frodovdr
/
raspap-webgui
mirror of https://github.com/billz/raspap-webgui.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Update get_wgkey.php 

Validate and sanitize the entity name to avoid OS Command Injection Vulnerability
This commit is contained in:
sujphu 2023-09-13 10:26:04 +09:30 committed by GitHub
parent 7831afa29a
commit 98181c1b15
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ajax/networking/get_wgkey.php
View File

@ -5,7 +5,8 @@ require_once '../../includes/config.php';
$entity = $_POST['entity'];
if (isset($entity)) {
// Validate and sanitize the entity name
if (isset($entity)) && preg_match('/^[a-zA-Z0-9_-]+$/', $entity)){
// generate public/private key pairs for entity
$pubkey = RASPI_WIREGUARD_PATH.$entity.'-public.key';