mirror of
https://github.com/billz/raspap-webgui.git
synced 2023-10-10 13:37:24 +02:00
Merge pull request #357 from glaszig/security/command-injection
SECURITY ISSUE! fix command injection
This commit is contained in:
commit
809051165b
@ -48,7 +48,7 @@ function DisplayDHCPConfig()
|
|||||||
}
|
}
|
||||||
|
|
||||||
$config .= $_POST['RangeLeaseTimeUnits'];
|
$config .= $_POST['RangeLeaseTimeUnits'];
|
||||||
exec('echo "'.$config.'" > /tmp/dhcpddata', $temp);
|
file_put_contents("/tmp/dhcpddata", $config);
|
||||||
system('sudo cp /tmp/dhcpddata '.RASPI_DNSMASQ_CONFIG, $return);
|
system('sudo cp /tmp/dhcpddata '.RASPI_DNSMASQ_CONFIG, $return);
|
||||||
} else {
|
} else {
|
||||||
$status->addMessage($errors, 'danger');
|
$status->addMessage($errors, 'danger');
|
||||||
|
@ -638,7 +638,7 @@ function SaveHostAPDConfig($wpa_array, $enc_types, $modes, $interfaces, $status)
|
|||||||
$config.= 'country_code='.$_POST['country_code'].PHP_EOL;
|
$config.= 'country_code='.$_POST['country_code'].PHP_EOL;
|
||||||
$config.= 'ignore_broadcast_ssid='.$ignore_broadcast_ssid.PHP_EOL;
|
$config.= 'ignore_broadcast_ssid='.$ignore_broadcast_ssid.PHP_EOL;
|
||||||
|
|
||||||
exec('echo "'.$config.'" > /tmp/hostapddata', $temp);
|
file_put_contents("/tmp/hostapddata", $config);
|
||||||
system("sudo cp /tmp/hostapddata " . RASPI_HOSTAPD_CONFIG, $return);
|
system("sudo cp /tmp/hostapddata " . RASPI_HOSTAPD_CONFIG, $return);
|
||||||
|
|
||||||
if ($wifiAPEnable == 1) {
|
if ($wifiAPEnable == 1) {
|
||||||
@ -655,8 +655,8 @@ function SaveHostAPDConfig($wpa_array, $enc_types, $modes, $interfaces, $status)
|
|||||||
$config.= 'interface='.$_POST['interface'].PHP_EOL;
|
$config.= 'interface='.$_POST['interface'].PHP_EOL;
|
||||||
$config.= 'dhcp-range=10.3.141.50,10.3.141.255,255.255.255.0,12h'.PHP_EOL;
|
$config.= 'dhcp-range=10.3.141.50,10.3.141.255,255.255.255.0,12h'.PHP_EOL;
|
||||||
}
|
}
|
||||||
exec('echo "'.$config.'" > /tmp/dhcpddata', $temp);
|
file_put_contents("/tmp/dnsmasqdata", $config);
|
||||||
system('sudo cp /tmp/dhcpddata '.RASPI_DNSMASQ_CONFIG, $return);
|
system('sudo cp /tmp/dnsmasqdata '.RASPI_DNSMASQ_CONFIG, $return);
|
||||||
|
|
||||||
if ($wifiAPEnable == 1) {
|
if ($wifiAPEnable == 1) {
|
||||||
// Enable uap0 configuration in dhcpcd for Wifi client AP mode
|
// Enable uap0 configuration in dhcpcd for Wifi client AP mode
|
||||||
@ -682,7 +682,7 @@ function SaveHostAPDConfig($wpa_array, $enc_types, $modes, $interfaces, $status)
|
|||||||
$config.= 'static routers=10.3.141.1'.PHP_EOL;
|
$config.= 'static routers=10.3.141.1'.PHP_EOL;
|
||||||
$config.= 'static domain_name_server=1.1.1.1 8.8.8.8'.PHP_EOL;
|
$config.= 'static domain_name_server=1.1.1.1 8.8.8.8'.PHP_EOL;
|
||||||
}
|
}
|
||||||
exec('echo "'.$config.'" > /tmp/dhcpddata', $temp);
|
file_put_contents("/tmp/dhcpddata", $config);
|
||||||
system('sudo cp /tmp/dhcpddata '.RASPI_DHCPCD_CONFIG, $return);
|
system('sudo cp /tmp/dhcpddata '.RASPI_DHCPCD_CONFIG, $return);
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user