Revision 4611e283
Added by Steve Beaver over 8 years ago
| src/usr/local/www/system_groupmanager.php | ||
|---|---|---|
| 42 | 42 |
$a_group = &$config['system']['group']; |
| 43 | 43 |
|
| 44 | 44 |
unset($id); |
| 45 |
$id = $_POST['groupid'];
|
|
| 46 |
$act = (isset($_POST['act']) ? $_POST['act'] : '');
|
|
| 45 |
$id = $_REQUEST['groupid'];
|
|
| 46 |
$act = (isset($_REQUEST['act']) ? $_REQUEST['act'] : '');
|
|
| 47 | 47 |
|
| 48 | 48 |
function cpusercmp($a, $b) {
|
| 49 | 49 |
return strcasecmp($a['name'], $b['name']); |
| ... | ... | |
| 59 | 59 |
usort($a_group, "cpusercmp"); |
| 60 | 60 |
} |
| 61 | 61 |
|
| 62 |
if ($act == "delgroup") {
|
|
| 62 |
if ($_POST['act'] == "delgroup") {
|
|
| 63 | 63 |
|
| 64 |
if (!isset($id) || !isset($_POST['groupname']) || !isset($a_group[$id]) || ($_POST['groupname'] != $a_group[$id]['name'])) {
|
|
| 64 |
if (!isset($id) || !isset($_REQUEST['groupname']) || !isset($a_group[$id]) || ($_REQUEST['groupname'] != $a_group[$id]['name'])) {
|
|
| 65 | 65 |
pfSenseHeader("system_groupmanager.php");
|
| 66 | 66 |
exit; |
| 67 | 67 |
} |
| ... | ... | |
| 73 | 73 |
$savemsg = sprintf(gettext("Group %s successfully deleted."), $groupdeleted);
|
| 74 | 74 |
} |
| 75 | 75 |
|
| 76 |
if ($act == "delpriv") {
|
|
| 76 |
if ($_POST['act'] == "delpriv") {
|
|
| 77 | 77 |
|
| 78 | 78 |
if (!isset($id) || !isset($a_group[$id])) {
|
| 79 | 79 |
pfSenseHeader("system_groupmanager.php");
|
| 80 | 80 |
exit; |
| 81 | 81 |
} |
| 82 | 82 |
|
| 83 |
$privdeleted = $priv_list[$a_group[$id]['priv'][$_POST['privid']]]['name'];
|
|
| 84 |
unset($a_group[$id]['priv'][$_POST['privid']]);
|
|
| 83 |
$privdeleted = $priv_list[$a_group[$id]['priv'][$_REQUEST['privid']]]['name'];
|
|
| 84 |
unset($a_group[$id]['priv'][$_REQUEST['privid']]);
|
|
| 85 | 85 |
|
| 86 | 86 |
if (is_array($a_group[$id]['member'])) {
|
| 87 | 87 |
foreach ($a_group[$id]['member'] as $uid) {
|
| ... | ... | |
| 259 | 259 |
$privhtml .= '</div>'; |
| 260 | 260 |
|
| 261 | 261 |
$privhtml .= '<nav class="action-buttons">'; |
| 262 |
$privhtml .= '<a href="system_groupmanager_addprivs.php?groupid=' . $id . '" class="btn btn-success" usepost><i class="fa fa-plus icon-embed-btn"></i>' . gettext("Add") . '</a>';
|
|
| 262 |
$privhtml .= '<a href="system_groupmanager_addprivs.php?groupid=' . $id . '" class="btn btn-success"><i class="fa fa-plus icon-embed-btn"></i>' . gettext("Add") . '</a>';
|
|
| 263 | 263 |
$privhtml .= '</nav>'; |
| 264 | 264 |
|
| 265 | 265 |
return($privhtml); |
| ... | ... | |
| 290 | 290 |
$tab_array[] = array(gettext("Authentication Servers"), false, "system_authservers.php");
|
| 291 | 291 |
display_top_tabs($tab_array); |
| 292 | 292 |
|
| 293 |
if (!($_POST['act'] == "new" || $_POST['act'] == "edit")) {
|
|
| 293 |
if (!($act == "new" || $act == "edit")) {
|
|
| 294 | 294 |
?> |
| 295 | 295 |
<div class="panel panel-default"> |
| 296 | 296 |
<div class="panel-heading"><h2 class="panel-title"><?=gettext('Groups')?></h2></div>
|
| ... | ... | |
| 325 | 325 |
<?=$groupcount?> |
| 326 | 326 |
</td> |
| 327 | 327 |
<td> |
| 328 |
<a class="fa fa-pencil" title="<?=gettext("Edit group"); ?>" href="?act=edit&groupid=<?=$i?>" usepost></a>
|
|
| 328 |
<a class="fa fa-pencil" title="<?=gettext("Edit group"); ?>" href="?act=edit&groupid=<?=$i?>"></a>
|
|
| 329 | 329 |
<?php if ($group['scope'] != "system"): ?> |
| 330 | 330 |
<a class="fa fa-trash" title="<?=gettext("Delete group")?>" href="?act=delgroup&groupid=<?=$i?>&groupname=<?=$group['name']?>" usepost></a>
|
| 331 | 331 |
<?php endif;?> |
| ... | ... | |
| 341 | 341 |
</div> |
| 342 | 342 |
|
| 343 | 343 |
<nav class="action-buttons"> |
| 344 |
<a href="?act=new" class="btn btn-success btn-sm" usepost>
|
|
| 344 |
<a href="?act=new" class="btn btn-success btn-sm"> |
|
| 345 | 345 |
<i class="fa fa-plus icon-embed-btn"></i> |
| 346 | 346 |
<?=gettext("Add")?>
|
| 347 | 347 |
</a> |
Also available in: Unified diff
Revisions to GET/POST conversion limiting POSTs to save, apply, and delete functions