Update get_wgkey.php
Validate and sanitize the entity name to avoid OS Command Injection Vulnerability
This commit is contained in:
parent
7831afa29a
commit
98181c1b15
|
@ -5,7 +5,8 @@ require_once '../../includes/config.php';
|
|||
|
||||
$entity = $_POST['entity'];
|
||||
|
||||
if (isset($entity)) {
|
||||
// Validate and sanitize the entity name
|
||||
if (isset($entity)) && preg_match('/^[a-zA-Z0-9_-]+$/', $entity)){
|
||||
|
||||
// generate public/private key pairs for entity
|
||||
$pubkey = RASPI_WIREGUARD_PATH.$entity.'-public.key';
|
||||
|
|
Loading…
Reference in New Issue