Skip to content

Commit

Permalink
Merge pull request #1322 from RaspAP/maint/security
Browse files Browse the repository at this point in the history 
Sanitize hostapd input
  • Loading branch information
@billz
billz authored Mar 29, 2023
2 parents dda1fe6 + 7760a1d commit 238e167
Showing 1 changed file with 4 additions and 3 deletions.
7 changes: 4 additions & 3 deletions includes/hostapd.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,12 +99,13 @@ function DisplayHostAPDConfig()
}
// set txpower with iw if value is non-default ('auto')
if (isset($_POST['txpower']) && ($_POST['txpower'] != 'auto')) {
$sdBm = $_POST['txpower'] * 100;
exec('sudo /sbin/iw dev '.$_POST['interface'].' set txpower fixed '.$sdBm, $return);
$txpower = intval($_POST['txpower']);
$sdBm = $txpower * 100;
exec('sudo /sbin/iw dev '.escapeshellarg($_POST['interface']).' set txpower fixed '.$sdBm, $return);
$status->addMessage('Setting transmit power to '.$_POST['txpower'].' dBm.', 'success');
$txpower = $_POST['txpower'];
} elseif ($_POST['txpower'] == 'auto') {
exec('sudo /sbin/iw dev '.$_POST['interface'].' set txpower auto', $return);
exec('sudo /sbin/iw dev '.escapeshellarg($_POST['interface']).' set txpower auto', $return);
$status->addMessage('Setting transmit power to '.$_POST['txpower'].'.', 'success');
$txpower = $_POST['txpower'];
}
Expand Down

0 comments on commit 238e167

Please sign in to comment.