[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ossec-cvs] ossec-hids: search.php (HEAD) [davelowe]
- To: ossec-cvs@xxxxxxxxx
- Subject: [ossec-cvs] ossec-hids: search.php (HEAD) [davelowe]
- From: OSSEC CVS <cvs-commit@xxxxxxxxx>
- Date: Sun, 12 Aug 2007 01:48:54 -0300 (ADT)
- Content-transfer-encoding: 8bit
Module name: ossec-hids
Changes by: davelowe 07/08/12 01:48:52
Modified files:
search.php
Log message:
Changed form method from POST to GET for search results page
Index: search.php
===================================================================
RCS file: /usr/cvsroot/ossec-ui/ossec/Site/search.php,v
diff -u -r1.4 -r1.5
--- search.php 12 Aug 2007 03:35:18 -0000 1.4
+++ search.php 12 Aug 2007 04:48:52 -0000 1.5
@@ -44,49 +44,49 @@
/* Getting search id */
-if(isset($_POST['searchid']))
+if(isset($_GET['searchid']))
{
- if(is_numeric($_POST['searchid']))
+ if(is_numeric($_GET['searchid']))
{
- $USER_searchid = $_POST['searchid'];
+ $USER_searchid = $_GET['searchid'];
}
}
/* Reading user input -- being very careful parsing it */
$datepattern = "/^([0-9]{4})-([0-9]{2})-([0-9]{2}) ([0-9]{2}):([0-9]{2})$/";
-if(isset($_POST['initdate']))
-{
- if(preg_match($datepattern, $_POST['initdate'], $regs))
+if(isset($_GET['initdate']))
+{
+ if(preg_match($datepattern, $_GET['initdate'], $regs))
{
$USER_init = mktime($regs[4], $regs[5], 0,$regs[2],$regs[3],$regs[1]);
$u_init_time = $USER_init;
}
}
-if(isset($_POST['finaldate']))
+if(isset($_GET['finaldate']))
{
- if(preg_match($datepattern, $_POST['finaldate'], $regs) == true)
+ if(preg_match($datepattern, $_GET['finaldate'], $regs) == true)
{
$USER_final = mktime($regs[4], $regs[5], 0,$regs[2],$regs[3],$regs[1]);
$u_final_time = $USER_final;
}
}
-if(isset($_POST['level']))
+if(isset($_GET['level']))
{
- if((is_numeric($_POST['level'])) &&
- ($_POST['level'] > 0) &&
- ($_POST['level'] < 16))
+ if((is_numeric($_GET['level'])) &&
+ ($_GET['level'] > 0) &&
+ ($_GET['level'] < 16))
{
- $USER_level = $_POST['level'];
+ $USER_level = $_GET['level'];
$u_level = $USER_level;
}
}
-if(isset($_POST['page']))
+if(isset($_GET['page']))
{
- if((is_numeric($_POST['page'])) &&
- ($_POST['page'] > 0) &&
- ($_POST['page'] <= 999))
+ if((is_numeric($_GET['page'])) &&
+ ($_GET['page'] > 0) &&
+ ($_GET['page'] <= 999))
{
- $USER_page = $_POST['page'];
+ $USER_page = $_GET['page'];
}
}
@@ -94,97 +94,97 @@
$strpattern = "/^[0-9a-zA-Z. _|^!-()?]{1,128}$/";
$intpattern = "/^[0-9]{1,8}$/";
-if(isset($_POST['strpattern']))
+if(isset($_GET['strpattern']))
{
- if(preg_match($strpattern, $_POST['strpattern']) == true)
+ if(preg_match($strpattern, $_GET['strpattern']) == true)
{
- $USER_pattern = $_POST['strpattern'];
+ $USER_pattern = $_GET['strpattern'];
$u_pattern = $USER_pattern;
}
}
/* Getting location */
-if(isset($_POST['locationpattern']))
+if(isset($_GET['locationpattern']))
{
$lcpattern = "/^[0-9a-zA-Z. _|^!>\/\\-]{1,156}$/";
- if(preg_match($lcpattern, $_POST['locationpattern']) == true)
+ if(preg_match($lcpattern, $_GET['locationpattern']) == true)
{
- $LOCATION_pattern = $_POST['locationpattern'];
+ $LOCATION_pattern = $_GET['locationpattern'];
$u_location = $LOCATION_pattern;
}
}
/* Group pattern */
-if(isset($_POST['grouppattern']))
+if(isset($_GET['grouppattern']))
{
- if($_POST['grouppattern'] == "ALL")
+ if($_GET['grouppattern'] == "ALL")
{
$USER_group = NULL;
}
- else if(preg_match($strpattern,$_POST['grouppattern']) == true)
+ else if(preg_match($strpattern,$_GET['grouppattern']) == true)
{
- $USER_group = $_POST['grouppattern'];
+ $USER_group = $_GET['grouppattern'];
}
}
/* Group pattern */
-if(isset($_POST['logpattern']))
+if(isset($_GET['logpattern']))
{
- if($_POST['logpattern'] == "ALL")
+ if($_GET['logpattern'] == "ALL")
{
$USER_log = NULL;
}
- else if(preg_match($strpattern,$_POST['logpattern']) == true)
+ else if(preg_match($strpattern,$_GET['logpattern']) == true)
{
- $USER_log = $_POST['logpattern'];
+ $USER_log = $_GET['logpattern'];
}
}
/* Rule pattern */
-if(isset($_POST['rulepattern']))
+if(isset($_GET['rulepattern']))
{
- if(preg_match($strpattern, $_POST['rulepattern']) == true)
+ if(preg_match($strpattern, $_GET['rulepattern']) == true)
{
- $USER_rule = $_POST['rulepattern'];
+ $USER_rule = $_GET['rulepattern'];
$u_rule = $USER_rule;
}
}
/* Src ip pattern */
-if(isset($_POST['srcippattern']))
+if(isset($_GET['srcippattern']))
{
- if(preg_match($strpattern, $_POST['srcippattern']) == true)
+ if(preg_match($strpattern, $_GET['srcippattern']) == true)
{
- $USER_srcip = $_POST['srcippattern'];
+ $USER_srcip = $_GET['srcippattern'];
$u_srcip = $USER_srcip;
}
}
/* User pattern */
-if(isset($_POST['userpattern']))
+if(isset($_GET['userpattern']))
{
- if(preg_match($strpattern, $_POST['userpattern']) == true)
+ if(preg_match($strpattern, $_GET['userpattern']) == true)
{
- $USER_user = $_POST['userpattern'];
+ $USER_user = $_GET['userpattern'];
$u_user = $USER_user;
}
}
/* Maximum number of alerts */
-if(isset($_POST['max_alerts_per_page']))
+if(isset($_GET['max_alerts_per_page']))
{
- if(preg_match($intpattern, $_POST['max_alerts_per_page']) == true)
+ if(preg_match($intpattern, $_GET['max_alerts_per_page']) == true)
{
- if(($_POST['max_alerts_per_page'] > 200) &&
- ($_POST['max_alerts_per_page'] < 10000))
+ if(($_GET['max_alerts_per_page'] > 200) &&
+ ($_GET['max_alerts_per_page'] < 10000))
{
- $ossec_max_alerts_per_page = $_POST['max_alerts_per_page'];
+ $ossec_max_alerts_per_page = $_GET['max_alerts_per_page'];
}
}
}
@@ -192,33 +192,33 @@
/* Getting search id -- should be enough to avoid duplicates */
-if($_POST['search'] == "Search")
+if($_GET['search'] == "Search")
{
/* Creating new search id */
$USER_searchid = posix_getpid().$curr_time.rand();
$USER_page = 1;
}
-else if($_POST['search'] == "<< First")
+else if($_GET['search'] == "<< First")
{
$USER_page = 1;
}
-else if($_POST['search'] == "< Prev")
+else if($_GET['search'] == "< Prev")
{
if($USER_page > 1)
{
$USER_page--;
}
}
-else if($_POST['search'] == "Next >")
+else if($_GET['search'] == "Next >")
{
$USER_page++;
}
-else if($_POST['search'] == "Last >>")
+else if($_GET['search'] == "Last >>")
{
$USER_page = 999;
}
-else if($_POST['search'] == "")
+else if($_GET['search'] == "")
{
}
else
@@ -233,7 +233,7 @@
/* Search forms */
echo '
-<form name="dosearch" method="post" action="index.php?f=search">
+<form name="dosearch" method="get" action="index.php?f=search">
<table width=100%>
<tr valign="top">
<td>From:</td><td><input type="text" name="initdate" id="i_date_a" size="17"
@@ -367,19 +367,20 @@
';
echo "<h1>Results:</h1>\n";
-
+echo $USER_init;
+echo $USER_final;
+echo $USER_level;
if(!isset($USER_init) || !isset($USER_final) || !isset($USER_level))
{
echo "<b>No search performed.</b><br />\n";
echo "</div>";
return(1);
}
-echo "RES";
$output_list = NULL;
/* Getting stored alerts */
-if($_POST['search'] != "Search")
+if($_GET['search'] != "Search")
{
$output_list = os_getstoredalerts($ossec_handle, $USER_searchid);
$used_stored = 1;
OSSEC home |
Main Index |
Thread Index
OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.