mirror of
https://github.com/billz/raspap-webgui.git
synced 2025-03-01 10:31:47 +00:00
Escape client input, console output etc. before doing any echo.
Signed-off-by: D9ping <D9ping@users.noreply.github.com>
This commit is contained in:
D9ping
@@ -30,7 +30,7 @@ function DisplayNetworkingConfig(){
|
||||
<li role="presentation" class="active"><a href="#summary" aria-controls="summary" role="tab" data-toggle="tab"><?php echo _("Summary"); ?></a></li>
|
||||
<?php
|
||||
foreach($interfaces as $interface) {
|
||||
echo '<li role="presentation"><a href="#'.$interface.'" aria-controls="'.$interface.'" role="tab" data-toggle="tab">'.$interface.'</a></li>';
|
||||
echo '<li role="presentation"><a href="#'.htmlspecialchars($interface, ENT_QUOTES).'" aria-controls="'.htmlspecialchars($interface, ENT_QUOTES).'" role="tab" data-toggle="tab">'.htmlspecialchars($interface, ENT_QUOTES).'</a></li>';
|
||||
}
|
||||
?>
|
||||
</ul>
|
||||
@@ -42,8 +42,8 @@ function DisplayNetworkingConfig(){
|
||||
foreach($interfaces as $interface) {
|
||||
echo '<div class="col-md-6">
|
||||
<div class="panel panel-default">
|
||||
<div class="panel-heading">'.$interface.'</div>
|
||||
<div class="panel-body" id="'.$interface.'-summary"></div>
|
||||
<div class="panel-heading">'.htmlspecialchars($interface, ENT_QUOTES).'</div>
|
||||
<div class="panel-body" id="'.htmlspecialchars($interface, ENT_QUOTES).'-summary"></div>
|
||||
</div>
|
||||
</div>';
|
||||
}
|
||||
@@ -55,63 +55,63 @@ function DisplayNetworkingConfig(){
|
||||
</div><!-- /.row -->
|
||||
</div><!-- /.col-lg-12 -->
|
||||
</div><!-- /.tab-pane -->
|
||||
<?php
|
||||
<?php
|
||||
foreach($interfaces as $interface) {
|
||||
echo '
|
||||
<div role="tabpanel" class="tab-pane fade in" id="'.$interface.'">
|
||||
<div role="tabpanel" class="tab-pane fade in" id="'.htmlspecialchars($interface, ENT_QUOTES).'">
|
||||
<div class="row">
|
||||
<div class="col-lg-6">
|
||||
<form id="frm-'.$interface.'">
|
||||
<form id="frm-'.htmlspecialchars($interface, ENT_QUOTES).'">
|
||||
<div class="form-group">
|
||||
<h4>' . _("Adapter IP Address Settings") . '</h4>
|
||||
<div class="btn-group" data-toggle="buttons">
|
||||
<label class="btn btn-primary">
|
||||
<input type="radio" name="'.$interface.'-addresstype" id="'.$interface.'-dhcp" autocomplete="off">' . _("DHCP") . '
|
||||
<input type="radio" name="'.htmlspecialchars($interface, ENT_QUOTES).'-addresstype" id="'.htmlspecialchars($interface, ENT_QUOTES).'-dhcp" autocomplete="off">' . _("DHCP") . '
|
||||
</label>
|
||||
<label class="btn btn-primary">
|
||||
<input type="radio" name="'.$interface.'-addresstype" id="'.$interface.'-static" autocomplete="off">' . _("Static IP") . '
|
||||
<input type="radio" name="'.htmlspecialchars($interface, ENT_QUOTES).'-addresstype" id="'.htmlspecialchars($interface, ENT_QUOTES).'-static" autocomplete="off">' . _("Static IP") . '
|
||||
</label>
|
||||
</div><!-- /.btn-group -->
|
||||
<h4>' . _("Enable Fallback to Static Option") . '</h4>
|
||||
<div class="btn-group" data-toggle="buttons">
|
||||
<label class="btn btn-primary">
|
||||
<input type="radio" name="'.$interface.'-dhcpfailover" id="'.$interface.'-failover" autocomplete="off">' . _("Enabled") . '
|
||||
<input type="radio" name="'.htmlspecialchars($interface, ENT_QUOTES).'-dhcpfailover" id="'.htmlspecialchars($interface, ENT_QUOTES).'-failover" autocomplete="off">' . _("Enabled") . '
|
||||
</label>
|
||||
<label class="btn btn-warning">
|
||||
<input type="radio" name="'.$interface.'-dhcpfailover" id="'.$interface.'-nofailover" autocomplete="off">' . _("Disabled") . '
|
||||
<input type="radio" name="'.htmlspecialchars($interface, ENT_QUOTES).'-dhcpfailover" id="'.htmlspecialchars($interface, ENT_QUOTES).'-nofailover" autocomplete="off">' . _("Disabled") . '
|
||||
</label>
|
||||
</div><!-- /.btn-group -->
|
||||
</div><!-- /.form-group -->
|
||||
<hr />
|
||||
<h4>' . _("Static IP Options") . '</h4>
|
||||
<div class="form-group">
|
||||
<label for="'.$interface.'-ipaddress">' . _("IP Address") . '</label>
|
||||
<input type="text" class="form-control" id="'.$interface.'-ipaddress" placeholder="0.0.0.0">
|
||||
<label for="'.htmlspecialchars($interface, ENT_QUOTES).'-ipaddress">' . _("IP Address") . '</label>
|
||||
<input type="text" class="form-control" id="'.htmlspecialchars($interface, ENT_QUOTES).'-ipaddress" placeholder="0.0.0.0">
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="'.$interface.'-netmask">' . _("Subnet Mask") . '</label>
|
||||
<input type="text" class="form-control" id="'.$interface.'-netmask" placeholder="255.255.255.0">
|
||||
<label for="'.htmlspecialchars($interface, ENT_QUOTES).'-netmask">' . _("Subnet Mask") . '</label>
|
||||
<input type="text" class="form-control" id="'.htmlspecialchars($interface, ENT_QUOTES).'-netmask" placeholder="255.255.255.0">
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="'.$interface.'-gateway">' . _("Default Gateway") . '</label>
|
||||
<input type="text" class="form-control" id="'.$interface.'-gateway" placeholder="0.0.0.0">
|
||||
<label for="'.htmlspecialchars($interface, ENT_QUOTES).'-gateway">' . _("Default Gateway") . '</label>
|
||||
<input type="text" class="form-control" id="'.htmlspecialchars($interface, ENT_QUOTES).'-gateway" placeholder="0.0.0.0">
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="'.$interface.'-dnssvr">' . _("DNS Server") . '</label>
|
||||
<input type="text" class="form-control" id="'.$interface.'-dnssvr" placeholder="0.0.0.0">
|
||||
<label for="'.htmlspecialchars($interface, ENT_QUOTES).'-dnssvr">' . _("DNS Server") . '</label>
|
||||
<input type="text" class="form-control" id="'.htmlspecialchars($interface, ENT_QUOTES).'-dnssvr" placeholder="0.0.0.0">
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="'.$interface.'-dnssvralt">' . _("Alternate DNS Server") . '</label>
|
||||
<input type="text" class="form-control" id="'.$interface.'-dnssvralt" placeholder="0.0.0.0">
|
||||
<label for="'.htmlspecialchars($interface, ENT_QUOTES).'-dnssvralt">' . _("Alternate DNS Server") . '</label>
|
||||
<input type="text" class="form-control" id="'.htmlspecialchars($interface, ENT_QUOTES).'-dnssvralt" placeholder="0.0.0.0">
|
||||
</div>
|
||||
<a href="#" class="btn btn-outline btn-primary intsave" data-int="'.$interface.'">' . _("Save settings") . '</a>
|
||||
<a href="#" class="btn btn-warning intapply" data-int="'.$interface.'">' . _("Apply settings") . '</a>
|
||||
<a href="#" class="btn btn-outline btn-primary intsave" data-int="'.htmlspecialchars($interface, ENT_QUOTES).'">' . _("Save settings") . '</a>
|
||||
<a href="#" class="btn btn-warning intapply" data-int="'.htmlspecialchars($interface, ENT_QUOTES).'">' . _("Apply settings") . '</a>
|
||||
</form>
|
||||
</div>
|
||||
</div><!-- /.tab-panel -->
|
||||
</div>';
|
||||
}
|
||||
?>
|
||||
?>
|
||||
</div><!-- /.tab-content -->
|
||||
</div><!-- /.panel-body -->
|
||||
<div class="panel-footer"><?php echo _("Information provided by /sys/class/net"); ?></div>
|
||||
|
||||
Reference in New Issue
Block a user