From b292ee218c3e9d114d1afadc24288aeca2012764 Mon Sep 17 00:00:00 2001 From: D9ping Date: Tue, 25 Sep 2018 21:32:31 +0200 Subject: [PATCH 1/3] Fix for #240 Signed-off-by: D9ping --- includes/dhcp.php | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/includes/dhcp.php b/includes/dhcp.php index 0ffb096b..c6cc91d9 100755 --- a/includes/dhcp.php +++ b/includes/dhcp.php @@ -29,7 +29,7 @@ function DisplayDHCPConfig() { $errors .= _('Invalid DHCP range end.').'
'.PHP_EOL; } - if (!ctype_digit($_POST['RangeLeaseTime'])) { + if (!ctype_digit($_POST['RangeLeaseTime']) && $_POST['RangeLeaseTimeUnits'] !== 'infinite') { $errors .= _('Invalid DHCP lease time, not a number.').'
'.PHP_EOL; } @@ -41,7 +41,12 @@ function DisplayDHCPConfig() { if (empty($errors)) { $config = 'interface='.$_POST['interface'].PHP_EOL. 'dhcp-range='.$_POST['RangeStart'].','.$_POST['RangeEnd']. - ',255.255.255.0,'.$_POST['RangeLeaseTime'].$_POST['RangeLeaseTimeUnits']; + ',255.255.255.0,'; + if ($_POST['RangeLeaseTimeUnits'] !== 'infinite') { + $config .= $_POST['RangeLeaseTime']; + } + + $config .= $_POST['RangeLeaseTimeUnits']; exec('echo "'.$config.'" > /tmp/dhcpddata', $temp); system('sudo cp /tmp/dhcpddata '.RASPI_DNSMASQ_CONFIG, $return); } else { From f925a01807dacf07d6909d6d9728719f79559047 Mon Sep 17 00:00:00 2001 From: D9ping Date: Tue, 25 Sep 2018 21:49:54 +0200 Subject: [PATCH 2/3] Properly selected ininite lease if ininite is selected. Made time units translatable. Signed-off-by: D9ping --- includes/dhcp.php | 41 +++++++++++++++++++++++------------------ 1 file changed, 23 insertions(+), 18 deletions(-) diff --git a/includes/dhcp.php b/includes/dhcp.php index c6cc91d9..5c7752a1 100755 --- a/includes/dhcp.php +++ b/includes/dhcp.php @@ -112,25 +112,30 @@ function DisplayDHCPConfig() { $RangeStart = $arrRange[0]; $RangeEnd = $arrRange[1]; $RangeMask = $arrRange[2]; - preg_match( '/([0-9]*)([a-z])/i', $arrRange[3], $arrRangeLeaseTime ); + $leaseTime = $arrRange[3]; $hselected = ''; $mselected = ''; $dselected = ''; - - switch( $arrRangeLeaseTime[2] ) { - case 'h': - $hselected = ' selected="selected"'; - break; - case 'm': - $mselected = ' selected="selected"'; - break; - case 'd': - $dselected = ' selected="selected"'; - break; + $infiniteselected = ''; + preg_match( '/([0-9]*)([a-z])/i', $leaseTime, $arrRangeLeaseTime ); + if ($leaseTime === 'infinite') { + $infiniteselected = ' selected="selected"'; + } else { + switch( $arrRangeLeaseTime[2] ) { + case 'h': + $hselected = ' selected="selected"'; + break; + case 'm': + $mselected = ' selected="selected"'; + break; + case 'd': + $dselected = ' selected="selected"'; + break; + } } - ?> +?>
@@ -161,7 +166,7 @@ function DisplayDHCPConfig() { foreach( $interfaces as $inet ) { $select = ''; if( $inet === $conf['interface'] ) { - $select = ' selected="selected"'; // FIXED use xhtml valid attribute + $select = ' selected="selected"'; } echo '
From ec1f8022fe2e681a4d90cbeaf7b005c46c78e8aa Mon Sep 17 00:00:00 2001 From: Tom Date: Tue, 2 Oct 2018 12:58:50 +0200 Subject: [PATCH 3/3] Fix xss in interface parameter. --- includes/hostapd.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/includes/hostapd.php b/includes/hostapd.php index c5a41bd3..f484fb0c 100755 --- a/includes/hostapd.php +++ b/includes/hostapd.php @@ -508,7 +508,7 @@ function SaveHostAPDConfig($wpa_array, $enc_types, $modes, $interfaces, $status) if (! in_array($_POST['interface'], $interfaces)) { // The user is probably up to something here but it may also be a // genuine error. - $status->addMessage('Unknown interface '.$_POST['interface'], 'danger'); + $status->addMessage('Unknown interface '.htmlspecialchars($_POST['interface'], ENT_QUOTES), 'danger'); $good_input = false; }