From 1e52ff598b023679119d50a3003ccdebd36fb5f4 Mon Sep 17 00:00:00 2001 From: billz Date: Wed, 29 Mar 2023 08:25:18 +0200 Subject: [PATCH 1/2] Sanitize input with escapeshellarg() --- includes/hostapd.php | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/includes/hostapd.php b/includes/hostapd.php index 7f47cd7d..fad19a0c 100755 --- a/includes/hostapd.php +++ b/includes/hostapd.php @@ -98,15 +98,15 @@ function DisplayHostAPDConfig() $arrConfig['country_code'] = $country_code[0]; } // set txpower with iw if value is non-default ('auto') - if (isset($_POST['txpower']) && ($_POST['txpower'] != 'auto')) { - $sdBm = $_POST['txpower'] * 100; - exec('sudo /sbin/iw dev '.$_POST['interface'].' set txpower fixed '.$sdBm, $return); - $status->addMessage('Setting transmit power to '.$_POST['txpower'].' dBm.', 'success'); - $txpower = $_POST['txpower']; - } elseif ($_POST['txpower'] == 'auto') { - exec('sudo /sbin/iw dev '.$_POST['interface'].' set txpower auto', $return); - $status->addMessage('Setting transmit power to '.$_POST['txpower'].'.', 'success'); - $txpower = $_POST['txpower']; + $txpower = escapeshellarg($_POST['txpower']); + $interface = escapeshellarg($_POST['interface']); + if ($txpower) && ($txpower != 'auto')) { + $sdBm = $txpower * 100; + exec('sudo /sbin/iw dev '.$interface.' set txpower fixed '.$sdBm, $return); + $status->addMessage('Setting transmit power to '.$txpower.' dBm.', 'success'); + } elseif ($txpower == 'auto') { + exec('sudo /sbin/iw dev '.$interface.' set txpower auto', $return); + $status->addMessage('Setting transmit power to '.$txpower.'.', 'success'); } $countries_5Ghz_max48ch = RASPI_5GHZ_ISO_ALPHA2; From 7760a1d7cb391a2e0cef2b5c861b75ba818f4634 Mon Sep 17 00:00:00 2001 From: billz Date: Wed, 29 Mar 2023 09:35:25 +0200 Subject: [PATCH 2/2] Update sanitize var method --- includes/hostapd.php | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/includes/hostapd.php b/includes/hostapd.php index fad19a0c..9e50d608 100755 --- a/includes/hostapd.php +++ b/includes/hostapd.php @@ -98,15 +98,16 @@ function DisplayHostAPDConfig() $arrConfig['country_code'] = $country_code[0]; } // set txpower with iw if value is non-default ('auto') - $txpower = escapeshellarg($_POST['txpower']); - $interface = escapeshellarg($_POST['interface']); - if ($txpower) && ($txpower != 'auto')) { - $sdBm = $txpower * 100; - exec('sudo /sbin/iw dev '.$interface.' set txpower fixed '.$sdBm, $return); - $status->addMessage('Setting transmit power to '.$txpower.' dBm.', 'success'); - } elseif ($txpower == 'auto') { - exec('sudo /sbin/iw dev '.$interface.' set txpower auto', $return); - $status->addMessage('Setting transmit power to '.$txpower.'.', 'success'); + if (isset($_POST['txpower']) && ($_POST['txpower'] != 'auto')) { + $txpower = intval($_POST['txpower']); + $sdBm = $txpower * 100; + exec('sudo /sbin/iw dev '.escapeshellarg($_POST['interface']).' set txpower fixed '.$sdBm, $return); + $status->addMessage('Setting transmit power to '.$_POST['txpower'].' dBm.', 'success'); + $txpower = $_POST['txpower']; + } elseif ($_POST['txpower'] == 'auto') { + exec('sudo /sbin/iw dev '.escapeshellarg($_POST['interface']).' set txpower auto', $return); + $status->addMessage('Setting transmit power to '.$_POST['txpower'].'.', 'success'); + $txpower = $_POST['txpower']; } $countries_5Ghz_max48ch = RASPI_5GHZ_ISO_ALPHA2;