1
0
mirror of https://github.com/billz/raspap-webgui.git synced 2023-10-10 13:37:24 +02:00

Merge pull request #357 from glaszig/security/command-injection

SECURITY ISSUE! fix command injection
This commit is contained in:
Bill Zimmerman 2019-07-30 19:01:11 -07:00 committed by GitHub
commit 809051165b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 5 additions and 5 deletions

View File

@ -48,7 +48,7 @@ function DisplayDHCPConfig()
} }
$config .= $_POST['RangeLeaseTimeUnits']; $config .= $_POST['RangeLeaseTimeUnits'];
exec('echo "'.$config.'" > /tmp/dhcpddata', $temp); file_put_contents("/tmp/dhcpddata", $config);
system('sudo cp /tmp/dhcpddata '.RASPI_DNSMASQ_CONFIG, $return); system('sudo cp /tmp/dhcpddata '.RASPI_DNSMASQ_CONFIG, $return);
} else { } else {
$status->addMessage($errors, 'danger'); $status->addMessage($errors, 'danger');

View File

@ -638,7 +638,7 @@ function SaveHostAPDConfig($wpa_array, $enc_types, $modes, $interfaces, $status)
$config.= 'country_code='.$_POST['country_code'].PHP_EOL; $config.= 'country_code='.$_POST['country_code'].PHP_EOL;
$config.= 'ignore_broadcast_ssid='.$ignore_broadcast_ssid.PHP_EOL; $config.= 'ignore_broadcast_ssid='.$ignore_broadcast_ssid.PHP_EOL;
exec('echo "'.$config.'" > /tmp/hostapddata', $temp); file_put_contents("/tmp/hostapddata", $config);
system("sudo cp /tmp/hostapddata " . RASPI_HOSTAPD_CONFIG, $return); system("sudo cp /tmp/hostapddata " . RASPI_HOSTAPD_CONFIG, $return);
if ($wifiAPEnable == 1) { if ($wifiAPEnable == 1) {
@ -655,8 +655,8 @@ function SaveHostAPDConfig($wpa_array, $enc_types, $modes, $interfaces, $status)
$config.= 'interface='.$_POST['interface'].PHP_EOL; $config.= 'interface='.$_POST['interface'].PHP_EOL;
$config.= 'dhcp-range=10.3.141.50,10.3.141.255,255.255.255.0,12h'.PHP_EOL; $config.= 'dhcp-range=10.3.141.50,10.3.141.255,255.255.255.0,12h'.PHP_EOL;
} }
exec('echo "'.$config.'" > /tmp/dhcpddata', $temp); file_put_contents("/tmp/dnsmasqdata", $config);
system('sudo cp /tmp/dhcpddata '.RASPI_DNSMASQ_CONFIG, $return); system('sudo cp /tmp/dnsmasqdata '.RASPI_DNSMASQ_CONFIG, $return);
if ($wifiAPEnable == 1) { if ($wifiAPEnable == 1) {
// Enable uap0 configuration in dhcpcd for Wifi client AP mode // Enable uap0 configuration in dhcpcd for Wifi client AP mode
@ -682,7 +682,7 @@ function SaveHostAPDConfig($wpa_array, $enc_types, $modes, $interfaces, $status)
$config.= 'static routers=10.3.141.1'.PHP_EOL; $config.= 'static routers=10.3.141.1'.PHP_EOL;
$config.= 'static domain_name_server=1.1.1.1 8.8.8.8'.PHP_EOL; $config.= 'static domain_name_server=1.1.1.1 8.8.8.8'.PHP_EOL;
} }
exec('echo "'.$config.'" > /tmp/dhcpddata', $temp); file_put_contents("/tmp/dhcpddata", $config);
system('sudo cp /tmp/dhcpddata '.RASPI_DHCPCD_CONFIG, $return); system('sudo cp /tmp/dhcpddata '.RASPI_DHCPCD_CONFIG, $return);