diff --git a/emhttp/plugins/dynamix/OutgoingProxy.page b/emhttp/plugins/dynamix/OutgoingProxy.page index da0ad530b..bd3d709dc 100644 --- a/emhttp/plugins/dynamix/OutgoingProxy.page +++ b/emhttp/plugins/dynamix/OutgoingProxy.page @@ -15,15 +15,15 @@ Tag="icon-network" * all copies or substantial portions of the Software. */ -$opmPlugin = "dynamix"; -require_once("plugins/".$opmPlugin."/include/OutgoingProxyLib.php"); +require_once("plugins/dynamix/include/OutgoingProxyLib.php"); /* Parse the plugin config file. */ $cfg = parse_plugin_config(); /* Pid file used to track the Running/Stopped status. */ -$opm_pid = "OutgoingProxy"; -$pid_file = "/var/run/".$opm_pid.".pid"; +$opm_pid = "OutgoingProxy"; +$pid_file = OPM_PID_FILE; + $cfg['proxy_active'] = $cfg['proxy_active'] ?? "0"; if ($cfg['proxy_active'] != "0") { file_put_contents($pid_file, "running"); @@ -32,9 +32,9 @@ if ($cfg['proxy_active'] != "0") { } /* Be sure proxy_mames are defined */ -$cfg['proxy_name_1'] = $cfg['proxy_name_1'] ?? ""; -$cfg['proxy_name_2'] = $cfg['proxy_name_2'] ?? ""; -$cfg['proxy_name_3'] = $cfg['proxy_name_3'] ?? ""; +$cfg['proxy_name_1'] = htmlspecialchars($cfg['proxy_name_1']) ?? ""; +$cfg['proxy_name_2'] = htmlspecialchars($cfg['proxy_name_2']) ?? ""; +$cfg['proxy_name_3'] = htmlspecialchars($cfg['proxy_name_3']) ?? ""; /* Parse the url, user, and password from the full url for proxy 1. */ $url_array = get_proxy_info($cfg['proxy_url_1'] ?? "", $cfg['proxy_user_1'] ?? "", $cfg['proxy_pass_1'] ?? ""); @@ -59,23 +59,20 @@ $proxy_3_url = $url_array['full_url']; ?>
- - + +

_(Enable Outgoing Proxy)_

_(Select Proxy)_: : +: :outgoing_proxy_name_plug: > Outgoing Proxy name for this Proxy. :end _(URL)_: -: +: :outgoing_proxy_url_plug: > Outgoing Proxy URL for this Proxy. The URL can be entered with or without credentials. The credentials will be parsed from the URL. @@ -109,14 +106,14 @@ _(URL)_: :end _(User)_: -: +: :outgoing_proxy_user_plug: > Outgoing Proxy User Name for this Proxy. :end _(Password)_: -: +: :outgoing_proxy_password_plug: > Outgoing Proxy Password for this Proxy. @@ -124,14 +121,14 @@ _(Password)_:

_(Outgoing Proxy)_ 2

_(Name)_: -: +: :outgoing_proxy_name_plug: > Outgoing Proxy name for this Proxy. :end _(URL)_: -: +: :outgoing_proxy_url_plug: > Outgoing Proxy URL for this Proxy. The URL can be entered with or without credentials. The credentials will be parsed from the URL. @@ -140,14 +137,14 @@ _(URL)_: :end _(User)_: -: +: :outgoing_proxy_user_plug: > Outgoing Proxy User Name for this Proxy. :end _(Password)_: -: +: :outgoing_proxy_password_plug: > Outgoing Proxy Password for this Proxy. @@ -155,14 +152,14 @@ _(Password)_:

_(Outgoing Proxy)_ 3

_(Name)_: -: +: :outgoing_proxy_name_plug: > Outgoing Proxy name for this Proxy. :end _(URL)_: -: +: :outgoing_proxy_url_plug: > Outgoing Proxy URL for this Proxy. The URL can be entered with or without credentials. The credentials will be parsed from the URL. @@ -171,14 +168,14 @@ _(URL)_: :end _(User)_: -: +: :outgoing_proxy_user_plug: > Outgoing Proxy User Name for this Proxy. :end _(Password)_: -: +: :outgoing_proxy_password_plug: > Outgoing Proxy Password for this Proxy. @@ -190,13 +187,20 @@ _(Password)_: diff --git a/emhttp/plugins/dynamix/include/OutgoingProxy.php b/emhttp/plugins/dynamix/include/OutgoingProxy.php index 4ea3c6209..68386886b 100644 --- a/emhttp/plugins/dynamix/include/OutgoingProxy.php +++ b/emhttp/plugins/dynamix/include/OutgoingProxy.php @@ -9,42 +9,42 @@ * all copies or substantial portions of the Software. */ -$opmPlugin = "dynamix"; -require_once("plugins/".$opmPlugin."/include/OutgoingProxyLib.php"); +require_once("plugins/dynamix/include/OutgoingProxyLib.php"); -switch ($_POST['action']) { +function get_proxy_status($proxy_url, $proxy_active, $index) { + if (!$proxy_url) { + return ""; + } + + return proxy_online($proxy_url) + ? ($proxy_active == $index ? "Active" : "") + : ($proxy_active == $index ? "Offline" : "Not Available"); +} + +$action = htmlspecialchars($_POST['action'] ?? '', ENT_QUOTES, 'UTF-8'); + +switch ($action) { case 'proxy_status': - /* Get the active proxy. */ - $proxy_active = urldecode($_POST['proxy_active']); + /* Sanitize inputs. */ + $proxy_active = htmlspecialchars($_POST['proxy_active'] ?? '', ENT_QUOTES, 'UTF-8'); + $proxy_urls = [ + '1' => filter_var($_POST['proxy_1_url'] ?? '', FILTER_SANITIZE_URL), + '2' => filter_var($_POST['proxy_2_url'] ?? '', FILTER_SANITIZE_URL), + '3' => filter_var($_POST['proxy_3_url'] ?? '', FILTER_SANITIZE_URL), + ]; - /* Get the proxy 1 status. */ - $proxy_1_url = urldecode($_POST['proxy_1_url']); - if ($proxy_1_url) { - $proxy_1_status = proxy_online($proxy_1_url) ? ($proxy_active == "1" ? "Active" : "") : ($proxy_active == "1" ? "Offline" : "Not Available"); - } else { - $proxy_1_status = ""; + /* Generate response. */ + $response = []; + foreach ($proxy_urls as $key => $url) { + $response["proxy_status_{$key}"] = get_proxy_status($url, $proxy_active, $key); } - /* Get the proxy 2 status. */ - $proxy_2_url = urldecode($_POST['proxy_2_url']); - if ($proxy_2_url) { - $proxy_2_status = proxy_online($proxy_2_url) ? ($proxy_active == "2" ? "Active" : "") : ($proxy_active == "2" ? "Offline" : "Not Available"); - } else { - $proxy_2_status = ""; - } - /* Get the proxy 3 status. */ - $proxy_3_url = urldecode($_POST['proxy_3_url']); - if ($proxy_3_url) { - $proxy_3_status = proxy_online($proxy_3_url) ? ($proxy_active == "3" ? "Active" : "") : ($proxy_active == "3" ? "Offline" : "Not Available"); - } else { - $proxy_3_status = ""; - } - - echo json_encode(array( 'proxy_status_1' => $proxy_1_status, 'proxy_status_2' => $proxy_2_status, 'proxy_status_3' => $proxy_3_status )); + /* Output response as JSON. */ + echo json_encode($response); break; default: - outgoingproxy_log("Undefined POST action - ".$_POST['action']."."); + outgoingproxy_log("Undefined POST action - " . htmlspecialchars($action, ENT_QUOTES, 'UTF-8') . "."); break; } ?> diff --git a/emhttp/plugins/dynamix/include/OutgoingProxyLib.php b/emhttp/plugins/dynamix/include/OutgoingProxyLib.php index 0bdd8ac6c..4cc3e207a 100644 --- a/emhttp/plugins/dynamix/include/OutgoingProxyLib.php +++ b/emhttp/plugins/dynamix/include/OutgoingProxyLib.php @@ -9,38 +9,39 @@ * all copies or substantial portions of the Software. */ -$opmPlugin = "dynamix"; +/* Base paths */ +define('BASE_RUN_PATH', '/var/run'); +define('PLUGIN_SCRIPTS_PATH', '/plugins/dynamix/scripts'); +define('PLUGIN_INCLUDE_PATH', '/plugins/dynamix/include'); + +/* Specific paths */ +define('OPM_PID_FILE', BASE_RUN_PATH . '/OutgoingProxy.pid'); +define('OUTGOING_PROXY_SCRIPT', PLUGIN_SCRIPTS_PATH . '/outgoingproxy'); +define('OUTGOING_PROXY_INCLUDE', PLUGIN_INCLUDE_PATH . '/OutgoingProxy.php'); /* UI config file location. */ -$plg_config_file = "/boot/config/plugins/".$opmPlugin."/outgoingproxy.cfg"; +define('PLG_CONFIG_FILE', '/boot/config/plugins/dynamix/outgoingproxy.cfg'); /* Outgoing Proxy Manager logging tag. */ -$opm_log = "Outgoing Proxy Manager"; +DEFINE('OPM_LOG', '"Outgoing Proxy Manager"'); /* Outgoing Proxy logging. */ function outgoingproxy_log($m) { - global $opm_log; - $m = print_r($m,true); $m = str_replace("\n", " ", $m); $m = str_replace('"', "'", $m); - exec("/usr/bin/logger"." ".escapeshellarg($m)." -t ".escapeshellarg($opm_log)); + exec("/usr/bin/logger"." ".escapeshellarg($m)." -t ".OPM_LOG); } /* Parse plugin config file. */ function parse_plugin_config() { - global $plg_config_file; - - $cfg = is_file($plg_config_file) ? @parse_ini_file($plg_config_file, true) : array(); + $cfg = is_file(PLG_CONFIG_FILE) ? @parse_ini_file(PLG_CONFIG_FILE, true) : array(); return($cfg); } /* Write values to plugin config file. */ function write_plugin_config($config) { - global $plg_config_file; - - /* Rewrite config file. */ /* Convert the array to an INI string. */ $iniString = ''; foreach ($config as $key => $value) { @@ -48,7 +49,7 @@ function write_plugin_config($config) { } /* Write the INI string to a file. */ - file_put_contents($plg_config_file, $iniString); + file_put_contents(PLG_CONFIG_FILE, $iniString); } /* Check to see if the proxy is online and available. */ @@ -153,39 +154,43 @@ function set_config($variable, $value) { write_plugin_config($config); } -/* Encrypt data. */ function encrypt_data($data) { - $key = get_config("key"); - if ((! $key) || strlen($key) != 32) { - $key = substr(base64_encode(openssl_random_pseudo_bytes(32)), 0, 32); - set_config("key", $key); - } - $iv = get_config("iv"); - if ((! $iv) || strlen($iv) != 16) { - $iv = substr(base64_encode(openssl_random_pseudo_bytes(16)), 0, 16); - set_config("iv", $iv); - } + $key = get_config("key"); + if (!$key || strlen($key) != 32) { + $key = substr(base64_encode(openssl_random_pseudo_bytes(32)), 0, 32); + set_config("key", $key); + } + $iv = get_config("iv"); + if (!$iv || strlen($iv) != 16) { + $iv = substr(base64_encode(openssl_random_pseudo_bytes(16)), 0, 16); + set_config("iv", $iv); + } - /* Encrypt the data using aes256. */ - $value = trim(openssl_encrypt($data, 'aes256', $key, $options=0, $iv)); + /* Encrypt the data using aes-256-cbc (ensure mode and padding are specified). */ + $encrypted = openssl_encrypt($data, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv); - return $value; + /* Base64 encode the encrypted data. */ + $value = base64_encode($encrypted); + + return $value; } -/* Decrypt data. */ function decrypt_data($data) { - $key = get_config("key"); - $iv = get_config("iv"); + $key = get_config("key"); + $iv = get_config("iv"); - /* Decrypt the data using aes256. */ - $value = openssl_decrypt($data, 'aes256', $key, $options=0, $iv); + /* Base64 decode before decryption. */ + $encrypted_data = base64_decode(stripslashes($data)); - /* Make sure the data is UTF-8 encoded. */ - if (! mb_check_encoding($value, 'UTF-8')) { - outgoingproxy_log("Warning: Data is not UTF-8 encoded"); - $value = ""; - } + /* Decrypt the data using aes-256-cbc. */ + $decrypted = openssl_decrypt($encrypted_data, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv); - return $value; + /* Ensure the decrypted data is UTF-8 encoded. */ + if (!mb_check_encoding($decrypted, 'UTF-8')) { + unassigned_log("Warning: Data is not UTF-8 encoded"); + $decrypted = ""; + } + + return $decrypted; } ?> diff --git a/emhttp/plugins/dynamix/scripts/outgoingproxy b/emhttp/plugins/dynamix/scripts/outgoingproxy index 5962acb08..0c1e69acb 100755 --- a/emhttp/plugins/dynamix/scripts/outgoingproxy +++ b/emhttp/plugins/dynamix/scripts/outgoingproxy @@ -10,8 +10,7 @@ * all copies or substantial portions of the Software. */ -$opmPlugin = "dynamix"; -require_once("plugins/".$opmPlugin."/include/OutgoingProxyLib.php"); +require_once("plugins/dynamix/include/OutgoingProxyLib.php"); /* Save settings and update config. */ function apply() { @@ -63,7 +62,7 @@ function apply() { $cfg_pass = $cfg[$proxy_pass] ?? ""; $cfg[$proxy_pass] = $cfg_pass ? $cfg_pass : urldecode($pass); $encodedPass = (strpos($cfg[$proxy_pass], '%') === false) ? urlencode($cfg[$proxy_pass]) : $cfg[$proxy_pass]; - $cfg[$proxy_pass] = encrypt_data($cfg[$proxy_pass]); + $cfg[$proxy_pass] = addslashes(encrypt_data($cfg[$proxy_pass])); } else { /* The string does not contain 'http://' and/or a port designation at the end */ $cfg[$proxy_url] = ""; @@ -81,7 +80,7 @@ function apply() { } /* Write the INI string to the plugin config file. */ - file_put_contents($plg_config_file, $iniString); + file_put_contents(PLG_CONFIG_FILE, $iniString); /* Let things settle. */ sleep(1);