From db6bf4c6b4e686bac73672797ceac14607c93ade Mon Sep 17 00:00:00 2001
From: eldstal <laeder.keps@gmail.com>
Date: Fri, 31 Mar 2023 22:18:55 +0200
Subject: [PATCH] Additional type check on sensitive network ID parameter

---
 includes/configure_client.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/includes/configure_client.php b/includes/configure_client.php
index 97df00e3..fc24058e 100755
--- a/includes/configure_client.php
+++ b/includes/configure_client.php
@@ -19,8 +19,10 @@ function DisplayWPAConfig()
         $result = 0;
         $iface = escapeshellarg($_SESSION['wifi_client_interface']);
         $netid = escapeshellarg(strval($_POST['connect']));
-        exec('sudo wpa_cli -i ' . $iface . ' select_network ' . $netid);
-        $status->addMessage('New network selected', 'success');
+        if (is_numeric($netid)) {
+            exec('sudo wpa_cli -i ' . $iface . ' select_network ' . $netid);
+            $status->addMessage('New network selected', 'success');
+        }
     } elseif (isset($_POST['wpa_reinit'])) {
         $status->addMessage('Reinitializing wpa_supplicant', 'info', false);
         $force_remove = true;