From e46a49d1c6ac4611ad9415da7fd97a99cd6aba28 Mon Sep 17 00:00:00 2001 From: s-martin Date: Mon, 15 Apr 2024 16:13:10 +0200 Subject: [PATCH 1/7] Make function more secure --- htdocs/api/common.php | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/htdocs/api/common.php b/htdocs/api/common.php index f6855561c..ad0159c55 100755 --- a/htdocs/api/common.php +++ b/htdocs/api/common.php @@ -16,12 +16,27 @@ function execScript($command) { } function execScriptWithoutCheck($command) { + // Access global configuration global $debugLoggingConf; - if($debugLoggingConf['DEBUG_WebApp_API'] == "TRUE") { - file_put_contents("../../logs/debug.log", "\n # function execScriptWithoutCheck: " . $command , FILE_APPEND | LOCK_EX); + + // Validate the command to prevent command injection + if (!preg_match('/^[a-zA-Z0-9_\-]+$/', $command)) { + throw new InvalidArgumentException('Invalid command.'); } - $absoluteCommand = realpath(dirname(__FILE__) .'/../../scripts') ."/{$command}"; - exec("sudo ".$absoluteCommand); + + // Debug logging + if ($debugLoggingConf['DEBUG_WebApp_API'] === "TRUE") { + $logMessage = "\n # function execScriptWithoutCheck: " . $command; + $logFilePath = __DIR__ . '/../../logs/debug.log'; + file_put_contents($logFilePath, $logMessage, FILE_APPEND | LOCK_EX); + } + + // Construct the absolute path to the script + $scriptDir = realpath(__DIR__ . '/../../scripts'); + $absoluteCommand = $scriptDir . '/' . escapeshellarg($command); + + // Execute the command using sudo + exec("sudo " . $absoluteCommand); } function execSuccessfully($command) { From 217a8ba57a62112afd70f35d31f82ded94a66a67 Mon Sep 17 00:00:00 2001 From: s-martin Date: Mon, 15 Apr 2024 16:36:34 +0200 Subject: [PATCH 2/7] Escape command --- htdocs/inc.setWifi.php | 39 +++++++++++++++++---------------------- 1 file changed, 17 insertions(+), 22 deletions(-) diff --git a/htdocs/inc.setWifi.php b/htdocs/inc.setWifi.php index 691e8a247..6e5daa3a0 100755 --- a/htdocs/inc.setWifi.php +++ b/htdocs/inc.setWifi.php @@ -6,37 +6,32 @@ */ unset($exec); if(isset($_POST["submitWifi"]) && $_POST["submitWifi"] == "submit") { - // make multiline bash - $exec = "bash -e <<'END'\n"; + // Initialize the command string + $exec = "bash -e <<'END'\n"; $exec .= "source ".$conf['scripts_abs']."/helperscripts/inc.networkHelper.sh\n"; $exec .= "clear_wireless_networks\n"; - $tempPOST = $_POST; - $_POST=array(); //clear - foreach ( $tempPOST as $post_key => $post_value ) { - unset($temp_ssid); - unset($temp_pass); - unset($temp_prio); - if ( substr(trim($post_key), 0, 9) == "WIFIssid_" ) { + // Iterate through POST data + foreach ($_POST as $post_key => $post_value) { + if (substr($post_key, 0, 9) == "WIFIssid_") { + $ssid_index = substr($post_key, 9); $temp_ssid = trim($post_value); - $post_key = "WIFIpass_".substr(trim($post_key), 9); - $post_value = $tempPOST[$post_key]; - $temp_pass = trim($post_value); - $post_key = "WIFIprio_".substr(trim($post_key), 9); - $post_value = $tempPOST[$post_key]; - $temp_prio = trim($post_value); - - if (isset($temp_ssid) && $temp_ssid != "" && isset($temp_pass) && strlen($temp_pass) >= 8) { - if(!isset($temp_prio) || !is_numeric($temp_prio)) { - $temp_prio = 0; - } - $exec .= "add_wireless_network wlan0 ".$temp_ssid." ".$temp_pass." ".$temp_prio."\n"; + $temp_pass = isset($_POST["WIFIpass_".$ssid_index]) ? trim($_POST["WIFIpass_".$ssid_index]) : ''; + $temp_prio = isset($_POST["WIFIprio_".$ssid_index]) ? trim($_POST["WIFIprio_".$ssid_index]) : '0'; + + // Validate SSID and password + if (!empty($temp_ssid) && strlen($temp_pass) >= 8) { + // Validate priority + $temp_prio = is_numeric($temp_prio) ? $temp_prio : '0'; + $exec .= "add_wireless_network wlan0 '{$temp_ssid}' '{$temp_pass}' {$temp_prio}\n"; } } } + // End the command string $exec .= "END\n"; - exec("sudo bash -c '". $exec . "'"); + // Execute the command + exec("sudo bash -c '".escapeshellcmd($exec)."'"); } /* From 9aed280f1bb730ceed3d93ed0b6a10c6c8cf7107 Mon Sep 17 00:00:00 2001 From: s-martin Date: Mon, 15 Apr 2024 18:20:20 +0200 Subject: [PATCH 3/7] reduce changes --- htdocs/inc.setWifi.php | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/htdocs/inc.setWifi.php b/htdocs/inc.setWifi.php index 6e5daa3a0..94e12d8de 100755 --- a/htdocs/inc.setWifi.php +++ b/htdocs/inc.setWifi.php @@ -6,7 +6,7 @@ */ unset($exec); if(isset($_POST["submitWifi"]) && $_POST["submitWifi"] == "submit") { - // Initialize the command string + // make multiline bash $exec = "bash -e <<'END'\n"; $exec .= "source ".$conf['scripts_abs']."/helperscripts/inc.networkHelper.sh\n"; $exec .= "clear_wireless_networks\n"; @@ -28,9 +28,7 @@ } } - // End the command string $exec .= "END\n"; - // Execute the command exec("sudo bash -c '".escapeshellcmd($exec)."'"); } From c0fa288d4fc7b92b3bc691410ea8f7fd54fee09a Mon Sep 17 00:00:00 2001 From: s-martin Date: Mon, 15 Apr 2024 21:20:07 +0200 Subject: [PATCH 4/7] Update .gitignore --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index 593e3b75b..85f96b1fd 100755 --- a/.gitignore +++ b/.gitignore @@ -26,12 +26,14 @@ shared/* playlists/* pythonenv*/* logs/* +src/webapp/node_modules/* # Byte-compiled / optimized / DLL files __pycache__/ *.py[cod] .git +.venv *~ *.*~ *.pyc From 74addbf5f9f94f721dc7d720d7d2e135d89441df Mon Sep 17 00:00:00 2001 From: s-martin Date: Mon, 15 Apr 2024 19:27:24 +0000 Subject: [PATCH 5/7] reduce changes --- htdocs/api/common.php | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/htdocs/api/common.php b/htdocs/api/common.php index ad0159c55..d0c9f60b7 100755 --- a/htdocs/api/common.php +++ b/htdocs/api/common.php @@ -16,7 +16,6 @@ function execScript($command) { } function execScriptWithoutCheck($command) { - // Access global configuration global $debugLoggingConf; // Validate the command to prevent command injection @@ -24,18 +23,12 @@ function execScriptWithoutCheck($command) { throw new InvalidArgumentException('Invalid command.'); } - // Debug logging if ($debugLoggingConf['DEBUG_WebApp_API'] === "TRUE") { - $logMessage = "\n # function execScriptWithoutCheck: " . $command; - $logFilePath = __DIR__ . '/../../logs/debug.log'; - file_put_contents($logFilePath, $logMessage, FILE_APPEND | LOCK_EX); + file_put_contents("../../logs/debug.log", "\n # function execScriptWithoutCheck: " . $command, FILE_APPEND | LOCK_EX); } - // Construct the absolute path to the script $scriptDir = realpath(__DIR__ . '/../../scripts'); $absoluteCommand = $scriptDir . '/' . escapeshellarg($command); - - // Execute the command using sudo exec("sudo " . $absoluteCommand); } From e94b47b816c02c1e595f15588f4bf1784ec6ad4b Mon Sep 17 00:00:00 2001 From: s-martin Date: Mon, 15 Apr 2024 19:49:46 +0000 Subject: [PATCH 6/7] reduce changes --- htdocs/inc.setWifi.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/htdocs/inc.setWifi.php b/htdocs/inc.setWifi.php index 94e12d8de..95f5acc1a 100755 --- a/htdocs/inc.setWifi.php +++ b/htdocs/inc.setWifi.php @@ -11,10 +11,9 @@ $exec .= "source ".$conf['scripts_abs']."/helperscripts/inc.networkHelper.sh\n"; $exec .= "clear_wireless_networks\n"; - // Iterate through POST data foreach ($_POST as $post_key => $post_value) { - if (substr($post_key, 0, 9) == "WIFIssid_") { - $ssid_index = substr($post_key, 9); + if (substr(trim($post_key), 0, 9) == "WIFIssid_") { + $ssid_index = substr(trim($post_key), 9); $temp_ssid = trim($post_value); $temp_pass = isset($_POST["WIFIpass_".$ssid_index]) ? trim($_POST["WIFIpass_".$ssid_index]) : ''; $temp_prio = isset($_POST["WIFIprio_".$ssid_index]) ? trim($_POST["WIFIprio_".$ssid_index]) : '0'; From 0fa5fc93c940d425d6753c1c9f6cafc605c68163 Mon Sep 17 00:00:00 2001 From: s-martin Date: Mon, 15 Apr 2024 19:52:05 +0000 Subject: [PATCH 7/7] revert gitignore --- .gitignore | 2 -- 1 file changed, 2 deletions(-) diff --git a/.gitignore b/.gitignore index 85f96b1fd..593e3b75b 100755 --- a/.gitignore +++ b/.gitignore @@ -26,14 +26,12 @@ shared/* playlists/* pythonenv*/* logs/* -src/webapp/node_modules/* # Byte-compiled / optimized / DLL files __pycache__/ *.py[cod] .git -.venv *~ *.*~ *.pyc