From 1a6769a630b73e20dc093df7d9b59e8bd4dfce74 Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Thu, 11 Sep 2014 17:40:23 -0300 Subject: Replace GET by POST on system_usermanager.php and make necessary adjustments on necessary pages. It fixes #3856 --- usr/local/www/system_certmanager.php | 6 +- usr/local/www/system_usermanager.php | 266 ++++++++++++++------------ usr/local/www/system_usermanager_addprivs.php | 12 +- usr/local/www/vpn_ipsec_keys.php | 11 +- 4 files changed, 164 insertions(+), 131 deletions(-) (limited to 'usr/local/www') diff --git a/usr/local/www/system_certmanager.php b/usr/local/www/system_certmanager.php index 97968bb..0772ae6 100644 --- a/usr/local/www/system_certmanager.php +++ b/usr/local/www/system_certmanager.php @@ -402,8 +402,10 @@ if ($_POST) { if (!$input_errors) write_config(); - if ($userid) - pfSenseHeader("system_usermanager.php?act=edit&id={$userid}"); + if ($userid) { + post_redirect("system_usermanager.php", array('act' => 'edit', 'userid' => $userid)); + exit; + } } } diff --git a/usr/local/www/system_usermanager.php b/usr/local/www/system_usermanager.php index 7581697..0d8ac5a 100644 --- a/usr/local/www/system_usermanager.php +++ b/usr/local/www/system_usermanager.php @@ -53,12 +53,10 @@ require("guiconfig.inc"); // start admin user code $pgtitle = array(gettext("System"),gettext("User Manager")); -if (is_numericint($_GET['id'])) - $id = $_GET['id']; -if (isset($_POST['id']) && is_numericint($_POST['id'])) - $id = $_POST['id']; +if (isset($_POST['userid']) && is_numericint($_POST['userid'])) + $id = $_POST['userid']; -if (!is_array($config['system']['user'])) +if (!isset($config['system']['user']) || !is_array($config['system']['user'])) $config['system']['user'] = array(); $a_user = &$config['system']['user']; @@ -81,7 +79,7 @@ if (isset($id) && $a_user[$id]) { $pconfig['disabled'] = isset($a_user[$id]['disabled']); } -if ($_GET['act'] == "deluser") { +if ($_POST['act'] == "deluser") { if (!$a_user[$id]) { pfSenseHeader("system_usermanager.php"); @@ -97,29 +95,29 @@ if ($_GET['act'] == "deluser") { $savemsg = gettext("User")." {$userdeleted} ". gettext("successfully deleted")."
"; } -else if ($_GET['act'] == "delpriv") { +else if ($_POST['act'] == "delpriv") { if (!$a_user[$id]) { pfSenseHeader("system_usermanager.php"); exit; } - $privdeleted = $priv_list[$a_user[$id]['priv'][$_GET['privid']]]['name']; - unset($a_user[$id]['priv'][$_GET['privid']]); + $privdeleted = $priv_list[$a_user[$id]['priv'][$_POST['privid']]]['name']; + unset($a_user[$id]['priv'][$_POST['privid']]); local_user_set($a_user[$id]); write_config(); - $_GET['act'] = "edit"; + $_POST['act'] = "edit"; $savemsg = gettext("Privilege")." {$privdeleted} ". gettext("successfully deleted")."
"; } -else if ($_GET['act'] == "expcert") { +else if ($_POST['act'] == "expcert") { if (!$a_user[$id]) { pfSenseHeader("system_usermanager.php"); exit; } - $cert =& lookup_cert($a_user[$id]['cert'][$_GET['certid']]); + $cert =& lookup_cert($a_user[$id]['cert'][$_POST['certid']]); $exp_name = urlencode("{$a_user[$id]['name']}-{$cert['descr']}.crt"); $exp_data = base64_decode($cert['crt']); @@ -131,14 +129,14 @@ else if ($_GET['act'] == "expcert") { echo $exp_data; exit; } -else if ($_GET['act'] == "expckey") { +else if ($_POST['act'] == "expckey") { if (!$a_user[$id]) { pfSenseHeader("system_usermanager.php"); exit; } - $cert =& lookup_cert($a_user[$id]['cert'][$_GET['certid']]); + $cert =& lookup_cert($a_user[$id]['cert'][$_POST['certid']]); $exp_name = urlencode("{$a_user[$id]['name']}-{$cert['descr']}.key"); $exp_data = base64_decode($cert['prv']); @@ -150,22 +148,22 @@ else if ($_GET['act'] == "expckey") { echo $exp_data; exit; } -else if ($_GET['act'] == "delcert") { +else if ($_POST['act'] == "delcert") { if (!$a_user[$id]) { pfSenseHeader("system_usermanager.php"); exit; } - $certdeleted = lookup_cert($a_user[$id]['cert'][$_GET['certid']]); + $certdeleted = lookup_cert($a_user[$id]['cert'][$_POST['certid']]); $certdeleted = $certdeleted['descr']; - unset($a_user[$id]['cert'][$_GET['certid']]); + unset($a_user[$id]['cert'][$_POST['certid']]); write_config(); - $_GET['act'] = "edit"; + $_POST['act'] = "edit"; $savemsg = gettext("Certificate")." {$certdeleted} ". gettext("association removed.")."
"; } -else if ($_GET['act'] == "new") { +else if ($_POST['act'] == "new") { /* * set this value cause the text field is read only * and the user should not be able to mess with this @@ -175,7 +173,7 @@ else if ($_GET['act'] == "new") { $pconfig['lifetime'] = 3650; } -if ($_POST) { +if ($_POST['save']) { unset($input_errors); $pconfig = $_POST; @@ -469,9 +467,13 @@ function sshkeyClicked(obj) {
+ + + + - ')"> - delete - + '; + return confirm('');" + title="" /> @@ -686,15 +692,25 @@ function sshkeyClicked(obj) { -
- - " alt="" width="17" height="17" border="0" /> - - - " alt="" width="17" height="17" border="0" /> - - ')"> - <?=gettext(" /> - + ';" + title="" /> + ';" + title="" /> + '; + return confirm('')" + title="" />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - " alt="" width="17" height="17" border="0" /> - -
-

- -

- -

-
- - - - - -
- - <?=gettext(" title="" border="0" height="16" width="16" /> - - -
-
  - -   - - - " alt="" width="17" height="17" border="0" /> - - -   - ')"> - " alt="" width="17" height="17" border="0" /> - - -
+ + + + + + + + + + + + + + + + + + + + + + + + + + + '; + document.getElementById('userid').value=''; + document.iform2.submit();"> + + + + + + + + +
+ ';" + title="" /> +
+

+ +

+ +

+
+ + + + + +
+ + <?=gettext(" title="" border="0" height="16" width="16" /> + + +
+
  + +   + + ';" + title="" /> + +   + '; + return confirm('');" + title="" /> + +
+
diff --git a/usr/local/www/system_usermanager_addprivs.php b/usr/local/www/system_usermanager_addprivs.php index bf4a02e..1d0a9e6 100644 --- a/usr/local/www/system_usermanager_addprivs.php +++ b/usr/local/www/system_usermanager_addprivs.php @@ -51,17 +51,13 @@ if (is_numericint($_GET['userid'])) if (isset($_POST['userid']) && is_numericint($_POST['userid'])) $userid = $_POST['userid']; -$a_user = & $config['system']['user'][$userid]; -if (!is_array($a_user)) { - pfSenseHeader("system_usermanager.php?id={$userid}"); - exit; -} - -if (!is_array($a_user)) { +if (!isset($config['system']['user'][$userid]) && !is_array($config['system']['user'][$userid])) { pfSenseHeader("system_usermanager.php"); exit; } +$a_user = & $config['system']['user'][$userid]; + if (!is_array($a_user['priv'])) $a_user['priv'] = array(); @@ -99,7 +95,7 @@ if ($_POST) { $savemsg = get_std_save_message($retval); conf_mount_ro(); - pfSenseHeader("system_usermanager.php?act=edit&id={$userid}"); + post_redirect("system_usermanager.php", array('act' => 'edit', 'userid' => $userid)); exit; } diff --git a/usr/local/www/vpn_ipsec_keys.php b/usr/local/www/vpn_ipsec_keys.php index 5881194..79f2501 100644 --- a/usr/local/www/vpn_ipsec_keys.php +++ b/usr/local/www/vpn_ipsec_keys.php @@ -73,7 +73,6 @@ include("head.inc"); -
- " width="17" height="17" border="0" alt="edit" /> + + + + + " /> +
  @@ -166,7 +172,6 @@ if (is_subsystem_dirty('ipsec')) - -- cgit v1.1