frodovdr/raspap-webgui
1
0
Fork 0
mirror of https://github.com/billz/raspap-webgui.git synced 2025-03-01 10:31:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1448 from RaspAP/security/net-dev

Browse Source 
Escape arguments to shell functions
This commit is contained in:
Bill Zimmerman 2023-11-06 17:56:14 +01:00 committed by GitHub
commit 03c819fee2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ajax/networking/save_net_dev_config.php
View File

@ -65,12 +65,12 @@ if (isset($_POST['interface'])) {
// check for an existing rule and delete lines with same MAC or same VID/PID
if (!empty($vid) && !empty($pid)) {
$rule = '^.*ATTRS{idVendor}==\"' . $vid . '\".*ATTRS{idProduct}==\"' . $pid . '\".*$';
exec('sudo sed -i "/'.$rule.'/Id" '.$udevfile); // clear all entries with this VID/PID
exec('sudo sed -i "/'.escapeshellarg($rule).'/Id" '.escapeshellarg($udevfile)); // clear all entries with this VID/PID
$rule = '^.*ATTRS{idProduct}==\"' . $pid . '\".*ATTRS{idVendor}==\"' . $vid . '\".*$';
exec('sudo sed -i "/'.$rule.'/Id" '.$udevfile); // clear all entries with this VID/PID
exec('sudo sed -i "/'.escapeshellarg($rule).'/Id" '.escapeshellarg($udevfile)); // clear all entries with this VID/PID
}
if (!empty($mac)) {
exec('sudo sed -i "/^.*'.$mac.'.*$/d" '.$udevfile); // clear all entries with same MAC
exec('sudo sed -i "/^.*'.escapeshellarg($mac).'.*$/d" '.escapeshellarg($udevfile)); // clear all entries with same MAC
}
// create new entry
if ( ($type != $newtype) || !empty($name) ) { // new device type or new name