frodovdr/raspap-webgui
1
0
Fork 0
mirror of https://github.com/billz/raspap-webgui.git synced 2025-03-01 10:31:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

* escape html entities in network interface settings

Browse Source 
the command `ip address show eth0` returns
special characters like "<" and ">" which, if left
unescaped and shown on the page, will create
arbitrary html elements and hide information.

* show interface settings inside unstyled pre block

interface properties should be parsed and displayed
in a proprietary and pretty manner. until then, give
use the raw output of `ip address show`
This commit is contained in:
glaszig
2019-07-30 14:10:42 +02:00
parent 1b32ed53d6
commit 3db99c7d21
2 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ajax/networking/get_ip_summary.php
View File

@@ -5,6 +5,7 @@ include_once('../../includes/functions.php');
if(isset($_POST['interface']) && isset($_POST['csrf_token']) && CSRFValidate()) {
$int = preg_replace('/[^a-z0-9]/','',$_POST['interface']);
exec('ip a s '.$int,$intOutput,$intResult);
$intOutput = array_map('htmlentities', $intOutput);
$jsonData = ['return'=>$intResult,'output'=>$intOutput];
echo json_encode($jsonData);
} else {