From 3db99c7d2130364ea83f7c7cc807118e85a18e18 Mon Sep 17 00:00:00 2001
From: glaszig <glaszig@gmail.com>
Date: Tue, 30 Jul 2019 14:10:42 +0200
Subject: [PATCH 1/2] * escape html entities in network interface settings

the command `ip address show eth0` returns
special characters like "<" and ">" which, if left
unescaped and shown on the page, will create
arbitrary html elements and hide information.

* show interface settings inside unstyled pre block

interface properties should be parsed and displayed
in a proprietary and pretty manner. until then, give
use the raw output of `ip address show`
---
 ajax/networking/get_ip_summary.php | 1 +
 includes/networking.php            | 4 +++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/ajax/networking/get_ip_summary.php b/ajax/networking/get_ip_summary.php
index cd42f575..810c6265 100644
--- a/ajax/networking/get_ip_summary.php
+++ b/ajax/networking/get_ip_summary.php
@@ -5,6 +5,7 @@ include_once('../../includes/functions.php');
 if(isset($_POST['interface']) && isset($_POST['csrf_token']) && CSRFValidate()) {
     $int = preg_replace('/[^a-z0-9]/','',$_POST['interface']);
     exec('ip a s '.$int,$intOutput,$intResult);
+    $intOutput = array_map('htmlentities', $intOutput);
     $jsonData = ['return'=>$intResult,'output'=>$intOutput];
     echo json_encode($jsonData);
 } else {
diff --git a/includes/networking.php b/includes/networking.php
index 364e3e35..9b728d06 100755
--- a/includes/networking.php
+++ b/includes/networking.php
@@ -44,7 +44,9 @@ function DisplayNetworkingConfig()
                             echo '<div class="col-md-6">
                             <div class="panel panel-default">
                                 <div class="panel-heading">'.htmlspecialchars($interface, ENT_QUOTES).'</div>
-                                <div class="panel-body" id="'.htmlspecialchars($interface, ENT_QUOTES).'-summary"></div>
+                                <div class="panel-body">
+                                  <pre class="unstyled" id="'.htmlspecialchars($interface, ENT_QUOTES).'-summary"></pre>
+                                </div>
                             </div>
                             </div>';
                         }

From e02557af3acd41e0d37434db998c2d0f71009a64 Mon Sep 17 00:00:00 2001
From: glaszig <glaszig@gmail.com>
Date: Tue, 30 Jul 2019 14:16:07 +0200
Subject: [PATCH 2/2] add pre.unstyled css rule

in bootstrap, pre blocks have background and borders.
this removes them with a special class named `unstyled`
just like `ul.unstyled`.
---
 dist/css/custom.css | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/dist/css/custom.css b/dist/css/custom.css
index 17126ae5..1b5795e4 100644
--- a/dist/css/custom.css
+++ b/dist/css/custom.css
@@ -53,3 +53,9 @@
     width:100%;
     height:300px;
 }
+
+pre.unstyled {
+    border-width: 0;
+    background-color: transparent;
+    padding: 0;
+}