frodovdr/raspap-webgui
1
0
Fork 0
mirror of https://github.com/billz/raspap-webgui.git synced 2023-10-10 13:37:24 +02:00
Code Issues Releases Wiki Activity

fix command injection issue. fixes #354.

Browse Source
This commit is contained in:
glaszig 2019-07-30 20:51:48 +02:00
parent d81d1b0a10
commit a6d3336212
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
includes/dhcp.php
View File

@ -48,7 +48,7 @@ function DisplayDHCPConfig()
} }
$config .= $_POST['RangeLeaseTimeUnits']; $config .= $_POST['RangeLeaseTimeUnits'];
exec('echo "'.$config.'" > /tmp/dhcpddata', $temp); file_put_contents("/tmp/dhcpddata", $config);
system('sudo cp /tmp/dhcpddata '.RASPI_DNSMASQ_CONFIG, $return); system('sudo cp /tmp/dhcpddata '.RASPI_DNSMASQ_CONFIG, $return);
} else { } else {
$status->addMessage($errors, 'danger'); $status->addMessage($errors, 'danger');

6
includes/hostapd.php
View File

@ -638,7 +638,7 @@ function SaveHostAPDConfig($wpa_array, $enc_types, $modes, $interfaces, $status)
$config.= 'country_code='.$_POST['country_code'].PHP_EOL; $config.= 'country_code='.$_POST['country_code'].PHP_EOL;
$config.= 'ignore_broadcast_ssid='.$ignore_broadcast_ssid.PHP_EOL; $config.= 'ignore_broadcast_ssid='.$ignore_broadcast_ssid.PHP_EOL;
exec('echo "'.$config.'" > /tmp/hostapddata', $temp); file_put_contents("/tmp/hostapddata", $config);
system("sudo cp /tmp/hostapddata " . RASPI_HOSTAPD_CONFIG, $return); system("sudo cp /tmp/hostapddata " . RASPI_HOSTAPD_CONFIG, $return);
if ($wifiAPEnable == 1) { if ($wifiAPEnable == 1) {
@ -655,7 +655,7 @@ function SaveHostAPDConfig($wpa_array, $enc_types, $modes, $interfaces, $status)
$config.= 'interface='.$_POST['interface'].PHP_EOL; $config.= 'interface='.$_POST['interface'].PHP_EOL;
$config.= 'dhcp-range=10.3.141.50,10.3.141.255,255.255.255.0,12h'.PHP_EOL; $config.= 'dhcp-range=10.3.141.50,10.3.141.255,255.255.255.0,12h'.PHP_EOL;
} }
exec('echo "'.$config.'" > /tmp/dhcpddata', $temp); file_put_contents("/tmp/dhcpddata", $config);
system('sudo cp /tmp/dhcpddata '.RASPI_DNSMASQ_CONFIG, $return); system('sudo cp /tmp/dhcpddata '.RASPI_DNSMASQ_CONFIG, $return);
if ($wifiAPEnable == 1) { if ($wifiAPEnable == 1) {
@ -682,7 +682,7 @@ function SaveHostAPDConfig($wpa_array, $enc_types, $modes, $interfaces, $status)
$config.= 'static routers=10.3.141.1'.PHP_EOL; $config.= 'static routers=10.3.141.1'.PHP_EOL;
$config.= 'static domain_name_server=1.1.1.1 8.8.8.8'.PHP_EOL; $config.= 'static domain_name_server=1.1.1.1 8.8.8.8'.PHP_EOL;
} }
exec('echo "'.$config.'" > /tmp/dhcpddata', $temp); file_put_contents("/tmp/dhcpddata", $config);
system('sudo cp /tmp/dhcpddata '.RASPI_DHCPCD_CONFIG, $return); system('sudo cp /tmp/dhcpddata '.RASPI_DHCPCD_CONFIG, $return);