From 74c7fb8c7a84224ad20bc8cad734092b5a020577 Mon Sep 17 00:00:00 2001 From: billz Date: Fri, 20 Sep 2024 09:06:43 +0200 Subject: [PATCH] Apply escapeshellarg to OpenVPN auth + client configs --- includes/openvpn.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/includes/openvpn.php b/includes/openvpn.php index c26b9f42..2b59666b 100755 --- a/includes/openvpn.php +++ b/includes/openvpn.php @@ -62,7 +62,7 @@ function DisplayOpenVPNConfig() ftruncate($f, 0); fclose($f); } - } elseif (isset($_POST['log-openvpn']) || file_exists('/tmp/openvpn.log')) { + } elseif (isset($_POST['log-openvpn']) || filesize('/tmp/openvpn.log') >0) { $logEnable = 1; exec("sudo /etc/raspap/openvpn/openvpnlog.sh", $logOutput); $logOutput = file_get_contents('/tmp/openvpn.log'); @@ -127,7 +127,7 @@ function SaveOpenVPNConfig($status, $file, $authUser, $authPassword) $auth = $authUser .PHP_EOL . $authPassword .PHP_EOL; file_put_contents($tmp_authdata, $auth); chmod($tmp_authdata, 0644); - $client_auth = RASPI_OPENVPN_CLIENT_PATH.pathinfo($file['name'], PATHINFO_FILENAME).'_login.conf'; + $client_auth = escapeshellarg(RASPI_OPENVPN_CLIENT_PATH.pathinfo($file['name'], PATHINFO_FILENAME).'_login.conf'); system("sudo mv $tmp_authdata $client_auth", $return); system("sudo rm ".RASPI_OPENVPN_CLIENT_LOGIN, $return); system("sudo ln -s $client_auth ".RASPI_OPENVPN_CLIENT_LOGIN, $return); @@ -144,7 +144,7 @@ function SaveOpenVPNConfig($status, $file, $authUser, $authPassword) } // Move uploaded ovpn config from /tmp and create symlink - $client_ovpn = RASPI_OPENVPN_CLIENT_PATH.pathinfo($file['name'], PATHINFO_FILENAME).'_client.conf'; + $client_ovpn = escapeshellarg(RASPI_OPENVPN_CLIENT_PATH.pathinfo($file['name'], PATHINFO_FILENAME).'_client.conf'); chmod($tmp_ovpn, 0644); system("sudo mv $tmp_ovpn $client_ovpn", $return); system("sudo rm ".RASPI_OPENVPN_CLIENT_CONFIG, $return);