frodovdr/raspap-webgui
1
0
Fork 0
mirror of https://github.com/billz/raspap-webgui.git synced 2023-10-10 13:37:24 +02:00
Code Issues Releases Wiki Activity

Sanitize post data w/ escapeshellcmd()

Browse Source
This commit is contained in:
billz 2023-02-17 19:05:36 +01:00
parent d19249757e
commit 1fabc48169
3 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ajax/logging/clearlog.php
View File

@ -5,7 +5,7 @@ require_once '../../includes/config.php';
require_once '../../includes/functions.php'; require_once '../../includes/functions.php';
if (isset($_POST['logfile'])) { if (isset($_POST['logfile'])) {
$logfile = $_POST['logfile']; $logfile = escapeshellcmd($_POST['logfile']);
// truncate requested log file // truncate requested log file
exec("sudo truncate -s 0 $logfile", $return); exec("sudo truncate -s 0 $logfile", $return);

2
ajax/openvpn/activate_ovpncfg.php
View File

@ -5,7 +5,7 @@ require_once '../../includes/config.php';
require_once '../../includes/functions.php'; require_once '../../includes/functions.php';
if (isset($_POST['cfg_id'])) { if (isset($_POST['cfg_id'])) {
$ovpncfg_id = $_POST['cfg_id']; $ovpncfg_id = escapeshellcmd($_POST['cfg_id']);
$ovpncfg_client = RASPI_OPENVPN_CLIENT_PATH.$ovpncfg_id.'_client.conf'; $ovpncfg_client = RASPI_OPENVPN_CLIENT_PATH.$ovpncfg_id.'_client.conf';
$ovpncfg_login = RASPI_OPENVPN_CLIENT_PATH.$ovpncfg_id.'_login.conf'; $ovpncfg_login = RASPI_OPENVPN_CLIENT_PATH.$ovpncfg_id.'_login.conf';

2
ajax/openvpn/del_ovpncfg.php
View File

@ -5,7 +5,7 @@ require_once '../../includes/config.php';
require_once '../../includes/functions.php'; require_once '../../includes/functions.php';
if (isset($_POST['cfg_id'])) { if (isset($_POST['cfg_id'])) {
$ovpncfg_id = $_POST['cfg_id']; $ovpncfg_id = escapeshellcmd($_POST['cfg_id']);
$ovpncfg_files = pathinfo(RASPI_OPENVPN_CLIENT_LOGIN, PATHINFO_DIRNAME).'/'.$ovpncfg_id.'_*.conf'; $ovpncfg_files = pathinfo(RASPI_OPENVPN_CLIENT_LOGIN, PATHINFO_DIRNAME).'/'.$ovpncfg_id.'_*.conf';
exec("sudo rm $ovpncfg_files", $return); exec("sudo rm $ovpncfg_files", $return);
$jsonData = ['return'=>$return]; $jsonData = ['return'=>$return];