necro_nemesis
/
LabyrinthAP
mirror of https://github.com/necro-nemesis/LabyrinthAP
2
1
Fork 0
Code Issues Releases Wiki Activity

Escape client input, console output etc. before doing any echo.

Browse Source 
Signed-off-by: D9ping <D9ping@users.noreply.github.com>
pull/1/head
D9ping 6 years ago
parent 6be3680f8f
commit 2b03fa316d
12 changed files with 221 additions and 201 deletions
Show Stats Download Patch File Download Diff File

2
ajax/networking/get_int_config.php
Unescape Escape View File

@ -6,6 +6,7 @@ include_once('../../includes/functions.php');
if(isset($_POST['interface']) && isset($_POST['csrf_token']) && CSRFValidate()) {
$int = $_POST['interface'];
// FIXME slashes and other forbidden filename characters not stripped. [security]
if(!file_exists(RASPI_CONFIG_NETWORKING.'/'.$int.'.ini')) {
touch(RASPI_CONFIG_NETWORKING.'/'.$int.'.ini');
}
@ -21,4 +22,3 @@ if(isset($_POST['interface']) && isset($_POST['csrf_token']) && CSRFValidate())
echo json_encode($jsonData);
}
?>

8
includes/admin.php
Unescape Escape View File

@ -8,7 +8,7 @@ function DisplayAuthConfig($username, $password){
if (CSRFValidate()) {
if (password_verify($_POST['oldpass'], $password)) {
$new_username=trim($_POST['username']);
if ($_POST['newpass'] != $_POST['newpassagain']) {
if ($_POST['newpass'] !== $_POST['newpassagain']) {
$status->addMessage('New passwords do not match', 'danger');
} else if ($new_username == '') {
$status->addMessage('Username must not be empty', 'danger');
@ -16,7 +16,8 @@ function DisplayAuthConfig($username, $password){
if (!file_exists(RASPI_ADMIN_DETAILS)) {
$tmpauth = fopen(RASPI_ADMIN_DETAILS, 'w');
fclose($tmpauth);
}
}
if ($auth_file = fopen(RASPI_ADMIN_DETAILS, 'w')) {
fwrite($auth_file, $new_username.PHP_EOL);
fwrite($auth_file, password_hash($_POST['newpass'], PASSWORD_BCRYPT).PHP_EOL);
@ -46,7 +47,7 @@ function DisplayAuthConfig($username, $password){
<div class="row">
<div class="form-group col-md-4">
<label for="username"><?php echo _("Username"); ?></label>
<input type="text" class="form-control" name="username" value="<?php echo $username; ?>"/>
<input type="text" class="form-control" name="username" value="<?php echo htmlspecialchars($username, ENT_QUOTES); ?>"/>
</div>
</div>
<div class="row">
@ -76,4 +77,3 @@ function DisplayAuthConfig($username, $password){
<?php
}
?>

1
includes/authenticate.php
Unescape Escape View File

@ -10,4 +10,3 @@ if (!$validated) {
die ("Not authorized");
}
?>

1
includes/config.php
Unescape Escape View File

@ -31,4 +31,3 @@ define('RASPI_CHANGETHEME_ENABLED', true );
define('LOCALE_ROOT', 'locale');
define('LOCALE_DOMAIN', 'messages');
?>

15
includes/configure_client.php
Unescape Escape View File

@ -158,14 +158,14 @@ function DisplayWPAConfig(){
<div class="row">
<div class="col-lg-12">
<div class="panel panel-primary">
<div class="panel panel-primary">
<div class="panel-heading"><i class="fa fa-signal fa-fw"></i> <?php echo _("Configure client"); ?></div>
<!-- /.panel-heading -->
<div class="panel-body">
<p><?php $status->showMessages(); ?></p>
<h4><?php echo _("Client settings"); ?></h4>
<div class="btn-group btn-block">
<a href=".?<?php echo $_SERVER['QUERY_STRING']; ?>" style="padding:10px;float: right;display: block;position: relative;margin-top: -55px;" class="col-md-2 btn btn-info" id="update"><?php echo _("Rescan"); ?></a>
<a href=".?<?php echo htmlspecialchars($_SERVER['QUERY_STRING'], ENT_QUOTES); ?>" style="padding:10px;float: right;display: block;position: relative;margin-top: -55px;" class="col-md-2 btn btn-info" id="update"><?php echo _("Rescan"); ?></a>
</div>
<form method="POST" action="?page=wpa_conf" name="wpa_conf_form">
<?php CSRFToken() ?>
@ -191,19 +191,19 @@ function DisplayWPAConfig(){
<?php } ?>
</td>
<td>
<input type="hidden" name="ssid<?php echo $index ?>" value="<?php echo htmlentities($ssid) ?>" />
<?php echo $ssid ?>
<input type="hidden" name="ssid<?php echo $index ?>" value="<?php echo htmlentities($ssid, ENT_QUOTES) ?>" />
<?php echo htmlspecialchars($ssid, ENT_QUOTES); ?>
</td>
<?php if (array_key_exists('visible', $network) && $network['visible']) { ?>
<td><?php echo $network['channel'] ?></td>
<td><?php echo htmlspecialchars($network['channel'], ENT_QUOTES); ?></td>
<?php } else { ?>
<td><span class="label label-warning">X</span></td>
<?php } ?>
<td>
<?php if (array_key_exists('priority', $network)) { ?>
<input type="hidden" name="priority<?php echo $index ?>" value="<?php echo $network['priority'] ?>" />
<input type="hidden" name="priority<?php echo $index ?>" value="<?php echo htmlspecialchars($network['priority'], ENT_QUOTES); ?>" />
<?php } ?>
<input type="hidden" name="protocol<?php echo $index ?>" value="<?php echo $network['protocol'] ?>" /><?php echo $network['protocol'] ?>
<input type="hidden" name="protocol<?php echo $index ?>" value="<?php echo htmlspecialchars($network['protocol'], ENT_QUOTES); ?>" /><?php echo htmlspecialchars($network['protocol'], ENT_QUOTES); ?>
</td>
<?php if ($network['protocol'] === 'Open') { ?>
<td><input type="hidden" name="passphrase<?php echo $index ?>" value="" />---</td>
@ -233,4 +233,3 @@ function DisplayWPAConfig(){
<?php
}
?>

33
includes/dashboard.php
Unescape Escape View File

@ -85,16 +85,16 @@ function DisplayDashboard(){
<div class="panel panel-default">
<div class="panel-body">
<h4><?php echo _("Interface Information"); ?></h4>
<div class="info-item"><?php echo _("Interface Name"); ?></div> <?php echo RASPI_WIFI_CLIENT_INTERFACE ?></br>
<div class="info-item"><?php echo _("IP Address"); ?></div> <?php echo $strIPAddress ?></br>
<div class="info-item"><?php echo _("Subnet Mask"); ?></div> <?php echo $strNetMask ?></br>
<div class="info-item"><?php echo _("Mac Address"); ?></div> <?php echo $strHWAddress ?></br></br>
<div class="info-item"><?php echo _("Interface Name"); ?></div> <?php echo RASPI_WIFI_CLIENT_INTERFACE; ?><br />
<div class="info-item"><?php echo _("IP Address"); ?></div> <?php echo htmlspecialchars($strIPAddress, ENT_QUOTES); ?><br />
<div class="info-item"><?php echo _("Subnet Mask"); ?></div> <?php echo htmlspecialchars($strNetMask, ENT_QUOTES); ?><br />
<div class="info-item"><?php echo _("Mac Address"); ?></div> <?php echo htmlspecialchars($strHWAddress, ENT_QUOTES); ?><br /><br />
<h4><?php echo _("Interface Statistics"); ?></h4>
<div class="info-item"><?php echo _("Received Packets"); ?></div> <?php echo $strRxPackets ?></br>
<div class="info-item"><?php echo _("Received Bytes"); ?></div> <?php echo $strRxBytes ?></br></br>
<div class="info-item"><?php echo _("Transferred Packets"); ?></div> <?php echo $strTxPackets ?></br>
<div class="info-item"><?php echo _("Transferred Bytes"); ?></div> <?php echo $strTxBytes ?></br>
<div class="info-item"><?php echo _("Received Packets"); ?></div> <?php echo htmlspecialchars($strRxPackets, ENT_QUOTES); ?><br />
<div class="info-item"><?php echo _("Received Bytes"); ?></div> <?php echo htmlspecialchars($strRxBytes, ENT_QUOTES); ?><br /><br />
<div class="info-item"><?php echo _("Transferred Packets"); ?></div> <?php echo htmlspecialchars($strTxPackets, ENT_QUOTES); ?><br />
<div class="info-item"><?php echo _("Transferred Bytes"); ?></div> <?php echo htmlspecialchars($strTxBytes, ENT_QUOTES); ?><br />
</div><!-- /.panel-body -->
</div><!-- /.panel-default -->
</div><!-- /.col-md-6 -->
@ -102,18 +102,18 @@ function DisplayDashboard(){
<div class="panel panel-default">
<div class="panel-body wireless">
<h4><?php echo _("Wireless Information"); ?></h4>
<div class="info-item"><?php echo _("Connected To"); ?></div> <?php echo $strSSID ?></br>
<div class="info-item"><?php echo _("AP Mac Address"); ?></div> <?php echo $strBSSID ?></br>
<div class="info-item"><?php echo _("Bitrate"); ?></div> <?php echo $strBitrate ?></br>
<div class="info-item"><?php echo _("Signal Level"); ?></div> <?php echo $strSignalLevel ?></br>
<div class="info-item"><?php echo _("Transmit Power"); ?></div> <?php echo $strTxPower ?></br>
<div class="info-item"><?php echo _("Frequency"); ?></div> <?php echo $strFrequency ?></br></br>
<div class="info-item"><?php echo _("Connected To"); ?></div> <?php echo htmlspecialchars($strSSID, ENT_QUOTES); ?><br />
<div class="info-item"><?php echo _("AP Mac Address"); ?></div> <?php echo htmlspecialchars($strBSSID, ENT_QUOTES); ?><br />
<div class="info-item"><?php echo _("Bitrate"); ?></div> <?php echo htmlspecialchars($strBitrate, ENT_QUOTES); ?><br />
<div class="info-item"><?php echo _("Signal Level"); ?></div> <?php echo htmlspecialchars($strSignalLevel, ENT_QUOTES); ?><br />
<div class="info-item"><?php echo _("Transmit Power"); ?></div> <?php echo htmlspecialchars($strTxPower, ENT_QUOTES); ?><br />
<div class="info-item"><?php echo _("Frequency"); ?></div> <?php echo htmlspecialchars($strFrequency, ENT_QUOTES); ?><br /><br />
<div class="info-item"><?php echo _("Link Quality"); ?></div>
<div class="progress">
<div class="progress-bar progress-bar-info progress-bar-striped active"
role="progressbar"
aria-valuenow="<?php echo $strLinkQuality ?>" aria-valuemin="0" aria-valuemax="100"
style="width: <?php echo $strLinkQuality ?>%;"><?php echo $strLinkQuality ?>%
aria-valuenow="<?php echo htmlspecialchars($strLinkQuality, ENT_QUOTES); ?>" aria-valuemin="0" aria-valuemax="100"
style="width: <?php echo htmlspecialchars($strLinkQuality, ENT_QUOTES); ?>%;"><?php echo htmlspecialchars($strLinkQuality, ENT_QUOTES); ?>%
</div>
</div>
</div><!-- /.panel-body -->
@ -143,4 +143,3 @@ function DisplayDashboard(){
<?php
}
?>

71
includes/dhcp.php
Unescape Escape View File

@ -14,7 +14,7 @@ function DisplayDHCPConfig() {
if (CSRFValidate()) {
$config = 'interface='.$_POST['interface'].PHP_EOL
.'dhcp-range='.$_POST['RangeStart'].','.$_POST['RangeEnd'].',255.255.255.0,'.$_POST['RangeLeaseTime'].''.$_POST['RangeLeaseTimeUnits'];
exec( 'echo "'.$config.'" > /tmp/dhcpddata',$temp );
exec( 'echo "'.$config.'" > /tmp/dhcpddata',$temp);
system( 'sudo cp /tmp/dhcpddata '. RASPI_DNSMASQ_CONFIG, $return );
if( $return == 0 ) {
@ -83,14 +83,14 @@ function DisplayDHCPConfig() {
$dselected = '';
switch( $arrRangeLeaseTime[2] ) {
case "h":
$hselected = " selected";
case 'h':
$hselected = ' selected="selected"';
break;
case "m":
$mselected = " selected";
case 'm':
$mselected = ' selected="selected"';
break;
case "d":
$dselected = " selected";
case 'd':
$dselected = ' selected="selected"';
break;
}
@ -119,42 +119,49 @@ function DisplayDHCPConfig() {
<div class="form-group col-md-4">
<label for="code">Interface</label>
<select class="form-control" name="interface">
<?php
<?php
exec("ip -o link show | awk -F': ' '{print $2}'", $interfaces);
foreach( $interfaces as $int ) {
foreach( $interfaces as $inet ) {
$select = '';
if( $int == $conf['interface'] ) {
$select = " selected";
if( $inet === $conf['interface'] ) {
$select = ' selected="selected"'; // FIXED use xhtml valid attribute
}
echo '<option value="'.$int.'"'.$select.'>'.$int.'</option>';
}
?>
echo ' <option value="'.htmlspecialchars($inet, ENT_QUOTES).'"'.
$select.'>'.htmlspecialchars($inet, ENT_QUOTES).'</option>' , PHP_EOL;
}
?>
</select>
</div>
</div>
<div class="row">
<div class="form-group col-md-4">
<label for="code"><?php echo _("Starting IP Address"); ?></label>
<input type="text" class="form-control"name="RangeStart" value="<?php echo $RangeStart; ?>" />
<input type="text" class="form-control"name="RangeStart" value="<?php echo htmlspecialchars($RangeStart, ENT_QUOTES); ?>" />
</div>
</div>
<div class="row">
<div class="form-group col-md-4">
<label for="code"><?php echo _("Ending IP Address"); ?></label>
<input type="text" class="form-control" name="RangeEnd" value="<?php echo $RangeEnd; ?>" />
<input type="text" class="form-control" name="RangeEnd" value="<?php echo htmlspecialchars($RangeEnd, ENT_QUOTES); ?>" />
</div>
</div>
<div class="row">
<div class="form-group col-xs-2 col-sm-2">
<label for="code"><?php echo _("Lease Time"); ?></label>
<input type="text" class="form-control" name="RangeLeaseTime" value="<?php echo $arrRangeLeaseTime[1]; ?>" />
<input type="text" class="form-control" name="RangeLeaseTime" value="<?php echo htmlspecialchars($arrRangeLeaseTime[1], ENT_QUOTES); ?>" />
</div>
<div class="col-xs-2 col-sm-2">
<label for="code"><?php echo _("Interval"); ?></label>
<select name="RangeLeaseTimeUnits" class="form-control" ><option value="m" <?php echo $mselected; ?>>Minute(s)</option><option value="h" <?php echo $hselected; ?>>Hour(s)</option><option value="d" <?php echo $dselected; ?>>Day(s)</option><option value="infinite">Infinite</option></select>
<select name="RangeLeaseTimeUnits" class="form-control" >
<option value="m" <?php echo $mselected; ?>>Minute(s)</option>
<option value="h" <?php echo $hselected; ?>>Hour(s)</option>
<option value="d" <?php echo $dselected; ?>>Day(s)</option>
<option value="infinite">Infinite</option>
</select>
</div>
</div>
@ -166,7 +173,7 @@ function DisplayDHCPConfig() {
} else {
echo'<input type="submit" class="btn btn-success" value="' . _("Start dnsmasq") . '" name="startdhcpd" />';
}
?>
?>
</form>
</div><!-- /.tab-pane -->
@ -190,16 +197,18 @@ function DisplayDHCPConfig() {
</thead>
<tbody>
<tr>
<?php
exec( 'cat ' . RASPI_DNSMASQ_LEASES, $leases );
foreach( $leases as $lease ) {
$lease_items = explode(' ', $lease);
foreach( $lease_items as $lease_item ) {
echo '<td>' . $lease_item . '</td>';
}
echo '</tr>';
};
?>
<?php
exec( 'cat ' . RASPI_DNSMASQ_LEASES, $leases );
foreach( $leases as $lease ) {
$lease_items = explode(' ', $lease);
foreach( $lease_items as $lease_item ) {
echo ' <td>'.htmlspecialchars($lease_item, ENT_QUOTES).'</td>'.PHP_EOL;
}
echo ' </tr>'.PHP_EOL;
};
?>
</tr>
</tbody>
</table>
@ -210,12 +219,10 @@ function DisplayDHCPConfig() {
</div><!-- /.tab-pane -->
</div><!-- /.tab-content -->
</div><!-- ./ Panel body -->
<div class="panel-footer"> <?php echo _("Information provided by Dnsmasq");?></div>
<div class="panel-footer"> <?php echo _("Information provided by Dnsmasq"); ?></div>
</div><!-- /.panel-primary -->
</div><!-- /.col-lg-12 -->
</div><!-- /.row -->
<?php
}
?>

135
includes/functions.php
Unescape Escape View File

@ -55,7 +55,7 @@ function safefilerewrite($fileName, $dataToSave) {
*/
function CSRFToken() {
?>
<input id="csrf_token" type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>" />
<input id="csrf_token" type="hidden" name="csrf_token" value="<?php echo htmlspecialchars($_SESSION['csrf_token'], ENT_QUOTES);; ?>" />
<?php
}
@ -90,16 +90,19 @@ function isAssoc($arr) {
*
*/
function SelectorOptions($name, $options, $selected = null) {
echo "<select class=\"form-control\" name=\"$name\">";
echo '<select class="form-control" name="'.htmlspecialchars($name, ENT_QUOTES).'>' , PHP_EOL;
foreach ( $options as $opt => $label) {
$select = '';
$key = isAssoc($options) ? $opt : $label;
if( $key == $selected ) {
$select = " selected";
$select = ' selected="selected"';
}
echo "<option value=\"$key\"$select>$label</options>";
echo '<option value="'.htmlspecialchars($key, ENT_QUOTES).'"'.$select.'>'.
htmlspecialchars($label, ENT_QUOTES).'</options>' , PHP_EOL;
}
echo "</select>";
echo '</select>' , PHP_EOL;
}
/**
@ -220,96 +223,93 @@ function DisplayOpenVPNConfig() {
?>
<div class="row">
<div class="col-lg-12">
<div class="panel panel-primary">
<div class="panel-heading"><i class="fa fa-lock fa-fw"></i> Configure OpenVPN
</div>
<!-- /.panel-heading -->
<div class="panel-body">
<!-- Nav tabs -->
<ul class="nav nav-tabs">
<li class="active"><a href="#openvpnclient" data-toggle="tab">Client settings</a>
</li>
<li><a href="#openvpnserver" data-toggle="tab">Server settings</a>
</li>
</ul>
<!-- Tab panes -->
<div class="tab-content">
<p><?php echo $status; ?></p>
<div class="tab-pane fade in active" id="openvpnclient">
<h4>Client settings</h4>
<div class="panel panel-primary">
<div class="panel-heading"><i class="fa fa-lock fa-fw"></i> Configure OpenVPN </div>
<!-- /.panel-heading -->
<div class="panel-body">
<!-- Nav tabs -->
<ul class="nav nav-tabs">
<li class="active"><a href="#openvpnclient" data-toggle="tab">Client settings</a></li>
<li><a href="#openvpnserver" data-toggle="tab">Server settings</a></li>
</ul>
<!-- Tab panes -->
<div class="tab-content">
<p><?php echo $status; ?></p>
<div class="tab-pane fade in active" id="openvpnclient">
<h4>Client settings</h4>
<form role="form" action="?page=save_hostapd_conf" method="POST">
<div class="row">
<div class="form-group col-md-4">
<label>Select OpenVPN configuration file (.ovpn)</label>
<input type="file" name="openvpn-config">
</div>
<label>Select OpenVPN configuration file (.ovpn)</label>
<input type="file" name="openvpn-config">
</div>
</div>
<div class="row">
<div class="form-group col-md-4">
<label for="code">Client Log</label>
<input type="text" class="form-control" id="disabledInput" name="log-append" type="text" placeholder="<?php echo $arrClientConfig['log-append']; ?>" disabled />
<input type="text" class="form-control" id="disabledInput" name="log-append" type="text" placeholder="<?php echo htmlspecialchars($arrClientConfig['log-append'], ENT_QUOTES); ?>" disabled="disabled" />
</div>
</div>
</div>
<div class="tab-pane fade" id="openvpnserver">
<h4>Server settings</h4>
<div class="row">
<h4>Server settings</h4>
<div class="row">
<div class="form-group col-md-4">
<label for="code">Port</label>
<input type="text" class="form-control" name="openvpn_port" value="<?php echo $arrServerConfig['port'] ?>" />
<label for="code">Port</label>
<input type="text" class="form-control" name="openvpn_port" value="<?php echo htmlspecialchars($arrServerConfig['port'], ENT_QUOTES); ?>" />
</div>
</div>
<div class="row">
<div class="form-group col-md-4">
<label for="code">Protocol</label>
<input type="text" class="form-control" name="openvpn_proto" value="<?php echo $arrServerConfig['proto'] ?>" />
<input type="text" class="form-control" name="openvpn_proto" value="<?php echo htmlspecialchars($arrServerConfig['proto'], ENT_QUOTES); ?>" />
</div>
</div>
<div class="row">
<div class="form-group col-md-4">
<label for="code">Root CA certificate</label>
<input type="text" class="form-control" name="openvpn_rootca" placeholder="<?php echo $arrServerConfig['ca']; ?>" disabled />
<input type="text" class="form-control" name="openvpn_rootca" placeholder="<?php echo htmlspecialchars($arrServerConfig['ca'], ENT_QUOTES); ?>" disabled="disabled" />
</div>
</div>
<div class="row">
<div class="form-group col-md-4">
<label for="code">Server certificate</label>
<input type="text" class="form-control" name="openvpn_cert" placeholder="<?php echo $arrServerConfig['cert']; ?>" disabled />
<input type="text" class="form-control" name="openvpn_cert" placeholder="<?php echo htmlspecialchars($arrServerConfig['cert'], ENT_QUOTES); ?>" disabled="disabled" />
</div>
</div>
<div class="row">
<div class="form-group col-md-4">
<label for="code">Diffie Hellman parameters</label>
<input type="text" class="form-control" name="openvpn_dh" placeholder="<?php echo $arrServerConfig['dh']; ?>" disabled />
<input type="text" class="form-control" name="openvpn_dh" placeholder="<?php echo htmlspecialchars($arrServerConfig['dh'], ENT_QUOTES); ?>" disabled="disabled" />
</div>
</div>
<div class="row">
<div class="form-group col-md-4">
<label for="code">KeepAlive</label>
<input type="text" class="form-control" name="openvpn_keepalive" value="<?php echo $arrServerConfig['keepalive']; ?>" />
<input type="text" class="form-control" name="openvpn_keepalive" value="<?php echo htmlspecialchars($arrServerConfig['keepalive'], ENT_QUOTES); ?>" />
</div>
</div>
<div class="row">
<div class="form-group col-md-4">
<label for="code">Server log</label>
<input type="text" class="form-control" name="openvpn_status" placeholder="<?php echo $arrServerConfig['status']; ?>" disabled />
<input type="text" class="form-control" name="openvpn_status" placeholder="<?php echo htmlspecialchars($arrServerConfig['status'], ENT_QUOTES); ?>" disabled="disabled" />
</div>
</div>
</div>
</div>
<input type="submit" class="btn btn-outline btn-primary" name="SaveOpenVPNSettings" value="Save settings" />
<?php
if($hostapdstatus[0] == 0) {
echo '<input type="submit" class="btn btn-success" name="StartOpenVPN" value="Start OpenVPN" />';
echo '<input type="submit" class="btn btn-success" name="StartOpenVPN" value="Start OpenVPN" />' , PHP_EOL;
} else {
echo '<input type="submit" class="btn btn-warning" name="StopOpenVPN" value="Stop OpenVPN" />';
echo '<input type="submit" class="btn btn-warning" name="StopOpenVPN" value="Stop OpenVPN" />' , PHP_EOL;
}
?>
?>
</form>
</div><!-- /.panel-body -->
</div><!-- /.panel-primary -->
<div class="panel-footer"> Information provided by openvpn</div>
</div><!-- /.panel-primary -->
<div class="panel-footer"> Information provided by openvpn</div>
</div><!-- /.col-lg-12 -->
</div><!-- /.row -->
<?php
@ -339,12 +339,11 @@ function DisplayTorProxyConfig(){
}
}
?>
?>
<div class="row">
<div class="col-lg-12">
<div class="panel panel-primary">
<div class="panel-heading"><i class="fa fa-eye-slash fa-fw"></i> Configure TOR proxy
</div>
<div class="panel panel-primary">
<div class="panel-heading"><i class="fa fa-eye-slash fa-fw"></i> Configure TOR proxy</div>
<!-- /.panel-heading -->
<div class="panel-body">
<!-- Nav tabs -->
@ -365,37 +364,37 @@ function DisplayTorProxyConfig(){
<div class="row">
<div class="form-group col-md-4">
<label for="code">VirtualAddrNetwork</label>
<input type="text" class="form-control" name="virtualaddrnetwork" value="<?php echo $arrConfig['VirtualAddrNetwork']; ?>" />
<input type="text" class="form-control" name="virtualaddrnetwork" value="<?php echo htmlspecialchars($arrConfig['VirtualAddrNetwork'], ENT_QUOTES); ?>" />
</div>
</div>
<div class="row">
<div class="form-group col-md-4">
<label for="code">AutomapHostsSuffixes</label>
<input type="text" class="form-control" name="automaphostssuffixes" value="<?php echo $arrConfig['AutomapHostsSuffixes']; ?>" />
<input type="text" class="form-control" name="automaphostssuffixes" value="<?php echo htmlspecialchars($arrConfig['AutomapHostsSuffixes'], ENT_QUOTES); ?>" />
</div>
</div>
<div class="row">
<div class="form-group col-md-4">
<label for="code">AutomapHostsOnResolve</label>
<input type="text" class="form-control" name="automaphostsonresolve" value="<?php echo $arrConfig['AutomapHostsOnResolve']; ?>" />
<input type="text" class="form-control" name="automaphostsonresolve" value="<?php echo htmlspecialchars($arrConfig['AutomapHostsOnResolve'], ENT_QUOTES); ?>" />
</div>
</div>
<div class="row">
<div class="form-group col-md-4">
<label for="code">TransListenAddress</label>
<input type="text" class="form-control" name="translistenaddress" value="<?php echo $arrConfig['TransListenAddress']; ?>" />
<input type="text" class="form-control" name="translistenaddress" value="<?php echo htmlspecialchars($arrConfig['TransListenAddress'], ENT_QUOTES); ?>" />
</div>
</div>
<div class="row">
<div class="form-group col-md-4">
<label for="code">DNSPort</label>
<input type="text" class="form-control" name="dnsport" value="<?php echo $arrConfig['DNSPort']; ?>" />
<input type="text" class="form-control" name="dnsport" value="<?php echo htmlspecialchars($arrConfig['DNSPort'], ENT_QUOTES); ?>" />
</div>
</div>
<div class="row">
<div class="form-group col-md-4">
<label for="code">DNSListenAddress</label>
<input type="text" class="form-control" name="dnslistenaddress" value="<?php echo $arrConfig['DNSListenAddress']; ?>" />
<input type="text" class="form-control" name="dnslistenaddress" value="<?php echo htmlspecialchars($arrConfig['DNSListenAddress'], ENT_QUOTES); ?>" />
</div>
</div>
</div>
@ -404,47 +403,47 @@ function DisplayTorProxyConfig(){
<div class="row">
<div class="form-group col-md-4">
<label for="code">ORPort</label>
<input type="text" class="form-control" name="orport" value="<?php echo $arrConfig['ORPort']; ?>" />
<input type="text" class="form-control" name="orport" value="<?php echo htmlspecialchars($arrConfig['ORPort'], ENT_QUOTES); ?>" />
</div>
</div>
<div class="row">
<div class="form-group col-md-4">
<label for="code">ORListenAddress</label>
<input type="text" class="form-control" name="orlistenaddress" value="<?php echo $arrConfig['ORListenAddress']; ?>" />
<input type="text" class="form-control" name="orlistenaddress" value="<?php echo htmlspecialchars($arrConfig['ORListenAddress'], ENT_QUOTES); ?>" />
</div>
</div>
<div class="row">
<div class="form-group col-md-4">
<label for="code">Nickname</label>
<input type="text" class="form-control" name="nickname" value="<?php echo $arrConfig['Nickname']; ?>" />
<input type="text" class="form-control" name="nickname" value="<?php echo htmlspecialchars($arrConfig['Nickname'], ENT_QUOTES); ?>" />
</div>
</div>
<div class="row">
<div class="form-group col-md-4">
<label for="code">Address</label>
<input type="text" class="form-control" name="address" value="<?php echo $arrConfig['Address']; ?>" />
<input type="text" class="form-control" name="address" value="<?php echo htmlspecialchars($arrConfig['Address'], ENT_QUOTES); ?>" />
</div>
</div>
<div class="row">
<div class="form-group col-md-4">
<label for="code">RelayBandwidthRate</label>
<input type="text" class="form-control" name="relaybandwidthrate" value="<?php echo $arrConfig['RelayBandwidthRate']; ?>" />
<input type="text" class="form-control" name="relaybandwidthrate" value="<?php echo htmlspecialchars($arrConfig['RelayBandwidthRate'], ENT_QUOTES); ?>" />
</div>
</div>
<div class="row">
<div class="form-group col-md-4">
<label for="code">RelayBandwidthBurst</label>
<input type="text" class="form-control" name="relaybandwidthburst" value="<?php echo $arrConfig['RelayBandwidthBurst']; ?>" />
<input type="text" class="form-control" name="relaybandwidthburst" value="<?php echo htmlspecialchars($arrConfig['RelayBandwidthBurst'], ENT_QUOTES); ?>" />
</div>
</div>
</div>
</div>
<input type="submit" class="btn btn-outline btn-primary" name="SaveTORProxySettings" value="Save settings" />
<?php
if( $torproxystatus[0] == 0 ) {
echo '<input type="submit" class="btn btn-success" name="StartTOR" value="Start TOR" />';
echo '<input type="submit" class="btn btn-success" name="StartTOR" value="Start TOR" />' , PHP_EOL;
} else {
echo '<input type="submit" class="btn btn-warning" name="StopTOR" value="Stop TOR" />';
echo '<input type="submit" class="btn btn-warning" name="StopTOR" value="Stop TOR" />' , PHP_EOL;
};
?>
</form>
@ -470,26 +469,26 @@ function SaveTORAndVPNConfig(){
echo "Attempting to start openvpn";
exec( 'sudo /etc/init.d/openvpn start', $return );
foreach( $return as $line ) {
echo $line."<br />";
echo htmlspecialchars($line, ENT_QUOTES).'<br />' , PHP_EOL;
}
} elseif( isset($_POST['StopOpenVPN']) ) {
echo "Attempting to stop openvpn";
exec( 'sudo /etc/init.d/openvpn stop', $return );
foreach( $return as $line ) {
echo $line."<br />";
echo htmlspecialchars($line, ENT_QUOTES).'<br />' , PHP_EOL;
}
} elseif( isset($_POST['StartTOR']) ) {
echo "Attempting to start TOR";
exec( 'sudo /etc/init.d/tor start', $return );
foreach( $return as $line ) {
echo $line."<br />";
echo htmlspecialchars($line, ENT_QUOTES).'<br />' , PHP_EOL;
}
} elseif( isset($_POST['StopTOR']) ) {
echo "Attempting to stop TOR";
exec( 'sudo /etc/init.d/tor stop', $return );
foreach( $return as $line ) {
echo $line."<br />";
echo htmlspecialchars($line, ENT_QUOTES).'<br />' , PHP_EOL;
}
}
}
?>

77
includes/hostapd.php
Unescape Escape View File

@ -62,7 +62,8 @@ function DisplayHostAPDConfig(){
$arrConfig[$arrLine[0]]=$arrLine[1];
}
};
?>
?>
<div class="row">
<div class="col-lg-12">
<div class="panel panel-primary">
@ -96,7 +97,7 @@ function DisplayHostAPDConfig(){
<div class="row">
<div class="form-group col-md-4">
<label for="code"><?php echo _("SSID"); ?></label>
<input type="text" class="form-control" name="ssid" value="<?php echo $arrConfig['ssid']; ?>" />
<input type="text" class="form-control" name="ssid" value="<?php echo htmlspecialchars($arrConfig['ssid'], ENT_QUOTES); ?>" />
</div>
</div>
<div class="row">
@ -129,7 +130,7 @@ function DisplayHostAPDConfig(){
<div class="row">
<div class="form-group col-md-4">
<label for="code"><?php echo _("PSK"); ?></label>
<input type="text" class="form-control" name="wpa_passphrase" value="<?php echo $arrConfig['wpa_passphrase'] ?>" />
<input type="text" class="form-control" name="wpa_passphrase" value="<?php echo htmlspecialchars($arrConfig['wpa_passphrase'], ENT_QUOTES); ?>" />
</div>
</div>
</div>
@ -140,7 +141,7 @@ function DisplayHostAPDConfig(){
<?php
if($arrHostapdConf['LogEnable'] == 1) {
$log = file_get_contents('/tmp/hostapd.log');
echo '<br /><textarea class="logoutput">'.$log.'</textarea>';
echo '<br /><textarea class="logoutput">'.htmlspecialchars($log, ENT_QUOTES).'</textarea>';
} else {
echo "<br />Logfile output not enabled";
}
@ -154,8 +155,14 @@ function DisplayHostAPDConfig(){
<div class="col-md-4">
<div class="form-check">
<label class="form-check-label">
<?php echo _("Enable logging"); ?> <?php $checked = ''; if($arrHostapdConf['LogEnable'] == 1) { $checked = 'checked'; } ?>
<input id="logEnable" name ="logEnable" type="checkbox" class="form-check-input" value="1" <?php echo $checked; ?> />
<?php echo _("Enable logging");
$checked = '';
if ($arrHostapdConf['LogEnable'] == 1) {
$checked = ' checked="checked"';
}
?>
<input id="logEnable" name ="logEnable" type="checkbox" class="form-check-input" value="1"<?php echo $checked; ?> />
</label>
</div>
</div>
@ -163,7 +170,7 @@ function DisplayHostAPDConfig(){
<div class="row">
<div class="form-group col-md-4">
<label for="code"><?php echo _("Country Code"); ?></label>
<input type="hidden" id="selected_country" value="<?php echo $arrConfig['country_code'] ?>">
<input type="hidden" id="selected_country" value="<?php echo htmlspecialchars($arrConfig['country_code'], ENT_QUOTES); ?>">
<select class="form-control" id="countries" name="country_code">
<option value="AF">Afghanistan</option>
<option value="AX">Åland Islands</option>
@ -414,29 +421,30 @@ function DisplayHostAPDConfig(){
<option value="YE">Yemen</option>
<option value="ZM">Zambia</option>
<option value="ZW">Zimbabwe</option>
</select>
<script>
country = document.getElementById("selected_country").value;
countries = document.getElementById("countries");
ops = countries.getElementsByTagName("option");
for(i = 0;i < ops.length; i++) {
if(ops[i].value == country){
ops[i].selected=true;
break;
}
}
</script>
</select>
<script type="text/javascript">
var country = document.getElementById("selected_country").value;
var countries = document.getElementById("countries");
var ops = countries.getElementsByTagName("option");
for (var i = 0; i < ops.length; ++i) {
if(ops[i].value == country){
ops[i].selected=true;
break;
}
}
</script>
</div>
</div><!-- /.panel-body -->
</div><!-- /.panel-primary -->
<input type="submit" class="btn btn-outline btn-primary" name="SaveHostAPDSettings" value="<?php echo _("Save settings"); ?>" />
<?php
if($hostapdstatus[0] == 0) {
echo '<input type="submit" class="btn btn-success" name="StartHotspot" value="' . _("Start hotspot") . '"/>';
echo '<input type="submit" class="btn btn-success" name="StartHotspot" value="' . _("Start hotspot") . '"/>' , PHP_EOL;
} else {
echo '<input type="submit" class="btn btn-warning" name="StopHotspot" value="' . _("Stop hotspot") . '"/>';
echo '<input type="submit" class="btn btn-warning" name="StopHotspot" value="' . _("Stop hotspot") . '"/>' , PHP_EOL;
};
?>
?>
</form>
</div></div><!-- /.panel-primary -->
<div class="panel-footer"> <?php echo _("Information provided by hostapd"); ?></div>
@ -448,12 +456,17 @@ function DisplayHostAPDConfig(){
function SaveHostAPDConfig($wpa_array, $enc_types, $modes, $interfaces, $status) {
// It should not be possible to send bad data for these fields so clearly
// someone is up to something if they fail. Fail silently.
if (!(array_key_exists($_POST['wpa'], $wpa_array) && array_key_exists($_POST['wpa_pairwise'], $enc_types) && in_array($_POST['hw_mode'], $modes))) {
error_log("Attempting to set hostapd config with wpa='".$_POST['wpa']."', wpa_pairwise='".$_POST['wpa_pairwise']."' and hw_mode='".$_POST['hw_mode']."'");
if (!(array_key_exists($_POST['wpa'], $wpa_array) &&
array_key_exists($_POST['wpa_pairwise'], $enc_types) &&
in_array($_POST['hw_mode'], $modes))) {
error_log("Attempting to set hostapd config with wpa='".$_POST['wpa']."', wpa_pairwise='".$_POST['wpa_pairwise']."' and hw_mode='".$_POST['hw_mode']."'"); // FIXME: log injection
return false;
}
if ((!filter_var($_POST['channel'], FILTER_VALIDATE_INT)) || intval($_POST['channel']) < 1 || intval($_POST['channel']) > 14) {
error_log("Attempting to set channel to '".$_POST['channel']."'");
if ((!filter_var($_POST['channel'], FILTER_VALIDATE_INT)) ||
intval($_POST['channel']) < 1 ||
intval($_POST['channel']) > 14) {
error_log("Attempting to set channel to '".$_POST['channel']."'"); // FIXME: log injection
return false;
}
@ -477,25 +490,29 @@ function SaveHostAPDConfig($wpa_array, $enc_types, $modes, $interfaces, $status)
exec('sudo /etc/raspap/hostapd/disablelog.sh');
}
}
write_php_ini(["LogEnable" => $logEnable],'/etc/raspap/hostapd.ini');
// Verify input
if (strlen($_POST['ssid']) == 0 || strlen($_POST['ssid']) > 32) {
if (empty($_POST['ssid']) || strlen($_POST['ssid']) > 32) {
// Not sure of all the restrictions of SSID
$status->addMessage('SSID must be between 1 and 32 characters', 'danger');
$good_input = false;
}
if (strlen($_POST['wpa_passphrase']) < 8 || strlen($_POST['wpa_passphrase']) > 63) {
$status->addMessage('WPA passphrase must be between 8 and 63 characters', 'danger');
$good_input = false;
}
if (! in_array($_POST['interface'], $interfaces)) {
// The user is probably up to something here but it may also be a
// genuine error.
$status->addMessage('Unknown interface '.$_POST['interface'], 'danger');
$good_input = false;
}
if (strlen($_POST['country_code']) != 0 && strlen($_POST['country_code']) != 2) {
if (strlen($_POST['country_code']) !== 0 && strlen($_POST['country_code']) != 2) {
$status->addMessage('Country code must be blank or two characters', 'danger');
$good_input = false;
}
@ -510,6 +527,7 @@ function SaveHostAPDConfig($wpa_array, $enc_types, $modes, $interfaces, $status)
fwrite($tmp_file, 'auth_algs=1'.PHP_EOL);
fwrite($tmp_file, 'wpa_key_mgmt=WPA-PSK'.PHP_EOL);
// TODO: deal with ini file value escaping. E.g. ssid=E=mc2 becomes ssid=E\=mc2
fwrite($tmp_file, 'ssid='.$_POST['ssid'].PHP_EOL);
fwrite($tmp_file, 'channel='.$_POST['channel'].PHP_EOL);
fwrite($tmp_file, 'hw_mode='.$_POST['hw_mode'].PHP_EOL);
@ -531,6 +549,7 @@ function SaveHostAPDConfig($wpa_array, $enc_types, $modes, $interfaces, $status)
return false;
}
}
return true;
}
?>

46
includes/networking.php
Unescape Escape View File

@ -30,7 +30,7 @@ function DisplayNetworkingConfig(){
<li role="presentation" class="active"><a href="#summary" aria-controls="summary" role="tab" data-toggle="tab"><?php echo _("Summary"); ?></a></li>
<?php
foreach($interfaces as $interface) {
echo '<li role="presentation"><a href="#'.$interface.'" aria-controls="'.$interface.'" role="tab" data-toggle="tab">'.$interface.'</a></li>';
echo '<li role="presentation"><a href="#'.htmlspecialchars($interface, ENT_QUOTES).'" aria-controls="'.htmlspecialchars($interface, ENT_QUOTES).'" role="tab" data-toggle="tab">'.htmlspecialchars($interface, ENT_QUOTES).'</a></li>';
}
?>
</ul>
@ -42,8 +42,8 @@ function DisplayNetworkingConfig(){
foreach($interfaces as $interface) {
echo '<div class="col-md-6">
<div class="panel panel-default">
<div class="panel-heading">'.$interface.'</div>
<div class="panel-body" id="'.$interface.'-summary"></div>
<div class="panel-heading">'.htmlspecialchars($interface, ENT_QUOTES).'</div>
<div class="panel-body" id="'.htmlspecialchars($interface, ENT_QUOTES).'-summary"></div>
</div>
</div>';
}
@ -55,63 +55,63 @@ function DisplayNetworkingConfig(){
</div><!-- /.row -->
</div><!-- /.col-lg-12 -->
</div><!-- /.tab-pane -->
<?php
<?php
foreach($interfaces as $interface) {
echo '
<div role="tabpanel" class="tab-pane fade in" id="'.$interface.'">
<div role="tabpanel" class="tab-pane fade in" id="'.htmlspecialchars($interface, ENT_QUOTES).'">
<div class="row">
<div class="col-lg-6">
<form id="frm-'.$interface.'">
<form id="frm-'.htmlspecialchars($interface, ENT_QUOTES).'">
<div class="form-group">
<h4>' . _("Adapter IP Address Settings") . '</h4>
<div class="btn-group" data-toggle="buttons">
<label class="btn btn-primary">
<input type="radio" name="'.$interface.'-addresstype" id="'.$interface.'-dhcp" autocomplete="off">' . _("DHCP") . '
<input type="radio" name="'.htmlspecialchars($interface, ENT_QUOTES).'-addresstype" id="'.htmlspecialchars($interface, ENT_QUOTES).'-dhcp" autocomplete="off">' . _("DHCP") . '
</label>
<label class="btn btn-primary">
<input type="radio" name="'.$interface.'-addresstype" id="'.$interface.'-static" autocomplete="off">' . _("Static IP") . '
<input type="radio" name="'.htmlspecialchars($interface, ENT_QUOTES).'-addresstype" id="'.htmlspecialchars($interface, ENT_QUOTES).'-static" autocomplete="off">' . _("Static IP") . '
</label>
</div><!-- /.btn-group -->
<h4>' . _("Enable Fallback to Static Option") . '</h4>
<div class="btn-group" data-toggle="buttons">
<label class="btn btn-primary">
<input type="radio" name="'.$interface.'-dhcpfailover" id="'.$interface.'-failover" autocomplete="off">' . _("Enabled") . '
<input type="radio" name="'.htmlspecialchars($interface, ENT_QUOTES).'-dhcpfailover" id="'.htmlspecialchars($interface, ENT_QUOTES).'-failover" autocomplete="off">' . _("Enabled") . '
</label>
<label class="btn btn-warning">
<input type="radio" name="'.$interface.'-dhcpfailover" id="'.$interface.'-nofailover" autocomplete="off">' . _("Disabled") . '
<input type="radio" name="'.htmlspecialchars($interface, ENT_QUOTES).'-dhcpfailover" id="'.htmlspecialchars($interface, ENT_QUOTES).'-nofailover" autocomplete="off">' . _("Disabled") . '
</label>
</div><!-- /.btn-group -->
</div><!-- /.form-group -->
<hr />
<h4>' . _("Static IP Options") . '</h4>
<div class="form-group">
<label for="'.$interface.'-ipaddress">' . _("IP Address") . '</label>
<input type="text" class="form-control" id="'.$interface.'-ipaddress" placeholder="0.0.0.0">
<label for="'.htmlspecialchars($interface, ENT_QUOTES).'-ipaddress">' . _("IP Address") . '</label>
<input type="text" class="form-control" id="'.htmlspecialchars($interface, ENT_QUOTES).'-ipaddress" placeholder="0.0.0.0">
</div>
<div class="form-group">
<label for="'.$interface.'-netmask">' . _("Subnet Mask") . '</label>
<input type="text" class="form-control" id="'.$interface.'-netmask" placeholder="255.255.255.0">
<label for="'.htmlspecialchars($interface, ENT_QUOTES).'-netmask">' . _("Subnet Mask") . '</label>
<input type="text" class="form-control" id="'.htmlspecialchars($interface, ENT_QUOTES).'-netmask" placeholder="255.255.255.0">
</div>
<div class="form-group">
<label for="'.$interface.'-gateway">' . _("Default Gateway") . '</label>
<input type="text" class="form-control" id="'.$interface.'-gateway" placeholder="0.0.0.0">
<label for="'.htmlspecialchars($interface, ENT_QUOTES).'-gateway">' . _("Default Gateway") . '</label>
<input type="text" class="form-control" id="'.htmlspecialchars($interface, ENT_QUOTES).'-gateway" placeholder="0.0.0.0">
</div>
<div class="form-group">
<label for="'.$interface.'-dnssvr">' . _("DNS Server") . '</label>
<input type="text" class="form-control" id="'.$interface.'-dnssvr" placeholder="0.0.0.0">
<label for="'.htmlspecialchars($interface, ENT_QUOTES).'-dnssvr">' . _("DNS Server") . '</label>
<input type="text" class="form-control" id="'.htmlspecialchars($interface, ENT_QUOTES).'-dnssvr" placeholder="0.0.0.0">
</div>
<div class="form-group">
<label for="'.$interface.'-dnssvralt">' . _("Alternate DNS Server") . '</label>
<input type="text" class="form-control" id="'.$interface.'-dnssvralt" placeholder="0.0.0.0">
<label for="'.htmlspecialchars($interface, ENT_QUOTES).'-dnssvralt">' . _("Alternate DNS Server") . '</label>
<input type="text" class="form-control" id="'.htmlspecialchars($interface, ENT_QUOTES).'-dnssvralt" placeholder="0.0.0.0">
</div>
<a href="#" class="btn btn-outline btn-primary intsave" data-int="'.$interface.'">' . _("Save settings") . '</a>
<a href="#" class="btn btn-warning intapply" data-int="'.$interface.'">' . _("Apply settings") . '</a>
<a href="#" class="btn btn-outline btn-primary intsave" data-int="'.htmlspecialchars($interface, ENT_QUOTES).'">' . _("Save settings") . '</a>
<a href="#" class="btn btn-warning intapply" data-int="'.htmlspecialchars($interface, ENT_QUOTES).'">' . _("Apply settings") . '</a>
</form>
</div>
</div><!-- /.tab-panel -->
</div>';
}
?>
?>
</div><!-- /.tab-content -->
</div><!-- /.panel-body -->
<div class="panel-footer"><?php echo _("Information provided by /sys/class/net"); ?></div>

22
includes/system.php
Unescape Escape View File

@ -141,23 +141,23 @@ function DisplaySystem(){
<div class="row">
<div class="col-lg-6">
<h4><?php echo _("System Information"); ?></h4>
<div class="info-item"><?php echo _("Hostname"); ?></div> <?php echo $hostname ?></br>
<div class="info-item"><?php echo _("Pi Revision"); ?></div> <?php echo RPiVersion() ?></br>
<div class="info-item"><?php echo _("Uptime"); ?></div> <?php echo $uptime ?></br></br>
<div class="info-item"><?php echo _("Hostname"); ?></div> <?php echo htmlspecialchars($hostname, ENT_QUOTES); ?></br>
<div class="info-item"><?php echo _("Pi Revision"); ?></div> <?php echo htmlspecialchars(RPiVersion(), ENT_QUOTES); ?></br>
<div class="info-item"><?php echo _("Uptime"); ?></div> <?php echo htmlspecialchars($uptime, ENT_QUOTES); ?></br></br>
<div class="info-item"><?php echo _("Memory Used"); ?></div>
<div class="progress">
<div class="progress-bar progress-bar-<?php echo $memused_status ?> progress-bar-striped active"
<div class="progress-bar progress-bar-<?php echo htmlspecialchars($memused_status, ENT_QUOTES); ?> progress-bar-striped active"
role="progressbar"
aria-valuenow="<?php echo $memused ?>" aria-valuemin="0" aria-valuemax="100"
style="width: <?php echo $memused ?>%;"><?php echo $memused ?>%
aria-valuenow="<?php echo htmlspecialchars($memused, ENT_QUOTES); ?>" aria-valuemin="0" aria-valuemax="100"
style="width: <?php echo htmlspecialchars($memused, ENT_QUOTES); ?>%;"><?php echo htmlspecialchars($memused, ENT_QUOTES); ?>%
</div>
</div>
<div class="info-item"><?php echo _("CPU Load"); ?></div>
<div class="progress">
<div class="progress-bar progress-bar-<?php echo $cpuload_status ?> progress-bar-striped active"
<div class="progress-bar progress-bar-<?php echo htmlspecialchars($cpuload_status, ENT_QUOTES); ?> progress-bar-striped active"
role="progressbar"
aria-valuenow="<?php echo $cpuload ?>" aria-valuemin="0" aria-valuemax="100"
style="width: <?php echo $cpuload ?>%;"><?php echo $cpuload ?>%
aria-valuenow="<?php echo htmlspecialchars($cpuload, ENT_QUOTES); ?>" aria-valuemin="0" aria-valuemax="100"
style="width: <?php echo htmlspecialchars($cpuload, ENT_QUOTES); ?>%;"><?php echo htmlspecialchars($cpuload, ENT_QUOTES); ?>%
</div>
</div>
@ -200,9 +200,9 @@ function DisplaySystem(){
</form>
</div><!-- /.panel-primary -->
<div class="panel-footer"></div>
</div><!-- /.panel-primary -->
</div><!-- /.col-lg-12 -->
</div><!-- /.row -->
</xdiv>
<?php
}
?>

11
includes/themes.php
Unescape Escape View File

@ -11,13 +11,13 @@ function DisplayThemeConfig(){
switch( $_COOKIE['theme'] ) {
case "custom.css":
$cselected = "selected";
$cselected = ' selected="selected"';
break;
case "hackernews.css":
$hselected = "selected";
$hselected = ' selected="selected"';
break;
case "terminal.css":
$tselected = "selected";
$tselected = ' selected="selected"';
break;
}
@ -37,9 +37,9 @@ function DisplayThemeConfig(){
<div class="form-group col-md-6">
<label for="code"><?php echo _("Select a theme"); ?></label>
<select class="form-control" id="theme-select"><?php echo _("Select a Theme"); ?>
<option value="default" class="theme-link" <?php echo $cselected; ?>>RaspAP (default)</option>
<option value="default" class="theme-link"<?php echo $cselected; ?>>RaspAP (default)</option>
<option value="hackernews" class="theme-link"<?php echo $hselected; ?>>HackerNews</option>
<option value="terminal" class="theme-link" <?php echo $tselected; ?>>Terminal</option>
<option value="terminal" class="theme-link"<?php echo $tselected; ?>>Terminal</option>
</select>
</div>
</div>
@ -59,5 +59,4 @@ function DisplayThemeConfig(){
</div><!-- /.row -->
<?php
}
?>

Write Preview
Loading…
Cancel
Save