frodovdr
/
raspap-webgui
mirror of https://github.com/billz/raspap-webgui.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #357 from glaszig/security/command-injection 

SECURITY ISSUE! fix command injection
This commit is contained in:
Bill Zimmerman 2019-07-30 19:01:11 -07:00 committed by GitHub
parent d81d1b0a10 81a67c0121
commit 809051165b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
includes/dhcp.php
View File

@ -48,7 +48,7 @@ function DisplayDHCPConfig()
}
$config .= $_POST['RangeLeaseTimeUnits'];
exec('echo "'.$config.'" > /tmp/dhcpddata', $temp);
file_put_contents("/tmp/dhcpddata", $config);
system('sudo cp /tmp/dhcpddata '.RASPI_DNSMASQ_CONFIG, $return);
} else {
$status->addMessage($errors, 'danger');

8
includes/hostapd.php
View File

@ -638,7 +638,7 @@ function SaveHostAPDConfig($wpa_array, $enc_types, $modes, $interfaces, $status)
$config.= 'country_code='.$_POST['country_code'].PHP_EOL;
$config.= 'ignore_broadcast_ssid='.$ignore_broadcast_ssid.PHP_EOL;
exec('echo "'.$config.'" > /tmp/hostapddata', $temp);
file_put_contents("/tmp/hostapddata", $config);
system("sudo cp /tmp/hostapddata " . RASPI_HOSTAPD_CONFIG, $return);
if ($wifiAPEnable == 1) {
@ -655,8 +655,8 @@ function SaveHostAPDConfig($wpa_array, $enc_types, $modes, $interfaces, $status)
$config.= 'interface='.$_POST['interface'].PHP_EOL;
$config.= 'dhcp-range=10.3.141.50,10.3.141.255,255.255.255.0,12h'.PHP_EOL;
}
exec('echo "'.$config.'" > /tmp/dhcpddata', $temp);
system('sudo cp /tmp/dhcpddata '.RASPI_DNSMASQ_CONFIG, $return);
file_put_contents("/tmp/dnsmasqdata", $config);
system('sudo cp /tmp/dnsmasqdata '.RASPI_DNSMASQ_CONFIG, $return);
if ($wifiAPEnable == 1) {
// Enable uap0 configuration in dhcpcd for Wifi client AP mode
@ -682,7 +682,7 @@ function SaveHostAPDConfig($wpa_array, $enc_types, $modes, $interfaces, $status)
$config.= 'static routers=10.3.141.1'.PHP_EOL;
$config.= 'static domain_name_server=1.1.1.1 8.8.8.8'.PHP_EOL;
}
exec('echo "'.$config.'" > /tmp/dhcpddata', $temp);
file_put_contents("/tmp/dhcpddata", $config);
system('sudo cp /tmp/dhcpddata '.RASPI_DHCPCD_CONFIG, $return);