete_queue(); - write_config(); - mark_subsystem_dirty('shaper'); + if (write_config()) + mark_subsystem_dirty('shaper'); header("Location: firewall_shaper_vinterface.php"); exit; } @@ -133,17 +133,17 @@ if ($_GET) { if (isset($rule['pdnpipe'])) unset($config['filter']['rule'][$key]['pdnpipe']); } - write_config(); - - $retval = 0; - $retval = filter_configure(); - $savemsg = get_std_save_message($retval); - - if (stristr($retval, "error") <> true) + if (write_config()) { + $retval = 0; + $retval = filter_configure(); $savemsg = get_std_save_message($retval); - else - $savemsg = $retval; + if (stristr($retval, "error") <> true) + $savemsg = get_std_save_message($retval); + else + $savemsg = $retval; + } else + $savemsg = gettext("Unable to write config.xml (Access Denied?)"); $output_form = $dn_default_shaper_message; break; @@ -176,8 +176,8 @@ if ($_GET) { $queue->SetEnabled("on"); $output_form .= $queue->build_form(); $queue->wconfig(); - write_config(); - mark_subsystem_dirty('shaper'); + if (write_config()) + mark_subsystem_dirty('shaper'); } else $input_errors[] = gettext("Queue not found!"); break; @@ -186,8 +186,8 @@ if ($_GET) { $queue->SetEnabled(""); $output_form .= $queue->build_form(); $queue->wconfig(); - write_config(); - mark_subsystem_dirty('shaper'); + if (write_config()) + mark_subsystem_dirty('shaper'); } else $input_errors[] = gettext("Queue not found!"); break; @@ -214,12 +214,12 @@ if ($_GET) { $tmppath[] = $dnpipe->GetQname(); $dnpipe->SetLink(&$tmppath); $dnpipe->wconfig(); - write_config(); - mark_subsystem_dirty('shaper'); + if (write_config()) + mark_subsystem_dirty('shaper'); $can_enable = true; $can_add = true; } - + read_dummynet_config(); $output_form .= $dnpipe->build_form(); } @@ -233,14 +233,14 @@ if ($_GET) { if (!$input_errors) { array_pop($tmppath); $tmp->wconfig(); - write_config(); - $can_enable = true; - $can_add = false; - mark_subsystem_dirty('shaper'); - $can_enable = true; + if (write_config()) { + $can_enable = true; + $can_add = false; + mark_subsystem_dirty('shaper'); + } } read_dummynet_config(); - $output_form .= $tmp->build_form(); + $output_form .= $tmp->build_form(); } else $input_errors[] = gettext("Could not add new queue."); } else if ($_POST['apply']) { @@ -274,8 +274,8 @@ if ($_GET) { if (!$input_errors) { $queue->update_dn_data($_POST); $queue->wconfig(); - write_config(); - mark_subsystem_dirty('shaper'); + if (write_config()) + mark_subsystem_dirty('shaper'); $dontshow = false; } read_dummynet_config(); diff --git a/usr/local/www/firewall_virtual_ip.php b/usr/local/www/firewall_virtual_ip.php index 547ce4b..e4aee0d 100755 --- a/usr/local/www/firewall_virtual_ip.php +++ b/usr/local/www/firewall_virtual_ip.php @@ -124,6 +124,12 @@ if ($_GET['act'] == "del") { if (!$input_errors) { + $user = getUserEntry($_SESSION['Username']); + if (is_array($user) && userHasPrivilege($user, "user-config-readonly")) { + header("Location: firewall_virtual_ip.php"); + exit; + } + // Special case since every proxyarp vip is handled by the same daemon. if ($a_vip[$_GET['id']]['mode'] == "proxyarp") { $viface = $a_vip[$_GET['id']]['interface']; diff --git a/usr/local/www/firewall_virtual_ip_edit.php b/usr/local/www/firewall_virtual_ip_edit.php index ad05cdf..d208dd3 100755 --- a/usr/local/www/firewall_virtual_ip_edit.php +++ b/usr/local/www/firewall_virtual_ip_edit.php @@ -249,10 +249,10 @@ if ($_POST) { } $a_vip[$id] = $vipent; - mark_subsystem_dirty('vip'); - - write_config(); - file_put_contents("{$g['tmp_path']}/.firewall_virtual_ip.apply", serialize($toapplylist)); + if (write_config()) { + mark_subsystem_dirty('vip'); + file_put_contents("{$g['tmp_path']}/.firewall_virtual_ip.apply", serialize($toapplylist)); + } header("Location: firewall_virtual_ip.php"); exit; } -- cgit v1.1