Revision 0f026089
Added by Jim Pingle over 8 years ago
| src/usr/local/www/easyrule.php | ||
|---|---|---|
| 27 | 27 |
##|*MATCH=easyrule.php* |
| 28 | 28 |
##|-PRIV |
| 29 | 29 |
|
| 30 |
$pgtitle = gettext("Firewall: EasyRule");
|
|
| 31 | 30 |
require_once("guiconfig.inc");
|
| 32 | 31 |
require_once("easyrule.inc");
|
| 33 | 32 |
require_once("filter.inc");
|
| ... | ... | |
| 35 | 34 |
|
| 36 | 35 |
$retval = 0; |
| 37 | 36 |
$message = ""; |
| 38 |
$specialsrcdst = explode(" ", "any pptp pppoe l2tp openvpn");
|
|
| 37 |
$confirmed = isset($_POST['confirmed']) && $_POST['confirmed'] == 'true';
|
|
| 39 | 38 |
|
| 40 |
if ($_GET && isset($_GET['action'])) {
|
|
| 41 |
switch ($_GET['action']) {
|
|
| 39 |
/* $specialsrcdst must be a defined global for functions being called. */ |
|
| 40 |
global $specialsrcdst; |
|
| 41 |
$specialsrcdst = explode(" ", "any pppoe l2tp openvpn");
|
|
| 42 |
|
|
| 43 |
if ($_POST && $confirmed && isset($_POST['action'])) {
|
|
| 44 |
switch ($_POST['action']) {
|
|
| 42 | 45 |
case 'block': |
| 43 | 46 |
/* Check that we have a valid host */ |
| 44 |
easyrule_parse_block($_GET['int'], $_GET['src'], $_GET['ipproto']);
|
|
| 47 |
$message = easyrule_parse_block($_POST['int'], $_POST['src'], $_POST['ipproto']);
|
|
| 45 | 48 |
break; |
| 46 | 49 |
case 'pass': |
| 47 |
easyrule_parse_pass($_GET['int'], $_GET['proto'], $_GET['src'], $_GET['dst'], $_GET['dstport'], $_GET['ipproto']);
|
|
| 50 |
$message = easyrule_parse_pass($_POST['int'], $_POST['proto'], $_POST['src'], $_POST['dst'], $_POST['dstport'], $_POST['ipproto']);
|
|
| 48 | 51 |
break; |
| 52 |
default: |
|
| 53 |
$message = gettext("Invalid action specified.");
|
|
| 49 | 54 |
} |
| 50 | 55 |
} |
| 51 | 56 |
|
| ... | ... | |
| 53 | 58 |
$message = $retval; |
| 54 | 59 |
} |
| 55 | 60 |
|
| 61 |
$pgtitle = array(gettext("Firewall"), gettext("Easy Rule"));
|
|
| 56 | 62 |
include("head.inc");
|
| 57 |
?> |
|
| 58 |
<table width="100%" border="0" cellpadding="0" cellspacing="0"> |
|
| 59 |
<tr> |
|
| 60 |
<td> |
|
| 61 |
<?php |
|
| 62 | 63 |
if ($input_errors) {
|
| 63 | 64 |
print_input_errors($input_errors); |
| 64 | 65 |
} |
| 65 |
|
|
| 66 |
if ($message) {
|
|
| 67 | 66 |
?> |
| 68 |
<br /> |
|
| 69 |
<?=gettext("Message"); ?>: <?=$message;?>
|
|
| 70 |
<br /> |
|
| 67 |
<form action="easyrule.php" method="post"> |
|
| 68 |
<div class="panel panel-default"> |
|
| 69 |
<div class="panel-heading"> |
|
| 70 |
<h2 class="panel-title"> |
|
| 71 |
<?=gettext("Confirmation Required to Add Easy Rule");?>
|
|
| 72 |
</h2> |
|
| 73 |
</div> |
|
| 74 |
<div class="panel-body"> |
|
| 75 |
<div class="content"> |
|
| 71 | 76 |
<?php |
| 72 |
} else {
|
|
| 77 |
if (!$confirmed && !empty($_REQUEST['action'])) { ?>
|
|
| 78 |
<?php if ($_GET['action'] == 'block'): ?> |
|
| 79 |
<b><?=gettext("Rule Type")?>:</b> <?=htmlspecialchars(ucfirst(gettext($_GET['action'])))?>
|
|
| 80 |
<br/><b><?=gettext("Interface")?>:</b> <?=htmlspecialchars(strtoupper($_GET['int']))?>
|
|
| 81 |
<input type="hidden" name="int" value="<?=htmlspecialchars($_GET['int'])?>" /> |
|
| 82 |
<br/><b><?= gettext("Source") ?>:</b> <?=htmlspecialchars($_GET['src'])?>
|
|
| 83 |
<input type="hidden" name="src" value="<?=htmlspecialchars($_GET['src'])?>" /> |
|
| 84 |
<br/><b><?=gettext("IP Protocol")?>:</b> <?=htmlspecialchars(ucfirst($_GET['ipproto']))?>
|
|
| 85 |
<input type="hidden" name="ipproto" value="<?=htmlspecialchars($_GET['ipproto'])?>" /> |
|
| 86 |
<?php elseif ($_GET['action'] == 'pass'): ?> |
|
| 87 |
<b><?=gettext("Rule Type")?>:</b> <?=htmlspecialchars(ucfirst(gettext($_GET['action'])))?>
|
|
| 88 |
<br/><b><?=gettext("Interface")?>:</b> <?=htmlspecialchars(strtoupper($_GET['int']))?>
|
|
| 89 |
<input type="hidden" name="int" value="<?=htmlspecialchars($_GET['int'])?>" /> |
|
| 90 |
<br/><b><?=gettext("Protocol")?>:</b> <?=htmlspecialchars(strtoupper($_GET['proto']))?>
|
|
| 91 |
<input type="hidden" name="proto" value="<?=htmlspecialchars($_GET['proto'])?>" /> |
|
| 92 |
<br/><b><?=gettext("Source")?>:</b> <?=htmlspecialchars($_GET['src'])?>
|
|
| 93 |
<input type="hidden" name="src" value="<?=htmlspecialchars($_GET['src'])?>" /> |
|
| 94 |
<br/><b><?=gettext("Destination")?>:</b> <?=htmlspecialchars($_GET['dst'])?>
|
|
| 95 |
<input type="hidden" name="dst" value="<?=htmlspecialchars($_GET['dst'])?>" /> |
|
| 96 |
<br/><b><?=gettext("Destination Port")?>:</b> <?=htmlspecialchars($_GET['dstport'])?>
|
|
| 97 |
<input type="hidden" name="dstport" value="<?=htmlspecialchars($_GET['dstport'])?>" /> |
|
| 98 |
<br/><b><?=gettext("IP Protocol")?>:</b> <?=htmlspecialchars(ucfirst($_GET['ipproto']))?>
|
|
| 99 |
<input type="hidden" name="ipproto" value="<?=htmlspecialchars($_GET['ipproto'])?>" /> |
|
| 100 |
<?php else: |
|
| 101 |
$message = gettext("Invalid action specified.");
|
|
| 102 |
endif; ?> |
|
| 103 |
<br/><br/> |
|
| 104 |
<?php if (empty($message)): ?> |
|
| 105 |
<input type="hidden" name="action" value="<?=htmlspecialchars($_GET['action'])?>" /> |
|
| 106 |
<input type="hidden" name="confirmed" value="true" /> |
|
| 107 |
<button type="submit" class="btn btn-success" name="erconfirm" id="erconfirm" value="<?=gettext("Confirm")?>">
|
|
| 108 |
<i class="fa fa-check icon-embed-btn"></i> |
|
| 109 |
<?=gettext("Confirm")?>
|
|
| 110 |
</button> |
|
| 111 |
<?php endif; |
|
| 112 |
} |
|
| 113 |
|
|
| 114 |
if ($message) {
|
|
| 115 |
print_info_box($message); |
|
| 116 |
} elseif (empty($_REQUEST['action'])) {
|
|
| 73 | 117 |
print_info_box( |
| 74 | 118 |
gettext('This is the Easy Rule status page, mainly used to display errors when adding rules.') . ' ' .
|
| 75 | 119 |
gettext('There apparently was not an error, and this page was navigated to directly without any instructions for what it should do.') .
|
| ... | ... | |
| 78 | 122 |
', <a href="status_logs_filter.php">' . gettext("Status") . ' > ' . gettext('System Logs') . ', ' . gettext('Firewall Tab') . '</a>.<br />');
|
| 79 | 123 |
} |
| 80 | 124 |
?> |
| 81 |
</td> |
|
| 82 |
</tr> |
|
| 83 |
</table> |
|
| 125 |
</div> |
|
| 126 |
</div> |
|
| 127 |
</div> |
|
| 128 |
</form> |
|
| 84 | 129 |
<?php include("foot.inc"); ?>
|
Also available in: Unified diff
Convert easyrule.php to use a confirmation landing page so that the parameters can be submitted via POST. Also, remove the JavaScript confirmation box since it is now redundant. Fixes #7228
The confirmation page displays the submitted parameters for an extra user sanity check. Also fixed a bunch of page formatting issues that were not apparent because users rarely if ever saw output from the page.