From 9f2bbdb44c5700384a37a9586d260492f14f7602 Mon Sep 17 00:00:00 2001
From: Steve Beaver <sbeaver@netgate.com>
Date: Tue, 14 Feb 2017 15:33:13 -0500
Subject: GET/POST conversion

---
 src/usr/local/www/services_captiveportal.php       | 29 +++++++++++-----------
 .../www/services_captiveportal_filemanager.php     | 24 +++++++++---------
 .../local/www/services_captiveportal_hostname.php  | 17 ++++++-------
 .../www/services_captiveportal_hostname_edit.php   | 18 ++++++--------
 src/usr/local/www/services_captiveportal_ip.php    | 17 ++++++-------
 .../local/www/services_captiveportal_ip_edit.php   | 18 ++++----------
 src/usr/local/www/services_captiveportal_mac.php   | 19 ++++++--------
 .../local/www/services_captiveportal_mac_edit.php  | 19 ++++++--------
 .../local/www/services_captiveportal_vouchers.php  | 24 ++++++++----------
 .../www/services_captiveportal_vouchers_edit.php   | 16 +++---------
 src/usr/local/www/services_captiveportal_zones.php |  6 ++---
 .../www/services_captiveportal_zones_edit.php      |  3 ++-
 12 files changed, 88 insertions(+), 122 deletions(-)

diff --git a/src/usr/local/www/services_captiveportal.php b/src/usr/local/www/services_captiveportal.php
index 0a08480..3141c88 100644
--- a/src/usr/local/www/services_captiveportal.php
+++ b/src/usr/local/www/services_captiveportal.php
@@ -35,7 +35,7 @@ require_once("filter.inc");
 require_once("shaper.inc");
 require_once("captiveportal.inc");
 
-if (substr($_GET['act'], 0, 3) == "get") {
+if (substr($_REQUEST['act'], 0, 3) == "get") {
 	$nocsrf = true;
 }
 
@@ -45,10 +45,8 @@ global $cpzone;
 global $cpzoneid;
 
 $cpzoneid = 1; /* Just a default */
-$cpzone = $_GET['zone'];
-if (isset($_POST['zone'])) {
-	$cpzone = $_POST['zone'];
-}
+$cpzone = $_REQUEST['zone'];
+
 $cpzone = strtolower($cpzone);
 
 if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) {
@@ -59,18 +57,19 @@ if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) {
 if (!is_array($config['captiveportal'])) {
 	$config['captiveportal'] = array();
 }
+
 $a_cp =& $config['captiveportal'];
 
 $pgtitle = array(gettext("Services"), gettext("Captive Portal"), $a_cp[$cpzone]['zone'], gettext("Configuration"));
 $pglinks = array("", "services_captiveportal_zones.php", "@self", "@self");
 $shortcut_section = "captiveportal";
 
-if ($_GET['act'] == "viewhtml") {
+if ($_REQUEST['act'] == "viewhtml") {
 	if ($a_cp[$cpzone] && $a_cp[$cpzone]['page']['htmltext']) {
 		echo base64_decode($a_cp[$cpzone]['page']['htmltext']);
 	}
 	exit;
-} else if ($_GET['act'] == "gethtmlhtml" && $a_cp[$cpzone] && $a_cp[$cpzone]['page']['htmltext']) {
+} else if ($_REQUEST['act'] == "gethtmlhtml" && $a_cp[$cpzone] && $a_cp[$cpzone]['page']['htmltext']) {
 	$file_data = base64_decode($a_cp[$cpzone]['page']['htmltext']);
 	$file_size = strlen($file_data);
 
@@ -80,17 +79,17 @@ if ($_GET['act'] == "viewhtml") {
 	echo $file_data;
 
 	exit;
-} else if ($_GET['act'] == "delhtmlhtml" && $a_cp[$cpzone] && $a_cp[$cpzone]['page']['htmltext']) {
+} else if ($_REQUEST['act'] == "delhtmlhtml" && $a_cp[$cpzone] && $a_cp[$cpzone]['page']['htmltext']) {
 	unset($a_cp[$cpzone]['page']['htmltext']);
 	write_config(sprintf(gettext("Captive Portal: zone %s: Restore default portal page"), $cpzone));
 	header("Location: services_captiveportal.php?zone={$cpzone}");
 	exit;
-} else if ($_GET['act'] == "viewerrhtml") {
+} else if ($_REQUEST['act'] == "viewerrhtml") {
 	if ($a_cp[$cpzone] && $a_cp[$cpzone]['page']['errtext']) {
 		echo base64_decode($a_cp[$cpzone]['page']['errtext']);
 	}
 	exit;
-} else if ($_GET['act'] == "geterrhtml" && $a_cp[$cpzone] && $a_cp[$cpzone]['page']['errtext']) {
+} else if ($_REQUEST['act'] == "geterrhtml" && $a_cp[$cpzone] && $a_cp[$cpzone]['page']['errtext']) {
 	$file_data = base64_decode($a_cp[$cpzone]['page']['errtext']);
 	$file_size = strlen($file_data);
 
@@ -100,17 +99,17 @@ if ($_GET['act'] == "viewhtml") {
 	echo $file_data;
 
 	exit;
-} else if ($_GET['act'] == "delerrhtml" && $a_cp[$cpzone] && $a_cp[$cpzone]['page']['errtext']) {
+} else if ($_REQUEST['act'] == "delerrhtml" && $a_cp[$cpzone] && $a_cp[$cpzone]['page']['errtext']) {
 	unset($a_cp[$cpzone]['page']['errtext']);
 	write_config(sprintf(gettext("Captive Portal: zone %s: Restore default error page"), $cpzone));
 	header("Location: services_captiveportal.php?zone={$cpzone}");
 	exit;
-} else if ($_GET['act'] == "viewlogouthtml") {
+} else if ($_REQUEST['act'] == "viewlogouthtml") {
 	if ($a_cp[$cpzone] && $a_cp[$cpzone]['page']['logouttext']) {
 		echo base64_decode($a_cp[$cpzone]['page']['logouttext']);
 	}
 	exit;
-} else if ($_GET['act'] == "getlogouthtml" && $a_cp[$cpzone] && $a_cp[$cpzone]['page']['logouttext']) {
+} else if ($_REQUEST['act'] == "getlogouthtml" && $a_cp[$cpzone] && $a_cp[$cpzone]['page']['logouttext']) {
 	$file_data = base64_decode($a_cp[$cpzone]['page']['logouttext']);
 	$file_size = strlen($file_data);
 
@@ -120,7 +119,7 @@ if ($_GET['act'] == "viewhtml") {
 	echo $file_data;
 
 	exit;
-} else if ($_GET['act'] == "dellogouthtml" && $a_cp[$cpzone] && $a_cp[$cpzone]['page']['logouttext']) {
+} else if ($_REQUEST['act'] == "dellogouthtml" && $a_cp[$cpzone] && $a_cp[$cpzone]['page']['logouttext']) {
 	unset($a_cp[$cpzone]['page']['logouttext']);
 	write_config(sprintf(gettext("Captive Portal: zone %s: Restore default logout page"), $cpzone));
 	header("Location: services_captiveportal.php?zone={$cpzone}");
@@ -205,7 +204,7 @@ if ($a_cp[$cpzone]) {
 	}
 }
 
-if ($_POST) {
+if ($_POST['save']) {
 
 	unset($input_errors);
 	$pconfig = $_POST;
diff --git a/src/usr/local/www/services_captiveportal_filemanager.php b/src/usr/local/www/services_captiveportal_filemanager.php
index 3320662..4240402 100644
--- a/src/usr/local/www/services_captiveportal_filemanager.php
+++ b/src/usr/local/www/services_captiveportal_filemanager.php
@@ -48,10 +48,8 @@ require_once("filter.inc");
 require_once("shaper.inc");
 require_once("captiveportal.inc");
 
-$cpzone = $_GET['zone'];
-if (isset($_POST['zone'])) {
-	$cpzone = $_POST['zone'];
-}
+$cpzone = $_REQUEST['zone'];
+
 $cpzone = strtolower(htmlspecialchars($cpzone));
 
 if (empty($cpzone)) {
@@ -62,6 +60,7 @@ if (empty($cpzone)) {
 if (!is_array($config['captiveportal'])) {
 	$config['captiveportal'] = array();
 }
+
 $a_cp =& $config['captiveportal'];
 
 $pgtitle = array(gettext("Services"), gettext("Captive Portal"), $a_cp[$cpzone]['zone'], gettext("File Manager"));
@@ -71,6 +70,7 @@ $shortcut_section = "captiveportal";
 if (!is_array($a_cp[$cpzone]['element'])) {
 	$a_cp[$cpzone]['element'] = array();
 }
+
 $a_element =& $a_cp[$cpzone]['element'];
 
 // Calculate total size of all files
@@ -79,7 +79,7 @@ foreach ($a_element as $element) {
 	$total_size += $element['size'];
 }
 
-if ($_POST) {
+if ($_POST['Submit']) {
 	unset($input_errors);
 
 	if (is_uploaded_file($_FILES['new']['tmp_name'])) {
@@ -120,10 +120,10 @@ if ($_POST) {
 			exit;
 		}
 	}
-} else if (($_GET['act'] == "del") && !empty($cpzone) && $a_element[$_GET['id']]) {
-	@unlink("{$g['captiveportal_element_path']}/" . $a_element[$_GET['id']]['name']);
-	@unlink("{$g['captiveportal_path']}/" . $a_element[$_GET['id']]['name']);
-	unset($a_element[$_GET['id']]);
+} else if (($_POST['act'] == "del") && !empty($cpzone) && $a_element[$_POST['id']]) {
+	@unlink("{$g['captiveportal_element_path']}/" . $a_element[$_POST['id']]['name']);
+	@unlink("{$g['captiveportal_path']}/" . $a_element[$_POST['id']]['name']);
+	unset($a_element[$_POST['id']]);
 	write_config();
 	header("Location: services_captiveportal_filemanager.php?zone={$cpzone}");
 	exit;
@@ -144,7 +144,7 @@ $tab_array[] = array(gettext("Vouchers"), false, "services_captiveportal_voucher
 $tab_array[] = array(gettext("File Manager"), true, "services_captiveportal_filemanager.php?zone={$cpzone}");
 display_top_tabs($tab_array, true);
 
-if ($_GET['act'] == 'add') {
+if ($_REQUEST['act'] == 'add') {
 
 	$form = new Form(false);
 
@@ -200,7 +200,7 @@ if (is_array($a_cp[$cpzone]['element'])):
 							<td><?=htmlspecialchars($element['name'])?></td>
 							<td><?=format_bytes($element['size'])?></td>
 							<td>
-								<a class="fa fa-trash"	title="<?=gettext("Delete file")?>" href="services_captiveportal_filemanager.php?zone=<?=$cpzone?>&amp;act=del&amp;id=<?=$i?>"></a>
+								<a class="fa fa-trash"	title="<?=gettext("Delete file")?>" href="services_captiveportal_filemanager.php?zone=<?=$cpzone?>&amp;act=del&amp;id=<?=$i?>" usepost></a>
 							</td>
 						</tr>
 <?php
@@ -229,7 +229,7 @@ endif;
 
 ?>
 	   <nav class="action-buttons">
-<?php if (!$_GET['act'] == 'add'): ?>
+<?php if (!$_REQUEST['act'] == 'add'): ?>
 			<a href="services_captiveportal_filemanager.php?zone=<?=$cpzone?>&amp;act=add" class="btn btn-success">
 		   		<i class="fa fa-plus icon-embed-btn"></i>
 		   		<?=gettext("Add")?>
diff --git a/src/usr/local/www/services_captiveportal_hostname.php b/src/usr/local/www/services_captiveportal_hostname.php
index aee4a71..3c83a3c 100644
--- a/src/usr/local/www/services_captiveportal_hostname.php
+++ b/src/usr/local/www/services_captiveportal_hostname.php
@@ -40,10 +40,8 @@ require_once("filter.inc");
 require_once("shaper.inc");
 require_once("captiveportal.inc");
 
-$cpzone = $_GET['zone'];
-if (isset($_POST['zone'])) {
-	$cpzone = $_POST['zone'];
-}
+$cpzone = $_REQUEST['zone'];
+
 $cpzone = strtolower(htmlspecialchars($cpzone));
 
 if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) {
@@ -54,6 +52,7 @@ if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) {
 if (!is_array($config['captiveportal'])) {
 	$config['captiveportal'] = array();
 }
+
 $a_cp =& $config['captiveportal'];
 
 if (isset($cpzone) && !empty($cpzone) && isset($a_cp[$cpzone]['zoneid'])) {
@@ -64,10 +63,10 @@ $pgtitle = array(gettext("Services"), gettext("Captive Portal"), $a_cp[$cpzone][
 $pglinks = array("", "services_captiveportal_zones.php", "services_captiveportal.php?zone=" . $cpzone, "@self");
 $shortcut_section = "captiveportal";
 
-if ($_GET['act'] == "del" && !empty($cpzone) && isset($cpzoneid)) {
+if ($_POST['act'] == "del" && !empty($cpzone) && isset($cpzoneid)) {
 	$a_allowedhostnames =& $a_cp[$cpzone]['allowedhostname'];
-	if ($a_allowedhostnames[$_GET['id']]) {
-		$ipent = $a_allowedhostnames[$_GET['id']];
+	if ($a_allowedhostnames[$_POST['id']]) {
+		$ipent = $a_allowedhostnames[$_POST['id']];
 
 		if (isset($a_cp[$cpzone]['enable'])) {
 			if (is_ipaddr($ipent['hostname'])) {
@@ -90,7 +89,7 @@ if ($_GET['act'] == "del" && !empty($cpzone) && isset($cpzoneid)) {
 			}
 		}
 
-		unset($a_allowedhostnames[$_GET['id']]);
+		unset($a_allowedhostnames[$_POST['id']]);
 		write_config();
 		captiveportal_allowedhostname_configure();
 		header("Location: services_captiveportal_hostname.php?zone={$cpzone}");
@@ -134,7 +133,7 @@ foreach ($a_cp[$cpzone]['allowedhostname'] as $ip): ?>
 				</td>
 				<td>
 					<a class="fa fa-pencil"	title="<?=gettext("Edit hostname"); ?>" href="services_captiveportal_hostname_edit.php?zone=<?=$cpzone?>&amp;id=<?=$i?>"></a>
-					<a class="fa fa-trash"	title="<?=gettext("Delete hostname")?>" href="services_captiveportal_hostname.php?zone=<?=$cpzone?>&amp;act=del&amp;id=<?=$i?>"></a>
+					<a class="fa fa-trash"	title="<?=gettext("Delete hostname")?>" href="services_captiveportal_hostname.php?zone=<?=$cpzone?>&amp;act=del&amp;id=<?=$i?>" usepost></a>
 				</td>
 			</tr>
 <?php
diff --git a/src/usr/local/www/services_captiveportal_hostname_edit.php b/src/usr/local/www/services_captiveportal_hostname_edit.php
index 28a3de7..bca314d 100644
--- a/src/usr/local/www/services_captiveportal_hostname_edit.php
+++ b/src/usr/local/www/services_captiveportal_hostname_edit.php
@@ -43,10 +43,8 @@ require_once("captiveportal.inc");
 
 global $cpzone, $cpzoneid;
 
-$cpzone = $_GET['zone'];
-if (isset($_POST['zone'])) {
-	$cpzone = $_POST['zone'];
-}
+$cpzone = $_REQUEST['zone'];
+
 $cpzone = strtolower(htmlspecialchars($cpzone));
 
 $cpzoneid = $config['captiveportal'][$cpzone]['zoneid'];
@@ -59,22 +57,20 @@ if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) {
 if (!is_array($config['captiveportal'])) {
 	$config['captiveportal'] = array();
 }
+
 $a_cp =& $config['captiveportal'];
 
 $pgtitle = array(gettext("Services"), gettext("Captive Portal"), $a_cp[$cpzone]['zone'], gettext("Allowed Hostnames"), gettext("Edit"));
 $pglinks = array("", "services_captiveportal_zones.php", "services_captiveportal.php?zone=" . $cpzone, "services_captiveportal_hostname.php?zone=" . $cpzone, "@self");
 $shortcut_section = "captiveportal";
 
-if (is_numericint($_GET['id'])) {
-	$id = $_GET['id'];
-}
-if (isset($_POST['id']) && is_numericint($_POST['id'])) {
-	$id = $_POST['id'];
-}
+$id = $_REQUEST['id'];
+
 
 if (!is_array($a_cp[$cpzone]['allowedhostname'])) {
 	$a_cp[$cpzone]['allowedhostname'] = array();
 }
+
 $a_allowedhostnames = &$a_cp[$cpzone]['allowedhostname'];
 
 if (isset($id) && $a_allowedhostnames[$id]) {
@@ -87,7 +83,7 @@ if (isset($id) && $a_allowedhostnames[$id]) {
 	$pconfig['descr'] = $a_allowedhostnames[$id]['descr'];
 }
 
-if ($_POST) {
+if ($_POST['save']) {
 	unset($input_errors);
 	$pconfig = $_POST;
 
diff --git a/src/usr/local/www/services_captiveportal_ip.php b/src/usr/local/www/services_captiveportal_ip.php
index 9b2e0da..0823611 100644
--- a/src/usr/local/www/services_captiveportal_ip.php
+++ b/src/usr/local/www/services_captiveportal_ip.php
@@ -39,11 +39,7 @@ require_once("filter.inc");
 require_once("shaper.inc");
 require_once("captiveportal.inc");
 
-$cpzone = $_GET['zone'];
-if (isset($_POST['zone'])) {
-	$cpzone = $_POST['zone'];
-}
-$cpzone = strtolower(htmlspecialchars($cpzone));
+$cpzone = strtolower(htmlspecialchars($_REQUEST['zone']));
 
 if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) {
 	header("Location: services_captiveportal_zones.php");
@@ -53,6 +49,7 @@ if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) {
 if (!is_array($config['captiveportal'])) {
 	$config['captiveportal'] = array();
 }
+
 $a_cp =& $config['captiveportal'];
 
 if (isset($cpzone) && !empty($cpzone) && isset($a_cp[$cpzone]['zoneid'])) {
@@ -63,11 +60,11 @@ $pgtitle = array(gettext("Services"), gettext("Captive Portal"), $a_cp[$cpzone][
 $pglinks = array("", "services_captiveportal_zones.php", "services_captiveportal.php?zone=" . $cpzone, "@self");
 $shortcut_section = "captiveportal";
 
-if ($_GET['act'] == "del" && !empty($cpzone) && isset($cpzoneid)) {
+if ($_POST['act'] == "del" && !empty($cpzone) && isset($cpzoneid)) {
 	$a_allowedips =& $config['captiveportal'][$cpzone]['allowedip'];
 
-	if ($a_allowedips[$_GET['id']]) {
-		$ipent = $a_allowedips[$_GET['id']];
+	if ($a_allowedips[$_POST['id']]) {
+		$ipent = $a_allowedips[$_POST['id']];
 
 		if (isset($config['captiveportal'][$cpzone]['enable'])) {
 			$mask = (!empty($ipent['sn'])) ? $ipent['sn'] : 32;
@@ -84,7 +81,7 @@ if ($_GET['act'] == "del" && !empty($cpzone) && isset($cpzoneid)) {
 			}
 		}
 
-		unset($a_allowedips[$_GET['id']]);
+		unset($a_allowedips[$_POST['id']]);
 		write_config();
 		header("Location: services_captiveportal_ip.php?zone={$cpzone}");
 		exit;
@@ -129,7 +126,7 @@ if (is_array($a_cp[$cpzone]['allowedip'])): ?>
 				</td>
 				<td>
 					<a class="fa fa-pencil"	title="<?=gettext("Edit IP"); ?>" href="services_captiveportal_ip_edit.php?zone=<?=$cpzone?>&amp;id=<?=$i?>"></a>
-					<a class="fa fa-trash"	title="<?=gettext("Delete IP")?>" href="services_captiveportal_ip.php?zone=<?=$cpzone?>&amp;act=del&amp;id=<?=$i?>"></a>
+					<a class="fa fa-trash"	title="<?=gettext("Delete IP")?>" href="services_captiveportal_ip.php?zone=<?=$cpzone?>&amp;act=del&amp;id=<?=$i?>" usepost></a>
 				</td>
 			</tr>
 <?php
diff --git a/src/usr/local/www/services_captiveportal_ip_edit.php b/src/usr/local/www/services_captiveportal_ip_edit.php
index 9bfa581..5665b23 100644
--- a/src/usr/local/www/services_captiveportal_ip_edit.php
+++ b/src/usr/local/www/services_captiveportal_ip_edit.php
@@ -47,11 +47,7 @@ require_once("filter.inc");
 require_once("shaper.inc");
 require_once("captiveportal.inc");
 
-$cpzone = $_GET['zone'];
-if (isset($_POST['zone'])) {
-	$cpzone = $_POST['zone'];
-}
-$cpzone = strtolower(htmlspecialchars($cpzone));
+$cpzone = strtolower(htmlspecialchars($_REQUEST['zone']));
 
 if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) {
 	header("Location: services_captiveportal_zones.php");
@@ -61,22 +57,18 @@ if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) {
 if (!is_array($config['captiveportal'])) {
 	$config['captiveportal'] = array();
 }
+
 $a_cp =& $config['captiveportal'];
 
 $pgtitle = array(gettext("Services"), gettext("Captive Portal"), $a_cp[$cpzone]['zone'], gettext("Allowed IP Addresses"), gettext("Edit"));
 $pglinks = array("", "services_captiveportal_zones.php", "services_captiveportal.php?zone=" . $cpzone, "services_captiveportal_ip.php?zone=" . $cpzone, "@self");
 $shortcut_section = "captiveportal";
-
-if (is_numericint($_GET['id'])) {
-	$id = $_GET['id'];
-}
-if (isset($_POST['id']) && is_numericint($_POST['id'])) {
-	$id = $_POST['id'];
-}
+$id = $_REQUEST['id'];
 
 if (!is_array($config['captiveportal'][$cpzone]['allowedip'])) {
 	$config['captiveportal'][$cpzone]['allowedip'] = array();
 }
+
 $a_allowedips =& $config['captiveportal'][$cpzone]['allowedip'];
 
 if (isset($id) && $a_allowedips[$id]) {
@@ -88,7 +80,7 @@ if (isset($id) && $a_allowedips[$id]) {
 	$pconfig['descr'] = $a_allowedips[$id]['descr'];
 }
 
-if ($_POST) {
+if ($_POST['save']) {
 	unset($input_errors);
 	$pconfig = $_POST;
 
diff --git a/src/usr/local/www/services_captiveportal_mac.php b/src/usr/local/www/services_captiveportal_mac.php
index e4aa160..45e9259 100644
--- a/src/usr/local/www/services_captiveportal_mac.php
+++ b/src/usr/local/www/services_captiveportal_mac.php
@@ -40,11 +40,7 @@ require_once("captiveportal.inc");
 global $cpzone;
 global $cpzoneid;
 
-$cpzone = $_GET['zone'];
-if (isset($_POST['zone'])) {
-	$cpzone = $_POST['zone'];
-}
-$cpzone = strtolower(htmlspecialchars($cpzone));
+$cpzone = strtolower(htmlspecialchars($_REQUEST['zone']));
 
 if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) {
 	header("Location: services_captiveportal_zones.php");
@@ -54,6 +50,7 @@ if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) {
 if (!is_array($config['captiveportal'])) {
 	$config['captiveportal'] = array();
 }
+
 $a_cp =& $config['captiveportal'];
 
 $pgtitle = array(gettext("Services"), gettext("Captive Portal"), $a_cp[$cpzone]['zone'], gettext("MACs"));
@@ -63,7 +60,7 @@ $shortcut_section = "captiveportal";
 $actsmbl = array('pass' => '<i class="fa fa-check text-success"></i>&nbsp;' . gettext("Pass"),
 	'block' => '<i class="fa fa-times text-danger"></i>&nbsp;' . gettext("Block"));
 
-if ($_POST) {
+if ($_POST['save']) {
 	$pconfig = $_POST;
 
 	if ($_POST['apply']) {
@@ -133,17 +130,17 @@ if ($_POST) {
 	}
 }
 
-if ($_GET['act'] == "del") {
+if ($_POST['act'] == "del") {
 	$a_passthrumacs =& $a_cp[$cpzone]['passthrumac'];
 
-	if ($a_passthrumacs[$_GET['id']]) {
+	if ($a_passthrumacs[$_POST['id']]) {
 		$cpzoneid = $a_cp[$cpzone]['zoneid'];
-		$rules = captiveportal_passthrumac_delete_entry($a_passthrumacs[$_GET['id']]);
+		$rules = captiveportal_passthrumac_delete_entry($a_passthrumacs[$_POST['id']]);
 		$uniqid = uniqid("{$cpzone}_mac");
 		file_put_contents("{$g['tmp_path']}/{$uniqid}_tmp", $rules);
 		mwexec("/sbin/ipfw -q {$g['tmp_path']}/{$uniqid}_tmp");
 		@unlink("{$g['tmp_path']}/{$uniqid}_tmp");
-		unset($a_passthrumacs[$_GET['id']]);
+		unset($a_passthrumacs[$_POST['id']]);
 		write_config();
 		header("Location: services_captiveportal_mac.php?zone={$cpzone}");
 		exit;
@@ -198,7 +195,7 @@ foreach ($a_cp[$cpzone]['passthrumac'] as $mac): ?>
 				</td>
 				<td>
 					<a class="fa fa-pencil"	title="<?=gettext("Edit MAC address"); ?>" href="services_captiveportal_mac_edit.php?zone=<?=$cpzone?>&amp;id=<?=$i?>"></a>
-					<a class="fa fa-trash"	title="<?=gettext("Delete MAC address")?>" href="services_captiveportal_mac.php?zone=<?=$cpzone?>&amp;act=del&amp;id=<?=$i?>"></a>
+					<a class="fa fa-trash"	title="<?=gettext("Delete MAC address")?>" href="services_captiveportal_mac.php?zone=<?=$cpzone?>&amp;act=del&amp;id=<?=$i?>"usepost></a>
 				</td>
 			</tr>
 <?php
diff --git a/src/usr/local/www/services_captiveportal_mac_edit.php b/src/usr/local/www/services_captiveportal_mac_edit.php
index cea3bbc..8dcc0ce 100644
--- a/src/usr/local/www/services_captiveportal_mac_edit.php
+++ b/src/usr/local/www/services_captiveportal_mac_edit.php
@@ -50,11 +50,7 @@ require_once("captiveportal.inc");
 global $cpzone;
 global $cpzoneid;
 
-$cpzone = $_GET['zone'];
-if (isset($_POST['zone'])) {
-	$cpzone = $_POST['zone'];
-}
-$cpzone = strtolower(htmlspecialchars($cpzone));
+$cpzone = strtolower(htmlspecialchars($_REQUEST['zone']));
 
 if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) {
 	header("Location: services_captiveportal_zones.php");
@@ -64,22 +60,21 @@ if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) {
 if (!is_array($config['captiveportal'])) {
 	$config['captiveportal'] = array();
 }
+
 $a_cp =& $config['captiveportal'];
 
 $pgtitle = array(gettext("Services"), gettext("Captive Portal"), $a_cp[$cpzone]['zone'], gettext("MACs"), gettext("Edit"));
 $pglinks = array("", "services_captiveportal_zones.php", "services_captiveportal.php?zone=" . $cpzone, "services_captiveportal_mac.php?zone=" . $cpzone, "@self");
 $shortcut_section = "captiveportal";
 
-if (is_numericint($_GET['id'])) {
-	$id = $_GET['id'];
-}
-if (isset($_POST['id']) && is_numericint($_POST['id'])) {
-	$id = $_POST['id'];
+if (is_numericint($_REQUEST['id'])) {
+	$id = $_REQUEST['id'];
 }
 
 if (!is_array($a_cp[$cpzone]['passthrumac'])) {
 	$a_cp[$cpzone]['passthrumac'] = array();
 }
+
 $a_passthrumacs = &$a_cp[$cpzone]['passthrumac'];
 
 if (isset($id) && $a_passthrumacs[$id]) {
@@ -91,7 +86,7 @@ if (isset($id) && $a_passthrumacs[$id]) {
 	$pconfig['username'] = $a_passthrumacs[$id]['username'];
 }
 
-if ($_POST) {
+if ($_POST['save']) {
 	unset($input_errors);
 	$pconfig = $_POST;
 
@@ -126,7 +121,7 @@ if ($_POST) {
 		$input_errors[] = gettext("Upload speed must be between 1 and 999999");
 	}
 	if ($_POST['bw_down'] && ($_POST['bw_down'] > 999999 || $_POST['bw_down'] < 1)) {
-		$input_errors[] = gettext("Download speed must be between 1 and 999999"); 
+		$input_errors[] = gettext("Download speed must be between 1 and 999999");
 	}
 
 	foreach ($a_passthrumacs as $macent) {
diff --git a/src/usr/local/www/services_captiveportal_vouchers.php b/src/usr/local/www/services_captiveportal_vouchers.php
index c2506e7..590c43d 100644
--- a/src/usr/local/www/services_captiveportal_vouchers.php
+++ b/src/usr/local/www/services_captiveportal_vouchers.php
@@ -38,12 +38,7 @@ require_once("shaper.inc");
 require_once("captiveportal.inc");
 require_once("voucher.inc");
 
-$cpzone = $_GET['zone'];
-
-if (isset($_POST['zone'])) {
-	$cpzone = $_POST['zone'];
-}
-$cpzone = strtolower(htmlspecialchars($cpzone));
+$cpzone = strtolower(htmlspecialchars($_REQUEST['zone']));
 
 if ($_REQUEST['generatekey']) {
 	exec("/usr/bin/openssl genrsa 64 > /tmp/key64.private");
@@ -63,6 +58,7 @@ if (empty($cpzone)) {
 if (!is_array($config['captiveportal'])) {
 	$config['captiveportal'] = array();
 }
+
 $a_cp =& $config['captiveportal'];
 
 if (!is_array($config['voucher'])) {
@@ -128,14 +124,15 @@ if (!isset($config['voucher'][$cpzone]['publickey'])) {
 if (!isset($config['voucher'][$cpzone]['descrmsgnoaccess'])) {
 	$config['voucher'][$cpzone]['descrmsgnoaccess'] = gettext("Voucher invalid");
 }
+
 if (!isset($config['voucher'][$cpzone]['descrmsgexpired'])) {
 	$config['voucher'][$cpzone]['descrmsgexpired'] = gettext("Voucher expired");
 }
 
 $a_roll = &$config['voucher'][$cpzone]['roll'];
 
-if ($_GET['act'] == "del") {
-	$id = $_GET['id'];
+if ($_POST['act'] == "del") {
+	$id = $_POST['id'];
 	if ($a_roll[$id]) {
 		$roll = $a_roll[$id]['number'];
 		$voucherlck = lock("voucher{$cpzone}");
@@ -146,7 +143,7 @@ if ($_GET['act'] == "del") {
 	}
 	header("Location: services_captiveportal_vouchers.php?zone={$cpzone}");
 	exit;
-} else if ($_GET['act'] == "csv") {
+} else if ($_REQUEST['act'] == "csv") {
 	/* print all vouchers of the selected roll */
 	$privkey = base64_decode($config['voucher'][$cpzone]['privatekey']);
 	if (strstr($privkey, "BEGIN RSA PRIVATE KEY")) {
@@ -158,7 +155,7 @@ if ($_GET['act'] == "del") {
 			fwrite($fd, $privkey);
 			fclose($fd);
 			$a_voucher = &$config['voucher'][$cpzone]['roll'];
-			$id = $_GET['id'];
+			$id = $_REQUEST['id'];
 			if (isset($id) && $a_voucher[$id]) {
 				$number = $a_voucher[$id]['number'];
 				$count = $a_voucher[$id]['count'];
@@ -194,7 +191,7 @@ $pconfig['vouchersyncport'] = $config['voucher'][$cpzone]['vouchersyncport'];
 $pconfig['vouchersyncpass'] = $config['voucher'][$cpzone]['vouchersyncpass'];
 $pconfig['vouchersyncusername'] = $config['voucher'][$cpzone]['vouchersyncusername'];
 
-if ($_POST) {
+if ($_POST['save']) {
 	unset($input_errors);
 
 	if ($_POST['postafterlogin']) {
@@ -303,7 +300,7 @@ EOF;
 				require_once("xmlrpc_client.inc");
 				$rpc_client = new pfsense_xmlrpc_client();
 				$rpc_client->setConnectionData(
-						$newvoucher['vouchersyncdbip'], $newvoucher['vouchersyncport'], 
+						$newvoucher['vouchersyncdbip'], $newvoucher['vouchersyncport'],
 						$newvoucher['vouchersyncusername'], $newvoucher['vouchersyncpass']);
 				$rpc_client->set_noticefile("CaptivePortalVoucherSync");
 				$resp = $rpc_client->xmlrpc_exec_php($execcmd);
@@ -361,6 +358,7 @@ EOF;
 		}
 	}
 }
+
 include("head.inc");
 
 if ($input_errors) {
@@ -409,7 +407,7 @@ foreach ($a_roll as $rollent):
 						<td>
 							<!-- These buttons are hidden/shown on checking the 'enable' checkbox -->
 							<a class="fa fa-pencil"		title="<?=gettext("Edit voucher roll"); ?>" href="services_captiveportal_vouchers_edit.php?zone=<?=$cpzone?>&amp;id=<?=$i; ?>"></a>
-							<a class="fa fa-trash"		title="<?=gettext("Delete voucher roll")?>" href="services_captiveportal_vouchers.php?zone=<?=$cpzone?>&amp;act=del&amp;id=<?=$i; ?>"></a>
+							<a class="fa fa-trash"		title="<?=gettext("Delete voucher roll")?>" href="services_captiveportal_vouchers.php?zone=<?=$cpzone?>&amp;act=del&amp;id=<?=$i; ?>" usepost></a>
 							<a class="fa fa-file-excel-o"	title="<?=gettext("Export vouchers for this roll to a .csv file")?>" href="services_captiveportal_vouchers.php?zone=<?=$cpzone?>&amp;act=csv&amp;id=<?=$i; ?>"></a>
 						</td>
 					</tr>
diff --git a/src/usr/local/www/services_captiveportal_vouchers_edit.php b/src/usr/local/www/services_captiveportal_vouchers_edit.php
index 07792a6..f502dcf 100644
--- a/src/usr/local/www/services_captiveportal_vouchers_edit.php
+++ b/src/usr/local/www/services_captiveportal_vouchers_edit.php
@@ -34,11 +34,7 @@ require_once("shaper.inc");
 require_once("captiveportal.inc");
 require_once("voucher.inc");
 
-$cpzone = $_GET['zone'];
-if (isset($_POST['zone'])) {
-	$cpzone = $_POST['zone'];
-}
-$cpzone = strtolower(htmlspecialchars($cpzone));
+$cpzone = strtolower(htmlspecialchars($_REQUEST['zone']));
 
 if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) {
 	header("Location: services_captiveportal_zones.php");
@@ -48,6 +44,7 @@ if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) {
 if (!is_array($config['captiveportal'])) {
 	$config['captiveportal'] = array();
 }
+
 $a_cp =& $config['captiveportal'];
 
 $pgtitle = array(gettext("Services"), gettext("Captive Portal"), $a_cp[$cpzone]['zone'], gettext("Vouchers"), gettext("Edit"));
@@ -63,13 +60,8 @@ if (!is_array($config['voucher'][$cpzone]['roll'])) {
 }
 
 $a_roll = &$config['voucher'][$cpzone]['roll'];
+$id = $_REQUEST['id'];
 
-if (is_numericint($_GET['id'])) {
-	$id = $_GET['id'];
-}
-if (isset($_POST['id']) && is_numericint($_POST['id'])) {
-	$id = $_POST['id'];
-}
 
 if (isset($id) && $a_roll[$id]) {
 	$pconfig['zone'] = $a_roll[$id]['zone'];
@@ -82,7 +74,7 @@ if (isset($id) && $a_roll[$id]) {
 $maxnumber = (1<<$config['voucher'][$cpzone]['rollbits']) -1;	// Highest Roll#
 $maxcount = (1<<$config['voucher'][$cpzone]['ticketbits']) -1;	 // Highest Ticket#
 
-if ($_POST) {
+if ($_POST['save']) {
 
 	unset($input_errors);
 	$pconfig = $_POST;
diff --git a/src/usr/local/www/services_captiveportal_zones.php b/src/usr/local/www/services_captiveportal_zones.php
index 6454a2a..9842281 100644
--- a/src/usr/local/www/services_captiveportal_zones.php
+++ b/src/usr/local/www/services_captiveportal_zones.php
@@ -40,8 +40,8 @@ if (!is_array($config['captiveportal'])) {
 }
 $a_cp = &$config['captiveportal'];
 
-if ($_GET['act'] == "del" && !empty($_GET['zone'])) {
-	$cpzone = strtolower(htmlspecialchars($_GET['zone']));
+if ($_POST['act'] == "del" && !empty($_POST['zone'])) {
+	$cpzone = strtolower(htmlspecialchars($_POST['zone']));
 	if ($a_cp[$cpzone]) {
 		$cpzoneid = $a_cp[$cpzone]['zoneid'];
 		unset($a_cp[$cpzone]['enable']);
@@ -100,7 +100,7 @@ if (is_subsystem_dirty('captiveportal')) {
 						<td><?=htmlspecialchars($cpitem['descr']);?>&nbsp;</td>
 						<td>
 							<a class="fa fa-pencil" title="<?=gettext("Edit zone"); ?>" href="services_captiveportal.php?zone=<?=$cpzone?>"></a>
-							<a class="fa fa-trash"  title="<?=gettext("Delete zone")?>" href="services_captiveportal_zones.php?act=del&amp;zone=<?=$cpzone;?>"></a>
+							<a class="fa fa-trash"  title="<?=gettext("Delete zone")?>" href="services_captiveportal_zones.php?act=del&amp;zone=<?=$cpzone;?>" usepost></a>
 						</td>
 					</tr>
 <?php
diff --git a/src/usr/local/www/services_captiveportal_zones_edit.php b/src/usr/local/www/services_captiveportal_zones_edit.php
index 2d71251..5aea1fe 100644
--- a/src/usr/local/www/services_captiveportal_zones_edit.php
+++ b/src/usr/local/www/services_captiveportal_zones_edit.php
@@ -39,9 +39,10 @@ $shortcut_section = "captiveportal";
 if (!is_array($config['captiveportal'])) {
 	$config['captiveportal'] = array();
 }
+
 $a_cp =& $config['captiveportal'];
 
-if ($_POST) {
+if ($_POST['Submit']) {
 	unset($input_errors);
 	$pconfig = $_POST;
 
-- 
cgit v1.1