function saveplugins($sid, $fam, $cve, $saveplugins, $AllPlugins, $NonDOS, $DisableAll) { global $username, $dbconn, $nessus_path; //echo "Updating Plugins Status<br>"; if ($saveplugins == "Update") { reset($_POST); // if form method="post" // edited to work on a per family basis so we can break // down the page to lighten up the HTML if ($fam != "") { $result = $dbconn->Execute("Update vuln_nessus_settings_plugins \n set enabled='N' \n where sid={$sid} and family={$fam}"); while (list($key, $value) = each($_POST)) { $key = Util::htmlentities(mysql_real_escape_string(trim($key)), ENT_QUOTES); if (substr($key, 0, 3) == "PID") { $key = substr($key, 3); if (is_numeric($key)) { $results = $dbconn->Execute("Update vuln_nessus_settings_plugins \n set enabled='Y' \n where ID={$key} \n and sid={$sid}"); } } } } else { echo "<br><br>"; $result = $dbconn->Execute("SELECT id FROM vuln_nessus_plugins WHERE cve_id LIKE '%{$cve}%'"); while (!$result->EOF) { $dbconn->Execute("Update vuln_nessus_settings_plugins \n set enabled='N' \n where id=" . $result->fields['id'] . " and sid={$sid}"); $result->MoveNext(); } while (list($key, $value) = each($_POST)) { $key = Util::htmlentities(mysql_real_escape_string(trim($key)), ENT_QUOTES); if (substr($key, 0, 3) == "PID") { $key = substr($key, 3); if (is_numeric($key)) { $results = $dbconn->Execute("Update vuln_nessus_settings_plugins \n set enabled='Y' \n where ID={$key} \n and sid={$sid}"); } } } } } if ($AllPlugins == "Enable All") { $result = $dbconn->Execute("Update vuln_nessus_settings_plugins \n set enabled='Y' \n where sid={$sid}"); } if ($NonDOS == "Enable Non DOS") { $result = $dbconn->Execute("Update vuln_nessus_settings_plugins \n set enabled='Y' where sid={$sid}"); //echo "query=$query<br>"; $query = "SELECT id FROM vuln_nessus_category WHERE name='denial'"; $result = $dbconn->execute($query); list($cid) = $result->fields; $query = "UPDATE vuln_nessus_settings_plugins SET enabled='N' WHERE sid={$sid} AND category={$cid}"; //echo "query=$query<br>"; $result = $dbconn->execute($query); $query = "SELECT id FROM vuln_nessus_category WHERE name='flood'"; $result = $dbconn->execute($query); list($cid) = $result->fields; $query = "UPDATE vuln_nessus_settings_plugins SET enabled='N' WHERE sid={$sid} AND category={$cid}"; //echo "query=$query<br>"; $result = $dbconn->execute($query); $query = "SELECT id FROM vuln_nessus_category WHERE name='destructive_attack'"; //echo "query=$query<br>"; $result = $dbconn->execute($query); list($cid) = $result->fields; $query = "UPDATE vuln_nessus_settings_plugins SET enabled='N' WHERE sid={$sid} AND category={$cid}"; //echo "query=$query<br>"; $result = $dbconn->execute($query); $query = "SELECT id FROM vuln_nessus_category WHERE name='kill_host'"; $result = $dbconn->execute($query); list($cid) = $result->fields; $query = "UPDATE vuln_nessus_settings_plugins SET enabled='N' WHERE sid={$sid} AND category={$cid}"; //echo "query=$query<br>"; $result = $dbconn->execute($query); } if ($DisableAll == "Disable All") { $query = "update vuln_nessus_settings_plugins \n set enabled='N' \n where sid={$sid}"; $result = $dbconn->execute($query); } //echo "ALL=$AllPlugins, NON=$NonDOS, DISABLE=$DisableAll"; //echo "<br>"; if (preg_match("/omp\\s*\$/i", $nessus_path)) { $omp = new OMP(); $omp->set_plugins_by_family($sid); } logAccess("Updated Plugins for Profile {$sid}"); edit_plugins($sid, $fam); }
} else { // call to avoid XSS attacks $value = Util::htmlentities($value); # Assume it is a text box $sufix = preg_match("/\\[file\\]/", $nessus_id) ? " [" . _("full file path") . "]" : ""; $retstr = "<tr><td style='text-align:left;width:65%'>{$field} {$sufix}</td><td><INPUT type=\"text\" name=\"{$vname}\" value=\"{$value}\"></td></tr>"; } $retstr .= "\n"; return $retstr; } switch ($disp) { case "edit": edit_autoenable($sid); break; case "editplugins": edit_plugins($dbconn, $sid); break; case "editprefs": edit_serverprefs($dbconn, $sid); break; case "new": new_profile(); break; case "viewconfig": view_config($sid); break; default: select_profile(); break; } echo " </td></tr>";