Menu
▾
▴
[Astlinux-commits] SF.net SVN: astlinux:[6001] branches/1.0/package/webinterface/altweb
|
From: <abe...@us...> - 2013-03-18 23:21:04
|
Revision: 6001
http://astlinux.svn.sourceforge.net/astlinux/?rev=6001&view=rev
Author: abelbeck
Date: 2013-03-18 23:20:53 +0000 (Mon, 18 Mar 2013)
Log Message:
-----------
web interface, allow all tabs to work with or without PHP 'Magic Quotes' enabled on the server:
1) Tabs that save rc.conf.d/ files strip double-quote, dollar and grave-accent characters from text input
2) Tabs that save astDB data strip double-quote character from text input
3) Prefs tab strips double-quote character from text input
Modified Paths:
--------------
branches/1.0/package/webinterface/altweb/admin/actionlist.php
branches/1.0/package/webinterface/altweb/admin/blacklist.php
branches/1.0/package/webinterface/altweb/admin/cdrlog.php
branches/1.0/package/webinterface/altweb/admin/cidname.php
branches/1.0/package/webinterface/altweb/admin/dnshosts.php
branches/1.0/package/webinterface/altweb/admin/edit.php
branches/1.0/package/webinterface/altweb/admin/firewall.php
branches/1.0/package/webinterface/altweb/admin/followme.php
branches/1.0/package/webinterface/altweb/admin/ipsec.php
branches/1.0/package/webinterface/altweb/admin/ipsecmobile.php
branches/1.0/package/webinterface/altweb/admin/ipsecxauth.php
branches/1.0/package/webinterface/altweb/admin/network.php
branches/1.0/package/webinterface/altweb/admin/openvpn.php
branches/1.0/package/webinterface/altweb/admin/openvpnclient.php
branches/1.0/package/webinterface/altweb/admin/openvpnuserpass.php
branches/1.0/package/webinterface/altweb/admin/pptp.php
branches/1.0/package/webinterface/altweb/admin/prefs.php
branches/1.0/package/webinterface/altweb/admin/siptlscert.php
branches/1.0/package/webinterface/altweb/admin/sysdial.php
branches/1.0/package/webinterface/altweb/admin/system.php
branches/1.0/package/webinterface/altweb/admin/testmail.php
branches/1.0/package/webinterface/altweb/admin/users.php
branches/1.0/package/webinterface/altweb/admin/whitelist.php
branches/1.0/package/webinterface/altweb/admin/xmpp.php
branches/1.0/package/webinterface/altweb/admin/zabbix.php
branches/1.0/package/webinterface/altweb/common/functions.php
Modified: branches/1.0/package/webinterface/altweb/admin/actionlist.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/actionlist.php 2013-03-17 21:15:47 UTC (rev 6000)
+++ branches/1.0/package/webinterface/altweb/admin/actionlist.php 2013-03-18 23:20:53 UTC (rev 6001)
@@ -82,13 +82,11 @@
if (! $global_staff) {
$result = 999;
} elseif (isset($_POST['submit_add'])) {
- $actionkey = trim($_POST['actionkey']);
+ $actionkey = tuqd($_POST['actionkey']);
if (($action = $_POST['action']) === '') {
- $action = trim($_POST['actiondata']);
+ $action = tuqd($_POST['actiondata']);
}
- if (($comment = trim($_POST['comment'])) !== '') {
- $comment = str_replace('"', "'", stripslashes($comment));
- }
+ $comment = tuqd($_POST['comment']);
if (strlen($actionkey) > 0) {
if (($cmd = getPREFdef($global_prefs, 'actionlist_format_cmdstr')) === '') {
$cmd = '^[A-Za-z0-9-]{2,20}$';
Modified: branches/1.0/package/webinterface/altweb/admin/blacklist.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/blacklist.php 2013-03-17 21:15:47 UTC (rev 6000)
+++ branches/1.0/package/webinterface/altweb/admin/blacklist.php 2013-03-18 23:20:53 UTC (rev 6001)
@@ -57,11 +57,9 @@
if (! $global_staff) {
$result = 999;
} elseif (isset($_POST['submit_add'])) {
- $cidnum = trim($_POST['cidnum']);
+ $cidnum = tuqd($_POST['cidnum']);
$action = $_POST['action'];
- if (($comment = trim($_POST['comment'])) !== '') {
- $comment = str_replace('"', "'", stripslashes($comment));
- }
+ $comment = tuqd($_POST['comment']);
if (strlen($cidnum) > 0) {
if (($cmd = getPREFdef($global_prefs, 'number_format_cmdstr')) === '') {
$cmd = '^[2-9][0-9][0-9][2-9][0-9][0-9][0-9][0-9][0-9][0-9]$';
Modified: branches/1.0/package/webinterface/altweb/admin/cdrlog.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/cdrlog.php 2013-03-17 21:15:47 UTC (rev 6000)
+++ branches/1.0/package/webinterface/altweb/admin/cdrlog.php 2013-03-18 23:20:53 UTC (rev 6001)
@@ -484,7 +484,7 @@
$db['displayStart'] = 0;
}
if (isset($_POST['list_type_val'])) {
- $search = trim(stripslashes($_POST['list_type_val']));
+ $search = tuqd($_POST['list_type_val']);
$search = trim($search, ' |&"');
if ($search === '') {
$result = 0;
Modified: branches/1.0/package/webinterface/altweb/admin/cidname.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/cidname.php 2013-03-17 21:15:47 UTC (rev 6000)
+++ branches/1.0/package/webinterface/altweb/admin/cidname.php 2013-03-18 23:20:53 UTC (rev 6001)
@@ -43,8 +43,8 @@
if (! $global_staff) {
$result = 999;
} elseif (isset($_POST['submit_add'])) {
- $cidnum = trim($_POST['cidnum']);
- $cidname = trim($_POST['cidname']);
+ $cidnum = tuqd($_POST['cidnum']);
+ $cidname = tuqd($_POST['cidname']);
if (strlen($cidname) > 0) {
if (($cmd = getPREFdef($global_prefs, 'number_format_cmdstr')) === '') {
$cmd = '^[2-9][0-9][0-9][2-9][0-9][0-9][0-9][0-9][0-9][0-9]$';
Modified: branches/1.0/package/webinterface/altweb/admin/dnshosts.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/dnshosts.php 2013-03-17 21:15:47 UTC (rev 6000)
+++ branches/1.0/package/webinterface/altweb/admin/dnshosts.php 2013-03-18 23:20:53 UTC (rev 6001)
@@ -50,7 +50,7 @@
$value .= '~'.$db['data'][$i]['mac'];
$value .= '~';
if ($db['data'][$i]['comment'] !== '') {
- $value .= str_replace('~', '-', str_replace('"', "'", stripslashes($db['data'][$i]['comment'])));
+ $value .= str_replace('~', '-', $db['data'][$i]['comment']);
}
fwrite($fp, $value."\n");
}
@@ -96,10 +96,10 @@
//
function addDNSHOST(&$db, $id) {
- $name = trim($_POST['name']);
- $ip = trim($_POST['ip']);
- $mac = trim($_POST['mac']);
- $comment = trim($_POST['comment']);
+ $name = tuq($_POST['name']);
+ $ip = tuq($_POST['ip']);
+ $mac = tuq($_POST['mac']);
+ $comment = tuq($_POST['comment']);
if ($name === '' ||
$ip === '') {
return(FALSE);
@@ -127,13 +127,13 @@
$n = count($db['data']);
$id = $n;
for ($i = 0; $i < $n; $i++) {
- if ($db['data'][$i]['name'] === trim($_POST['name']) && $db['data'][$i]['ip'] === trim($_POST['ip'])) {
+ if ($db['data'][$i]['name'] === tuq($_POST['name']) && $db['data'][$i]['ip'] === tuq($_POST['ip'])) {
$id = $i;
break;
}
}
- if (preg_match('/^[0-9a-fA-F][0-9a-fA-F.:]*[0-9a-fA-F]$/', trim($_POST['ip']))) {
- $mac = trim($_POST['mac']);
+ if (preg_match('/^[0-9a-fA-F][0-9a-fA-F.:]*[0-9a-fA-F]$/', tuq($_POST['ip']))) {
+ $mac = tuq($_POST['mac']);
if ($mac === '' || preg_match('/^[0-9a-fA-F]{2}:[0-9a-fA-F]{2}:[0-9a-fA-F]{2}:[0-9a-fA-F]{2}:[0-9a-fA-F]{2}:[0-9a-fA-F]{2}$/', $mac)) {
if (addDNSHOST($db, $id)) {
$result = saveDNSHOSTSsettings($DNSHOSTSCONFDIR, $DNSHOSTSCONFFILE, $db);
Modified: branches/1.0/package/webinterface/altweb/admin/edit.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/edit.php 2013-03-17 21:15:47 UTC (rev 6000)
+++ branches/1.0/package/webinterface/altweb/admin/edit.php 2013-03-18 23:20:53 UTC (rev 6001)
@@ -117,8 +117,12 @@
if (! @copy($file, $tmpfile)) {
return(FALSE);
}
- $data = stripslashes($text);
- $data = str_replace(chr(13), '', $data);
+ if (get_magic_quotes_gpc()) {
+ $data = stripslashes($text);
+ $data = str_replace(chr(13), '', $data);
+ } else {
+ $data = str_replace(chr(13), '', $text);
+ }
if (($ph = @fopen($file, "wb")) === FALSE) {
if ($cleanup) {
@unlink($tmpfile);
Modified: branches/1.0/package/webinterface/altweb/admin/firewall.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/firewall.php 2013-03-17 21:15:47 UTC (rev 6000)
+++ branches/1.0/package/webinterface/altweb/admin/firewall.php 2013-03-18 23:20:53 UTC (rev 6001)
@@ -257,7 +257,7 @@
$value .= '~'.$db['data'][$i]['d_uport'];
$value .= '~';
if ($db['data'][$i]['comment'] !== '') {
- $value .= str_replace('~', '-', str_replace('"', "'", stripslashes($db['data'][$i]['comment'])));
+ $value .= str_replace('~', '-', $db['data'][$i]['comment']);
}
$value .= '~'.$db['data'][$i]['e_addr'];
fwrite($fp, $value."\n");
@@ -317,16 +317,16 @@
fwrite($fp, "### Traffic Shaping\n");
$value = 'SHAPETYPE="'.$_POST['shaper_enable_type'].'"';
fwrite($fp, $value."\n");
- $value = 'EXTDOWN="'.trim($_POST['shaper_extdown']).'"';
+ $value = 'EXTDOWN="'.tuq($_POST['shaper_extdown']).'"';
fwrite($fp, $value."\n");
- $value = 'EXTUP="'.trim($_POST['shaper_extup']).'"';
+ $value = 'EXTUP="'.tuq($_POST['shaper_extup']).'"';
fwrite($fp, $value."\n");
- $value = 'VOIPPORTS="'.trim($_POST['shaper_voipports']).'"';
+ $value = 'VOIPPORTS="'.tuq($_POST['shaper_voipports']).'"';
fwrite($fp, $value."\n");
}
fwrite($fp, "### Block All Traffic\n");
- $value = 'BLOCK_HOSTS="'.trim($_POST['hosts_blocked']).'"';
+ $value = 'BLOCK_HOSTS="'.tuq($_POST['hosts_blocked']).'"';
fwrite($fp, $value."\n");
if (isset($_POST['file_blocked'])) {
$value = 'BLOCK_HOSTS_FILE="/mnt/kd/blocked-hosts"';
@@ -442,14 +442,14 @@
function addFWRule(&$db, $id) {
$action = $_POST['action'];
$proto = $_POST['proto'];
- $s_addr = isset($_POST['s_addr']) ? str_replace(' ', '', $_POST['s_addr']) : '';
- $s_lport = isset($_POST['s_lport']) ? str_replace(' ', '', $_POST['s_lport']) : '';
- $s_uport = isset($_POST['s_uport']) ? str_replace(' ', '', $_POST['s_uport']) : '';
- $d_addr = isset($_POST['d_addr']) ? str_replace(' ', '', $_POST['d_addr']) : '';
- $d_lport = isset($_POST['d_lport']) ? str_replace(' ', '', $_POST['d_lport']) : '';
- $d_uport = isset($_POST['d_uport']) ? str_replace(' ', '', $_POST['d_uport']) : '';
- $e_addr = isset($_POST['e_addr']) ? str_replace(' ', '', $_POST['e_addr']) : '';
- $comment = isset($_POST['comment']) ? trim($_POST['comment']) : '';
+ $s_addr = isset($_POST['s_addr']) ? str_replace(' ', '', tuq($_POST['s_addr'])) : '';
+ $s_lport = isset($_POST['s_lport']) ? str_replace(' ', '', tuq($_POST['s_lport'])) : '';
+ $s_uport = isset($_POST['s_uport']) ? str_replace(' ', '', tuq($_POST['s_uport'])) : '';
+ $d_addr = isset($_POST['d_addr']) ? str_replace(' ', '', tuq($_POST['d_addr'])) : '';
+ $d_lport = isset($_POST['d_lport']) ? str_replace(' ', '', tuq($_POST['d_lport'])) : '';
+ $d_uport = isset($_POST['d_uport']) ? str_replace(' ', '', tuq($_POST['d_uport'])) : '';
+ $e_addr = isset($_POST['e_addr']) ? str_replace(' ', '', tuq($_POST['e_addr'])) : '';
+ $comment = isset($_POST['comment']) ? tuq($_POST['comment']) : '';
switch ($action) {
case 'PASS_EXT_LOCAL':
Modified: branches/1.0/package/webinterface/altweb/admin/followme.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/followme.php 2013-03-17 21:15:47 UTC (rev 6000)
+++ branches/1.0/package/webinterface/altweb/admin/followme.php 2013-03-18 23:20:53 UTC (rev 6001)
@@ -252,7 +252,7 @@
$result = 999;
} elseif (isset($_POST['submit_add'])) {
if (isset($_POST['key'])) {
- $key = trim($_POST['key']);
+ $key = tuqd($_POST['key']);
} else {
$key = $global_user;
}
@@ -269,8 +269,8 @@
}
$enabled = isset($_POST['enabled']) ? $_POST['enabled'] : array();
for ($i = 0; $i < $MAXNUM; $i++) {
- $number[$i] = trim($_POST["number$i"]);
- $timeout[$i] = trim($_POST["timeout$i"]);
+ $number[$i] = tuqd($_POST["number$i"]);
+ $timeout[$i] = tuqd($_POST["timeout$i"]);
if ($USE_RULES && $number[$i] !== '') {
if (! preg_match("/$NUMBER_FORMAT/", $number[$i])) {
$result = 12;
Modified: branches/1.0/package/webinterface/altweb/admin/ipsec.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/ipsec.php 2013-03-17 21:15:47 UTC (rev 6000)
+++ branches/1.0/package/webinterface/altweb/admin/ipsec.php 2013-03-18 23:20:53 UTC (rev 6001)
@@ -269,13 +269,13 @@
//
function addTunnel(&$db, $id) {
- $local_host = trim($_POST['local_host']);
- $local_net = trim($_POST['local_net']);
- $remote_host = trim($_POST['remote_host']);
- $remote_net = trim($_POST['remote_net']);
+ $local_host = tuq($_POST['local_host']);
+ $local_net = tuq($_POST['local_net']);
+ $remote_host = tuq($_POST['remote_host']);
+ $remote_net = tuq($_POST['remote_net']);
if (($method = $_POST['method']) === 'psk') {
- $key = trim(stripslashes($_POST['key']));
+ $key = tuq($_POST['key']);
} else {
$key = '';
}
@@ -295,7 +295,7 @@
$p1_encrypt = $_POST['p1_encrypt'];
$p1_hash = $_POST['p1_hash'];
$p1_dhgroup = $_POST['p1_dhgroup'];
- $p1_lifetime = trim(stripslashes($_POST['p1_lifetime']));
+ $p1_lifetime = tuq($_POST['p1_lifetime']);
$p2_encrypt = '';
if (isset($_POST['p2_encrypt'])) {
@@ -316,9 +316,9 @@
$p2_auth = trim($p2_auth, ' ,');
$p2_pfsgroup = $_POST['p2_pfsgroup'];
- $p2_lifetime = trim(stripslashes($_POST['p2_lifetime']));
+ $p2_lifetime = tuq($_POST['p2_lifetime']);
$nat_t = $_POST['nat_t'];
- if (($auto_establish = trim(stripslashes($_POST['auto_establish']))) === 'none' ) {
+ if (($auto_establish = tuq($_POST['auto_establish'])) === 'none' ) {
$auto_establish = '';
}
@@ -356,7 +356,7 @@
$n = count($db['data']);
$id = $n;
for ($i = 0; $i < $n; $i++) {
- if ($db['data'][$i]['remote_host'] === trim($_POST['remote_host'])) {
+ if ($db['data'][$i]['remote_host'] === tuq($_POST['remote_host'])) {
$id = $i;
break;
}
Modified: branches/1.0/package/webinterface/altweb/admin/ipsecmobile.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/ipsecmobile.php 2013-03-17 21:15:47 UTC (rev 6000)
+++ branches/1.0/package/webinterface/altweb/admin/ipsecmobile.php 2013-03-18 23:20:53 UTC (rev 6001)
@@ -159,7 +159,7 @@
$value = 'IPSECM_STATIC_ROUTES="';
fwrite($fp, "### Static Routes\n".$value."\n");
- $value = stripslashes($_POST['static_routes']);
+ $value = stripshellsafe($_POST['static_routes']);
$value = str_replace(chr(13), '', $value);
if (($value = trim($value, chr(10))) !== '') {
fwrite($fp, $value."\n");
@@ -178,7 +178,7 @@
$value = 'IPSECM_P1_DHGROUP="'.$_POST['p1_dhgroup'].'"';
fwrite($fp, "### Phase 1 DH Group\n".$value."\n");
- $value = 'IPSECM_P1_LIFETIME="'.trim($_POST['p1_lifetime']).'"';
+ $value = 'IPSECM_P1_LIFETIME="'.tuq($_POST['p1_lifetime']).'"';
fwrite($fp, "### Phase 1 Lifetime\n".$value."\n");
$value = '';
@@ -204,13 +204,13 @@
$value = 'IPSECM_P2_PFSGROUP="'.$_POST['p2_pfsgroup'].'"';
fwrite($fp, "### Phase 2 PFS Group\n".$value."\n");
- $value = 'IPSECM_P2_LIFETIME="'.trim($_POST['p2_lifetime']).'"';
+ $value = 'IPSECM_P2_LIFETIME="'.tuq($_POST['p2_lifetime']).'"';
fwrite($fp, "### Phase 2 Lifetime\n".$value."\n");
$value = 'IPSECM_CERT_KEYSIZE="'.$_POST['key_size'].'"';
fwrite($fp, "### Private Key Size\n".$value."\n");
- $value = 'IPSECM_CERT_DNSNAME="'.str_replace(' ', '', $_POST['dns_name']).'"';
+ $value = 'IPSECM_CERT_DNSNAME="'.str_replace(' ', '', tuq($_POST['dns_name'])).'"';
fwrite($fp, "### Server Cert DNS Name\n".$value."\n");
if (opensslIPSECMOBILEis_valid($openssl)) {
@@ -223,16 +223,16 @@
$value = 'IPSECM_RSA_KEY="server.key"';
fwrite($fp, "### Key File\n".$value."\n");
} else {
- $value = isset($_POST['path']) ? trim($_POST['path']) : '/mnt/kd/ipsec';
+ $value = isset($_POST['path']) ? tuq($_POST['path']) : '/mnt/kd/ipsec';
$value = 'IPSECM_RSA_PATH="'.$value.'"';
fwrite($fp, "### Certificate Directory\n".$value."\n");
- $value = isset($_POST['ca']) ? trim($_POST['ca']) : 'ca.crt';
+ $value = isset($_POST['ca']) ? tuq($_POST['ca']) : 'ca.crt';
$value = 'IPSECM_RSA_CA="'.$value.'"';
fwrite($fp, "### CA File\n".$value."\n");
- $value = isset($_POST['cert']) ? trim($_POST['cert']) : 'server.crt';
+ $value = isset($_POST['cert']) ? tuq($_POST['cert']) : 'server.crt';
$value = 'IPSECM_RSA_CERT="'.$value.'"';
fwrite($fp, "### CERT File\n".$value."\n");
- $value = isset($_POST['key']) ? trim($_POST['key']) : 'server.key';
+ $value = isset($_POST['key']) ? tuq($_POST['key']) : 'server.key';
$value = 'IPSECM_RSA_KEY="'.$value.'"';
fwrite($fp, "### Key File\n".$value."\n");
}
@@ -269,7 +269,7 @@
}
// Rebuild openssl.cnf template for new CA
$key_size = $_POST['key_size'];
- $dns_name = str_replace(' ', '', $_POST['dns_name']);
+ $dns_name = str_replace(' ', '', tuq($_POST['dns_name']));
if (($openssl = ipsecmobile_openssl($key_size, $dns_name)) !== FALSE) {
if (opensslCREATEselfCert($openssl)) {
if (opensslCREATEserverCert($openssl)) {
@@ -290,7 +290,7 @@
$result = 2;
}
} elseif (isset($_POST['submit_new_client'])) {
- if (($value = trim($_POST['new_client'])) !== '') {
+ if (($value = tuq($_POST['new_client'])) !== '') {
if (preg_match('/^[a-zA-Z0-9][a-zA-Z0-9._-]*$/', $value)) {
if (! is_file($openssl['key_dir'].'/'.$value.'.crt') &&
! is_file($openssl['key_dir'].'/'.$value.'.key')) {
Modified: branches/1.0/package/webinterface/altweb/admin/ipsecxauth.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/ipsecxauth.php 2013-03-17 21:15:47 UTC (rev 6000)
+++ branches/1.0/package/webinterface/altweb/admin/ipsecxauth.php 2013-03-18 23:20:53 UTC (rev 6001)
@@ -91,25 +91,25 @@
$value = 'IPSECM_XAUTH_POOLSIZE="'.$_POST['pool_size'].'"';
fwrite($fp, "### Pool Size\n".$value."\n");
- $value = 'IPSECM_XAUTH_POOLBASE="'.trim($_POST['pool_base']).'"';
+ $value = 'IPSECM_XAUTH_POOLBASE="'.tuq($_POST['pool_base']).'"';
fwrite($fp, "### Pool Base\n".$value."\n");
- $value = 'IPSECM_XAUTH_POOLMASK="'.trim($_POST['pool_mask']).'"';
+ $value = 'IPSECM_XAUTH_POOLMASK="'.tuq($_POST['pool_mask']).'"';
fwrite($fp, "### Pool Mask\n".$value."\n");
- $value = 'IPSECM_XAUTH_DNS="'.trim($_POST['dns']).'"';
+ $value = 'IPSECM_XAUTH_DNS="'.tuq($_POST['dns']).'"';
fwrite($fp, "### MS DNS\n".$value."\n");
- $value = 'IPSECM_XAUTH_WINS="'.trim($_POST['wins']).'"';
+ $value = 'IPSECM_XAUTH_WINS="'.tuq($_POST['wins']).'"';
fwrite($fp, "### MS WINS\n".$value."\n");
- $value = 'IPSECM_XAUTH_NETWORK="'.trim($_POST['network']).'"';
+ $value = 'IPSECM_XAUTH_NETWORK="'.tuq($_POST['network']).'"';
fwrite($fp, "### Network\n".$value."\n");
- $value = 'IPSECM_XAUTH_DOMAIN="'.trim($_POST['domain']).'"';
+ $value = 'IPSECM_XAUTH_DOMAIN="'.tuq($_POST['domain']).'"';
fwrite($fp, "### Default Domain\n".$value."\n");
- $value = 'IPSECM_XAUTH_BANNER="'.trim($_POST['banner']).'"';
+ $value = 'IPSECM_XAUTH_BANNER="'.tuq($_POST['banner']).'"';
fwrite($fp, "### Login Message\n".$value."\n");
$value = 'IPSECM_XAUTH_SAVE_PASSWD="'.$_POST['save_passwd'].'"';
@@ -125,8 +125,8 @@
//
function addUserPass(&$db, $id) {
- $user = str_replace(' ', '', $_POST['user']);
- $pass = str_replace(' ', '', stripslashes($_POST['pass']));
+ $user = str_replace(' ', '', stripshellsafe($_POST['user']));
+ $pass = str_replace(' ', '', stripshellsafe($_POST['pass']));
if ($user === '') {
return(FALSE);
@@ -156,7 +156,7 @@
$n = count($db['data']);
$id = $n;
for ($i = 0; $i < $n; $i++) {
- if ($db['data'][$i]['user'] === str_replace(' ', '', $_POST['user'])) {
+ if ($db['data'][$i]['user'] === str_replace(' ', '', stripshellsafe($_POST['user']))) {
$id = $i;
break;
}
Modified: branches/1.0/package/webinterface/altweb/admin/network.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/network.php 2013-03-17 21:15:47 UTC (rev 6000)
+++ branches/1.0/package/webinterface/altweb/admin/network.php 2013-03-18 23:20:53 UTC (rev 6001)
@@ -139,7 +139,7 @@
}
}
- $tz = ($_POST['timezone'] !== '') ? $_POST['timezone'] : trim($_POST['other_timezone']);
+ $tz = ($_POST['timezone'] !== '') ? $_POST['timezone'] : tuq($_POST['other_timezone']);
if ($tz !== '') {
if (! is_file("/usr/share/zoneinfo/$tz")) {
return(103);
@@ -184,28 +184,28 @@
if ($_POST['ip_type'] === 'dhcp') {
$value = 'EXTIP=""';
} else {
- $value = 'EXTIP="'.trim($_POST['static_ip']).'"';
+ $value = 'EXTIP="'.tuq($_POST['static_ip']).'"';
}
fwrite($fp, "### External Static IPv4\n".$value."\n");
if ($_POST['ip_type'] === 'dhcp') {
$value = 'EXTNM=""';
} else {
- $value = 'EXTNM="'.trim($_POST['mask_ip']).'"';
+ $value = 'EXTNM="'.tuq($_POST['mask_ip']).'"';
}
fwrite($fp, "### External Static IPv4 NetMask\n".$value."\n");
if ($_POST['ip_type'] === 'dhcp') {
$value = 'EXTGW=""';
} else {
- $value = 'EXTGW="'.trim($_POST['gateway_ip']).'"';
+ $value = 'EXTGW="'.tuq($_POST['gateway_ip']).'"';
}
fwrite($fp, "### External Static IPv4 Gateway\n".$value."\n");
if ($_POST['ip_type'] === 'dhcp') {
$value = 'EXTIPV6=""';
} else {
- $value = trim($_POST['static_ipv6']);
+ $value = tuq($_POST['static_ipv6']);
if ($value !== '' && strpos($value, '/') === FALSE) {
$value="$value/64";
}
@@ -216,7 +216,7 @@
if ($_POST['ip_type'] === 'dhcp') {
$value = 'EXTGWIPV6=""';
} else {
- $value = trim($_POST['gateway_ipv6']);
+ $value = tuq($_POST['gateway_ipv6']);
if (($pos = strpos($value, '/')) !== FALSE) {
$value=substr($value, 0, $pos);
}
@@ -224,25 +224,25 @@
}
fwrite($fp, "### External Static IPv6 Gateway\n".$value."\n");
- $value = 'PPPOEUSER="'.trim($_POST['user_pppoe']).'"';
+ $value = 'PPPOEUSER="'.tuq($_POST['user_pppoe']).'"';
fwrite($fp, "### PPPoE Username\n".$value."\n");
$value = 'PPPOEPASS="'.string2RCconfig(trim($_POST['pass_pppoe'])).'"';
fwrite($fp, "### PPPoE Password\n".$value."\n");
- $value = 'HOSTNAME="'.trim($_POST['hostname']).'"';
+ $value = 'HOSTNAME="'.tuq($_POST['hostname']).'"';
fwrite($fp, "### Hostname\n".$value."\n");
- $value = 'DOMAIN="'.trim($_POST['domain']).'"';
+ $value = 'DOMAIN="'.tuq($_POST['domain']).'"';
fwrite($fp, "### Domain\n".$value."\n");
$value = isset($_POST['local_domain']) ? 'LOCALDNS_LOCAL_DOMAIN="yes"' : 'LOCALDNS_LOCAL_DOMAIN="no"';
fwrite($fp, "### Local Domain\n".$value."\n");
- $value = 'DNS="'.trim($_POST['dns']).'"';
+ $value = 'DNS="'.tuq($_POST['dns']).'"';
fwrite($fp, "### DNS Servers\n".$value."\n");
- $value = 'VLANS="'.trim($_POST['vlans']).'"';
+ $value = 'VLANS="'.tuq($_POST['vlans']).'"';
fwrite($fp, "### VLAN Interfaces\n".$value."\n");
$value = isset($_POST['vlan_cos']) ? 'VLANCOS="yes"' : 'VLANCOS=""';
@@ -251,13 +251,13 @@
$value = 'INTIF="'.$_POST['int_eth'].'"';
fwrite($fp, "### 1st LAN Interface\n".$value."\n");
- $value = 'INTIP="'.trim($_POST['int_ip']).'"';
+ $value = 'INTIP="'.tuq($_POST['int_ip']).'"';
fwrite($fp, "### 1st LAN IPv4\n".$value."\n");
- $value = 'INTNM="'.trim($_POST['int_mask_ip']).'"';
+ $value = 'INTNM="'.tuq($_POST['int_mask_ip']).'"';
fwrite($fp, "### 1st LAN NetMask\n".$value."\n");
- $value = trim($_POST['int_ipv6']);
+ $value = tuq($_POST['int_ipv6']);
if ($value !== '' && strpos($value, '/') === FALSE) {
$value="$value/64";
}
@@ -267,13 +267,13 @@
$value = 'INT2IF="'.$_POST['int2_eth'].'"';
fwrite($fp, "### 2nd LAN Interface\n".$value."\n");
- $value = 'INT2IP="'.trim($_POST['int2_ip']).'"';
+ $value = 'INT2IP="'.tuq($_POST['int2_ip']).'"';
fwrite($fp, "### 2nd LAN IPv4\n".$value."\n");
- $value = 'INT2NM="'.trim($_POST['int2_mask_ip']).'"';
+ $value = 'INT2NM="'.tuq($_POST['int2_mask_ip']).'"';
fwrite($fp, "### 2nd LAN NetMask\n".$value."\n");
- $value = trim($_POST['int2_ipv6']);
+ $value = tuq($_POST['int2_ipv6']);
if ($value !== '' && strpos($value, '/') === FALSE) {
$value="$value/64";
}
@@ -283,13 +283,13 @@
$value = 'INT3IF="'.$_POST['int3_eth'].'"';
fwrite($fp, "### 3rd LAN Interface\n".$value."\n");
- $value = 'INT3IP="'.trim($_POST['int3_ip']).'"';
+ $value = 'INT3IP="'.tuq($_POST['int3_ip']).'"';
fwrite($fp, "### 3rd LAN IPv4\n".$value."\n");
- $value = 'INT3NM="'.trim($_POST['int3_mask_ip']).'"';
+ $value = 'INT3NM="'.tuq($_POST['int3_mask_ip']).'"';
fwrite($fp, "### 3rd LAN NetMask\n".$value."\n");
- $value = trim($_POST['int3_ipv6']);
+ $value = tuq($_POST['int3_ipv6']);
if ($value !== '' && strpos($value, '/') === FALSE) {
$value="$value/64";
}
@@ -299,13 +299,13 @@
$value = 'DMZIF="'.$_POST['dmz_eth'].'"';
fwrite($fp, "### DMZ Interface\n".$value."\n");
- $value = 'DMZIP="'.trim($_POST['dmz_ip']).'"';
+ $value = 'DMZIP="'.tuq($_POST['dmz_ip']).'"';
fwrite($fp, "### DMZ IPv4\n".$value."\n");
- $value = 'DMZNM="'.trim($_POST['dmz_mask_ip']).'"';
+ $value = 'DMZNM="'.tuq($_POST['dmz_mask_ip']).'"';
fwrite($fp, "### DMZ NetMask\n".$value."\n");
- $value = trim($_POST['dmz_ipv6']);
+ $value = tuq($_POST['dmz_ipv6']);
if ($value !== '' && strpos($value, '/') === FALSE) {
$value="$value/64";
}
@@ -327,7 +327,7 @@
$value = 'NTPSERVS="us.pool.ntp.org"';
if (isset($_POST['other_ntp_server'], $_POST['ntp_server'])) {
- $t_value = trim($_POST['other_ntp_server']);
+ $t_value = tuq($_POST['other_ntp_server']);
if ($_POST['ntp_server'] !== '') {
if ($t_value !== '') {
$value = 'NTPSERVS="'.$_POST['ntp_server'].' '.$t_value.'"';
@@ -343,20 +343,20 @@
if ($_POST['timezone'] !== '') {
$value = 'TIMEZONE="'.$_POST['timezone'].'"';
} else {
- $value = 'TIMEZONE="'.trim($_POST['other_timezone']).'"';
+ $value = 'TIMEZONE="'.tuq($_POST['other_timezone']).'"';
}
fwrite($fp, "### UNIX Timezone\n".$value."\n");
- $value = 'SMTP_SERVER="'.trim($_POST['smtp_server']).'"';
+ $value = 'SMTP_SERVER="'.tuq($_POST['smtp_server']).'"';
fwrite($fp, "### SMTP Server\n".$value."\n");
- $value = 'SMTP_DOMAIN="'.trim($_POST['smtp_domain']).'"';
+ $value = 'SMTP_DOMAIN="'.tuq($_POST['smtp_domain']).'"';
fwrite($fp, "### SMTP Domain\n".$value."\n");
$value = 'SMTP_AUTH="'.$_POST['smtp_auth'].'"';
fwrite($fp, "### SMTP Authentication Type\n".$value."\n");
- $value = 'SMTP_PORT="'.trim($_POST['smtp_port']).'"';
+ $value = 'SMTP_PORT="'.tuq($_POST['smtp_port']).'"';
fwrite($fp, "### SMTP TCP Port\n".$value."\n");
fwrite($fp, "### SMTP TLS\n");
@@ -379,13 +379,13 @@
$value = 'SMTP_CERTCHECK="'.$_POST['smtp_certcheck'].'"';
fwrite($fp, $value."\n");
if ($_POST['smtp_certcheck'] === 'on') {
- $value = 'SMTP_CA="'.trim($_POST['smtp_ca_cert']).'"';
+ $value = 'SMTP_CA="'.tuq($_POST['smtp_ca_cert']).'"';
} else {
$value = 'SMTP_CA=""';
}
fwrite($fp, $value."\n");
- $value = 'SMTP_USER="'.trim($_POST['smtp_user']).'"';
+ $value = 'SMTP_USER="'.tuq($_POST['smtp_user']).'"';
fwrite($fp, "### SMTP Auth Username\n".$value."\n");
$value = 'SMTP_PASS="'.string2RCconfig(trim($_POST['smtp_pass'])).'"';
@@ -427,7 +427,7 @@
$value = 'UPNP_LISTEN="'.trim($x_value).'"';
fwrite($fp, "### UPnP Listen Interfaces\n".$value."\n");
- $value = 'HTTPDIR="'.trim($_POST['http_dir']).'"';
+ $value = 'HTTPDIR="'.tuq($_POST['http_dir']).'"';
fwrite($fp, "### HTTP Server Directory\n".$value."\n");
$value = isset($_POST['http_cgi']) ? 'HTTPCGI="yes"' : 'HTTPCGI="no"';
@@ -439,7 +439,7 @@
$value = isset($_POST['http_accesslog']) ? 'HTTP_ACCESSLOG="yes"' : 'HTTP_ACCESSLOG="no"';
fwrite($fp, "### HTTP access logging\n".$value."\n");
- $value = 'HTTPSDIR="'.trim($_POST['https_dir']).'"';
+ $value = 'HTTPSDIR="'.tuq($_POST['https_dir']).'"';
fwrite($fp, "### HTTPS Server Directory\n".$value."\n");
$value = isset($_POST['https_cgi']) ? 'HTTPSCGI="yes"' : 'HTTPSCGI="no"';
@@ -451,7 +451,7 @@
$value = isset($_POST['https_accesslog']) ? 'HTTPS_ACCESSLOG="yes"' : 'HTTPS_ACCESSLOG="no"';
fwrite($fp, "### HTTPS access logging\n".$value."\n");
- $value = 'HTTPSCERT="'.trim($_POST['https_cert']).'"';
+ $value = 'HTTPSCERT="'.tuq($_POST['https_cert']).'"';
if (isset($_POST['create_cert']) && is_opensslHERE()) {
if (($countryName = getPREFdef($global_prefs, 'dn_country_name_cmdstr')) === '') {
$countryName = 'US';
@@ -470,7 +470,7 @@
if (($orgUnit = getPREFdef($global_prefs, 'dn_org_unit_cmdstr')) === '') {
$orgUnit = 'Web Interface';
}
- if (($commonName = trim($_POST['hostname'])) === '') {
+ if (($commonName = tuq($_POST['hostname'])) === '') {
$commonName = '*';
}
if (($email = getPREFdef($global_prefs, 'dn_email_address_cmdstr')) === '') {
@@ -483,7 +483,7 @@
}
fwrite($fp, "### HTTPS Certificate File\n".$value."\n");
- $value = 'PHONEPROV_ALLOW="'.trim($_POST['phoneprov_allow']).'"';
+ $value = 'PHONEPROV_ALLOW="'.tuq($_POST['phoneprov_allow']).'"';
fwrite($fp, "### /phoneprov/ Allowed IPs\n".$value."\n");
$x_value = '';
@@ -520,18 +520,18 @@
if ($_POST['dd_service'] !== '') {
$value = 'DDSERVICE="'.$_POST['dd_service'].'"';
} else {
- $value = 'DDSERVICE="'.trim($_POST['other_dd_service']).'"';
+ $value = 'DDSERVICE="'.tuq($_POST['other_dd_service']).'"';
}
fwrite($fp, $value."\n");
if ($_POST['dd_getip'] !== '') {
$value = 'DDGETIP="'.$_POST['dd_getip'].'"';
} else {
- $value = 'DDGETIP="'.trim($_POST['other_dd_getip']).'"';
+ $value = 'DDGETIP="'.tuq($_POST['other_dd_getip']).'"';
}
fwrite($fp, $value."\n");
- $value = 'DDHOST="'.trim($_POST['dd_host']).'"';
+ $value = 'DDHOST="'.tuq($_POST['dd_host']).'"';
fwrite($fp, $value."\n");
- $value = 'DDUSER="'.trim($_POST['dd_user']).'"';
+ $value = 'DDUSER="'.tuq($_POST['dd_user']).'"';
fwrite($fp, $value."\n");
$value = 'DDPASS="'.string2RCconfig(trim($_POST['dd_pass'])).'"';
fwrite($fp, $value."\n");
@@ -539,13 +539,13 @@
fwrite($fp, "### Safe Asterisk - SIP Monitoring\n");
$value = 'SAFE_ASTERISK="'.$_POST['safe_asterisk'].'"';
fwrite($fp, $value."\n");
- $value = 'SAFE_ASTERISK_NOTIFY="'.trim($_POST['safe_asterisk_notify']).'"';
+ $value = 'SAFE_ASTERISK_NOTIFY="'.tuq($_POST['safe_asterisk_notify']).'"';
fwrite($fp, $value."\n");
- $value = 'SAFE_ASTERISK_NOTIFY_FROM="'.trim($_POST['safe_asterisk_notify_from']).'"';
+ $value = 'SAFE_ASTERISK_NOTIFY_FROM="'.tuq($_POST['safe_asterisk_notify_from']).'"';
fwrite($fp, $value."\n");
- $value = 'MONITOR_ASTERISK_SIP_TRUNKS="'.trim($_POST['monitor_sip_trunks']).'"';
+ $value = 'MONITOR_ASTERISK_SIP_TRUNKS="'.tuq($_POST['monitor_sip_trunks']).'"';
fwrite($fp, $value."\n");
- $value = 'MONITOR_ASTERISK_SIP_PEERS="'.trim($_POST['monitor_sip_peers']).'"';
+ $value = 'MONITOR_ASTERISK_SIP_PEERS="'.tuq($_POST['monitor_sip_peers']).'"';
fwrite($fp, $value."\n");
$value = 'MONITOR_ASTERISK_SIP_STATUS_UPDATES="'.$_POST['monitor_status_updates'].'"';
fwrite($fp, $value."\n");
@@ -559,7 +559,7 @@
if ($_POST['ups_type'] === 'usb') {
$value = 'UPSDEVICE=""';
} else {
- $value = 'UPSDEVICE="'.trim($_POST['ups_device']).'"';
+ $value = 'UPSDEVICE="'.tuq($_POST['ups_device']).'"';
}
fwrite($fp, $value."\n");
} else {
@@ -570,9 +570,9 @@
$value = 'UPSDEVICE=""';
fwrite($fp, $value."\n");
}
- $value = 'UPS_NOTIFY="'.trim($_POST['ups_notify']).'"';
+ $value = 'UPS_NOTIFY="'.tuq($_POST['ups_notify']).'"';
fwrite($fp, $value."\n");
- $value = 'UPS_NOTIFY_FROM="'.trim($_POST['ups_notify_from']).'"';
+ $value = 'UPS_NOTIFY_FROM="'.tuq($_POST['ups_notify_from']).'"';
fwrite($fp, $value."\n");
$value = 'UPS_KILL_POWER="'.$_POST['ups_kill_power'].'"';
fwrite($fp, $value."\n");
Modified: branches/1.0/package/webinterface/altweb/admin/openvpn.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/openvpn.php 2013-03-17 21:15:47 UTC (rev 6000)
+++ branches/1.0/package/webinterface/altweb/admin/openvpn.php 2013-03-18 23:20:53 UTC (rev 6001)
@@ -166,7 +166,7 @@
$value = 'OVPN_DEV="'.$_POST['device'].'"';
fwrite($fp, "### Device\n".$value."\n");
- $value = 'OVPN_PORT="'.trim($_POST['port']).'"';
+ $value = 'OVPN_PORT="'.tuq($_POST['port']).'"';
fwrite($fp, "### Port Number\n".$value."\n");
$value = 'OVPN_PROTOCOL="'.$_POST['protocol'].'"';
@@ -187,16 +187,16 @@
$value = 'OVPN_AUTH="'.$_POST['auth_hmac'].'"';
fwrite($fp, "### Auth HMAC\n".$value."\n");
- $value = 'OVPN_TUNNEL_HOSTS="'.trim($_POST['tunnel_external_hosts']).'"';
+ $value = 'OVPN_TUNNEL_HOSTS="'.tuq($_POST['tunnel_external_hosts']).'"';
fwrite($fp, "### Allowed External Hosts\n".$value."\n");
- $value = 'OVPN_HOSTNAME="'.trim($_POST['server_hostname']).'"';
+ $value = 'OVPN_HOSTNAME="'.tuq($_POST['server_hostname']).'"';
fwrite($fp, "### Server Hostname\n".$value."\n");
- $value = 'OVPN_SERVER="'.trim($_POST['server']).'"';
+ $value = 'OVPN_SERVER="'.tuq($_POST['server']).'"';
fwrite($fp, "### Server IPv4 Network\n".$value."\n");
- $value = 'OVPN_SERVERV6="'.trim($_POST['serverv6']).'"';
+ $value = 'OVPN_SERVERV6="'.tuq($_POST['serverv6']).'"';
fwrite($fp, "### Server IPv6 Network\n".$value."\n");
$value = 'OVPN_TOPOLOGY="'.$_POST['topology'].'"';
@@ -204,7 +204,7 @@
$value = 'OVPN_PUSH="';
fwrite($fp, "### Server Push\n".$value."\n");
- $value = stripslashes($_POST['push']);
+ $value = stripshellsafe($_POST['push']);
$value = str_replace(chr(13), '', $value);
if (($value = trim($value, chr(10))) !== '') {
fwrite($fp, $value."\n");
@@ -213,7 +213,7 @@
$value = 'OVPN_OTHER="';
fwrite($fp, "### Raw Commands\n".$value."\n");
- $value = stripslashes($_POST['other']);
+ $value = stripshellsafe($_POST['other']);
$value = str_replace(chr(13), '', $value);
if (($value = trim($value, chr(10))) !== '') {
fwrite($fp, $value."\n");
@@ -259,20 +259,20 @@
}
} else {
$base = '/mnt/kd/openvpn/easy-rsa/keys';
- $value = isset($_POST['ca']) ? trim($_POST['ca']) : $base.'/ca.crt';
+ $value = isset($_POST['ca']) ? tuq($_POST['ca']) : $base.'/ca.crt';
$value = 'OVPN_CA="'.$value.'"';
fwrite($fp, "### CA File\n".$value."\n");
- $value = isset($_POST['cert']) ? trim($_POST['cert']) : $base.'/server.crt';
+ $value = isset($_POST['cert']) ? tuq($_POST['cert']) : $base.'/server.crt';
$value = 'OVPN_CERT="'.$value.'"';
fwrite($fp, "### CERT File\n".$value."\n");
- $value = isset($_POST['key']) ? trim($_POST['key']) : $base.'/server.key';
+ $value = isset($_POST['key']) ? tuq($_POST['key']) : $base.'/server.key';
$value = 'OVPN_KEY="'.$value.'"';
fwrite($fp, "### Key File\n".$value."\n");
- $value = isset($_POST['dh']) ? trim($_POST['dh']) : $base.'/dh1024.pem';
+ $value = isset($_POST['dh']) ? tuq($_POST['dh']) : $base.'/dh1024.pem';
$value = 'OVPN_DH="'.$value.'"';
fwrite($fp, "### DH File\n".$value."\n");
if ($_POST['tls_auth'] === 'yes') {
- $value = isset($_POST['ta']) ? trim($_POST['ta']) : $base.'/ta.key';
+ $value = isset($_POST['ta']) ? tuq($_POST['ta']) : $base.'/ta.key';
$value = 'OVPN_TA="'.$value.'"';
} else {
$value = 'OVPN_TA=""';
@@ -433,7 +433,7 @@
$result = 2;
}
} elseif (isset($_POST['submit_new_client'])) {
- if (($value = trim($_POST['new_client'])) !== '') {
+ if (($value = tuq($_POST['new_client'])) !== '') {
if (preg_match('/^[a-zA-Z0-9][a-zA-Z0-9._-]*$/', $value)) {
if ($value !== 'ta' &&
! is_file($openssl['key_dir'].'/'.$value.'.crt') &&
Modified: branches/1.0/package/webinterface/altweb/admin/openvpnclient.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/openvpnclient.php 2013-03-17 21:15:47 UTC (rev 6000)
+++ branches/1.0/package/webinterface/altweb/admin/openvpnclient.php 2013-03-18 23:20:53 UTC (rev 6001)
@@ -101,7 +101,7 @@
$value = 'OVPNC_DEV="'.$_POST['device'].'"';
fwrite($fp, "### Device\n".$value."\n");
- $value = 'OVPNC_PORT="'.trim($_POST['port']).'"';
+ $value = 'OVPNC_PORT="'.tuq($_POST['port']).'"';
fwrite($fp, "### Port Number\n".$value."\n");
$value = 'OVPNC_PROTOCOL="'.$_POST['protocol'].'"';
@@ -122,8 +122,8 @@
$value = 'OVPNC_AUTH="'.$_POST['auth_hmac'].'"';
fwrite($fp, "### Auth HMAC\n".$value."\n");
- if ($_POST['auth_method'] === 'yes' && trim($_POST['auth_user']) !== '' && trim($_POST['auth_pass']) !== '') {
- $value = 'OVPNC_USER_PASS="'.trim($_POST['auth_user']).' '.string2RCconfig(trim($_POST['auth_pass'])).'"';
+ if ($_POST['auth_method'] === 'yes' && tuq($_POST['auth_user']) !== '' && trim($_POST['auth_pass']) !== '') {
+ $value = 'OVPNC_USER_PASS="'.tuq($_POST['auth_user']).' '.string2RCconfig(trim($_POST['auth_pass'])).'"';
} else {
$value = 'OVPNC_USER_PASS=""';
}
@@ -132,15 +132,15 @@
$value = 'OVPNC_NSCERTTYPE="'.$_POST['nscerttype'].'"';
fwrite($fp, "### nsCertType\n".$value."\n");
- $value = 'OVPNC_REMOTE="'.trim($_POST['remote']).'"';
+ $value = 'OVPNC_REMOTE="'.tuq($_POST['remote']).'"';
fwrite($fp, "### Server Network\n".$value."\n");
- $value = 'OVPNC_SERVER="'.trim($_POST['server']).'"';
+ $value = 'OVPNC_SERVER="'.tuq($_POST['server']).'"';
fwrite($fp, "### Server Network\n".$value."\n");
$value = 'OVPNC_OTHER="';
fwrite($fp, "### Raw Commands\n".$value."\n");
- $value = stripslashes($_POST['other']);
+ $value = stripshellsafe($_POST['other']);
$value = str_replace(chr(13), '', $value);
if (($value = trim($value, chr(10))) !== '') {
fwrite($fp, $value."\n");
Modified: branches/1.0/package/webinterface/altweb/admin/openvpnuserpass.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/openvpnuserpass.php 2013-03-17 21:15:47 UTC (rev 6000)
+++ branches/1.0/package/webinterface/altweb/admin/openvpnuserpass.php 2013-03-18 23:20:53 UTC (rev 6001)
@@ -89,8 +89,8 @@
//
function addUserPass(&$db, $id) {
- $user = str_replace(' ', '', $_POST['user']);
- $pass = str_replace(' ', '', stripslashes($_POST['pass']));
+ $user = str_replace(' ', '', stripshellsafe($_POST['user']));
+ $pass = str_replace(' ', '', stripshellsafe($_POST['pass']));
if ($user === '') {
return(FALSE);
@@ -120,7 +120,7 @@
$n = count($db['data']);
$id = $n;
for ($i = 0; $i < $n; $i++) {
- if ($db['data'][$i]['user'] === str_replace(' ', '', $_POST['user'])) {
+ if ($db['data'][$i]['user'] === str_replace(' ', '', stripshellsafe($_POST['user']))) {
$id = $i;
break;
}
Modified: branches/1.0/package/webinterface/altweb/admin/pptp.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/pptp.php 2013-03-17 21:15:47 UTC (rev 6000)
+++ branches/1.0/package/webinterface/altweb/admin/pptp.php 2013-03-18 23:20:53 UTC (rev 6001)
@@ -128,9 +128,9 @@
fwrite($fp, '"'."\n");
$pool = $_POST['pool_num'];
- if (($value = str_replace(' ', '', $_POST['pool_remote'])) !== '') {
+ if (($value = str_replace(' ', '', tuq($_POST['pool_remote']))) !== '') {
$pool .= ' '.$value;
- if (($value = str_replace(' ', '', $_POST['pool_server'])) !== '') {
+ if (($value = str_replace(' ', '', tuq($_POST['pool_server']))) !== '') {
$pool .= ' '.$value;
} else {
$pool = '';
@@ -142,7 +142,7 @@
fwrite($fp, "### PPTP Address Pool\n".$value."\n");
if ($pool !== '') {
- $value = 'PPTP_SUBNET="'.str_replace(' ', '', $_POST['subnet']).'"';
+ $value = 'PPTP_SUBNET="'.str_replace(' ', '', tuq($_POST['subnet'])).'"';
} else {
$value = 'PPTP_SUBNET=""';
}
@@ -151,19 +151,19 @@
$value = 'PPTP_VERBOSITY="'.$_POST['verbosity'].'"';
fwrite($fp, "### Log Verbosity\n".$value."\n");
- $value = 'PPTP_DNS="'.trim($_POST['dns']).'"';
+ $value = 'PPTP_DNS="'.tuq($_POST['dns']).'"';
fwrite($fp, "### MS DNS\n".$value."\n");
- $value = 'PPTP_WINS="'.trim($_POST['wins']).'"';
+ $value = 'PPTP_WINS="'.tuq($_POST['wins']).'"';
fwrite($fp, "### MS WINS\n".$value."\n");
- $value = 'PPTP_TUNNEL_EXTERNAL_HOSTS="'.trim($_POST['tunnel_external_hosts']).'"';
+ $value = 'PPTP_TUNNEL_EXTERNAL_HOSTS="'.tuq($_POST['tunnel_external_hosts']).'"';
fwrite($fp, "### Allow External Hosts for Tunnel\n".$value."\n");
- $value = 'PPTP_ALLOW_HOSTS="'.trim($_POST['allow_hosts']).'"';
+ $value = 'PPTP_ALLOW_HOSTS="'.tuq($_POST['allow_hosts']).'"';
fwrite($fp, "### Allow Hosts\n".$value."\n");
- $value = 'PPTP_DENY_HOSTS="'.trim($_POST['deny_hosts']).'"';
+ $value = 'PPTP_DENY_HOSTS="'.tuq($_POST['deny_hosts']).'"';
fwrite($fp, "### Deny Hosts\n".$value."\n");
$value = 'PPTP_DENY_LOG="'.$_POST['deny_log'].'"';
@@ -179,8 +179,8 @@
//
function addUserPass(&$db, $id) {
- $user = str_replace(' ', '', $_POST['user']);
- $pass = str_replace(' ', '', stripslashes($_POST['pass']));
+ $user = str_replace(' ', '', stripshellsafe($_POST['user']));
+ $pass = str_replace(' ', '', stripshellsafe($_POST['pass']));
if ($user === '') {
return(FALSE);
@@ -210,7 +210,7 @@
$n = count($db['data']);
$id = $n;
for ($i = 0; $i < $n; $i++) {
- if ($db['data'][$i]['user'] === str_replace(' ', '', $_POST['user'])) {
+ if ($db['data'][$i]['user'] === str_replace(' ', '', stripshellsafe($_POST['user']))) {
$id = $i;
break;
}
Modified: branches/1.0/package/webinterface/altweb/admin/prefs.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/prefs.php 2013-03-17 21:15:47 UTC (rev 6000)
+++ branches/1.0/package/webinterface/altweb/admin/prefs.php 2013-03-18 23:20:53 UTC (rev 6001)
@@ -104,11 +104,11 @@
$value = 'status_custom_asterisk_status = yes';
fwrite($fp, $value."\n");
}
- if (($value = trim($_POST['asterisk_name'])) !== '') {
+ if (($value = tuqp($_POST['asterisk_name'])) !== '') {
$value = 'status_custom_asterisk_name_cmdstr = "'.$value.'"';
fwrite($fp, $value."\n");
}
- if (($value = trim($_POST['asterisk_cmd'])) !== '') {
+ if (($value = tuqp($_POST['asterisk_cmd'])) !== '') {
$value = 'status_custom_asterisk_cmdstr = "'.$value.'"';
fwrite($fp, $value."\n");
}
@@ -124,11 +124,11 @@
$value = 'status_show_firewall_states = yes';
fwrite($fp, $value."\n");
}
- if (($value = trim($_POST['firewall_sports'])) !== '') {
+ if (($value = tuqp($_POST['firewall_sports'])) !== '') {
$value = 'status_firewall_sports_cmdstr = "'.$value.'"';
fwrite($fp, $value."\n");
}
- if (($value = trim($_POST['firewall_dports'])) !== '') {
+ if (($value = tuqp($_POST['firewall_dports'])) !== '') {
$value = 'status_firewall_dports_cmdstr = "'.$value.'"';
fwrite($fp, $value."\n");
}
@@ -144,7 +144,7 @@
$value = 'status_show_system_logs = no';
fwrite($fp, $value."\n");
}
- if (($value = trim($_POST['exclude_logs'])) !== '') {
+ if (($value = tuqp($_POST['exclude_logs'])) !== '') {
$value = 'status_exclude_logs_cmdstr = "'.$value.'"';
fwrite($fp, $value."\n");
}
@@ -169,37 +169,37 @@
$value = 'status_asterisk_manager = no';
fwrite($fp, $value."\n");
}
- $value = 'status_active_chan_cmdstr = "'.trim($_POST['active_cmd']).'"';
+ $value = 'status_active_chan_cmdstr = "'.tuqp($_POST['active_cmd']).'"';
fwrite($fp, $value."\n");
- $value = 'status_voicemail_users_cmdstr = "'.trim($_POST['voicemail_cmd']).'"';
+ $value = 'status_voicemail_users_cmdstr = "'.tuqp($_POST['voicemail_cmd']).'"';
fwrite($fp, $value."\n");
- $value = 'status_dahdi_status_cmdstr = "'.trim($_POST['dahdi_cmd']).'"';
+ $value = 'status_dahdi_status_cmdstr = "'.tuqp($_POST['dahdi_cmd']).'"';
fwrite($fp, $value."\n");
- $value = 'status_jabber_status_cmdstr = "'.trim($_POST['jabber_cmd']).'"';
+ $value = 'status_jabber_status_cmdstr = "'.tuqp($_POST['jabber_cmd']).'"';
fwrite($fp, $value."\n");
- $value = 'sysdial_ext_prefix_cmdstr = "'.trim($_POST['ext_prefix']).'"';
+ $value = 'sysdial_ext_prefix_cmdstr = "'.tuqp($_POST['ext_prefix']).'"';
fwrite($fp, $value."\n");
$value = 'sysdial_ext_digits_cmdstr = "'.$_POST['ext_digits'].'"';
fwrite($fp, $value."\n");
- $value = 'number_format_cmdstr = "'.trim($_POST['num_format']).'"';
+ $value = 'number_format_cmdstr = "'.tuqp($_POST['num_format']).'"';
fwrite($fp, $value."\n");
- $value = 'number_error_cmdstr = "'.trim($_POST['num_error']).'"';
+ $value = 'number_error_cmdstr = "'.tuqp($_POST['num_error']).'"';
fwrite($fp, $value."\n");
- $value = 'blacklist_action_menu_cmdstr = "'.trim($_POST['blacklist_menu']).'"';
+ $value = 'blacklist_action_menu_cmdstr = "'.tuqp($_POST['blacklist_menu']).'"';
fwrite($fp, $value."\n");
- $value = 'whitelist_action_menu_cmdstr = "'.trim($_POST['whitelist_menu']).'"';
+ $value = 'whitelist_action_menu_cmdstr = "'.tuqp($_POST['whitelist_menu']).'"';
fwrite($fp, $value."\n");
- $value = 'actionlist_format_cmdstr = "'.trim($_POST['actionlist_key_format']).'"';
+ $value = 'actionlist_format_cmdstr = "'.tuqp($_POST['actionlist_key_format']).'"';
fwrite($fp, $value."\n");
- $value = 'actionlist_error_cmdstr = "'.trim($_POST['actionlist_key_error']).'"';
+ $value = 'actionlist_error_cmdstr = "'.tuqp($_POST['actionlist_key_error']).'"';
fwrite($fp, $value."\n");
- $value = 'actionlist_action_menu_cmdstr = "'.trim($_POST['actionlist_menu']).'"';
+ $value = 'actionlist_action_menu_cmdstr = "'.tuqp($_POST['actionlist_menu']).'"';
fwrite($fp, $value."\n");
- $value = trim($_POST['cidname_maxlen']);
+ $value = tuqp($_POST['cidname_maxlen']);
if ($value > 7 && $value != 15) {
$value = 'cidname_maxlen_cmdstr = "'.$value.'"';
fwrite($fp, $value."\n");
@@ -207,15 +207,15 @@
$value = 'followme_numbers_displayed = "'.$_POST['followme_maxnum'].'"';
fwrite($fp, $value."\n");
- if (($value = trim($_POST['followme_menu'])) !== '') {
+ if (($value = tuqp($_POST['followme_menu'])) !== '') {
$value = 'followme_schedule_menu_cmdstr = "'.$value.'"';
fwrite($fp, $value."\n");
}
- if (($value = trim($_POST['followme_number_context'])) !== '') {
+ if (($value = tuqp($_POST['followme_number_context'])) !== '') {
$value = 'followme_number_context_cmdstr = "'.$value.'"';
fwrite($fp, $value."\n");
}
- if (($value = trim($_POST['followme_music_class'])) !== '') {
+ if (($value = tuqp($_POST['followme_music_class'])) !== '') {
$value = 'followme_music_class_cmdstr = "'.$value.'"';
fwrite($fp, $value."\n");
}
@@ -224,7 +224,7 @@
fwrite($fp, $value."\n");
}
- if (($value = str_replace(' ', '', $_POST['meetme_redirect'])) !== '') {
+ if (($value = str_replace(' ', '', tuqp($_POST['meetme_redirect']))) !== '') {
$value = 'meetme_redirect_path_cmdstr = "'.$value.'"';
fwrite($fp, $value."\n");
}
@@ -235,7 +235,7 @@
$value = 'cdrlog_default_format = "'.$_POST['cdr_default'].'"';
fwrite($fp, $value."\n");
- $value = 'cdrlog_log_file_cmdstr = "'.trim($_POST['cdr_logfile']).'"';
+ $value = 'cdrlog_log_file_cmdstr = "'.tuqp($_POST['cdr_logfile']).'"';
fwrite($fp, $value."\n");
if (isset($_POST['cdr_databases'])) {
$value = 'cdrlog_databases_show = yes';
@@ -282,21 +282,21 @@
$value = 'users_voicemail_delete_vmdata = yes';
fwrite($fp, $value."\n");
}
- $value = 'users_voicemail_context_cmdstr = "'.trim($_POST['voicemail_context']).'"';
+ $value = 'users_voicemail_context_cmdstr = "'.tuqp($_POST['voicemail_context']).'"';
fwrite($fp, $value."\n");
- $value = 'users_voicemail_reload_cmdstr = "'.trim($_POST['voicemail_reload']).'"';
+ $value = 'users_voicemail_reload_cmdstr = "'.tuqp($_POST['voicemail_reload']).'"';
fwrite($fp, $value."\n");
if (isset($_POST['bak_files'])) {
$value = 'edit_keep_bak_files = yes';
fwrite($fp, $value."\n");
}
- $value = trim($_POST['text_cols']);
+ $value = tuqp($_POST['text_cols']);
if ($value > 79 && $value != 95 && $value < 161) {
$value = 'edit_text_cols_cmdstr = "'.$value.'"';
fwrite($fp, $value."\n");
}
- $value = trim($_POST['text_rows']);
+ $value = tuqp($_POST['text_rows']);
if ($value > 19 && $value != 30 && $value < 61) {
$value = 'edit_text_rows_cmdstr = "'.$value.'"';
fwrite($fp, $value."\n");
@@ -316,11 +316,11 @@
}
$value = 'system_reboot_timer_adjust = "'.$_POST['reboot_timer'].'"';
fwrite($fp, $value."\n");
- $value = 'system_asterisk_reload_cmdstr = "'.trim($_POST['asterisk_reload']).'"';
+ $value = 'system_asterisk_reload_cmdstr = "'.tuqp($_POST['asterisk_reload']).'"';
fwrite($fp, $value."\n");
- $value = 'system_firmware_repository_url = "'.trim($_POST['repository_url']).'"';
+ $value = 'system_firmware_repository_url = "'.tuqp($_POST['repository_url']).'"';
fwrite($fp, $value."\n");
- $value = 'system_asterisk_sounds_url = "'.trim($_POST['sounds_url']).'"';
+ $value = 'system_asterisk_sounds_url = "'.tuqp($_POST['sounds_url']).'"';
fwrite($fp, $value."\n");
if (($value = trim(preg_replace('/[^a-zA-Z]+/', '', $_POST['dn_country_name']))) !== '') {
@@ -355,17 +355,17 @@
fwrite($fp, $value."\n");
}
- $value = 'title_name_cmdstr = "'.trim($_POST['title_name']).'"';
+ $value = 'title_name_cmdstr = "'.tuqp($_POST['title_name']).'"';
fwrite($fp, $value."\n");
- if (($value = trim($_POST['external_url_link'])) !== '') {
+ if (($value = tuqp($_POST['external_url_link'])) !== '') {
$value = 'external_url_link_cmdstr = "'.$value.'"';
fwrite($fp, $value."\n");
}
- if (($value = trim($_POST['external_url_name'])) !== '') {
+ if (($value = tuqp($_POST['external_url_name'])) !== '') {
$value = 'external_url_name_cmdstr = "'.$value.'"';
fwrite($fp, $value."\n");
}
- if (($value = trim($_POST['external_cli_link'])) !== '') {
+ if (($value = tuqp($_POST['external_cli_link'])) !== '') {
$value = 'external_cli_link_cmdstr = "'.$value.'"';
fwrite($fp, $value."\n");
}
Modified: branches/1.0/package/webinterface/altweb/admin/siptlscert.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/siptlscert.php 2013-03-17 21:15:47 UTC (rev 6000)
+++ branches/1.0/package/webinterface/altweb/admin/siptlscert.php 2013-03-18 23:20:53 UTC (rev 6001)
@@ -101,7 +101,7 @@
$value = 'SIPTLSCERT_CERT_KEYSIZE="'.$_POST['key_size'].'"';
fwrite($fp, "### Private Key Size\n".$value."\n");
- $value = 'SIPTLSCERT_CERT_DNSNAME="'.str_replace(' ', '', $_POST['dns_name']).'"';
+ $value = 'SIPTLSCERT_CERT_DNSNAME="'.str_replace(' ', '', tuq($_POST['dns_name'])).'"';
fwrite($fp, "### Server Cert DNS Name\n".$value."\n");
fwrite($fp, "### gui.siptlscert.conf - end ###\n");
@@ -131,7 +131,7 @@
}
// Rebuild openssl.cnf template for new CA
$key_size = $_POST['key_size'];
- $dns_name = str_replace(' ', '', $_POST['dns_name']);
+ $dns_name = str_replace(' ', '', tuq($_POST['dns_name']));
if (($openssl = siptlscert_openssl($key_size, $dns_name)) !== FALSE) {
if (opensslCREATEselfCert($openssl)) {
if (opensslCREATEserverCert($openssl)) {
@@ -144,7 +144,7 @@
$result = 2;
}
// } elseif (isset($_POST['submit_new_client'])) {
-// if (($value = trim($_POST['new_client'])) !== '') {
+// if (($value = tuq($_POST['new_client'])) !== '') {
// if (preg_match('/^[a-zA-Z0-9][a-zA-Z0-9._-]*$/', $value)) {
// if (! is_file($openssl['key_dir'].'/'.$value.'.crt') &&
// ! is_file($openssl['key_dir'].'/'.$value.'.key')) {
Modified: branches/1.0/package/webinterface/altweb/admin/sysdial.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/sysdial.php 2013-03-17 21:15:47 UTC (rev 6000)
+++ branches/1.0/package/webinterface/altweb/admin/sysdial.php 2013-03-18 23:20:53 UTC (rev 6001)
@@ -44,8 +44,8 @@
if (! $global_staff) {
$result = 999;
} elseif (isset($_POST['submit_add'])) {
- $speeddial = trim($_POST['speeddial']);
- $speeddialname = trim($_POST['speeddialname']);
+ $speeddial = tuqd($_POST['speeddial']);
+ $speeddialname = tuqd($_POST['speeddialname']);
$ext_1x00 = (isset($_POST['ext_1x00'])) ? $_POST['ext_1x00'] : '';
$ext_11x0 = $_POST['ext_11x0'];
$ext_110x = $_POST['ext_110x'];
Modified: branches/1.0/package/webinterface/altweb/admin/system.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/system.php 2013-03-17 21:15:47 UTC (rev 6000)
+++ branches/1.0/package/webinterface/altweb/admin/system.php 2013-03-18 23:20:53 UTC (rev 6001)
@@ -139,10 +139,10 @@
$result = 999;
} elseif (isset($_POST['submit_password'])) {
if (isset($_POST['pass1'])) {
- $pass1 = trim($_POST['pass1']);
+ $pass1 = tuqd($_POST['pass1']);
}
if (isset($_POST['pass2'])) {
- $pass2 = trim($_POST['pass2']);
+ $pass2 = tuqd($_POST['pass2']);
}
if (($user = $_POST['user_pass']) !== '') {
$result = genHTpasswd($user, $pass1, $pass2, 3);
Modified: branches/1.0/package/webinterface/altweb/admin/testmail.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/testmail.php 2013-03-17 21:15:47 UTC (rev 6000)
+++ branches/1.0/package/webinterface/altweb/admin/testmail.php 2013-03-18 23:20:53 UTC (rev 6001)
@@ -55,8 +55,8 @@
if (! $global_admin) {
$result = 999;
} elseif (isset($_POST['submit_send_email'])) {
- $to = trim($_POST['to_email']);
- $from = trim($_POST['from_email']);
+ $to = tuqd($_POST['to_email']);
+ $from = tuqd($_POST['from_email']);
if ($to !== '') {
// Sanitize to and from
if (preg_match('/^[a-zA-Z0-9._@-]*$/', $to) && preg_match('/^[a-zA-Z0-9._@-]*$/', $from)) {
Modified: branches/1.0/package/webinterface/altweb/admin/users.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/users.php 2013-03-17 21:15:47 UTC (rev 6000)
+++ branches/1.0/package/webinterface/altweb/admin/users.php 2013-03-18 23:20:53 UTC (rev 6001)
@@ -140,14 +140,14 @@
if (! $global_staff) {
$result = 999;
} elseif (isset($_POST['submit_add'])) {
- $mailbox = trim($_POST['mailbox']);
- $password = trim($_POST['password']);
+ $mailbox = tuq($_POST['mailbox']);
+ $password = tuq($_POST['password']);
if (preg_match('/^[0-9][0-9]*$/', $mailbox)) {
if (preg_match('/^[-*0-9][*0-9]*$/', $password)) {
- $name = trim($_POST['name']);
- $email = trim($_POST['email']);
- $pager = trim($_POST['pager']);
- $options = trim($_POST['options']);
+ $name = tuq($_POST['name']);
+ $email = tuq($_POST['email']);
+ $pager = tuq($_POST['pager']);
+ $options = tuq($_POST['options']);
if (addVMmailbox($context, $mailbox, $password, $name, $email, $pager, $options, $VOICEMAILCONF) == 0) {
$result = 10;
} else {
Modified: branches/1.0/package/webinterface/altweb/admin/whitelist.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/whitelist.php 2013-03-17 21:15:47 UTC (rev 6000)
+++ branches/1.0/package/webinterface/altweb/admin/whitelist.php 2013-03-18 23:20:53 UTC (rev 6001)
@@ -63,11 +63,9 @@
if (! $global_staff) {
$result = 999;
} elseif (isset($_POST['submit_add'])) {
- $cidnum = trim($_POST['cidnum']);
+ $cidnum = tuqd($_POST['cidnum']);
$action = $_POST['action'];
- if (($comment = trim($_POST['comment'])) !== '') {
- $comment = str_replace('"', "'", stripslashes($comment));
- }
+ $comment = tuqd($_POST['comment']);
if (strlen($cidnum) > 0) {
if (($cmd = getPREFdef($global_prefs, 'number_format_cmdstr')) === '') {
$cmd = '^[2-9][0-9][0-9][2-9][0-9][0-9][0-9][0-9][0-9][0-9]$';
Modified: branches/1.0/package/webinterface/altweb/admin/xmpp.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/xmpp.php 2013-03-17 21:15:47 UTC (rev 6000)
+++ branches/1.0/package/webinterface/altweb/admin/xmpp.php 2013-03-18 23:20:53 UTC (rev 6001)
@@ -108,10 +108,10 @@
$value = 'XMPP_SYSLOG="'.$_POST['verbosity'].'"';
fwrite($fp, "### Log Syslog\n".$value."\n");
- $value = 'XMPP_C2S_PORT="'.trim($_POST['xmpp_c2s_port']).'"';
+ $value = 'XMPP_C2S_PORT="'.tuq($_POST['xmpp_c2s_port']).'"';
fwrite($fp, "### Client to Server TCP Port\n".$value."\n");
- $value = 'XMPP_S2S_PORT="'.trim($_POST['xmpp_s2s_port']).'"';
+ $value = 'XMPP_S2S_PORT="'.tuq($_POST['xmpp_s2s_port']).'"';
fwrite($fp, "### Server to Server TCP Port\n".$value."\n");
$value = 'XMPP_GROUPS="'.$_POST['xmpp_groups'].'"';
@@ -120,19 +120,19 @@
$value = 'XMPP_C2S_IDLE_TIMEOUT="'.$_POST['idle_timeout'].'"';
fwrite($fp, "### Dead Client Timeout\n".$value."\n");
- $value = 'XMPP_HOSTNAME="'.trim($_POST['xmpp_hostname']).'"';
+ $value = 'XMPP_HOSTNAME="'.tuq($_POST['xmpp_hostname']).'"';
fwrite($fp, "### XMPP VirtualHost\n".$value."\n");
- $value = 'XMPP_ADMIN_USERS="'.trim($_POST['xmpp_admin_users']).'"';
+ $value = 'XMPP_ADMIN_USERS="'.tuq($_POST['xmpp_admin_users']).'"';
fwrite($fp, "### Admin Users\n".$value."\n");
- $value = 'XMPP_ENABLE_MODULES="'.trim($_POST['xmpp_enable_modules']).'"';
+ $value = 'XMPP_ENABLE_MODULES="'.tuq($_POST['xmpp_enable_modules']).'"';
fwrite($fp, "### Enable Additional Modules\n".$value."\n");
- $value = 'XMPP_DISABLE_MODULES="'.trim($_POST['xmpp_disable_modules']).'"';
+ $value = 'XMPP_DISABLE_MODULES="'.tuq($_POST['xmpp_disable_modules']).'"';
fwrite($fp, "### Disable Default Modules\n".$value."\n");
- $value = 'XMPP_CONFERENCE="'.trim($_POST['xmpp_conference']).'"';
+ $value = 'XMPP_CONFERENCE="'.tuq($_POST['xmpp_conference']).'"';
fwrite($fp, "### Multi-User Chat Conference\n".$value."\n");
$value = 'XMPP_CERT=""';
@@ -151,8 +151,8 @@
//
function changeUserPass() {
- $user = str_replace(' ', '', $_POST['user']);
- $pass = str_replace(' ', '', stripslashes($_POST['pass']));
+ $user = str_replace(' ', '', stripshellsafe($_POST['user']));
+ $pass = str_replace(' ', '', stripshellsafe($_POST['pass']));
if ($user === '') {
return(FALSE);
@@ -173,8 +173,8 @@
//
function addUserPass() {
- $user = str_replace(' ', '', $_POST['user']);
- $pass = str_replace(' ', '', stripslashes($_POST['pass']));
+ $...
[truncated message content] |
