From cc6fa1d8d064eee0e557d74ab05ba2a2c840478e Mon Sep 17 00:00:00 2001 From: billz Date: Sun, 3 Sep 2023 09:44:43 +0200 Subject: [PATCH 1/5] Install iw package on Debian 12 --- installers/common.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/installers/common.sh b/installers/common.sh index 89cc0f26..ff759c05 100755 --- a/installers/common.sh +++ b/installers/common.sh @@ -227,8 +227,6 @@ function _install_dependencies() { fi if [ ${OS,,} = "debian" ] || [ ${OS,,} = "ubuntu" ]; then dhcpcd_package="dhcpcd5" - fi - if [ ${OS,,} = "ubuntu" ]; then iw_package="iw" fi From 5457855aa148eb7513c4169b1b805b41cfa43911 Mon Sep 17 00:00:00 2001 From: billz Date: Sun, 3 Sep 2023 09:46:50 +0200 Subject: [PATCH 2/5] Unambiguously typecast to expected datatype --- ajax/networking/get_frequencies.php | 1 + app/lib/system.php | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/ajax/networking/get_frequencies.php b/ajax/networking/get_frequencies.php index 7fb29990..28d5ecd2 100644 --- a/ajax/networking/get_frequencies.php +++ b/ajax/networking/get_frequencies.php @@ -9,6 +9,7 @@ if (isset($_POST['interface'])) { define( 'NL80211_BAND_24GHZ', 0x1 ); define( 'NL80211_BAND_5GHZ', 0x2 ); $iface = escapeshellcmd($_POST['interface']); + $flags = 0; // get physical device for selected interface exec("iw dev | awk '/$iface/ {print line}{line = $0}'", $return); diff --git a/app/lib/system.php b/app/lib/system.php index a0aeb51d..676c2201 100644 --- a/app/lib/system.php +++ b/app/lib/system.php @@ -49,7 +49,7 @@ class Sysinfo public function usedMemory() { $used = shell_exec("free -m | awk 'NR==2{ total=$2 ; used=$3 } END { print used/total*100}'"); - return floor($used); + return floor(intval($used)); } public function processorCount() From 55c0a49911a2c78a7f224025fbdcc71dad353a32 Mon Sep 17 00:00:00 2001 From: billz Date: Sun, 3 Sep 2023 09:47:51 +0200 Subject: [PATCH 3/5] Fix php warnings + general code cleanup --- includes/adblock.php | 7 ++++-- includes/functions.php | 7 +++--- includes/hostapd.php | 52 ++++++++++++++++++++++++++---------------- includes/openvpn.php | 2 +- 4 files changed, 42 insertions(+), 26 deletions(-) diff --git a/includes/adblock.php b/includes/adblock.php index c61c25f6..bf16bcb7 100755 --- a/includes/adblock.php +++ b/includes/adblock.php @@ -75,8 +75,11 @@ function DisplayAdBlockConfig() $dnsmasq_state = ($dnsmasq[0] > 0); $serviceStatus = $dnsmasq_state && $enabled ? "up" : "down"; - $adblock_custom_content = file_get_contents(RASPI_ADBLOCK_LISTPATH .'custom.txt'); - + if (file_exists(RASPI_ADBLOCK_LISTPATH .'custom.txt')) { + $adblock_custom_content = file_get_contents(RASPI_ADBLOCK_LISTPATH .'custom.txt'); + } else { + $adblock_custom_content = ''; + } $adblock_log = ''; exec('sudo chmod o+r '.RASPI_DHCPCD_LOG); $handle = fopen(RASPI_DHCPCD_LOG, "r"); diff --git a/includes/functions.php b/includes/functions.php index 7618eeb2..8f7d1111 100755 --- a/includes/functions.php +++ b/includes/functions.php @@ -58,7 +58,7 @@ function cidr2mask($cidr) $ipLong = ip2long($ip); $netmaskLong = bindec(str_pad(str_repeat('1', $prefixLength), 32, '0')); - $netmask = long2ip($netmaskLong); + $netmask = long2ip(intval($netmaskLong)); return $netmask; } @@ -430,8 +430,9 @@ function ParseConfig($arrConfig) continue; } - list($option, $value) = array_map("trim", explode("=", $line, 2)); - + if (strpos($line, "=") !== false) { + list($option, $value) = array_map("trim", explode("=", $line, 2)); + } if (empty($config[$option])) { $config[$option] = $value ?: true; } else { diff --git a/includes/hostapd.php b/includes/hostapd.php index 9e50d608..3dbbf6cf 100755 --- a/includes/hostapd.php +++ b/includes/hostapd.php @@ -40,22 +40,25 @@ function DisplayHostAPDConfig() exec($cmd, $txpower); $txpower = intval($txpower[0]); + if (isset($_POST['interface'])) { + $interface = escapeshellarg($_POST['interface']); + } if (!RASPI_MONITOR_ENABLED) { if (isset($_POST['SaveHostAPDSettings'])) { SaveHostAPDConfig($arrSecurity, $arrEncType, $arr80211Standard, $interfaces, $status); } } - $arrHostapdConf = parse_ini_file('/etc/raspap/hostapd.ini'); + $arrHostapdConf = parse_ini_file(RASPI_CONFIG.'/hostapd.ini'); if (!RASPI_MONITOR_ENABLED) { if (isset($_POST['StartHotspot']) || isset($_POST['RestartHotspot'])) { $status->addMessage('Attempting to start hotspot', 'info'); if ($arrHostapdConf['BridgedEnable'] == 1) { - exec('sudo /etc/raspap/hostapd/servicestart.sh --interface br0 --seconds 3', $return); + exec('sudo '.RASPI_CONFIG.'/hostapd/servicestart.sh --interface br0 --seconds 3', $return); } elseif ($arrHostapdConf['WifiAPEnable'] == 1) { - exec('sudo /etc/raspap/hostapd/servicestart.sh --interface uap0 --seconds 3', $return); + exec('sudo '.RASPI_CONFIG.'/hostapd/servicestart.sh --interface uap0 --seconds 3', $return); } else { - exec('sudo /etc/raspap/hostapd/servicestart.sh --seconds 3', $return); + exec('sudo '.RASPI_CONFIG.'/hostapd/servicestart.sh --seconds 3', $return); } foreach ($return as $line) { $status->addMessage($line, 'info'); @@ -69,9 +72,11 @@ function DisplayHostAPDConfig() } } exec('cat '. RASPI_HOSTAPD_CONFIG, $hostapdconfig); - exec('iwgetid '. escapeshellarg($_POST['interface']). ' -r', $wifiNetworkID); - if (!empty($wifiNetworkID[0])) { - $managedModeEnabled = true; + if (isset($interface)) { + exec('iwgetid '. $interface. ' -r', $wifiNetworkID); + if (!empty($wifiNetworkID[0])) { + $managedModeEnabled = true; + } } $hostapdstatus = $system->hostapdStatus(); $serviceStatus = $hostapdstatus[0] == 0 ? "down" : "up"; @@ -98,16 +103,18 @@ function DisplayHostAPDConfig() $arrConfig['country_code'] = $country_code[0]; } // set txpower with iw if value is non-default ('auto') - if (isset($_POST['txpower']) && ($_POST['txpower'] != 'auto')) { - $txpower = intval($_POST['txpower']); - $sdBm = $txpower * 100; - exec('sudo /sbin/iw dev '.escapeshellarg($_POST['interface']).' set txpower fixed '.$sdBm, $return); - $status->addMessage('Setting transmit power to '.$_POST['txpower'].' dBm.', 'success'); - $txpower = $_POST['txpower']; - } elseif ($_POST['txpower'] == 'auto') { - exec('sudo /sbin/iw dev '.escapeshellarg($_POST['interface']).' set txpower auto', $return); - $status->addMessage('Setting transmit power to '.$_POST['txpower'].'.', 'success'); - $txpower = $_POST['txpower']; + if (isset($_POST['txpower'])) { + if ($_POST['txpower'] != 'auto') { + $txpower = intval($_POST['txpower']); + $sdBm = $txpower * 100; + exec('sudo /sbin/iw dev '.$interface.' set txpower fixed '.$sdBm, $return); + $status->addMessage('Setting transmit power to '.$_POST['txpower'].' dBm.', 'success'); + $txpower = $_POST['txpower']; + } elseif ($_POST['txpower'] == 'auto') { + exec('sudo /sbin/iw dev '.$interface.' set txpower auto', $return); + $status->addMessage('Setting transmit power to '.$_POST['txpower'].'.', 'success'); + $txpower = $_POST['txpower']; + } } $countries_5Ghz_max48ch = RASPI_5GHZ_ISO_ALPHA2; @@ -132,6 +139,8 @@ function DisplayHostAPDConfig() if ($selectedHwMode === $hwModeDisabled) { unset($selectedHwMode); } + } else { + $hwModeDisabled = null; } echo renderTemplate( @@ -168,13 +177,16 @@ function DisplayHostAPDConfig() */ function SaveHostAPDConfig($wpa_array, $enc_types, $modes, $interfaces, $status) { - // It should not be possible to send bad data for these fields so clearly - // someone is up to something if they fail. Fail silently. + // It should not be possible to send bad data for these fields. + // If wpa fields are absent, return false and log securely. if (!(array_key_exists($_POST['wpa'], $wpa_array) && array_key_exists($_POST['wpa_pairwise'], $enc_types) && array_key_exists($_POST['hw_mode'], $modes)) ) { - error_log("Attempting to set hostapd config with wpa='".$_POST['wpa']."', wpa_pairwise='".$_POST['wpa_pairwise']."' and hw_mode='".$_POST['hw_mode']."'"); // FIXME: log injection + $err = "Attempting to set hostapd config with wpa='".escapeshellarg($_POST['wpa']); + $err .= "', wpa_pairwise='".$escapeshellarg(_POST['wpa_pairwise']); + $err .= "and hw_mode='".$escapeshellarg(_POST['hw_mode'])."'"; + error_log($err); return false; } // Validate input diff --git a/includes/openvpn.php b/includes/openvpn.php index a89c3e18..a00cef87 100755 --- a/includes/openvpn.php +++ b/includes/openvpn.php @@ -64,7 +64,7 @@ function DisplayOpenVPNConfig() ftruncate($f, 0); fclose($f); } - } elseif (isset($_POST['log-openvpn']) || filesize('/tmp/openvpn.log') >0) { + } elseif (isset($_POST['log-openvpn']) || file_exists('/tmp/openvpn.log')) { $logEnable = 1; exec("sudo /etc/raspap/openvpn/openvpnlog.sh", $logOutput); $logOutput = file_get_contents('/tmp/openvpn.log'); From c64bdb42c8bc94e0a44a36595b0d01dd401650c8 Mon Sep 17 00:00:00 2001 From: billz Date: Wed, 6 Sep 2023 09:54:20 +0200 Subject: [PATCH 4/5] Fix php notices w/ proper var checks --- includes/functions.php | 38 ++++++++++++++++++++------------------ 1 file changed, 20 insertions(+), 18 deletions(-) diff --git a/includes/functions.php b/includes/functions.php index 8f7d1111..ca264ff7 100755 --- a/includes/functions.php +++ b/includes/functions.php @@ -318,23 +318,23 @@ function CSRFMetaTag() */ function CSRFValidate() { - $post_token = $_POST['csrf_token']; - $header_token = $_SERVER['HTTP_X_CSRF_TOKEN']; + if(isset($_POST['csrf_token'])) { + $post_token = $_POST['csrf_token']; + $header_token = $_SERVER['HTTP_X_CSRF_TOKEN']; - if (empty($post_token) && empty($header_token)) { - return false; - } - - $request_token = $post_token; - if (empty($post_token)) { - $request_token = $header_token; - } - - if (hash_equals($_SESSION['csrf_token'], $request_token)) { - return true; - } else { - error_log('CSRF violation'); - return false; + if (empty($post_token) && empty($header_token)) { + return false; + } + $request_token = $post_token; + if (empty($post_token)) { + $request_token = $header_token; + } + if (hash_equals($_SESSION['csrf_token'], $request_token)) { + return true; + } else { + error_log('CSRF violation'); + return false; + } } } @@ -685,8 +685,10 @@ function getColorOpt() } function getSidebarState() { - if ($_COOKIE['sidebarToggled'] == 'true' ) { - return"toggled"; + if(isset($_COOKIE['sidebarToggled'])) { + if ($_COOKIE['sidebarToggled'] == 'true' ) { + return "toggled"; + } } } From ceea867c69810acb6f0478d0020c7142c50638f2 Mon Sep 17 00:00:00 2001 From: billz Date: Wed, 6 Sep 2023 12:25:39 +0200 Subject: [PATCH 5/5] Fix php warning + undefined var notice --- includes/system.php | 6 +++- includes/wifi_functions.php | 70 +++++++++++++++++++------------------ 2 files changed, 41 insertions(+), 35 deletions(-) diff --git a/includes/system.php b/includes/system.php index 5c24d26a..3babf0c5 100755 --- a/includes/system.php +++ b/includes/system.php @@ -125,7 +125,11 @@ function DisplaySystem(&$extraFooterScripts) exec('cat '. RASPI_LIGHTTPD_CONFIG, $return); $conf = ParseConfig($return); $serverPort = $conf['server.port']; - $serverBind = str_replace('"', '',$conf['server.bind']); + if (isset($conf['server.bind'])) { + $serverBind = str_replace('"', '',$conf['server.bind']); + } else { + $serverBind = ''; + } // define locales $arrLocales = getLocales(); diff --git a/includes/wifi_functions.php b/includes/wifi_functions.php index 990ff07c..34f8bc58 100755 --- a/includes/wifi_functions.php +++ b/includes/wifi_functions.php @@ -77,44 +77,46 @@ function nearbyWifiStations(&$networks, $cached = true) if ( isset($lastnet['index']) ) $index = $lastnet['index'] + 1; } - array_shift($scan_results); - foreach ($scan_results as $network) { - $arrNetwork = preg_split("/[\t]+/", $network); // split result into array - $ssid = $arrNetwork[4]; + if (is_array($scan_results)) { + array_shift($scan_results); + foreach ($scan_results as $network) { + $arrNetwork = preg_split("/[\t]+/", $network); // split result into array + $ssid = $arrNetwork[4]; - // exclude raspap ssid - if (empty($ssid) || $ssid == $ap_ssid) { - continue; - } + // exclude raspap ssid + if (empty($ssid) || $ssid == $ap_ssid) { + continue; + } - // filter SSID string: unprintable 7bit ASCII control codes, delete or quotes -> ignore network - if (preg_match('[\x00-\x1f\x7f\'\`\´\"]', $ssid)) { - continue; - } + // filter SSID string: unprintable 7bit ASCII control codes, delete or quotes -> ignore network + if (preg_match('[\x00-\x1f\x7f\'\`\´\"]', $ssid)) { + continue; + } - // If network is saved - if (array_key_exists($ssid, $networks)) { - $networks[$ssid]['visible'] = true; - $networks[$ssid]['channel'] = ConvertToChannel($arrNetwork[1]); - // TODO What if the security has changed? - } else { - $networks[$ssid] = array( - 'ssid' => $ssid, - 'configured' => false, - 'protocol' => ConvertToSecurity($arrNetwork[3]), - 'channel' => ConvertToChannel($arrNetwork[1]), - 'passphrase' => '', - 'visible' => true, - 'connected' => false, - 'index' => $index - ); - ++$index; - } + // If network is saved + if (array_key_exists($ssid, $networks)) { + $networks[$ssid]['visible'] = true; + $networks[$ssid]['channel'] = ConvertToChannel($arrNetwork[1]); + // TODO What if the security has changed? + } else { + $networks[$ssid] = array( + 'ssid' => $ssid, + 'configured' => false, + 'protocol' => ConvertToSecurity($arrNetwork[3]), + 'channel' => ConvertToChannel($arrNetwork[1]), + 'passphrase' => '', + 'visible' => true, + 'connected' => false, + 'index' => $index + ); + ++$index; + } - // Save RSSI, if the current value is larger than the already stored - if (array_key_exists(4, $arrNetwork) && array_key_exists($arrNetwork[4], $networks)) { - if (! array_key_exists('RSSI', $networks[$arrNetwork[4]]) || $networks[$ssid]['RSSI'] < $arrNetwork[2]) { - $networks[$ssid]['RSSI'] = $arrNetwork[2]; + // Save RSSI, if the current value is larger than the already stored + if (array_key_exists(4, $arrNetwork) && array_key_exists($arrNetwork[4], $networks)) { + if (! array_key_exists('RSSI', $networks[$arrNetwork[4]]) || $networks[$ssid]['RSSI'] < $arrNetwork[2]) { + $networks[$ssid]['RSSI'] = $arrNetwork[2]; + } } } }