mirror of
https://github.com/pi-hole/web.git
synced 2025-12-27 05:56:22 +00:00
Trim user input where applicable
Signed-off-by: Jack'lul <jacklulcat@gmail.com>
This commit is contained in:
Jack'lul
@@ -251,7 +251,7 @@ function addClient() {
|
||||
var ip = $("#select").val();
|
||||
var comment = $("#new_comment").val();
|
||||
if (ip === "custom") {
|
||||
ip = $("#ip-custom").val();
|
||||
ip = $("#ip-custom").val().trim();
|
||||
}
|
||||
|
||||
utils.disableAll();
|
||||
|
||||
@@ -137,10 +137,10 @@ function addCustomDNSEntry($ip="", $domain="", $json_reply=true)
|
||||
try
|
||||
{
|
||||
if(isset($_REQUEST['ip']))
|
||||
$ip = $_REQUEST['ip'];
|
||||
$ip = trim($_REQUEST['ip']);
|
||||
|
||||
if(isset($_REQUEST['domain']))
|
||||
$domain = $_REQUEST['domain'];
|
||||
$domain = trim($_REQUEST['domain']);
|
||||
|
||||
if (empty($ip))
|
||||
return error("IP must be set");
|
||||
|
||||
@@ -262,10 +262,10 @@ function addStaticDHCPLease($mac, $ip, $hostname) {
|
||||
if(array_key_exists("custom".$i,$_POST))
|
||||
{
|
||||
$exploded = explode("#", $_POST["custom".$i."val"], 2);
|
||||
$IP = $exploded[0];
|
||||
$IP = trim($exploded[0]);
|
||||
if(count($exploded) > 1)
|
||||
{
|
||||
$port = $exploded[1];
|
||||
$port = trim($exploded[1]);
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -326,22 +326,25 @@ function addStaticDHCPLease($mac, $ip, $hostname) {
|
||||
// Check if Conditional Forwarding is requested
|
||||
if(isset($_POST["conditionalForwarding"]))
|
||||
{
|
||||
$conditionalForwardingIP = trim($_POST["conditionalForwardingIP"]);
|
||||
$conditionalForwardingDomain = trim($_POST["conditionalForwardingDomain"]);
|
||||
|
||||
// Validate conditional forwarding IP
|
||||
if (!validIP($_POST["conditionalForwardingIP"]))
|
||||
if (!validIP($conditionalForwardingIP))
|
||||
{
|
||||
$error .= "Conditional forwarding IP (".htmlspecialchars($_POST["conditionalForwardingIP"]).") is invalid!<br>";
|
||||
$error .= "Conditional forwarding IP (".htmlspecialchars($conditionalForwardingIP).") is invalid!<br>";
|
||||
}
|
||||
|
||||
// Validate conditional forwarding domain name
|
||||
if(!validDomain($_POST["conditionalForwardingDomain"]))
|
||||
if(!validDomain($conditionalForwardingDomain))
|
||||
{
|
||||
$error .= "Conditional forwarding domain name (".htmlspecialchars($_POST["conditionalForwardingDomain"]).") is invalid!<br>";
|
||||
$error .= "Conditional forwarding domain name (".htmlspecialchars($conditionalForwardingDomain).") is invalid!<br>";
|
||||
}
|
||||
if(!$error)
|
||||
{
|
||||
$addressArray = explode(".", $_POST["conditionalForwardingIP"]);
|
||||
$addressArray = explode(".", $conditionalForwardingIP);
|
||||
$reverseAddress = $addressArray[2].".".$addressArray[1].".".$addressArray[0].".in-addr.arpa";
|
||||
$extra .= " conditional_forwarding ".$_POST["conditionalForwardingIP"]." ".$_POST["conditionalForwardingDomain"]." $reverseAddress";
|
||||
$extra .= " conditional_forwarding ".$conditionalForwardingIP." ".$conditionalForwardingDomain." $reverseAddress";
|
||||
}
|
||||
}
|
||||
|
||||
@@ -588,9 +591,9 @@ function addStaticDHCPLease($mac, $ip, $hostname) {
|
||||
|
||||
if(isset($_POST["addstatic"]))
|
||||
{
|
||||
$mac = $_POST["AddMAC"];
|
||||
$ip = $_POST["AddIP"];
|
||||
$hostname = $_POST["AddHostname"];
|
||||
$mac = trim($_POST["AddMAC"]);
|
||||
$ip = trim($_POST["AddIP"]);
|
||||
$hostname = trim($_POST["AddHostname"]);
|
||||
|
||||
addStaticDHCPLease($mac, $ip, $hostname);
|
||||
break;
|
||||
|
||||
Reference in New Issue
Block a user