From 3a41b52c1ddd199ac9c5c0ce09c4b50ded5b3817 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sat, 1 May 2021 17:24:37 +0100
Subject: [PATCH] Update method to POST + escapeshellarg()

---
 ajax/networking/get_netcfg.php | 4 ++--
 app/js/custom.js               | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/ajax/networking/get_netcfg.php b/ajax/networking/get_netcfg.php
index 7e7b8fa7..8325b354 100644
--- a/ajax/networking/get_netcfg.php
+++ b/ajax/networking/get_netcfg.php
@@ -3,11 +3,11 @@
 require '../../includes/csrf.php';
 require_once '../../includes/config.php';
 
-$interface = $_GET['iface'];
+$interface = $_POST['iface'];
 
 if (isset($interface)) {
     // fetch dnsmasq.conf settings for interface
-    exec('cat '. RASPI_DNSMASQ_PREFIX.$interface.'.conf', $return);
+    exec('cat '. RASPI_DNSMASQ_PREFIX.escapeshellarg($interface).'.conf', $return);
     $conf = ParseConfig($return);
 
     $dhcpdata['DHCPEnabled'] = empty($conf) ? false : true;
diff --git a/app/js/custom.js b/app/js/custom.js
index 13f0db92..0ffc1192 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -178,8 +178,8 @@ Populates the DHCP server form fields
 Option toggles are set dynamically depending on the loaded configuration
 */
 function loadInterfaceDHCPSelect() {
-    var iface = $('#cbxdhcpiface').val();
-    $.get('ajax/networking/get_netcfg.php?iface='+iface,function(data){
+    var strInterface = $('#cbxdhcpiface').val();
+    $.post('ajax/networking/get_netcfg.php',{iface:strInterface},function(data){
         jsonData = JSON.parse(data);
         $('#dhcp-iface')[0].checked = jsonData.DHCPEnabled;
         $('#txtipaddress').val(jsonData.StaticIP);