1
0
mirror of https://github.com/billz/raspap-webgui.git synced 2023-10-10 13:37:24 +02:00

Merge pull request #1303 from RaspAP/fix/sanitize-input

Sanitize post data w/ escapeshellcmd()
This commit is contained in:
Bill Zimmerman 2023-02-18 08:33:53 +01:00 committed by GitHub
commit f969236d93
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 3 additions and 3 deletions

View File

@ -5,7 +5,7 @@ require_once '../../includes/config.php';
require_once '../../includes/functions.php'; require_once '../../includes/functions.php';
if (isset($_POST['logfile'])) { if (isset($_POST['logfile'])) {
$logfile = $_POST['logfile']; $logfile = escapeshellcmd($_POST['logfile']);
// truncate requested log file // truncate requested log file
exec("sudo truncate -s 0 $logfile", $return); exec("sudo truncate -s 0 $logfile", $return);

View File

@ -5,7 +5,7 @@ require_once '../../includes/config.php';
require_once '../../includes/functions.php'; require_once '../../includes/functions.php';
if (isset($_POST['cfg_id'])) { if (isset($_POST['cfg_id'])) {
$ovpncfg_id = $_POST['cfg_id']; $ovpncfg_id = escapeshellcmd($_POST['cfg_id']);
$ovpncfg_client = RASPI_OPENVPN_CLIENT_PATH.$ovpncfg_id.'_client.conf'; $ovpncfg_client = RASPI_OPENVPN_CLIENT_PATH.$ovpncfg_id.'_client.conf';
$ovpncfg_login = RASPI_OPENVPN_CLIENT_PATH.$ovpncfg_id.'_login.conf'; $ovpncfg_login = RASPI_OPENVPN_CLIENT_PATH.$ovpncfg_id.'_login.conf';

View File

@ -5,7 +5,7 @@ require_once '../../includes/config.php';
require_once '../../includes/functions.php'; require_once '../../includes/functions.php';
if (isset($_POST['cfg_id'])) { if (isset($_POST['cfg_id'])) {
$ovpncfg_id = $_POST['cfg_id']; $ovpncfg_id = escapeshellcmd($_POST['cfg_id']);
$ovpncfg_files = pathinfo(RASPI_OPENVPN_CLIENT_LOGIN, PATHINFO_DIRNAME).'/'.$ovpncfg_id.'_*.conf'; $ovpncfg_files = pathinfo(RASPI_OPENVPN_CLIENT_LOGIN, PATHINFO_DIRNAME).'/'.$ovpncfg_id.'_*.conf';
exec("sudo rm $ovpncfg_files", $return); exec("sudo rm $ovpncfg_files", $return);
$jsonData = ['return'=>$return]; $jsonData = ['return'=>$return];