frodovdr
/
raspap-webgui
mirror of https://github.com/billz/raspap-webgui.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Sanitize post data w/ escapeshellcmd()

This commit is contained in:
billz 2023-02-17 19:05:36 +01:00
parent d19249757e
commit 1fabc48169
3 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ajax/logging/clearlog.php
View File

@ -5,7 +5,7 @@ require_once '../../includes/config.php';
require_once '../../includes/functions.php';
if (isset($_POST['logfile'])) {
$logfile = $_POST['logfile'];
$logfile = escapeshellcmd($_POST['logfile']);
// truncate requested log file
exec("sudo truncate -s 0 $logfile", $return);

2
ajax/openvpn/activate_ovpncfg.php
View File

@ -5,7 +5,7 @@ require_once '../../includes/config.php';
require_once '../../includes/functions.php';
if (isset($_POST['cfg_id'])) {
$ovpncfg_id = $_POST['cfg_id'];
$ovpncfg_id = escapeshellcmd($_POST['cfg_id']);
$ovpncfg_client = RASPI_OPENVPN_CLIENT_PATH.$ovpncfg_id.'_client.conf';
$ovpncfg_login = RASPI_OPENVPN_CLIENT_PATH.$ovpncfg_id.'_login.conf';

2
ajax/openvpn/del_ovpncfg.php
View File

@ -5,7 +5,7 @@ require_once '../../includes/config.php';
require_once '../../includes/functions.php';
if (isset($_POST['cfg_id'])) {
$ovpncfg_id = $_POST['cfg_id'];
$ovpncfg_id = escapeshellcmd($_POST['cfg_id']);
$ovpncfg_files = pathinfo(RASPI_OPENVPN_CLIENT_LOGIN, PATHINFO_DIRNAME).'/'.$ovpncfg_id.'_*.conf';
exec("sudo rm $ovpncfg_files", $return);
$jsonData = ['return'=>$return];