* escape html entities in network interface settings

the command `ip address show eth0` returns
special characters like "<" and ">" which, if left
unescaped and shown on the page, will create
arbitrary html elements and hide information.

* show interface settings inside unstyled pre block

interface properties should be parsed and displayed
in a proprietary and pretty manner. until then, give
use the raw output of `ip address show`

ajax/networking/get_ip_summary.php

@@ -5,6 +5,7 @@ include_once('../../includes/functions.php');
 if(isset($_POST['interface']) && isset($_POST['csrf_token']) && CSRFValidate()) {
     $int = preg_replace('/[^a-z0-9]/','',$_POST['interface']);
     exec('ip a s '.$int,$intOutput,$intResult);
+    $intOutput = array_map('htmlentities', $intOutput);
     $jsonData = ['return'=>$intResult,'output'=>$intOutput];
     echo json_encode($jsonData);
 } else {

includes/networking.php

@@ -44,7 +44,9 @@ function DisplayNetworkingConfig()
                             echo '<div class="col-md-6">
                             <div class="panel panel-default">
                                 <div class="panel-heading">'.htmlspecialchars($interface, ENT_QUOTES).'</div>
-                                <div class="panel-body" id="'.htmlspecialchars($interface, ENT_QUOTES).'-summary"></div>
+                                <div class="panel-body">
+                                  <pre class="unstyled" id="'.htmlspecialchars($interface, ENT_QUOTES).'-summary"></pre>
+                                </div>
                             </div>
                             </div>';
                         }