function saveplugins($sid, $fam, $cve, $saveplugins, $AllPlugins, $NonDOS, $DisableAll)
{
global $username, $dbconn, $nessus_path;
//echo "Updating Plugins Status<br>";
if ($saveplugins == "Update") {
reset($_POST);
// if form method="post"
// edited to work on a per family basis so we can break
// down the page to lighten up the HTML
if ($fam != "") {
$result = $dbconn->Execute("Update vuln_nessus_settings_plugins \n set enabled='N' \n where sid={$sid} and family={$fam}");
while (list($key, $value) = each($_POST)) {
$key = Util::htmlentities(mysql_real_escape_string(trim($key)), ENT_QUOTES);
if (substr($key, 0, 3) == "PID") {
$key = substr($key, 3);
if (is_numeric($key)) {
$results = $dbconn->Execute("Update vuln_nessus_settings_plugins \n set enabled='Y' \n where ID={$key} \n and sid={$sid}");
}
}
}
} else {
echo "<br><br>";
$result = $dbconn->Execute("SELECT id FROM vuln_nessus_plugins WHERE cve_id LIKE '%{$cve}%'");
while (!$result->EOF) {
$dbconn->Execute("Update vuln_nessus_settings_plugins \n set enabled='N' \n where id=" . $result->fields['id'] . " and sid={$sid}");
$result->MoveNext();
}
while (list($key, $value) = each($_POST)) {
$key = Util::htmlentities(mysql_real_escape_string(trim($key)), ENT_QUOTES);
if (substr($key, 0, 3) == "PID") {
$key = substr($key, 3);
if (is_numeric($key)) {
$results = $dbconn->Execute("Update vuln_nessus_settings_plugins \n set enabled='Y' \n where ID={$key} \n and sid={$sid}");
}
}
}
}
}
if ($AllPlugins == "Enable All") {
$result = $dbconn->Execute("Update vuln_nessus_settings_plugins \n set enabled='Y' \n where sid={$sid}");
}
if ($NonDOS == "Enable Non DOS") {
$result = $dbconn->Execute("Update vuln_nessus_settings_plugins \n set enabled='Y' where sid={$sid}");
//echo "query=$query<br>";
$query = "SELECT id FROM vuln_nessus_category WHERE name='denial'";
$result = $dbconn->execute($query);
list($cid) = $result->fields;
$query = "UPDATE vuln_nessus_settings_plugins SET enabled='N' WHERE sid={$sid} AND category={$cid}";
//echo "query=$query<br>";
$result = $dbconn->execute($query);
$query = "SELECT id FROM vuln_nessus_category WHERE name='flood'";
$result = $dbconn->execute($query);
list($cid) = $result->fields;
$query = "UPDATE vuln_nessus_settings_plugins SET enabled='N' WHERE sid={$sid} AND category={$cid}";
//echo "query=$query<br>";
$result = $dbconn->execute($query);
$query = "SELECT id FROM vuln_nessus_category WHERE name='destructive_attack'";
//echo "query=$query<br>";
$result = $dbconn->execute($query);
list($cid) = $result->fields;
$query = "UPDATE vuln_nessus_settings_plugins SET enabled='N' WHERE sid={$sid} AND category={$cid}";
//echo "query=$query<br>";
$result = $dbconn->execute($query);
$query = "SELECT id FROM vuln_nessus_category WHERE name='kill_host'";
$result = $dbconn->execute($query);
list($cid) = $result->fields;
$query = "UPDATE vuln_nessus_settings_plugins SET enabled='N' WHERE sid={$sid} AND category={$cid}";
//echo "query=$query<br>";
$result = $dbconn->execute($query);
}
if ($DisableAll == "Disable All") {
$query = "update vuln_nessus_settings_plugins \n set enabled='N' \n where sid={$sid}";
$result = $dbconn->execute($query);
}
//echo "ALL=$AllPlugins, NON=$NonDOS, DISABLE=$DisableAll";
//echo "<br>";
if (preg_match("/omp\\s*\$/i", $nessus_path)) {
$omp = new OMP();
$omp->set_plugins_by_family($sid);
}
logAccess("Updated Plugins for Profile {$sid}");
edit_plugins($sid, $fam);
}
} else {
// call to avoid XSS attacks
$value = Util::htmlentities($value);
# Assume it is a text box
$sufix = preg_match("/\\[file\\]/", $nessus_id) ? " [" . _("full file path") . "]" : "";
$retstr = "<tr><td style='text-align:left;width:65%'>{$field} {$sufix}</td><td><INPUT type=\"text\" name=\"{$vname}\" value=\"{$value}\"></td></tr>";
}
$retstr .= "\n";
return $retstr;
}
switch ($disp) {
case "edit":
edit_autoenable($sid);
break;
case "editplugins":
edit_plugins($dbconn, $sid);
break;
case "editprefs":
edit_serverprefs($dbconn, $sid);
break;
case "new":
new_profile();
break;
case "viewconfig":
view_config($sid);
break;
default:
select_profile();
break;
}
echo " </td></tr>";