From 3b52d0f2119dceec76733198403f642815c6b537 Mon Sep 17 00:00:00 2001 From: Bill Zimmerman Date: Sat, 22 Sep 2018 13:02:02 +0200 Subject: [PATCH 01/11] Update README.md --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 604708ef..34b28953 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,6 @@ ![](http://i.imgur.com/xeKD93p.png) -# `$ raspap-webgui` [![Release 1.3.1](https://img.shields.io/badge/Release-1.3.1-green.svg)](https://github.com/billz/raspap-webgui/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) +# `$ raspap-webgui` [![Release 1.3.1](https://img.shields.io/badge/Release-1.3.1-green.svg)](https://github.com/billz/raspap-webgui/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Beerpay](https://img.shields.io/beerpay/hashdog/scrapfy-chrome-extension.svg)](https://beerpay.io/billz/raspap-webgui) + A simple, responsive web interface to control wifi, hostapd and related services on the Raspberry Pi. This project was inspired by a [**blog post**](http://sirlagz.net/2013/02/06/script-web-configuration-page-for-raspberry-pi/) by SirLagz about using a web page rather than ssh to configure wifi and hostapd settings on the Raspberry Pi. I mostly just prettified the UI by wrapping it in [**SB Admin 2**](https://github.com/BlackrockDigital/startbootstrap-sb-admin-2), a Bootstrap based admin theme. Since then, the project has evolved to include greater control over many aspects of a networked RPi, better security, authentication, a Quick Installer, support for themes and more. RaspAP has been featured on sites such as [Instructables](http://www.instructables.com/id/Raspberry-Pi-As-Completely-Wireless-Router/), [Adafruit](https://blog.adafruit.com/2016/06/24/raspap-wifi-configuration-portal-piday-raspberrypi-raspberry_pi/), [Raspberry Pi Weekly](https://www.raspberrypi.org/weekly/commander/) and [Awesome Raspberry Pi](https://project-awesome.org/thibmaek/awesome-raspberry-pi) and implemented in countless projects. From b292ee218c3e9d114d1afadc24288aeca2012764 Mon Sep 17 00:00:00 2001 From: D9ping Date: Tue, 25 Sep 2018 21:32:31 +0200 Subject: [PATCH 02/11] Fix for #240 Signed-off-by: D9ping --- includes/dhcp.php | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/includes/dhcp.php b/includes/dhcp.php index 0ffb096b..c6cc91d9 100755 --- a/includes/dhcp.php +++ b/includes/dhcp.php @@ -29,7 +29,7 @@ function DisplayDHCPConfig() { $errors .= _('Invalid DHCP range end.').'
'.PHP_EOL; } - if (!ctype_digit($_POST['RangeLeaseTime'])) { + if (!ctype_digit($_POST['RangeLeaseTime']) && $_POST['RangeLeaseTimeUnits'] !== 'infinite') { $errors .= _('Invalid DHCP lease time, not a number.').'
'.PHP_EOL; } @@ -41,7 +41,12 @@ function DisplayDHCPConfig() { if (empty($errors)) { $config = 'interface='.$_POST['interface'].PHP_EOL. 'dhcp-range='.$_POST['RangeStart'].','.$_POST['RangeEnd']. - ',255.255.255.0,'.$_POST['RangeLeaseTime'].$_POST['RangeLeaseTimeUnits']; + ',255.255.255.0,'; + if ($_POST['RangeLeaseTimeUnits'] !== 'infinite') { + $config .= $_POST['RangeLeaseTime']; + } + + $config .= $_POST['RangeLeaseTimeUnits']; exec('echo "'.$config.'" > /tmp/dhcpddata', $temp); system('sudo cp /tmp/dhcpddata '.RASPI_DNSMASQ_CONFIG, $return); } else { From f925a01807dacf07d6909d6d9728719f79559047 Mon Sep 17 00:00:00 2001 From: D9ping Date: Tue, 25 Sep 2018 21:49:54 +0200 Subject: [PATCH 03/11] Properly selected ininite lease if ininite is selected. Made time units translatable. Signed-off-by: D9ping --- includes/dhcp.php | 41 +++++++++++++++++++++++------------------ 1 file changed, 23 insertions(+), 18 deletions(-) diff --git a/includes/dhcp.php b/includes/dhcp.php index c6cc91d9..5c7752a1 100755 --- a/includes/dhcp.php +++ b/includes/dhcp.php @@ -112,25 +112,30 @@ function DisplayDHCPConfig() { $RangeStart = $arrRange[0]; $RangeEnd = $arrRange[1]; $RangeMask = $arrRange[2]; - preg_match( '/([0-9]*)([a-z])/i', $arrRange[3], $arrRangeLeaseTime ); + $leaseTime = $arrRange[3]; $hselected = ''; $mselected = ''; $dselected = ''; - - switch( $arrRangeLeaseTime[2] ) { - case 'h': - $hselected = ' selected="selected"'; - break; - case 'm': - $mselected = ' selected="selected"'; - break; - case 'd': - $dselected = ' selected="selected"'; - break; + $infiniteselected = ''; + preg_match( '/([0-9]*)([a-z])/i', $leaseTime, $arrRangeLeaseTime ); + if ($leaseTime === 'infinite') { + $infiniteselected = ' selected="selected"'; + } else { + switch( $arrRangeLeaseTime[2] ) { + case 'h': + $hselected = ' selected="selected"'; + break; + case 'm': + $mselected = ' selected="selected"'; + break; + case 'd': + $dselected = ' selected="selected"'; + break; + } } - ?> +?>
@@ -161,7 +166,7 @@ function DisplayDHCPConfig() { foreach( $interfaces as $inet ) { $select = ''; if( $inet === $conf['interface'] ) { - $select = ' selected="selected"'; // FIXED use xhtml valid attribute + $select = ' selected="selected"'; } echo '
From ec1f8022fe2e681a4d90cbeaf7b005c46c78e8aa Mon Sep 17 00:00:00 2001 From: Tom Date: Tue, 2 Oct 2018 12:58:50 +0200 Subject: [PATCH 04/11] Fix xss in interface parameter. --- includes/hostapd.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/includes/hostapd.php b/includes/hostapd.php index c5a41bd3..f484fb0c 100755 --- a/includes/hostapd.php +++ b/includes/hostapd.php @@ -508,7 +508,7 @@ function SaveHostAPDConfig($wpa_array, $enc_types, $modes, $interfaces, $status) if (! in_array($_POST['interface'], $interfaces)) { // The user is probably up to something here but it may also be a // genuine error. - $status->addMessage('Unknown interface '.$_POST['interface'], 'danger'); + $status->addMessage('Unknown interface '.htmlspecialchars($_POST['interface'], ENT_QUOTES), 'danger'); $good_input = false; } From bf638dc2f2c5d06f58a22ea4f926833b0cf61fc9 Mon Sep 17 00:00:00 2001 From: D9ping Date: Wed, 3 Oct 2018 14:40:55 +0200 Subject: [PATCH 05/11] Added support for selecting to use 802.11N Limit channel selection for north america. Signed-off-by: D9ping --- includes/hostapd.php | 69 ++++++++++++++++++++++++++++++++------------ 1 file changed, 51 insertions(+), 18 deletions(-) diff --git a/includes/hostapd.php b/includes/hostapd.php index c5a41bd3..0f2efb79 100755 --- a/includes/hostapd.php +++ b/includes/hostapd.php @@ -6,22 +6,21 @@ include_once( 'includes/status_messages.php' ); * * */ -function DisplayHostAPDConfig(){ - +function DisplayHostAPDConfig() +{ $status = new StatusMessages(); $arrHostapdConf = parse_ini_file('/etc/raspap/hostapd.ini'); $arrConfig = array(); - $arrChannel = array('a','b','g'); + $arr80211Standard = array('a','b','g','n'); $arrSecurity = array( 1 => 'WPA', 2 => 'WPA2',3=> 'WPA+WPA2'); $arrEncType = array('TKIP' => 'TKIP', 'CCMP' => 'CCMP', 'TKIP CCMP' => 'TKIP+CCMP'); exec("ip -o link show | awk -F': ' '{print $2}'", $interfaces); - if( isset($_POST['SaveHostAPDSettings']) ) { if (CSRFValidate()) { - SaveHostAPDConfig($arrSecurity, $arrEncType, $arrChannel, $interfaces, $status); + SaveHostAPDConfig($arrSecurity, $arrEncType, $arr80211Standard, $interfaces, $status); } else { error_log('CSRF violation'); } @@ -47,7 +46,7 @@ function DisplayHostAPDConfig(){ } } - exec( 'cat '. RASPI_HOSTAPD_CONFIG, $return ); + exec( 'cat '. RASPI_HOSTAPD_CONFIG, $hostapdconfig ); exec( 'pidof hostapd | wc -l', $hostapdstatus); if( $hostapdstatus[0] == 0 ) { @@ -56,9 +55,13 @@ function DisplayHostAPDConfig(){ $status->addMessage('HostAPD is running', 'success'); } - foreach( $return as $a ) { - if( $a[0] != "#" ) { - $arrLine = explode( "=",$a) ; + foreach( $hostapdconfig as $hostapdconfigline ) { + if (strlen($hostapdconfigline) === 0) { + continue; + } + + if ($hostapdconfigline[0] != "#" ) { + $arrLine = explode("=", $hostapdconfigline) ; $arrConfig[$arrLine[0]]=$arrLine[1]; } }; @@ -103,13 +106,32 @@ function DisplayHostAPDConfig(){
- +
- +
@@ -463,10 +485,13 @@ function SaveHostAPDConfig($wpa_array, $enc_types, $modes, $interfaces, $status) return false; } - if ((!filter_var($_POST['channel'], FILTER_VALIDATE_INT)) || - intval($_POST['channel']) < 1 || - intval($_POST['channel']) > 14) { - error_log("Attempting to set channel to '".$_POST['channel']."'"); // FIXME: log injection + if (!filter_var($_POST['channel'], FILTER_VALIDATE_INT)) { + error_log("Attempting to set channel to invalid number."); + return false; + } + + if (intval($_POST['channel']) < 1 || intval($_POST['channel']) > 13) { + error_log("Attempting to set channel to '".$_POST['channel']."'"); return false; } @@ -523,14 +548,22 @@ function SaveHostAPDConfig($wpa_array, $enc_types, $modes, $interfaces, $status) fwrite($tmp_file, 'driver=nl80211'.PHP_EOL); fwrite($tmp_file, 'ctrl_interface='.RASPI_HOSTAPD_CTRL_INTERFACE.PHP_EOL); fwrite($tmp_file, 'ctrl_interface_group=0'.PHP_EOL); - fwrite($tmp_file, 'beacon_int=100'.PHP_EOL); fwrite($tmp_file, 'auth_algs=1'.PHP_EOL); fwrite($tmp_file, 'wpa_key_mgmt=WPA-PSK'.PHP_EOL); + fwrite($tmp_file, 'beacon_int=100'.PHP_EOL); - // TODO: deal with ini file value escaping. E.g. ssid=E=mc2 becomes ssid=E\=mc2 fwrite($tmp_file, 'ssid='.$_POST['ssid'].PHP_EOL); fwrite($tmp_file, 'channel='.$_POST['channel'].PHP_EOL); - fwrite($tmp_file, 'hw_mode='.$_POST['hw_mode'].PHP_EOL); + if ($_POST['hw_mode'] === 'n') { + fwrite($tmp_file, 'hw_mode=g'.PHP_EOL); + fwrite($tmp_file, 'ieee80211n=1'.PHP_EOL); + // Enable basic Quality of service + fwrite($tmp_file, 'wme_enabled=1'.PHP_EOL); + } else { + fwrite($tmp_file, 'hw_mode='.$_POST['hw_mode'].PHP_EOL); + fwrite($tmp_file, 'ieee80211n=0'.PHP_EOL); + } + fwrite($tmp_file, 'wpa_passphrase='.$_POST['wpa_passphrase'].PHP_EOL); fwrite($tmp_file, 'interface='.$_POST['interface'].PHP_EOL); fwrite($tmp_file, 'wpa='.$_POST['wpa'].PHP_EOL); From b10b5388967434ef20bcbdd7d9473d019680c074 Mon Sep 17 00:00:00 2001 From: D9ping Date: Wed, 3 Oct 2018 16:40:45 +0200 Subject: [PATCH 06/11] Allow channel 14 for Japan in 802.11b mode. Signed-off-by: D9ping --- includes/hostapd.php | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/includes/hostapd.php b/includes/hostapd.php index 0f2efb79..a2e9bf79 100755 --- a/includes/hostapd.php +++ b/includes/hostapd.php @@ -122,14 +122,22 @@ SelectorOptions('hw_mode', $arr80211Standard, $selectedHwMode); ?> @@ -490,7 +498,7 @@ function SaveHostAPDConfig($wpa_array, $enc_types, $modes, $interfaces, $status) return false; } - if (intval($_POST['channel']) < 1 || intval($_POST['channel']) > 13) { + if (intval($_POST['channel']) < 1 || intval($_POST['channel']) > 14) { error_log("Attempting to set channel to '".$_POST['channel']."'"); return false; } From 73f5e4f2daa3b80b27d607784cd2dce470314cde Mon Sep 17 00:00:00 2001 From: D9ping Date: Wed, 3 Oct 2018 22:20:06 +0200 Subject: [PATCH 07/11] Properly use for attribute for label tags on hostapd page. Added support for id attribute for SelectorOptions function. Signed-off-by: D9ping --- includes/functions.php | 9 +++++++-- includes/hostapd.php | 42 +++++++++++++++++++++--------------------- 2 files changed, 28 insertions(+), 23 deletions(-) diff --git a/includes/functions.php b/includes/functions.php index 8f835ab6..98a2d691 100755 --- a/includes/functions.php +++ b/includes/functions.php @@ -89,8 +89,13 @@ function isAssoc($arr) { * If $options is an associative array this should be the key * */ -function SelectorOptions($name, $options, $selected = null) { - echo '' , PHP_EOL; foreach ( $options as $opt => $label) { $select = ''; $key = isAssoc($options) ? $opt : $label; diff --git a/includes/hostapd.php b/includes/hostapd.php index a2e9bf79..4ff367a7 100755 --- a/includes/hostapd.php +++ b/includes/hostapd.php @@ -91,21 +91,21 @@ function DisplayHostAPDConfig()
- +
- - + +
- + +SelectorOptions('hw_mode', $arr80211Standard, $selectedHwMode, 'cbxhwmode'); ?>
- + + SelectorOptions('channel', $selectablechannels, intval($arrConfig['channel']), 'cbxchannel') ?>
@@ -147,20 +147,20 @@ if (in_array($arrConfig['country_code'], $countries_max11channels)) {

- - + +
- - + +
- - + +
@@ -184,24 +184,24 @@ if (in_array($arrConfig['country_code'], $countries_max11channels)) {
-
- + - @@ -454,7 +454,7 @@ if ($arrHostapdConf['LogEnable'] == 1) {