diff --git a/includes/functions.php b/includes/functions.php
index c31d16fd..f4e26eca 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -823,6 +823,23 @@ function loadFooterScripts($extraFooterScripts)
}
}
+/**
+ * Validate whether the given network interface exists on the system.
+ * This function retrieves all currently available network interfaces using the `ip link show` command
+ * and checks if the provided interface name is in the list.
+ */
+function validateInterface($interface)
+{
+ // Retrieve all available network interfaces
+ $valid_interfaces = shell_exec('ip -o link show | awk -F": " \'{print $2}\'');
+
+ // Convert to array (one interface per line)
+ $valid_interfaces = explode("\n", trim($valid_interfaces));
+
+ // Check if the provided interface exists in the list
+ return in_array($interface, $valid_interfaces, true);
+}
+
/**
* Returns ISO standard 2-letter country codes
*
diff --git a/includes/hostapd.php b/includes/hostapd.php
index 99b24fe3..93386c5e 100755
--- a/includes/hostapd.php
+++ b/includes/hostapd.php
@@ -34,7 +34,7 @@ function DisplayHostAPDConfig()
$reg_domain = shell_exec("iw reg get | grep -o 'country [A-Z]\{2\}' | awk 'NR==1{print $2}'");
- $cmd = "iw dev ".$_SESSION['ap_interface']." info | awk '$1==\"txpower\" {print $2}'";
+ $cmd = "iw dev ".escapeshellarg($_SESSION['ap_interface'])." info | awk '$1==\"txpower\" {print $2}'";
exec($cmd, $txpower);
$txpower = intval($txpower[0]);
@@ -76,7 +76,7 @@ function DisplayHostAPDConfig()
}
exec('cat '. RASPI_HOSTAPD_CONFIG, $hostapdconfig);
if (isset($_SESSION['wifi_client_interface'])) {
- exec('iwgetid '.$_SESSION['wifi_client_interface']. ' -r', $wifiNetworkID);
+ exec('iwgetid '.escapeshellarg($_SESSION['wifi_client_interface']). ' -r', $wifiNetworkID);
if (!empty($wifiNetworkID[0])) {
$managedModeEnabled = true;
}
@@ -249,17 +249,18 @@ function SaveHostAPDConfig($wpa_array, $enc_types, $modes, $interfaces, $reg_dom
exec('sudo '.RASPI_CONFIG.'/hostapd/disablelog.sh');
}
}
+
// set AP interface default, override for ap-sta & bridged options
- $ap_iface = $_POST['interface']; // the hostap AP interface
- $cli_iface = $_POST['interface']; // the wifi client interface
- $session_iface = $_POST['interface']; // the interface that the UI needs to monitor for data usage etc.
+ $iface = validateInterface($_POST['interface']) ? $_POST['interface'] : RASPI_WIFI_AP_INTERFACE;
+
+ $ap_iface = $iface; // the hostap AP interface
+ $cli_iface = $iface; // the wifi client interface
+ $session_iface = $iface; // the interface that the UI needs to monitor for data usage etc.
if ($wifiAPEnable) { // for AP-STA we monitor the uap0 interface, which is always the ap interface.
- $ap_iface = 'uap0';
- $session_iface = 'uap0';
+ $ap_iface = $session_iface = 'uap0';
}
if ($bridgedEnable) { // for bridged mode we monitor the bridge, but keep the selected interface as AP.
- $session_iface = 'br0';
- $cli_iface = 'br0';
+ $cli_iface = $session_iface = 'br0';
}
// persist user options to /etc/raspap
diff --git a/includes/wifi_functions.php b/includes/wifi_functions.php
index f55e525a..ad0982a6 100755
--- a/includes/wifi_functions.php
+++ b/includes/wifi_functions.php
@@ -165,6 +165,10 @@ function getWifiInterface()
$iface = $_SESSION['ap_interface'] = $arrHostapdConf['WifiInterface'] ?? RASPI_WIFI_AP_INTERFACE;
+ if (!validateInterface($iface)) {
+ $iface = RASPI_WIFI_AP_INTERFACE;
+ }
+
// check for 2nd wifi interface -> wifi client on different interface
exec("iw dev | awk '$1==\"Interface\" && $2!=\"$iface\" {print $2}'", $iface2);
$client_iface = $_SESSION['wifi_client_interface'] = empty($iface2) ? $iface : trim($iface2[0]);
diff --git a/includes/wireguard.php b/includes/wireguard.php
index f6beb3dd..233dd33b 100755
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -11,13 +11,14 @@ function DisplayWireGuardConfig()
$parseFlag = true;
if (!RASPI_MONITOR_ENABLED) {
$optRules = isset($_POST['wgRules']) ? $_POST['wgRules'] : null;
+ $optInterface = isset($_POST['wgInterface']) ? $_POST['wgInterface'] : null;
$optConf = isset($_POST['wgCnfOpt']) ? $_POST['wgCnfOpt'] : null;
$optSrvEnable = isset($_POST['wgSrvEnable']) ? $_POST['wgSrvEnable'] : null;
$optLogEnable = isset($_POST['wgLogEnable']) ? $_POST['wgLogEnable'] : null;
if (isset($_POST['savewgsettings']) && $optConf == 'manual' && $optSrvEnable == 1 ) {
SaveWireGuardConfig($status);
} elseif (isset($_POST['savewgsettings']) && $optConf == 'upload' && is_uploaded_file($_FILES["wgFile"]["tmp_name"])) {
- SaveWireGuardUpload($status, $_FILES['wgFile'], $optRules);
+ SaveWireGuardUpload($status, $_FILES['wgFile'], $optRules, $optInterface);
} elseif (isset($_POST['savewgsettings']) && isset($_POST['wg_penabled']) ) {
SaveWireGuardConfig($status);
} elseif (isset($_POST['startwg'])) {
@@ -77,12 +78,17 @@ function DisplayWireGuardConfig()
}
$peer_id = $peer_id ?? "1";
+ // fetch available interfaces
+ exec("ip -o link show | awk -F': ' '{print $2}'", $interfaces);
+ sort($interfaces);
+
echo renderTemplate(
"wireguard", compact(
"status",
"wg_state",
"serviceStatus",
"public_ip",
+ "interfaces",
"optRules",
"optLogEnable",
"peer_id",
@@ -110,9 +116,10 @@ function DisplayWireGuardConfig()
* @param object $status
* @param object $file
* @param boolean $optRules
+ * @param string $optInterface
* @return object $status
*/
-function SaveWireGuardUpload($status, $file, $optRules)
+function SaveWireGuardUpload($status, $file, $optRules, $optInterface)
{
define('KB', 1024);
$tmp_destdir = '/tmp/';
@@ -147,7 +154,7 @@ function SaveWireGuardUpload($status, $file, $optRules)
$rules[] = 'PostDown = '.getDefaultNetValue('wireguard','server','PostDown');
$rules[] = '';
$rules = join(PHP_EOL, $rules);
- $rules = preg_replace('/wlan0/m', $_SESSION['ap_interface'], $rules);
+ $rules = preg_replace('/wlan0/m', $optInterface, $rules);
$tmp_contents = preg_replace('/^\s*$/ms', $rules, $tmp_contents, 1);
file_put_contents($tmp_wgconfig, $tmp_contents);
}
diff --git a/locale/en_US/LC_MESSAGES/messages.mo b/locale/en_US/LC_MESSAGES/messages.mo
index 799128f8..222464eb 100644
Binary files a/locale/en_US/LC_MESSAGES/messages.mo and b/locale/en_US/LC_MESSAGES/messages.mo differ
diff --git a/locale/en_US/LC_MESSAGES/messages.po b/locale/en_US/LC_MESSAGES/messages.po
index da8c34b3..208959ce 100644
--- a/locale/en_US/LC_MESSAGES/messages.po
+++ b/locale/en_US/LC_MESSAGES/messages.po
@@ -1355,14 +1355,14 @@ msgstr "Upload a WireGuard config"
msgid "This option uploads and installs an existing WireGuard .conf file on this device."
msgstr "This option uploads and installs an existing WireGuard .conf file on this device."
-msgid "Apply iptables rules for AP interface"
-msgstr "Apply iptables rules for AP interface"
+msgid "Apply iptables rules to the selected interface"
+msgstr "Apply iptables rules to the selected interface"
-msgid "Recommended if you wish to forward network traffic from the wg0 interface to clients connected on the AP interface."
-msgstr "Recommended if you wish to forward network traffic from the wg0 interface to clients connected on the AP interface."
+msgid "Recommended if you wish to forward network traffic from the wg0 interface to clients connected on a desired interface. The active AP interface is the default."
+msgstr "Recommended if you wish to forward network traffic from the wg0 interface to clients connected on a desired interface. The active AP interface is the default."
-msgid "This option adds iptables Postup and PostDown rules for the configured AP interface (%s)."
-msgstr "This option adds iptables Postup and PostDown rules for the configured AP interface (%s)."
+msgid "This option adds iptables Postup and PostDown rules for the interface selected below."
+msgstr "This option adds iptables Postup and PostDown rules for the interface selected below."
msgid "Select WireGuard configuration file (.conf)"
msgstr "Select WireGuard configuration file (.conf)"
diff --git a/templates/wg/general.php b/templates/wg/general.php
index bdc4d812..9b8b8246 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -35,17 +35,20 @@