mirror of
https://github.com/billz/raspap-webgui.git
synced 2023-10-10 13:37:24 +02:00
Merge pull request #220 from D9ping/Branch_D9ping
Multiple security fixes
This commit is contained in:
commit
833690a1b8
@ -5,7 +5,7 @@ include_once('../../includes/functions.php');
|
||||
|
||||
|
||||
if(isset($_POST['interface']) && isset($_POST['csrf_token']) && CSRFValidate()) {
|
||||
$int = $_POST['interface'];
|
||||
$int = preg_replace('/[^a-z0-9]/', '', $_POST['interface']);
|
||||
if(!file_exists(RASPI_CONFIG_NETWORKING.'/'.$int.'.ini')) {
|
||||
touch(RASPI_CONFIG_NETWORKING.'/'.$int.'.ini');
|
||||
}
|
||||
@ -21,4 +21,3 @@ if(isset($_POST['interface']) && isset($_POST['csrf_token']) && CSRFValidate())
|
||||
echo json_encode($jsonData);
|
||||
}
|
||||
|
||||
?>
|
||||
|
@ -8,7 +8,7 @@ function DisplayAuthConfig($username, $password){
|
||||
if (CSRFValidate()) {
|
||||
if (password_verify($_POST['oldpass'], $password)) {
|
||||
$new_username=trim($_POST['username']);
|
||||
if ($_POST['newpass'] != $_POST['newpassagain']) {
|
||||
if ($_POST['newpass'] !== $_POST['newpassagain']) {
|
||||
$status->addMessage('New passwords do not match', 'danger');
|
||||
} else if ($new_username == '') {
|
||||
$status->addMessage('Username must not be empty', 'danger');
|
||||
@ -16,7 +16,8 @@ function DisplayAuthConfig($username, $password){
|
||||
if (!file_exists(RASPI_ADMIN_DETAILS)) {
|
||||
$tmpauth = fopen(RASPI_ADMIN_DETAILS, 'w');
|
||||
fclose($tmpauth);
|
||||
}
|
||||
}
|
||||
|
||||
if ($auth_file = fopen(RASPI_ADMIN_DETAILS, 'w')) {
|
||||
fwrite($auth_file, $new_username.PHP_EOL);
|
||||
fwrite($auth_file, password_hash($_POST['newpass'], PASSWORD_BCRYPT).PHP_EOL);
|
||||
@ -46,7 +47,7 @@ function DisplayAuthConfig($username, $password){
|
||||
<div class="row">
|
||||
<div class="form-group col-md-4">
|
||||
<label for="username"><?php echo _("Username"); ?></label>
|
||||
<input type="text" class="form-control" name="username" value="<?php echo $username; ?>"/>
|
||||
<input type="text" class="form-control" name="username" value="<?php echo htmlspecialchars($username, ENT_QUOTES); ?>"/>
|
||||
</div>
|
||||
</div>
|
||||
<div class="row">
|
||||
@ -76,4 +77,3 @@ function DisplayAuthConfig($username, $password){
|
||||
<?php
|
||||
}
|
||||
|
||||
?>
|
||||
|
@ -10,4 +10,3 @@ if (!$validated) {
|
||||
die ("Not authorized");
|
||||
}
|
||||
|
||||
?>
|
||||
|
@ -31,4 +31,3 @@ define('RASPI_CHANGETHEME_ENABLED', true );
|
||||
define('LOCALE_ROOT', 'locale');
|
||||
define('LOCALE_DOMAIN', 'messages');
|
||||
|
||||
?>
|
||||
|
@ -158,14 +158,14 @@ function DisplayWPAConfig(){
|
||||
|
||||
<div class="row">
|
||||
<div class="col-lg-12">
|
||||
<div class="panel panel-primary">
|
||||
<div class="panel panel-primary">
|
||||
<div class="panel-heading"><i class="fa fa-signal fa-fw"></i> <?php echo _("Configure client"); ?></div>
|
||||
<!-- /.panel-heading -->
|
||||
<div class="panel-body">
|
||||
<p><?php $status->showMessages(); ?></p>
|
||||
<h4><?php echo _("Client settings"); ?></h4>
|
||||
<div class="btn-group btn-block">
|
||||
<a href=".?<?php echo $_SERVER['QUERY_STRING']; ?>" style="padding:10px;float: right;display: block;position: relative;margin-top: -55px;" class="col-md-2 btn btn-info" id="update"><?php echo _("Rescan"); ?></a>
|
||||
<a href=".?<?php echo htmlspecialchars($_SERVER['QUERY_STRING'], ENT_QUOTES); ?>" style="padding:10px;float: right;display: block;position: relative;margin-top: -55px;" class="col-md-2 btn btn-info" id="update"><?php echo _("Rescan"); ?></a>
|
||||
</div>
|
||||
<form method="POST" action="?page=wpa_conf" name="wpa_conf_form">
|
||||
<?php CSRFToken() ?>
|
||||
@ -191,19 +191,19 @@ function DisplayWPAConfig(){
|
||||
<?php } ?>
|
||||
</td>
|
||||
<td>
|
||||
<input type="hidden" name="ssid<?php echo $index ?>" value="<?php echo htmlentities($ssid) ?>" />
|
||||
<?php echo $ssid ?>
|
||||
<input type="hidden" name="ssid<?php echo $index ?>" value="<?php echo htmlentities($ssid, ENT_QUOTES) ?>" />
|
||||
<?php echo htmlspecialchars($ssid, ENT_QUOTES); ?>
|
||||
</td>
|
||||
<?php if (array_key_exists('visible', $network) && $network['visible']) { ?>
|
||||
<td><?php echo $network['channel'] ?></td>
|
||||
<td><?php echo htmlspecialchars($network['channel'], ENT_QUOTES); ?></td>
|
||||
<?php } else { ?>
|
||||
<td><span class="label label-warning">X</span></td>
|
||||
<?php } ?>
|
||||
<td>
|
||||
<?php if (array_key_exists('priority', $network)) { ?>
|
||||
<input type="hidden" name="priority<?php echo $index ?>" value="<?php echo $network['priority'] ?>" />
|
||||
<input type="hidden" name="priority<?php echo $index ?>" value="<?php echo htmlspecialchars($network['priority'], ENT_QUOTES); ?>" />
|
||||
<?php } ?>
|
||||
<input type="hidden" name="protocol<?php echo $index ?>" value="<?php echo $network['protocol'] ?>" /><?php echo $network['protocol'] ?>
|
||||
<input type="hidden" name="protocol<?php echo $index ?>" value="<?php echo htmlspecialchars($network['protocol'], ENT_QUOTES); ?>" /><?php echo htmlspecialchars($network['protocol'], ENT_QUOTES); ?>
|
||||
</td>
|
||||
<?php if ($network['protocol'] === 'Open') { ?>
|
||||
<td><input type="hidden" name="passphrase<?php echo $index ?>" value="" />---</td>
|
||||
@ -233,4 +233,3 @@ function DisplayWPAConfig(){
|
||||
<?php
|
||||
}
|
||||
|
||||
?>
|
||||
|
@ -85,16 +85,16 @@ function DisplayDashboard(){
|
||||
<div class="panel panel-default">
|
||||
<div class="panel-body">
|
||||
<h4><?php echo _("Interface Information"); ?></h4>
|
||||
<div class="info-item"><?php echo _("Interface Name"); ?></div> <?php echo RASPI_WIFI_CLIENT_INTERFACE ?></br>
|
||||
<div class="info-item"><?php echo _("IP Address"); ?></div> <?php echo $strIPAddress ?></br>
|
||||
<div class="info-item"><?php echo _("Subnet Mask"); ?></div> <?php echo $strNetMask ?></br>
|
||||
<div class="info-item"><?php echo _("Mac Address"); ?></div> <?php echo $strHWAddress ?></br></br>
|
||||
<div class="info-item"><?php echo _("Interface Name"); ?></div> <?php echo RASPI_WIFI_CLIENT_INTERFACE; ?><br />
|
||||
<div class="info-item"><?php echo _("IP Address"); ?></div> <?php echo htmlspecialchars($strIPAddress, ENT_QUOTES); ?><br />
|
||||
<div class="info-item"><?php echo _("Subnet Mask"); ?></div> <?php echo htmlspecialchars($strNetMask, ENT_QUOTES); ?><br />
|
||||
<div class="info-item"><?php echo _("Mac Address"); ?></div> <?php echo htmlspecialchars($strHWAddress, ENT_QUOTES); ?><br /><br />
|
||||
|
||||
<h4><?php echo _("Interface Statistics"); ?></h4>
|
||||
<div class="info-item"><?php echo _("Received Packets"); ?></div> <?php echo $strRxPackets ?></br>
|
||||
<div class="info-item"><?php echo _("Received Bytes"); ?></div> <?php echo $strRxBytes ?></br></br>
|
||||
<div class="info-item"><?php echo _("Transferred Packets"); ?></div> <?php echo $strTxPackets ?></br>
|
||||
<div class="info-item"><?php echo _("Transferred Bytes"); ?></div> <?php echo $strTxBytes ?></br>
|
||||
<div class="info-item"><?php echo _("Received Packets"); ?></div> <?php echo htmlspecialchars($strRxPackets, ENT_QUOTES); ?><br />
|
||||
<div class="info-item"><?php echo _("Received Bytes"); ?></div> <?php echo htmlspecialchars($strRxBytes, ENT_QUOTES); ?><br /><br />
|
||||
<div class="info-item"><?php echo _("Transferred Packets"); ?></div> <?php echo htmlspecialchars($strTxPackets, ENT_QUOTES); ?><br />
|
||||
<div class="info-item"><?php echo _("Transferred Bytes"); ?></div> <?php echo htmlspecialchars($strTxBytes, ENT_QUOTES); ?><br />
|
||||
</div><!-- /.panel-body -->
|
||||
</div><!-- /.panel-default -->
|
||||
</div><!-- /.col-md-6 -->
|
||||
@ -102,18 +102,18 @@ function DisplayDashboard(){
|
||||
<div class="panel panel-default">
|
||||
<div class="panel-body wireless">
|
||||
<h4><?php echo _("Wireless Information"); ?></h4>
|
||||
<div class="info-item"><?php echo _("Connected To"); ?></div> <?php echo $strSSID ?></br>
|
||||
<div class="info-item"><?php echo _("AP Mac Address"); ?></div> <?php echo $strBSSID ?></br>
|
||||
<div class="info-item"><?php echo _("Bitrate"); ?></div> <?php echo $strBitrate ?></br>
|
||||
<div class="info-item"><?php echo _("Signal Level"); ?></div> <?php echo $strSignalLevel ?></br>
|
||||
<div class="info-item"><?php echo _("Transmit Power"); ?></div> <?php echo $strTxPower ?></br>
|
||||
<div class="info-item"><?php echo _("Frequency"); ?></div> <?php echo $strFrequency ?></br></br>
|
||||
<div class="info-item"><?php echo _("Connected To"); ?></div> <?php echo htmlspecialchars($strSSID, ENT_QUOTES); ?><br />
|
||||
<div class="info-item"><?php echo _("AP Mac Address"); ?></div> <?php echo htmlspecialchars($strBSSID, ENT_QUOTES); ?><br />
|
||||
<div class="info-item"><?php echo _("Bitrate"); ?></div> <?php echo htmlspecialchars($strBitrate, ENT_QUOTES); ?><br />
|
||||
<div class="info-item"><?php echo _("Signal Level"); ?></div> <?php echo htmlspecialchars($strSignalLevel, ENT_QUOTES); ?><br />
|
||||
<div class="info-item"><?php echo _("Transmit Power"); ?></div> <?php echo htmlspecialchars($strTxPower, ENT_QUOTES); ?><br />
|
||||
<div class="info-item"><?php echo _("Frequency"); ?></div> <?php echo htmlspecialchars($strFrequency, ENT_QUOTES); ?><br /><br />
|
||||
<div class="info-item"><?php echo _("Link Quality"); ?></div>
|
||||
<div class="progress">
|
||||
<div class="progress-bar progress-bar-info progress-bar-striped active"
|
||||
role="progressbar"
|
||||
aria-valuenow="<?php echo $strLinkQuality ?>" aria-valuemin="0" aria-valuemax="100"
|
||||
style="width: <?php echo $strLinkQuality ?>%;"><?php echo $strLinkQuality ?>%
|
||||
aria-valuenow="<?php echo htmlspecialchars($strLinkQuality, ENT_QUOTES); ?>" aria-valuemin="0" aria-valuemax="100"
|
||||
style="width: <?php echo htmlspecialchars($strLinkQuality, ENT_QUOTES); ?>%;"><?php echo htmlspecialchars($strLinkQuality, ENT_QUOTES); ?>%
|
||||
</div>
|
||||
</div>
|
||||
</div><!-- /.panel-body -->
|
||||
@ -143,4 +143,3 @@ function DisplayDashboard(){
|
||||
<?php
|
||||
}
|
||||
|
||||
?>
|
||||
|
@ -12,16 +12,47 @@ function DisplayDHCPConfig() {
|
||||
$status = new StatusMessages();
|
||||
if( isset( $_POST['savedhcpdsettings'] ) ) {
|
||||
if (CSRFValidate()) {
|
||||
$config = 'interface='.$_POST['interface'].PHP_EOL
|
||||
.'dhcp-range='.$_POST['RangeStart'].','.$_POST['RangeEnd'].',255.255.255.0,'.$_POST['RangeLeaseTime'].''.$_POST['RangeLeaseTimeUnits'];
|
||||
exec( 'echo "'.$config.'" > /tmp/dhcpddata',$temp );
|
||||
system( 'sudo cp /tmp/dhcpddata '. RASPI_DNSMASQ_CONFIG, $return );
|
||||
$errors = '';
|
||||
define('IFNAMSIZ', 16);
|
||||
if (!preg_match('/^[a-zA-Z0-9]+$/', $_POST['interface']) ||
|
||||
strlen($_POST['interface']) >= IFNAMSIZ) {
|
||||
$errors .= _('Invalid interface name.').'<br />'.PHP_EOL;
|
||||
}
|
||||
|
||||
if( $return == 0 ) {
|
||||
$status->addMessage('Dnsmasq configuration updated successfully', 'success');
|
||||
} else {
|
||||
$status->addMessage('Dnsmasq configuration failed to be updated', 'danger');
|
||||
}
|
||||
if (!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/', $_POST['RangeStart']) &&
|
||||
!empty($_POST['RangeStart'])) { // allow ''/null ?
|
||||
$errors .= _('Invalid DHCP range start.').'<br />'.PHP_EOL;
|
||||
}
|
||||
|
||||
if (!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/', $_POST['RangeEnd']) &&
|
||||
!empty($_POST['RangeEnd'])) { // allow ''/null ?
|
||||
$errors .= _('Invalid DHCP range end.').'<br />'.PHP_EOL;
|
||||
}
|
||||
|
||||
if (!ctype_digit($_POST['RangeLeaseTime'])) {
|
||||
$errors .= _('Invalid DHCP lease time, not a number.').'<br />'.PHP_EOL;
|
||||
}
|
||||
|
||||
if (!in_array($_POST['RangeLeaseTimeUnits'], array('m', 'h', 'd', 'infinite'))) {
|
||||
$errors .= _('Unknown DHCP lease time unit.').'<br />'.PHP_EOL;
|
||||
}
|
||||
|
||||
$return = 1;
|
||||
if (empty($errors)) {
|
||||
$config = 'interface='.$_POST['interface'].PHP_EOL.
|
||||
'dhcp-range='.$_POST['RangeStart'].','.$_POST['RangeEnd'].
|
||||
',255.255.255.0,'.$_POST['RangeLeaseTime'].$_POST['RangeLeaseTimeUnits'];
|
||||
exec('echo "'.$config.'" > /tmp/dhcpddata', $temp);
|
||||
system('sudo cp /tmp/dhcpddata '.RASPI_DNSMASQ_CONFIG, $return);
|
||||
} else {
|
||||
$status->addMessage($errors, 'danger');
|
||||
}
|
||||
|
||||
if ($return == 0) {
|
||||
$status->addMessage('Dnsmasq configuration updated successfully', 'success');
|
||||
} else {
|
||||
$status->addMessage('Dnsmasq configuration failed to be updated.', 'danger');
|
||||
}
|
||||
} else {
|
||||
error_log('CSRF violation');
|
||||
}
|
||||
@ -83,14 +114,14 @@ function DisplayDHCPConfig() {
|
||||
$dselected = '';
|
||||
|
||||
switch( $arrRangeLeaseTime[2] ) {
|
||||
case "h":
|
||||
$hselected = " selected";
|
||||
case 'h':
|
||||
$hselected = ' selected="selected"';
|
||||
break;
|
||||
case "m":
|
||||
$mselected = " selected";
|
||||
case 'm':
|
||||
$mselected = ' selected="selected"';
|
||||
break;
|
||||
case "d":
|
||||
$dselected = " selected";
|
||||
case 'd':
|
||||
$dselected = ' selected="selected"';
|
||||
break;
|
||||
}
|
||||
|
||||
@ -119,42 +150,49 @@ function DisplayDHCPConfig() {
|
||||
<div class="form-group col-md-4">
|
||||
<label for="code">Interface</label>
|
||||
<select class="form-control" name="interface">
|
||||
<?php
|
||||
<?php
|
||||
exec("ip -o link show | awk -F': ' '{print $2}'", $interfaces);
|
||||
|
||||
foreach( $interfaces as $int ) {
|
||||
foreach( $interfaces as $inet ) {
|
||||
$select = '';
|
||||
if( $int == $conf['interface'] ) {
|
||||
$select = " selected";
|
||||
if( $inet === $conf['interface'] ) {
|
||||
$select = ' selected="selected"'; // FIXED use xhtml valid attribute
|
||||
}
|
||||
echo '<option value="'.$int.'"'.$select.'>'.$int.'</option>';
|
||||
}
|
||||
?>
|
||||
|
||||
echo ' <option value="'.htmlspecialchars($inet, ENT_QUOTES).'"'.
|
||||
$select.'>'.htmlspecialchars($inet, ENT_QUOTES).'</option>' , PHP_EOL;
|
||||
}
|
||||
?>
|
||||
</select>
|
||||
</div>
|
||||
</div>
|
||||
<div class="row">
|
||||
<div class="form-group col-md-4">
|
||||
<label for="code"><?php echo _("Starting IP Address"); ?></label>
|
||||
<input type="text" class="form-control"name="RangeStart" value="<?php echo $RangeStart; ?>" />
|
||||
<input type="text" class="form-control"name="RangeStart" value="<?php echo htmlspecialchars($RangeStart, ENT_QUOTES); ?>" />
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="row">
|
||||
<div class="form-group col-md-4">
|
||||
<label for="code"><?php echo _("Ending IP Address"); ?></label>
|
||||
<input type="text" class="form-control" name="RangeEnd" value="<?php echo $RangeEnd; ?>" />
|
||||
<input type="text" class="form-control" name="RangeEnd" value="<?php echo htmlspecialchars($RangeEnd, ENT_QUOTES); ?>" />
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="row">
|
||||
<div class="form-group col-xs-2 col-sm-2">
|
||||
<label for="code"><?php echo _("Lease Time"); ?></label>
|
||||
<input type="text" class="form-control" name="RangeLeaseTime" value="<?php echo $arrRangeLeaseTime[1]; ?>" />
|
||||
<input type="text" class="form-control" name="RangeLeaseTime" value="<?php echo htmlspecialchars($arrRangeLeaseTime[1], ENT_QUOTES); ?>" />
|
||||
</div>
|
||||
<div class="col-xs-2 col-sm-2">
|
||||
<label for="code"><?php echo _("Interval"); ?></label>
|
||||
<select name="RangeLeaseTimeUnits" class="form-control" ><option value="m" <?php echo $mselected; ?>>Minute(s)</option><option value="h" <?php echo $hselected; ?>>Hour(s)</option><option value="d" <?php echo $dselected; ?>>Day(s)</option><option value="infinite">Infinite</option></select>
|
||||
<select name="RangeLeaseTimeUnits" class="form-control" >
|
||||
<option value="m" <?php echo $mselected; ?>>Minute(s)</option>
|
||||
<option value="h" <?php echo $hselected; ?>>Hour(s)</option>
|
||||
<option value="d" <?php echo $dselected; ?>>Day(s)</option>
|
||||
<option value="infinite">Infinite</option>
|
||||
</select>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
@ -166,7 +204,7 @@ function DisplayDHCPConfig() {
|
||||
} else {
|
||||
echo'<input type="submit" class="btn btn-success" value="' . _("Start dnsmasq") . '" name="startdhcpd" />';
|
||||
}
|
||||
?>
|
||||
?>
|
||||
</form>
|
||||
</div><!-- /.tab-pane -->
|
||||
|
||||
@ -190,16 +228,18 @@ function DisplayDHCPConfig() {
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<?php
|
||||
exec( 'cat ' . RASPI_DNSMASQ_LEASES, $leases );
|
||||
foreach( $leases as $lease ) {
|
||||
$lease_items = explode(' ', $lease);
|
||||
foreach( $lease_items as $lease_item ) {
|
||||
echo '<td>' . $lease_item . '</td>';
|
||||
}
|
||||
echo '</tr>';
|
||||
};
|
||||
?>
|
||||
<?php
|
||||
exec( 'cat ' . RASPI_DNSMASQ_LEASES, $leases );
|
||||
foreach( $leases as $lease ) {
|
||||
$lease_items = explode(' ', $lease);
|
||||
foreach( $lease_items as $lease_item ) {
|
||||
echo ' <td>'.htmlspecialchars($lease_item, ENT_QUOTES).'</td>'.PHP_EOL;
|
||||
}
|
||||
|
||||
echo ' </tr>'.PHP_EOL;
|
||||
};
|
||||
|
||||
?>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
@ -210,12 +250,10 @@ function DisplayDHCPConfig() {
|
||||
</div><!-- /.tab-pane -->
|
||||
</div><!-- /.tab-content -->
|
||||
</div><!-- ./ Panel body -->
|
||||
<div class="panel-footer"> <?php echo _("Information provided by Dnsmasq");?></div>
|
||||
<div class="panel-footer"> <?php echo _("Information provided by Dnsmasq"); ?></div>
|
||||
</div><!-- /.panel-primary -->
|
||||
</div><!-- /.col-lg-12 -->
|
||||
</div><!-- /.row -->
|
||||
<?php
|
||||
}
|
||||
|
||||
?>
|
||||
|
||||
|
@ -55,7 +55,7 @@ function safefilerewrite($fileName, $dataToSave) {
|
||||
*/
|
||||
function CSRFToken() {
|
||||
?>
|
||||
<input id="csrf_token" type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>" />
|
||||
<input id="csrf_token" type="hidden" name="csrf_token" value="<?php echo htmlspecialchars($_SESSION['csrf_token'], ENT_QUOTES);; ?>" />
|
||||
<?php
|
||||
}
|
||||
|
||||
@ -90,16 +90,19 @@ function isAssoc($arr) {
|
||||
*
|
||||
*/
|
||||
function SelectorOptions($name, $options, $selected = null) {
|
||||
echo "<select class=\"form-control\" name=\"$name\">";
|
||||
echo '<select class="form-control" name="'.htmlspecialchars($name, ENT_QUOTES).'>' , PHP_EOL;
|
||||
foreach ( $options as $opt => $label) {
|
||||
$select = '';
|
||||
$key = isAssoc($options) ? $opt : $label;
|
||||
if( $key == $selected ) {
|
||||
$select = " selected";
|
||||
$select = ' selected="selected"';
|
||||
}
|
||||
echo "<option value=\"$key\"$select>$label</options>";
|
||||
|
||||
echo '<option value="'.htmlspecialchars($key, ENT_QUOTES).'"'.$select.'>'.
|
||||
htmlspecialchars($label, ENT_QUOTES).'</options>' , PHP_EOL;
|
||||
}
|
||||
echo "</select>";
|
||||
|
||||
echo '</select>' , PHP_EOL;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -220,96 +223,93 @@ function DisplayOpenVPNConfig() {
|
||||
?>
|
||||
<div class="row">
|
||||
<div class="col-lg-12">
|
||||
<div class="panel panel-primary">
|
||||
<div class="panel-heading"><i class="fa fa-lock fa-fw"></i> Configure OpenVPN
|
||||
</div>
|
||||
<!-- /.panel-heading -->
|
||||
<div class="panel-body">
|
||||
<!-- Nav tabs -->
|
||||
<ul class="nav nav-tabs">
|
||||
<li class="active"><a href="#openvpnclient" data-toggle="tab">Client settings</a>
|
||||
</li>
|
||||
<li><a href="#openvpnserver" data-toggle="tab">Server settings</a>
|
||||
</li>
|
||||
</ul>
|
||||
<!-- Tab panes -->
|
||||
<div class="tab-content">
|
||||
<p><?php echo $status; ?></p>
|
||||
<div class="tab-pane fade in active" id="openvpnclient">
|
||||
|
||||
<h4>Client settings</h4>
|
||||
<div class="panel panel-primary">
|
||||
<div class="panel-heading"><i class="fa fa-lock fa-fw"></i> Configure OpenVPN </div>
|
||||
<!-- /.panel-heading -->
|
||||
<div class="panel-body">
|
||||
<!-- Nav tabs -->
|
||||
<ul class="nav nav-tabs">
|
||||
<li class="active"><a href="#openvpnclient" data-toggle="tab">Client settings</a></li>
|
||||
<li><a href="#openvpnserver" data-toggle="tab">Server settings</a></li>
|
||||
</ul>
|
||||
<!-- Tab panes -->
|
||||
<div class="tab-content">
|
||||
<p><?php echo $status; ?></p>
|
||||
<div class="tab-pane fade in active" id="openvpnclient">
|
||||
|
||||
<h4>Client settings</h4>
|
||||
<form role="form" action="?page=save_hostapd_conf" method="POST">
|
||||
|
||||
<div class="row">
|
||||
<div class="form-group col-md-4">
|
||||
<label>Select OpenVPN configuration file (.ovpn)</label>
|
||||
<input type="file" name="openvpn-config">
|
||||
</div>
|
||||
<label>Select OpenVPN configuration file (.ovpn)</label>
|
||||
<input type="file" name="openvpn-config">
|
||||
</div>
|
||||
</div>
|
||||
<div class="row">
|
||||
<div class="form-group col-md-4">
|
||||
<label for="code">Client Log</label>
|
||||
<input type="text" class="form-control" id="disabledInput" name="log-append" type="text" placeholder="<?php echo $arrClientConfig['log-append']; ?>" disabled />
|
||||
<input type="text" class="form-control" id="disabledInput" name="log-append" type="text" placeholder="<?php echo htmlspecialchars($arrClientConfig['log-append'], ENT_QUOTES); ?>" disabled="disabled" />
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="tab-pane fade" id="openvpnserver">
|
||||
<h4>Server settings</h4>
|
||||
<div class="row">
|
||||
<h4>Server settings</h4>
|
||||
<div class="row">
|
||||
<div class="form-group col-md-4">
|
||||
<label for="code">Port</label>
|
||||
<input type="text" class="form-control" name="openvpn_port" value="<?php echo $arrServerConfig['port'] ?>" />
|
||||
<label for="code">Port</label>
|
||||
<input type="text" class="form-control" name="openvpn_port" value="<?php echo htmlspecialchars($arrServerConfig['port'], ENT_QUOTES); ?>" />
|
||||
</div>
|
||||
</div>
|
||||
<div class="row">
|
||||
<div class="form-group col-md-4">
|
||||
<label for="code">Protocol</label>
|
||||
<input type="text" class="form-control" name="openvpn_proto" value="<?php echo $arrServerConfig['proto'] ?>" />
|
||||
<input type="text" class="form-control" name="openvpn_proto" value="<?php echo htmlspecialchars($arrServerConfig['proto'], ENT_QUOTES); ?>" />
|
||||
</div>
|
||||
</div>
|
||||
<div class="row">
|
||||
<div class="form-group col-md-4">
|
||||
<label for="code">Root CA certificate</label>
|
||||
<input type="text" class="form-control" name="openvpn_rootca" placeholder="<?php echo $arrServerConfig['ca']; ?>" disabled />
|
||||
<input type="text" class="form-control" name="openvpn_rootca" placeholder="<?php echo htmlspecialchars($arrServerConfig['ca'], ENT_QUOTES); ?>" disabled="disabled" />
|
||||
</div>
|
||||
</div>
|
||||
<div class="row">
|
||||
<div class="form-group col-md-4">
|
||||
<label for="code">Server certificate</label>
|
||||
<input type="text" class="form-control" name="openvpn_cert" placeholder="<?php echo $arrServerConfig['cert']; ?>" disabled />
|
||||
<input type="text" class="form-control" name="openvpn_cert" placeholder="<?php echo htmlspecialchars($arrServerConfig['cert'], ENT_QUOTES); ?>" disabled="disabled" />
|
||||
</div>
|
||||
</div>
|
||||
<div class="row">
|
||||
<div class="form-group col-md-4">
|
||||
<label for="code">Diffie Hellman parameters</label>
|
||||
<input type="text" class="form-control" name="openvpn_dh" placeholder="<?php echo $arrServerConfig['dh']; ?>" disabled />
|
||||
<input type="text" class="form-control" name="openvpn_dh" placeholder="<?php echo htmlspecialchars($arrServerConfig['dh'], ENT_QUOTES); ?>" disabled="disabled" />
|
||||
</div>
|
||||
</div>
|
||||
<div class="row">
|
||||
<div class="form-group col-md-4">
|
||||
<label for="code">KeepAlive</label>
|
||||
<input type="text" class="form-control" name="openvpn_keepalive" value="<?php echo $arrServerConfig['keepalive']; ?>" />
|
||||
<input type="text" class="form-control" name="openvpn_keepalive" value="<?php echo htmlspecialchars($arrServerConfig['keepalive'], ENT_QUOTES); ?>" />
|
||||
</div>
|
||||
</div>
|
||||
<div class="row">
|
||||
<div class="form-group col-md-4">
|
||||
<label for="code">Server log</label>
|
||||
<input type="text" class="form-control" name="openvpn_status" placeholder="<?php echo $arrServerConfig['status']; ?>" disabled />
|
||||
<input type="text" class="form-control" name="openvpn_status" placeholder="<?php echo htmlspecialchars($arrServerConfig['status'], ENT_QUOTES); ?>" disabled="disabled" />
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<input type="submit" class="btn btn-outline btn-primary" name="SaveOpenVPNSettings" value="Save settings" />
|
||||
<?php
|
||||
if($hostapdstatus[0] == 0) {
|
||||
echo '<input type="submit" class="btn btn-success" name="StartOpenVPN" value="Start OpenVPN" />';
|
||||
echo '<input type="submit" class="btn btn-success" name="StartOpenVPN" value="Start OpenVPN" />' , PHP_EOL;
|
||||
} else {
|
||||
echo '<input type="submit" class="btn btn-warning" name="StopOpenVPN" value="Stop OpenVPN" />';
|
||||
echo '<input type="submit" class="btn btn-warning" name="StopOpenVPN" value="Stop OpenVPN" />' , PHP_EOL;
|
||||
}
|
||||
?>
|
||||
?>
|
||||
</form>
|
||||
</div><!-- /.panel-body -->
|
||||
</div><!-- /.panel-primary -->
|
||||
<div class="panel-footer"> Information provided by openvpn</div>
|
||||
</div><!-- /.panel-primary -->
|
||||
<div class="panel-footer"> Information provided by openvpn</div>
|
||||
</div><!-- /.col-lg-12 -->
|
||||
</div><!-- /.row -->
|
||||
<?php
|
||||
@ -332,6 +332,7 @@ function DisplayTorProxyConfig(){
|
||||
<button type="button" class="close" data-dismiss="alert" aria-hidden="true">×</button></div>';
|
||||
}
|
||||
|
||||
$arrConfig = array();
|
||||
foreach( $return as $a ) {
|
||||
if( $a[0] != "#" ) {
|
||||
$arrLine = explode( " ",$a) ;
|
||||
@ -339,12 +340,11 @@ function DisplayTorProxyConfig(){
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
?>
|
||||
<div class="row">
|
||||
<div class="col-lg-12">
|
||||
<div class="panel panel-primary">
|
||||
<div class="panel-heading"><i class="fa fa-eye-slash fa-fw"></i> Configure TOR proxy
|
||||
</div>
|
||||
<div class="panel panel-primary">
|
||||
<div class="panel-heading"><i class="fa fa-eye-slash fa-fw"></i> Configure TOR proxy</div>
|
||||
<!-- /.panel-heading -->
|
||||
<div class="panel-body">
|
||||
<!-- Nav tabs -->
|
||||
@ -365,37 +365,37 @@ function DisplayTorProxyConfig(){
|
||||
<div class="row">
|
||||
<div class="form-group col-md-4">
|
||||
<label for="code">VirtualAddrNetwork</label>
|
||||
<input type="text" class="form-control" name="virtualaddrnetwork" value="<?php echo $arrConfig['VirtualAddrNetwork']; ?>" />
|
||||
<input type="text" class="form-control" name="virtualaddrnetwork" value="<?php echo htmlspecialchars($arrConfig['VirtualAddrNetwork'], ENT_QUOTES); ?>" />
|
||||
</div>
|
||||
</div>
|
||||
<div class="row">
|
||||
<div class="form-group col-md-4">
|
||||
<label for="code">AutomapHostsSuffixes</label>
|
||||
<input type="text" class="form-control" name="automaphostssuffixes" value="<?php echo $arrConfig['AutomapHostsSuffixes']; ?>" />
|
||||
<input type="text" class="form-control" name="automaphostssuffixes" value="<?php echo htmlspecialchars($arrConfig['AutomapHostsSuffixes'], ENT_QUOTES); ?>" />
|
||||
</div>
|
||||
</div>
|
||||
<div class="row">
|
||||
<div class="form-group col-md-4">
|
||||
<label for="code">AutomapHostsOnResolve</label>
|
||||
<input type="text" class="form-control" name="automaphostsonresolve" value="<?php echo $arrConfig['AutomapHostsOnResolve']; ?>" />
|
||||
<input type="text" class="form-control" name="automaphostsonresolve" value="<?php echo htmlspecialchars($arrConfig['AutomapHostsOnResolve'], ENT_QUOTES); ?>" />
|
||||
</div>
|
||||
</div>
|
||||
<div class="row">
|
||||
<div class="form-group col-md-4">
|
||||
<label for="code">TransListenAddress</label>
|
||||
<input type="text" class="form-control" name="translistenaddress" value="<?php echo $arrConfig['TransListenAddress']; ?>" />
|
||||
<input type="text" class="form-control" name="translistenaddress" value="<?php echo htmlspecialchars($arrConfig['TransListenAddress'], ENT_QUOTES); ?>" />
|
||||
</div>
|
||||
</div>
|
||||
<div class="row">
|
||||
<div class="form-group col-md-4">
|
||||
<label for="code">DNSPort</label>
|
||||
<input type="text" class="form-control" name="dnsport" value="<?php echo $arrConfig['DNSPort']; ?>" />
|
||||
<input type="text" class="form-control" name="dnsport" value="<?php echo htmlspecialchars($arrConfig['DNSPort'], ENT_QUOTES); ?>" />
|
||||
</div>
|
||||
</div>
|
||||
<div class="row">
|
||||
<div class="form-group col-md-4">
|
||||
<label for="code">DNSListenAddress</label>
|
||||
<input type="text" class="form-control" name="dnslistenaddress" value="<?php echo $arrConfig['DNSListenAddress']; ?>" />
|
||||
<input type="text" class="form-control" name="dnslistenaddress" value="<?php echo htmlspecialchars($arrConfig['DNSListenAddress'], ENT_QUOTES); ?>" />
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
@ -404,47 +404,47 @@ function DisplayTorProxyConfig(){
|
||||
<div class="row">
|
||||
<div class="form-group col-md-4">
|
||||
<label for="code">ORPort</label>
|
||||
<input type="text" class="form-control" name="orport" value="<?php echo $arrConfig['ORPort']; ?>" />
|
||||
<input type="text" class="form-control" name="orport" value="<?php echo htmlspecialchars($arrConfig['ORPort'], ENT_QUOTES); ?>" />
|
||||
</div>
|
||||
</div>
|
||||
<div class="row">
|
||||
<div class="form-group col-md-4">
|
||||
<label for="code">ORListenAddress</label>
|
||||
<input type="text" class="form-control" name="orlistenaddress" value="<?php echo $arrConfig['ORListenAddress']; ?>" />
|
||||
<input type="text" class="form-control" name="orlistenaddress" value="<?php echo htmlspecialchars($arrConfig['ORListenAddress'], ENT_QUOTES); ?>" />
|
||||
</div>
|
||||
</div>
|
||||
<div class="row">
|
||||
<div class="form-group col-md-4">
|
||||
<label for="code">Nickname</label>
|
||||
<input type="text" class="form-control" name="nickname" value="<?php echo $arrConfig['Nickname']; ?>" />
|
||||
<input type="text" class="form-control" name="nickname" value="<?php echo htmlspecialchars($arrConfig['Nickname'], ENT_QUOTES); ?>" />
|
||||
</div>
|
||||
</div>
|
||||
<div class="row">
|
||||
<div class="form-group col-md-4">
|
||||
<label for="code">Address</label>
|
||||
<input type="text" class="form-control" name="address" value="<?php echo $arrConfig['Address']; ?>" />
|
||||
<input type="text" class="form-control" name="address" value="<?php echo htmlspecialchars($arrConfig['Address'], ENT_QUOTES); ?>" />
|
||||
</div>
|
||||
</div>
|
||||
<div class="row">
|
||||
<div class="form-group col-md-4">
|
||||
<label for="code">RelayBandwidthRate</label>
|
||||
<input type="text" class="form-control" name="relaybandwidthrate" value="<?php echo $arrConfig['RelayBandwidthRate']; ?>" />
|
||||
<input type="text" class="form-control" name="relaybandwidthrate" value="<?php echo htmlspecialchars($arrConfig['RelayBandwidthRate'], ENT_QUOTES); ?>" />
|
||||
</div>
|
||||
</div>
|
||||
<div class="row">
|
||||
<div class="form-group col-md-4">
|
||||
<label for="code">RelayBandwidthBurst</label>
|
||||
<input type="text" class="form-control" name="relaybandwidthburst" value="<?php echo $arrConfig['RelayBandwidthBurst']; ?>" />
|
||||
<input type="text" class="form-control" name="relaybandwidthburst" value="<?php echo htmlspecialchars($arrConfig['RelayBandwidthBurst'], ENT_QUOTES); ?>" />
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
|
||||
<input type="submit" class="btn btn-outline btn-primary" name="SaveTORProxySettings" value="Save settings" />
|
||||
<?php
|
||||
if( $torproxystatus[0] == 0 ) {
|
||||
echo '<input type="submit" class="btn btn-success" name="StartTOR" value="Start TOR" />';
|
||||
echo '<input type="submit" class="btn btn-success" name="StartTOR" value="Start TOR" />' , PHP_EOL;
|
||||
} else {
|
||||
echo '<input type="submit" class="btn btn-warning" name="StopTOR" value="Stop TOR" />';
|
||||
echo '<input type="submit" class="btn btn-warning" name="StopTOR" value="Stop TOR" />' , PHP_EOL;
|
||||
};
|
||||
?>
|
||||
</form>
|
||||
@ -470,26 +470,26 @@ function SaveTORAndVPNConfig(){
|
||||
echo "Attempting to start openvpn";
|
||||
exec( 'sudo /etc/init.d/openvpn start', $return );
|
||||
foreach( $return as $line ) {
|
||||
echo $line."<br />";
|
||||
echo htmlspecialchars($line, ENT_QUOTES).'<br />' , PHP_EOL;
|
||||
}
|
||||
} elseif( isset($_POST['StopOpenVPN']) ) {
|
||||
echo "Attempting to stop openvpn";
|
||||
exec( 'sudo /etc/init.d/openvpn stop', $return );
|
||||
foreach( $return as $line ) {
|
||||
echo $line."<br />";
|
||||
echo htmlspecialchars($line, ENT_QUOTES).'<br />' , PHP_EOL;
|
||||
}
|
||||
} elseif( isset($_POST['StartTOR']) ) {
|
||||
echo "Attempting to start TOR";
|
||||
exec( 'sudo /etc/init.d/tor start', $return );
|
||||
foreach( $return as $line ) {
|
||||
echo $line."<br />";
|
||||
echo htmlspecialchars($line, ENT_QUOTES).'<br />' , PHP_EOL;
|
||||
}
|
||||
} elseif( isset($_POST['StopTOR']) ) {
|
||||
echo "Attempting to stop TOR";
|
||||
exec( 'sudo /etc/init.d/tor stop', $return );
|
||||
foreach( $return as $line ) {
|
||||
echo $line."<br />";
|
||||
echo htmlspecialchars($line, ENT_QUOTES).'<br />' , PHP_EOL;
|
||||
}
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
||||
|
@ -62,7 +62,8 @@ function DisplayHostAPDConfig(){
|
||||
$arrConfig[$arrLine[0]]=$arrLine[1];
|
||||
}
|
||||
};
|
||||
?>
|
||||
|
||||
?>
|
||||
<div class="row">
|
||||
<div class="col-lg-12">
|
||||
<div class="panel panel-primary">
|
||||
@ -96,7 +97,7 @@ function DisplayHostAPDConfig(){
|
||||
<div class="row">
|
||||
<div class="form-group col-md-4">
|
||||
<label for="code"><?php echo _("SSID"); ?></label>
|
||||
<input type="text" class="form-control" name="ssid" value="<?php echo $arrConfig['ssid']; ?>" />
|
||||
<input type="text" class="form-control" name="ssid" value="<?php echo htmlspecialchars($arrConfig['ssid'], ENT_QUOTES); ?>" />
|
||||
</div>
|
||||
</div>
|
||||
<div class="row">
|
||||
@ -129,7 +130,7 @@ function DisplayHostAPDConfig(){
|
||||
<div class="row">
|
||||
<div class="form-group col-md-4">
|
||||
<label for="code"><?php echo _("PSK"); ?></label>
|
||||
<input type="text" class="form-control" name="wpa_passphrase" value="<?php echo $arrConfig['wpa_passphrase'] ?>" />
|
||||
<input type="text" class="form-control" name="wpa_passphrase" value="<?php echo htmlspecialchars($arrConfig['wpa_passphrase'], ENT_QUOTES); ?>" />
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
@ -140,7 +141,7 @@ function DisplayHostAPDConfig(){
|
||||
<?php
|
||||
if($arrHostapdConf['LogEnable'] == 1) {
|
||||
$log = file_get_contents('/tmp/hostapd.log');
|
||||
echo '<br /><textarea class="logoutput">'.$log.'</textarea>';
|
||||
echo '<br /><textarea class="logoutput">'.htmlspecialchars($log, ENT_QUOTES).'</textarea>';
|
||||
} else {
|
||||
echo "<br />Logfile output not enabled";
|
||||
}
|
||||
@ -154,8 +155,14 @@ function DisplayHostAPDConfig(){
|
||||
<div class="col-md-4">
|
||||
<div class="form-check">
|
||||
<label class="form-check-label">
|
||||
<?php echo _("Enable logging"); ?> <?php $checked = ''; if($arrHostapdConf['LogEnable'] == 1) { $checked = 'checked'; } ?>
|
||||
<input id="logEnable" name ="logEnable" type="checkbox" class="form-check-input" value="1" <?php echo $checked; ?> />
|
||||
<?php echo _("Enable logging");
|
||||
$checked = '';
|
||||
if ($arrHostapdConf['LogEnable'] == 1) {
|
||||
$checked = ' checked="checked"';
|
||||
}
|
||||
|
||||
?>
|
||||
<input id="logEnable" name ="logEnable" type="checkbox" class="form-check-input" value="1"<?php echo $checked; ?> />
|
||||
</label>
|
||||
</div>
|
||||
</div>
|
||||
@ -163,7 +170,7 @@ function DisplayHostAPDConfig(){
|
||||
<div class="row">
|
||||
<div class="form-group col-md-4">
|
||||
<label for="code"><?php echo _("Country Code"); ?></label>
|
||||
<input type="hidden" id="selected_country" value="<?php echo $arrConfig['country_code'] ?>">
|
||||
<input type="hidden" id="selected_country" value="<?php echo htmlspecialchars($arrConfig['country_code'], ENT_QUOTES); ?>">
|
||||
<select class="form-control" id="countries" name="country_code">
|
||||
<option value="AF">Afghanistan</option>
|
||||
<option value="AX">Åland Islands</option>
|
||||
@ -414,29 +421,30 @@ function DisplayHostAPDConfig(){
|
||||
<option value="YE">Yemen</option>
|
||||
<option value="ZM">Zambia</option>
|
||||
<option value="ZW">Zimbabwe</option>
|
||||
</select>
|
||||
<script>
|
||||
country = document.getElementById("selected_country").value;
|
||||
countries = document.getElementById("countries");
|
||||
ops = countries.getElementsByTagName("option");
|
||||
for(i = 0;i < ops.length; i++) {
|
||||
if(ops[i].value == country){
|
||||
ops[i].selected=true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
</script>
|
||||
</select>
|
||||
<script type="text/javascript">
|
||||
var country = document.getElementById("selected_country").value;
|
||||
var countries = document.getElementById("countries");
|
||||
var ops = countries.getElementsByTagName("option");
|
||||
for (var i = 0; i < ops.length; ++i) {
|
||||
if(ops[i].value == country){
|
||||
ops[i].selected=true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
</script>
|
||||
</div>
|
||||
</div><!-- /.panel-body -->
|
||||
</div><!-- /.panel-primary -->
|
||||
<input type="submit" class="btn btn-outline btn-primary" name="SaveHostAPDSettings" value="<?php echo _("Save settings"); ?>" />
|
||||
<?php
|
||||
if($hostapdstatus[0] == 0) {
|
||||
echo '<input type="submit" class="btn btn-success" name="StartHotspot" value="' . _("Start hotspot") . '"/>';
|
||||
echo '<input type="submit" class="btn btn-success" name="StartHotspot" value="' . _("Start hotspot") . '"/>' , PHP_EOL;
|
||||
} else {
|
||||
echo '<input type="submit" class="btn btn-warning" name="StopHotspot" value="' . _("Stop hotspot") . '"/>';
|
||||
echo '<input type="submit" class="btn btn-warning" name="StopHotspot" value="' . _("Stop hotspot") . '"/>' , PHP_EOL;
|
||||
};
|
||||
?>
|
||||
?>
|
||||
</form>
|
||||
</div></div><!-- /.panel-primary -->
|
||||
<div class="panel-footer"> <?php echo _("Information provided by hostapd"); ?></div>
|
||||
@ -448,12 +456,17 @@ function DisplayHostAPDConfig(){
|
||||
function SaveHostAPDConfig($wpa_array, $enc_types, $modes, $interfaces, $status) {
|
||||
// It should not be possible to send bad data for these fields so clearly
|
||||
// someone is up to something if they fail. Fail silently.
|
||||
if (!(array_key_exists($_POST['wpa'], $wpa_array) && array_key_exists($_POST['wpa_pairwise'], $enc_types) && in_array($_POST['hw_mode'], $modes))) {
|
||||
error_log("Attempting to set hostapd config with wpa='".$_POST['wpa']."', wpa_pairwise='".$_POST['wpa_pairwise']."' and hw_mode='".$_POST['hw_mode']."'");
|
||||
if (!(array_key_exists($_POST['wpa'], $wpa_array) &&
|
||||
array_key_exists($_POST['wpa_pairwise'], $enc_types) &&
|
||||
in_array($_POST['hw_mode'], $modes))) {
|
||||
error_log("Attempting to set hostapd config with wpa='".$_POST['wpa']."', wpa_pairwise='".$_POST['wpa_pairwise']."' and hw_mode='".$_POST['hw_mode']."'"); // FIXME: log injection
|
||||
return false;
|
||||
}
|
||||
if ((!filter_var($_POST['channel'], FILTER_VALIDATE_INT)) || intval($_POST['channel']) < 1 || intval($_POST['channel']) > 14) {
|
||||
error_log("Attempting to set channel to '".$_POST['channel']."'");
|
||||
|
||||
if ((!filter_var($_POST['channel'], FILTER_VALIDATE_INT)) ||
|
||||
intval($_POST['channel']) < 1 ||
|
||||
intval($_POST['channel']) > 14) {
|
||||
error_log("Attempting to set channel to '".$_POST['channel']."'"); // FIXME: log injection
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -477,25 +490,29 @@ function SaveHostAPDConfig($wpa_array, $enc_types, $modes, $interfaces, $status)
|
||||
exec('sudo /etc/raspap/hostapd/disablelog.sh');
|
||||
}
|
||||
}
|
||||
|
||||
write_php_ini(["LogEnable" => $logEnable],'/etc/raspap/hostapd.ini');
|
||||
|
||||
// Verify input
|
||||
if (strlen($_POST['ssid']) == 0 || strlen($_POST['ssid']) > 32) {
|
||||
if (empty($_POST['ssid']) || strlen($_POST['ssid']) > 32) {
|
||||
// Not sure of all the restrictions of SSID
|
||||
$status->addMessage('SSID must be between 1 and 32 characters', 'danger');
|
||||
$good_input = false;
|
||||
}
|
||||
|
||||
if (strlen($_POST['wpa_passphrase']) < 8 || strlen($_POST['wpa_passphrase']) > 63) {
|
||||
$status->addMessage('WPA passphrase must be between 8 and 63 characters', 'danger');
|
||||
$good_input = false;
|
||||
}
|
||||
|
||||
if (! in_array($_POST['interface'], $interfaces)) {
|
||||
// The user is probably up to something here but it may also be a
|
||||
// genuine error.
|
||||
$status->addMessage('Unknown interface '.$_POST['interface'], 'danger');
|
||||
$good_input = false;
|
||||
}
|
||||
if (strlen($_POST['country_code']) != 0 && strlen($_POST['country_code']) != 2) {
|
||||
|
||||
if (strlen($_POST['country_code']) !== 0 && strlen($_POST['country_code']) != 2) {
|
||||
$status->addMessage('Country code must be blank or two characters', 'danger');
|
||||
$good_input = false;
|
||||
}
|
||||
@ -510,6 +527,7 @@ function SaveHostAPDConfig($wpa_array, $enc_types, $modes, $interfaces, $status)
|
||||
fwrite($tmp_file, 'auth_algs=1'.PHP_EOL);
|
||||
fwrite($tmp_file, 'wpa_key_mgmt=WPA-PSK'.PHP_EOL);
|
||||
|
||||
// TODO: deal with ini file value escaping. E.g. ssid=E=mc2 becomes ssid=E\=mc2
|
||||
fwrite($tmp_file, 'ssid='.$_POST['ssid'].PHP_EOL);
|
||||
fwrite($tmp_file, 'channel='.$_POST['channel'].PHP_EOL);
|
||||
fwrite($tmp_file, 'hw_mode='.$_POST['hw_mode'].PHP_EOL);
|
||||
@ -531,6 +549,7 @@ function SaveHostAPDConfig($wpa_array, $enc_types, $modes, $interfaces, $status)
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
?>
|
||||
|
||||
|
@ -30,7 +30,7 @@ function DisplayNetworkingConfig(){
|
||||
<li role="presentation" class="active"><a href="#summary" aria-controls="summary" role="tab" data-toggle="tab"><?php echo _("Summary"); ?></a></li>
|
||||
<?php
|
||||
foreach($interfaces as $interface) {
|
||||
echo '<li role="presentation"><a href="#'.$interface.'" aria-controls="'.$interface.'" role="tab" data-toggle="tab">'.$interface.'</a></li>';
|
||||
echo '<li role="presentation"><a href="#'.htmlspecialchars($interface, ENT_QUOTES).'" aria-controls="'.htmlspecialchars($interface, ENT_QUOTES).'" role="tab" data-toggle="tab">'.htmlspecialchars($interface, ENT_QUOTES).'</a></li>';
|
||||
}
|
||||
?>
|
||||
</ul>
|
||||
@ -42,8 +42,8 @@ function DisplayNetworkingConfig(){
|
||||
foreach($interfaces as $interface) {
|
||||
echo '<div class="col-md-6">
|
||||
<div class="panel panel-default">
|
||||
<div class="panel-heading">'.$interface.'</div>
|
||||
<div class="panel-body" id="'.$interface.'-summary"></div>
|
||||
<div class="panel-heading">'.htmlspecialchars($interface, ENT_QUOTES).'</div>
|
||||
<div class="panel-body" id="'.htmlspecialchars($interface, ENT_QUOTES).'-summary"></div>
|
||||
</div>
|
||||
</div>';
|
||||
}
|
||||
@ -55,63 +55,63 @@ function DisplayNetworkingConfig(){
|
||||
</div><!-- /.row -->
|
||||
</div><!-- /.col-lg-12 -->
|
||||
</div><!-- /.tab-pane -->
|
||||
<?php
|
||||
<?php
|
||||
foreach($interfaces as $interface) {
|
||||
echo '
|
||||
<div role="tabpanel" class="tab-pane fade in" id="'.$interface.'">
|
||||
<div role="tabpanel" class="tab-pane fade in" id="'.htmlspecialchars($interface, ENT_QUOTES).'">
|
||||
<div class="row">
|
||||
<div class="col-lg-6">
|
||||
<form id="frm-'.$interface.'">
|
||||
<form id="frm-'.htmlspecialchars($interface, ENT_QUOTES).'">
|
||||
<div class="form-group">
|
||||
<h4>' . _("Adapter IP Address Settings") . '</h4>
|
||||
<div class="btn-group" data-toggle="buttons">
|
||||
<label class="btn btn-primary">
|
||||
<input type="radio" name="'.$interface.'-addresstype" id="'.$interface.'-dhcp" autocomplete="off">' . _("DHCP") . '
|
||||
<input type="radio" name="'.htmlspecialchars($interface, ENT_QUOTES).'-addresstype" id="'.htmlspecialchars($interface, ENT_QUOTES).'-dhcp" autocomplete="off">' . _("DHCP") . '
|
||||
</label>
|
||||
<label class="btn btn-primary">
|
||||
<input type="radio" name="'.$interface.'-addresstype" id="'.$interface.'-static" autocomplete="off">' . _("Static IP") . '
|
||||
<input type="radio" name="'.htmlspecialchars($interface, ENT_QUOTES).'-addresstype" id="'.htmlspecialchars($interface, ENT_QUOTES).'-static" autocomplete="off">' . _("Static IP") . '
|
||||
</label>
|
||||
</div><!-- /.btn-group -->
|
||||
<h4>' . _("Enable Fallback to Static Option") . '</h4>
|
||||
<div class="btn-group" data-toggle="buttons">
|
||||
<label class="btn btn-primary">
|
||||
<input type="radio" name="'.$interface.'-dhcpfailover" id="'.$interface.'-failover" autocomplete="off">' . _("Enabled") . '
|
||||
<input type="radio" name="'.htmlspecialchars($interface, ENT_QUOTES).'-dhcpfailover" id="'.htmlspecialchars($interface, ENT_QUOTES).'-failover" autocomplete="off">' . _("Enabled") . '
|
||||
</label>
|
||||
<label class="btn btn-warning">
|
||||
<input type="radio" name="'.$interface.'-dhcpfailover" id="'.$interface.'-nofailover" autocomplete="off">' . _("Disabled") . '
|
||||
<input type="radio" name="'.htmlspecialchars($interface, ENT_QUOTES).'-dhcpfailover" id="'.htmlspecialchars($interface, ENT_QUOTES).'-nofailover" autocomplete="off">' . _("Disabled") . '
|
||||
</label>
|
||||
</div><!-- /.btn-group -->
|
||||
</div><!-- /.form-group -->
|
||||
<hr />
|
||||
<h4>' . _("Static IP Options") . '</h4>
|
||||
<div class="form-group">
|
||||
<label for="'.$interface.'-ipaddress">' . _("IP Address") . '</label>
|
||||
<input type="text" class="form-control" id="'.$interface.'-ipaddress" placeholder="0.0.0.0">
|
||||
<label for="'.htmlspecialchars($interface, ENT_QUOTES).'-ipaddress">' . _("IP Address") . '</label>
|
||||
<input type="text" class="form-control" id="'.htmlspecialchars($interface, ENT_QUOTES).'-ipaddress" placeholder="0.0.0.0">
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="'.$interface.'-netmask">' . _("Subnet Mask") . '</label>
|
||||
<input type="text" class="form-control" id="'.$interface.'-netmask" placeholder="255.255.255.0">
|
||||
<label for="'.htmlspecialchars($interface, ENT_QUOTES).'-netmask">' . _("Subnet Mask") . '</label>
|
||||
<input type="text" class="form-control" id="'.htmlspecialchars($interface, ENT_QUOTES).'-netmask" placeholder="255.255.255.0">
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="'.$interface.'-gateway">' . _("Default Gateway") . '</label>
|
||||
<input type="text" class="form-control" id="'.$interface.'-gateway" placeholder="0.0.0.0">
|
||||
<label for="'.htmlspecialchars($interface, ENT_QUOTES).'-gateway">' . _("Default Gateway") . '</label>
|
||||
<input type="text" class="form-control" id="'.htmlspecialchars($interface, ENT_QUOTES).'-gateway" placeholder="0.0.0.0">
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="'.$interface.'-dnssvr">' . _("DNS Server") . '</label>
|
||||
<input type="text" class="form-control" id="'.$interface.'-dnssvr" placeholder="0.0.0.0">
|
||||
<label for="'.htmlspecialchars($interface, ENT_QUOTES).'-dnssvr">' . _("DNS Server") . '</label>
|
||||
<input type="text" class="form-control" id="'.htmlspecialchars($interface, ENT_QUOTES).'-dnssvr" placeholder="0.0.0.0">
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="'.$interface.'-dnssvralt">' . _("Alternate DNS Server") . '</label>
|
||||
<input type="text" class="form-control" id="'.$interface.'-dnssvralt" placeholder="0.0.0.0">
|
||||
<label for="'.htmlspecialchars($interface, ENT_QUOTES).'-dnssvralt">' . _("Alternate DNS Server") . '</label>
|
||||
<input type="text" class="form-control" id="'.htmlspecialchars($interface, ENT_QUOTES).'-dnssvralt" placeholder="0.0.0.0">
|
||||
</div>
|
||||
<a href="#" class="btn btn-outline btn-primary intsave" data-int="'.$interface.'">' . _("Save settings") . '</a>
|
||||
<a href="#" class="btn btn-warning intapply" data-int="'.$interface.'">' . _("Apply settings") . '</a>
|
||||
<a href="#" class="btn btn-outline btn-primary intsave" data-int="'.htmlspecialchars($interface, ENT_QUOTES).'">' . _("Save settings") . '</a>
|
||||
<a href="#" class="btn btn-warning intapply" data-int="'.htmlspecialchars($interface, ENT_QUOTES).'">' . _("Apply settings") . '</a>
|
||||
</form>
|
||||
</div>
|
||||
</div><!-- /.tab-panel -->
|
||||
</div>';
|
||||
}
|
||||
?>
|
||||
?>
|
||||
</div><!-- /.tab-content -->
|
||||
</div><!-- /.panel-body -->
|
||||
<div class="panel-footer"><?php echo _("Information provided by /sys/class/net"); ?></div>
|
||||
|
@ -35,6 +35,8 @@ function RPiVersion() {
|
||||
'a02082' => 'Pi 3 Model B',
|
||||
'a22082' => 'Pi 3 Model B'
|
||||
);
|
||||
|
||||
$cpuinfo_array = '';
|
||||
exec('cat /proc/cpuinfo', $cpuinfo_array);
|
||||
$rev = trim(array_pop(explode(':',array_pop(preg_grep("/^Revision/", $cpuinfo_array)))));
|
||||
if (array_key_exists($rev, $revisions)) {
|
||||
@ -141,23 +143,23 @@ function DisplaySystem(){
|
||||
<div class="row">
|
||||
<div class="col-lg-6">
|
||||
<h4><?php echo _("System Information"); ?></h4>
|
||||
<div class="info-item"><?php echo _("Hostname"); ?></div> <?php echo $hostname ?></br>
|
||||
<div class="info-item"><?php echo _("Pi Revision"); ?></div> <?php echo RPiVersion() ?></br>
|
||||
<div class="info-item"><?php echo _("Uptime"); ?></div> <?php echo $uptime ?></br></br>
|
||||
<div class="info-item"><?php echo _("Hostname"); ?></div> <?php echo htmlspecialchars($hostname, ENT_QUOTES); ?></br>
|
||||
<div class="info-item"><?php echo _("Pi Revision"); ?></div> <?php echo htmlspecialchars(RPiVersion(), ENT_QUOTES); ?></br>
|
||||
<div class="info-item"><?php echo _("Uptime"); ?></div> <?php echo htmlspecialchars($uptime, ENT_QUOTES); ?></br></br>
|
||||
<div class="info-item"><?php echo _("Memory Used"); ?></div>
|
||||
<div class="progress">
|
||||
<div class="progress-bar progress-bar-<?php echo $memused_status ?> progress-bar-striped active"
|
||||
<div class="progress-bar progress-bar-<?php echo htmlspecialchars($memused_status, ENT_QUOTES); ?> progress-bar-striped active"
|
||||
role="progressbar"
|
||||
aria-valuenow="<?php echo $memused ?>" aria-valuemin="0" aria-valuemax="100"
|
||||
style="width: <?php echo $memused ?>%;"><?php echo $memused ?>%
|
||||
aria-valuenow="<?php echo htmlspecialchars($memused, ENT_QUOTES); ?>" aria-valuemin="0" aria-valuemax="100"
|
||||
style="width: <?php echo htmlspecialchars($memused, ENT_QUOTES); ?>%;"><?php echo htmlspecialchars($memused, ENT_QUOTES); ?>%
|
||||
</div>
|
||||
</div>
|
||||
<div class="info-item"><?php echo _("CPU Load"); ?></div>
|
||||
<div class="progress">
|
||||
<div class="progress-bar progress-bar-<?php echo $cpuload_status ?> progress-bar-striped active"
|
||||
<div class="progress-bar progress-bar-<?php echo htmlspecialchars($cpuload_status, ENT_QUOTES); ?> progress-bar-striped active"
|
||||
role="progressbar"
|
||||
aria-valuenow="<?php echo $cpuload ?>" aria-valuemin="0" aria-valuemax="100"
|
||||
style="width: <?php echo $cpuload ?>%;"><?php echo $cpuload ?>%
|
||||
aria-valuenow="<?php echo htmlspecialchars($cpuload, ENT_QUOTES); ?>" aria-valuemin="0" aria-valuemax="100"
|
||||
style="width: <?php echo htmlspecialchars($cpuload, ENT_QUOTES); ?>%;"><?php echo htmlspecialchars($cpuload, ENT_QUOTES); ?>%
|
||||
</div>
|
||||
</div>
|
||||
|
||||
@ -200,9 +202,9 @@ function DisplaySystem(){
|
||||
</form>
|
||||
</div><!-- /.panel-primary -->
|
||||
<div class="panel-footer"></div>
|
||||
</div><!-- /.panel-primary -->
|
||||
</div><!-- /.col-lg-12 -->
|
||||
</div><!-- /.row -->
|
||||
</xdiv>
|
||||
<?php
|
||||
}
|
||||
?>
|
||||
|
||||
|
@ -11,13 +11,13 @@ function DisplayThemeConfig(){
|
||||
|
||||
switch( $_COOKIE['theme'] ) {
|
||||
case "custom.css":
|
||||
$cselected = "selected";
|
||||
$cselected = ' selected="selected"';
|
||||
break;
|
||||
case "hackernews.css":
|
||||
$hselected = "selected";
|
||||
$hselected = ' selected="selected"';
|
||||
break;
|
||||
case "terminal.css":
|
||||
$tselected = "selected";
|
||||
$tselected = ' selected="selected"';
|
||||
break;
|
||||
}
|
||||
|
||||
@ -37,9 +37,9 @@ function DisplayThemeConfig(){
|
||||
<div class="form-group col-md-6">
|
||||
<label for="code"><?php echo _("Select a theme"); ?></label>
|
||||
<select class="form-control" id="theme-select"><?php echo _("Select a Theme"); ?>
|
||||
<option value="default" class="theme-link" <?php echo $cselected; ?>>RaspAP (default)</option>
|
||||
<option value="default" class="theme-link"<?php echo $cselected; ?>>RaspAP (default)</option>
|
||||
<option value="hackernews" class="theme-link"<?php echo $hselected; ?>>HackerNews</option>
|
||||
<option value="terminal" class="theme-link" <?php echo $tselected; ?>>Terminal</option>
|
||||
<option value="terminal" class="theme-link"<?php echo $tselected; ?>>Terminal</option>
|
||||
</select>
|
||||
</div>
|
||||
</div>
|
||||
@ -59,5 +59,4 @@ function DisplayThemeConfig(){
|
||||
</div><!-- /.row -->
|
||||
<?php
|
||||
}
|
||||
?>
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user