Commit d302c8c3 authored by Ad Schellevis's avatar Ad Schellevis

(legacy) regression, fix copy in firewall_nat_edit.php

parent 9d981d22
...@@ -100,11 +100,11 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -100,11 +100,11 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
if (isset($_GET['id']) && is_numericint($_GET['id']) && isset($a_nat[$_GET['id']])) { if (isset($_GET['id']) && is_numericint($_GET['id']) && isset($a_nat[$_GET['id']])) {
$id = $_GET['id']; $id = $_GET['id'];
$configId = $id; // load form data from id $configId = $id; // load form data from id
} else if (isset($_GET['dup']) && is_numericint($_GET['dup']) && isset($a_nat[$_GET['id']])){ } else if (isset($_GET['dup']) && isset($a_nat[$_GET['dup']])){
$after = $_GET['dup']; $after = $_GET['dup'];
$configId = $_GET['dup']; // load form data from id $configId = $_GET['dup']; // load form data from id
} }
if (isset($_GET['after']) && (is_numericint($_GET['after']) || $_GET['after'] == "-1")) { if (isset($_GET['after']) && isset($a_nat[$_GET['after']])) {
$after = $_GET['after']; $after = $_GET['after'];
} }
...@@ -166,11 +166,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -166,11 +166,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$pconfig = $_POST; $pconfig = $_POST;
$input_errors = array(); $input_errors = array();
// validate id and store if usable // validate id and store if usable
if (isset($_POST['id']) && is_numericint($_POST['id']) && isset($a_nat[$_POST['id']])) { if (isset($pconfig['id']) && is_numericint($pconfig['id']) && isset($a_nat[$pconfig['id']])) {
$id = $_POST['id']; $id = $_POST['id'];
} }
if (isset($_POST['after']) && (is_numericint($_POST['after']) || $_POST['after'] == "-1")) { if (isset($pconfig['after']) && isset($a_nat[$pconfig['after']])) {
$after = $_POST['after']; // place record after provided sequence number
$after = $pconfig['after'];
} }
/* Validate input data */ /* Validate input data */
...@@ -375,7 +376,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -375,7 +376,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$a_nat[$id] = $natent; $a_nat[$id] = $natent;
} else { } else {
$natent['created'] = make_config_revision_entry(); $natent['created'] = make_config_revision_entry();
if (is_numeric($after)) { if (isset($after)) {
array_splice($a_nat, $after+1, 0, array($natent)); array_splice($a_nat, $after+1, 0, array($natent));
} else { } else {
$a_nat[] = $natent; $a_nat[] = $natent;
...@@ -969,7 +970,7 @@ $( document ).ready(function() { ...@@ -969,7 +970,7 @@ $( document ).ready(function() {
<input name="id" type="hidden" value="<?=$id;?>" /> <input name="id" type="hidden" value="<?=$id;?>" />
<?php endif; ?> <?php endif; ?>
<?php if (isset($after)) : ?> <?php if (isset($after)) : ?>
<input name="after" type="hidden" value="<?=htmlspecialchars($after);?>" /> <input name="after" type="hidden" value="<?=$after;?>" />
<?php endif; ?> <?php endif; ?>
</td> </td>
</tr> </tr>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment