frodovdr/raspap-webgui
1
0
Fork 0
mirror of https://github.com/billz/raspap-webgui.git synced 2025-03-01 10:31:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Escape client input, console output etc. before doing any echo.

Browse Source 
Signed-off-by: D9ping <D9ping@users.noreply.github.com>
This commit is contained in:
D9ping
2018-08-04 01:58:34 +02:00
parent 6be3680f8f
commit 2b03fa316d
12 changed files with 221 additions and 201 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ajax/networking/get_int_config.php
View File

@@ -6,6 +6,7 @@ include_once('../../includes/functions.php');
if(isset($_POST['interface']) && isset($_POST['csrf_token']) && CSRFValidate()) {
$int = $_POST['interface'];
// FIXME slashes and other forbidden filename characters not stripped. [security]
if(!file_exists(RASPI_CONFIG_NETWORKING.'/'.$int.'.ini')) {
touch(RASPI_CONFIG_NETWORKING.'/'.$int.'.ini');
}
@@ -21,4 +22,3 @@ if(isset($_POST['interface']) && isset($_POST['csrf_token']) && CSRFValidate())
echo json_encode($jsonData);
}
?>