From a3d2aa5b61f02967a726c389f62098c4c051546a Mon Sep 17 00:00:00 2001 From: Squidly271 Date: Sat, 14 Dec 2024 09:44:57 -0500 Subject: [PATCH 01/10] Switch CA Install URL to new repository --- emhttp/plugins/dynamix/Apps.page | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/emhttp/plugins/dynamix/Apps.page b/emhttp/plugins/dynamix/Apps.page index 7e4d064cc..bf8efacaf 100644 --- a/emhttp/plugins/dynamix/Apps.page +++ b/emhttp/plugins/dynamix/Apps.page @@ -23,7 +23,7 @@ function installPlugin(file) {
_(Click **Install** to download and install the **Community Applications** plugin)_
- +   : From bb4b76e70027cbd7fdf2201e7b181fbc781b809d Mon Sep 17 00:00:00 2001 From: SimonFair <39065407+SimonFair@users.noreply.github.com> Date: Sat, 14 Dec 2024 17:29:12 +0000 Subject: [PATCH 02/10] Fix for qcow2 file additions. --- emhttp/plugins/dynamix.vm.manager/templates/Custom.form.php | 1 + 1 file changed, 1 insertion(+) diff --git a/emhttp/plugins/dynamix.vm.manager/templates/Custom.form.php b/emhttp/plugins/dynamix.vm.manager/templates/Custom.form.php index 616cbd878..610bd2ab9 100644 --- a/emhttp/plugins/dynamix.vm.manager/templates/Custom.form.php +++ b/emhttp/plugins/dynamix.vm.manager/templates/Custom.form.php @@ -2217,6 +2217,7 @@ $(function() { $disk_file_sections.filter('.advanced').removeClass('advanced').addClass('wasadvanced'); $disk_input.attr('name', $disk_input.attr('name').replace('new', 'image')); + if (info.isfile) $table.find('.disk_driver').val(info.format); } else { $disk_file_sections.filter('.wasadvanced').removeClass('wasadvanced').addClass('advanced'); slideDownRows($disk_file_sections.not(isVMAdvancedMode() ? '.basic' : '.advanced')); From 827db046c491bee76c1219e5e5488274154fe738 Mon Sep 17 00:00:00 2001 From: dlandon Date: Sat, 14 Dec 2024 16:49:29 -0600 Subject: [PATCH 03/10] Only do 'lsof' command on disks and shares; add timeout so it doesn't hang. --- emhttp/plugins/dynamix/nchan/update_1 | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/emhttp/plugins/dynamix/nchan/update_1 b/emhttp/plugins/dynamix/nchan/update_1 index d60d21881..43e0340f4 100755 --- a/emhttp/plugins/dynamix/nchan/update_1 +++ b/emhttp/plugins/dynamix/nchan/update_1 @@ -28,6 +28,10 @@ require_once "$docroot/webGui/include/Translations.php"; // remember current language $locale_init = $locale; +/* Parse the ini files */ +$shares = parse_ini_file('state/shares.ini', true); +$disks = parse_ini_file('state/disks.ini', true); + function update_translation($locale) { global $docroot,$language; $language = []; @@ -91,10 +95,25 @@ while (true) { } // add fans information if (count($fans)) $echo['fan'] = array_map(function($fan){return "$fan RPM";},$fans); + // add streams information - exec('LANG="en_US.UTF8" lsof -Fn /mnt/* 2>/dev/null|awk -F/ \'$1=="n" && $2=="mnt" && $5!="" {print $4"/"$5"/"$6"/"$7}\'|sort -u|awk -F/ \'{print $1}\'',$lsof); - $share = array_keys(parse_ini_file("$varroot/shares.ini",true)); - $count = array_count_values($lsof); + /* Extract keys from both ini files */ + $paths = array_merge(array_keys($shares), array_keys($disks)); + + /* Construct the list of paths */ + $mnt_paths = array_map(function($key) { + return '/mnt/'.escapeshellarg($key); + }, $paths); + + /* Combine paths into the command */ + $mnt_list = implode(' ', $mnt_paths); + + /* Build and execute the modified command */ + $command = 'LANG="en_US.UTF8" timeout 3 lsof -Fn '.$mnt_list.' 2>/dev/null | awk -F/ \'$1=="n" && $2=="mnt" && $5!="" {print $4"/"$5"/"$6"/"$7}\' | sort -u | awk -F/ \'{print $1}\''; + exec($command, $lsof); + + $share = array_keys($shares); + $count = array_count_values($lsof ?? array()); foreach ($share as $name) $echo['stream'][] = $count[$name]??0; $echo = json_encode($echo); $md5_new = md5($echo,true); From 51e9caf2c2c9d48da82587f76aa39a9bf18e8249 Mon Sep 17 00:00:00 2001 From: dlandon Date: Sat, 14 Dec 2024 17:03:19 -0600 Subject: [PATCH 04/10] Change password fields to type='password' and store passwords properly to allow use of special characters. --- emhttp/plugins/dynamix/OutgoingProxy.page | 62 +++++++------- .../plugins/dynamix/include/OutgoingProxy.php | 56 ++++++------- .../dynamix/include/OutgoingProxyLib.php | 81 ++++++++++--------- emhttp/plugins/dynamix/scripts/outgoingproxy | 7 +- 4 files changed, 107 insertions(+), 99 deletions(-) diff --git a/emhttp/plugins/dynamix/OutgoingProxy.page b/emhttp/plugins/dynamix/OutgoingProxy.page index da0ad530b..bd3d709dc 100644 --- a/emhttp/plugins/dynamix/OutgoingProxy.page +++ b/emhttp/plugins/dynamix/OutgoingProxy.page @@ -15,15 +15,15 @@ Tag="icon-network" * all copies or substantial portions of the Software. */ -$opmPlugin = "dynamix"; -require_once("plugins/".$opmPlugin."/include/OutgoingProxyLib.php"); +require_once("plugins/dynamix/include/OutgoingProxyLib.php"); /* Parse the plugin config file. */ $cfg = parse_plugin_config(); /* Pid file used to track the Running/Stopped status. */ -$opm_pid = "OutgoingProxy"; -$pid_file = "/var/run/".$opm_pid.".pid"; +$opm_pid = "OutgoingProxy"; +$pid_file = OPM_PID_FILE; + $cfg['proxy_active'] = $cfg['proxy_active'] ?? "0"; if ($cfg['proxy_active'] != "0") { file_put_contents($pid_file, "running"); @@ -32,9 +32,9 @@ if ($cfg['proxy_active'] != "0") { } /* Be sure proxy_mames are defined */ -$cfg['proxy_name_1'] = $cfg['proxy_name_1'] ?? ""; -$cfg['proxy_name_2'] = $cfg['proxy_name_2'] ?? ""; -$cfg['proxy_name_3'] = $cfg['proxy_name_3'] ?? ""; +$cfg['proxy_name_1'] = htmlspecialchars($cfg['proxy_name_1']) ?? ""; +$cfg['proxy_name_2'] = htmlspecialchars($cfg['proxy_name_2']) ?? ""; +$cfg['proxy_name_3'] = htmlspecialchars($cfg['proxy_name_3']) ?? ""; /* Parse the url, user, and password from the full url for proxy 1. */ $url_array = get_proxy_info($cfg['proxy_url_1'] ?? "", $cfg['proxy_user_1'] ?? "", $cfg['proxy_pass_1'] ?? ""); @@ -59,23 +59,20 @@ $proxy_3_url = $url_array['full_url']; ?> - - + +

_(Enable Outgoing Proxy)_

_(Select Proxy)_: : +: :outgoing_proxy_name_plug: > Outgoing Proxy name for this Proxy. :end _(URL)_: -: +: :outgoing_proxy_url_plug: > Outgoing Proxy URL for this Proxy. The URL can be entered with or without credentials. The credentials will be parsed from the URL. @@ -109,14 +106,14 @@ _(URL)_: :end _(User)_: -: +: :outgoing_proxy_user_plug: > Outgoing Proxy User Name for this Proxy. :end _(Password)_: -: +: :outgoing_proxy_password_plug: > Outgoing Proxy Password for this Proxy. @@ -124,14 +121,14 @@ _(Password)_:

_(Outgoing Proxy)_ 2

_(Name)_: -: +: :outgoing_proxy_name_plug: > Outgoing Proxy name for this Proxy. :end _(URL)_: -: +: :outgoing_proxy_url_plug: > Outgoing Proxy URL for this Proxy. The URL can be entered with or without credentials. The credentials will be parsed from the URL. @@ -140,14 +137,14 @@ _(URL)_: :end _(User)_: -: +: :outgoing_proxy_user_plug: > Outgoing Proxy User Name for this Proxy. :end _(Password)_: -: +: :outgoing_proxy_password_plug: > Outgoing Proxy Password for this Proxy. @@ -155,14 +152,14 @@ _(Password)_:

_(Outgoing Proxy)_ 3

_(Name)_: -: +: :outgoing_proxy_name_plug: > Outgoing Proxy name for this Proxy. :end _(URL)_: -: +: :outgoing_proxy_url_plug: > Outgoing Proxy URL for this Proxy. The URL can be entered with or without credentials. The credentials will be parsed from the URL. @@ -171,14 +168,14 @@ _(URL)_: :end _(User)_: -: +: :outgoing_proxy_user_plug: > Outgoing Proxy User Name for this Proxy. :end _(Password)_: -: +: :outgoing_proxy_password_plug: > Outgoing Proxy Password for this Proxy. @@ -190,13 +187,20 @@ _(Password)_: diff --git a/emhttp/plugins/dynamix/include/OutgoingProxy.php b/emhttp/plugins/dynamix/include/OutgoingProxy.php index 4ea3c6209..68386886b 100644 --- a/emhttp/plugins/dynamix/include/OutgoingProxy.php +++ b/emhttp/plugins/dynamix/include/OutgoingProxy.php @@ -9,42 +9,42 @@ * all copies or substantial portions of the Software. */ -$opmPlugin = "dynamix"; -require_once("plugins/".$opmPlugin."/include/OutgoingProxyLib.php"); +require_once("plugins/dynamix/include/OutgoingProxyLib.php"); -switch ($_POST['action']) { +function get_proxy_status($proxy_url, $proxy_active, $index) { + if (!$proxy_url) { + return ""; + } + + return proxy_online($proxy_url) + ? ($proxy_active == $index ? "Active" : "") + : ($proxy_active == $index ? "Offline" : "Not Available"); +} + +$action = htmlspecialchars($_POST['action'] ?? '', ENT_QUOTES, 'UTF-8'); + +switch ($action) { case 'proxy_status': - /* Get the active proxy. */ - $proxy_active = urldecode($_POST['proxy_active']); + /* Sanitize inputs. */ + $proxy_active = htmlspecialchars($_POST['proxy_active'] ?? '', ENT_QUOTES, 'UTF-8'); + $proxy_urls = [ + '1' => filter_var($_POST['proxy_1_url'] ?? '', FILTER_SANITIZE_URL), + '2' => filter_var($_POST['proxy_2_url'] ?? '', FILTER_SANITIZE_URL), + '3' => filter_var($_POST['proxy_3_url'] ?? '', FILTER_SANITIZE_URL), + ]; - /* Get the proxy 1 status. */ - $proxy_1_url = urldecode($_POST['proxy_1_url']); - if ($proxy_1_url) { - $proxy_1_status = proxy_online($proxy_1_url) ? ($proxy_active == "1" ? "Active" : "") : ($proxy_active == "1" ? "Offline" : "Not Available"); - } else { - $proxy_1_status = ""; + /* Generate response. */ + $response = []; + foreach ($proxy_urls as $key => $url) { + $response["proxy_status_{$key}"] = get_proxy_status($url, $proxy_active, $key); } - /* Get the proxy 2 status. */ - $proxy_2_url = urldecode($_POST['proxy_2_url']); - if ($proxy_2_url) { - $proxy_2_status = proxy_online($proxy_2_url) ? ($proxy_active == "2" ? "Active" : "") : ($proxy_active == "2" ? "Offline" : "Not Available"); - } else { - $proxy_2_status = ""; - } - /* Get the proxy 3 status. */ - $proxy_3_url = urldecode($_POST['proxy_3_url']); - if ($proxy_3_url) { - $proxy_3_status = proxy_online($proxy_3_url) ? ($proxy_active == "3" ? "Active" : "") : ($proxy_active == "3" ? "Offline" : "Not Available"); - } else { - $proxy_3_status = ""; - } - - echo json_encode(array( 'proxy_status_1' => $proxy_1_status, 'proxy_status_2' => $proxy_2_status, 'proxy_status_3' => $proxy_3_status )); + /* Output response as JSON. */ + echo json_encode($response); break; default: - outgoingproxy_log("Undefined POST action - ".$_POST['action']."."); + outgoingproxy_log("Undefined POST action - " . htmlspecialchars($action, ENT_QUOTES, 'UTF-8') . "."); break; } ?> diff --git a/emhttp/plugins/dynamix/include/OutgoingProxyLib.php b/emhttp/plugins/dynamix/include/OutgoingProxyLib.php index 0bdd8ac6c..4cc3e207a 100644 --- a/emhttp/plugins/dynamix/include/OutgoingProxyLib.php +++ b/emhttp/plugins/dynamix/include/OutgoingProxyLib.php @@ -9,38 +9,39 @@ * all copies or substantial portions of the Software. */ -$opmPlugin = "dynamix"; +/* Base paths */ +define('BASE_RUN_PATH', '/var/run'); +define('PLUGIN_SCRIPTS_PATH', '/plugins/dynamix/scripts'); +define('PLUGIN_INCLUDE_PATH', '/plugins/dynamix/include'); + +/* Specific paths */ +define('OPM_PID_FILE', BASE_RUN_PATH . '/OutgoingProxy.pid'); +define('OUTGOING_PROXY_SCRIPT', PLUGIN_SCRIPTS_PATH . '/outgoingproxy'); +define('OUTGOING_PROXY_INCLUDE', PLUGIN_INCLUDE_PATH . '/OutgoingProxy.php'); /* UI config file location. */ -$plg_config_file = "/boot/config/plugins/".$opmPlugin."/outgoingproxy.cfg"; +define('PLG_CONFIG_FILE', '/boot/config/plugins/dynamix/outgoingproxy.cfg'); /* Outgoing Proxy Manager logging tag. */ -$opm_log = "Outgoing Proxy Manager"; +DEFINE('OPM_LOG', '"Outgoing Proxy Manager"'); /* Outgoing Proxy logging. */ function outgoingproxy_log($m) { - global $opm_log; - $m = print_r($m,true); $m = str_replace("\n", " ", $m); $m = str_replace('"', "'", $m); - exec("/usr/bin/logger"." ".escapeshellarg($m)." -t ".escapeshellarg($opm_log)); + exec("/usr/bin/logger"." ".escapeshellarg($m)." -t ".OPM_LOG); } /* Parse plugin config file. */ function parse_plugin_config() { - global $plg_config_file; - - $cfg = is_file($plg_config_file) ? @parse_ini_file($plg_config_file, true) : array(); + $cfg = is_file(PLG_CONFIG_FILE) ? @parse_ini_file(PLG_CONFIG_FILE, true) : array(); return($cfg); } /* Write values to plugin config file. */ function write_plugin_config($config) { - global $plg_config_file; - - /* Rewrite config file. */ /* Convert the array to an INI string. */ $iniString = ''; foreach ($config as $key => $value) { @@ -48,7 +49,7 @@ function write_plugin_config($config) { } /* Write the INI string to a file. */ - file_put_contents($plg_config_file, $iniString); + file_put_contents(PLG_CONFIG_FILE, $iniString); } /* Check to see if the proxy is online and available. */ @@ -153,39 +154,43 @@ function set_config($variable, $value) { write_plugin_config($config); } -/* Encrypt data. */ function encrypt_data($data) { - $key = get_config("key"); - if ((! $key) || strlen($key) != 32) { - $key = substr(base64_encode(openssl_random_pseudo_bytes(32)), 0, 32); - set_config("key", $key); - } - $iv = get_config("iv"); - if ((! $iv) || strlen($iv) != 16) { - $iv = substr(base64_encode(openssl_random_pseudo_bytes(16)), 0, 16); - set_config("iv", $iv); - } + $key = get_config("key"); + if (!$key || strlen($key) != 32) { + $key = substr(base64_encode(openssl_random_pseudo_bytes(32)), 0, 32); + set_config("key", $key); + } + $iv = get_config("iv"); + if (!$iv || strlen($iv) != 16) { + $iv = substr(base64_encode(openssl_random_pseudo_bytes(16)), 0, 16); + set_config("iv", $iv); + } - /* Encrypt the data using aes256. */ - $value = trim(openssl_encrypt($data, 'aes256', $key, $options=0, $iv)); + /* Encrypt the data using aes-256-cbc (ensure mode and padding are specified). */ + $encrypted = openssl_encrypt($data, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv); - return $value; + /* Base64 encode the encrypted data. */ + $value = base64_encode($encrypted); + + return $value; } -/* Decrypt data. */ function decrypt_data($data) { - $key = get_config("key"); - $iv = get_config("iv"); + $key = get_config("key"); + $iv = get_config("iv"); - /* Decrypt the data using aes256. */ - $value = openssl_decrypt($data, 'aes256', $key, $options=0, $iv); + /* Base64 decode before decryption. */ + $encrypted_data = base64_decode(stripslashes($data)); - /* Make sure the data is UTF-8 encoded. */ - if (! mb_check_encoding($value, 'UTF-8')) { - outgoingproxy_log("Warning: Data is not UTF-8 encoded"); - $value = ""; - } + /* Decrypt the data using aes-256-cbc. */ + $decrypted = openssl_decrypt($encrypted_data, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv); - return $value; + /* Ensure the decrypted data is UTF-8 encoded. */ + if (!mb_check_encoding($decrypted, 'UTF-8')) { + unassigned_log("Warning: Data is not UTF-8 encoded"); + $decrypted = ""; + } + + return $decrypted; } ?> diff --git a/emhttp/plugins/dynamix/scripts/outgoingproxy b/emhttp/plugins/dynamix/scripts/outgoingproxy index 5962acb08..0c1e69acb 100755 --- a/emhttp/plugins/dynamix/scripts/outgoingproxy +++ b/emhttp/plugins/dynamix/scripts/outgoingproxy @@ -10,8 +10,7 @@ * all copies or substantial portions of the Software. */ -$opmPlugin = "dynamix"; -require_once("plugins/".$opmPlugin."/include/OutgoingProxyLib.php"); +require_once("plugins/dynamix/include/OutgoingProxyLib.php"); /* Save settings and update config. */ function apply() { @@ -63,7 +62,7 @@ function apply() { $cfg_pass = $cfg[$proxy_pass] ?? ""; $cfg[$proxy_pass] = $cfg_pass ? $cfg_pass : urldecode($pass); $encodedPass = (strpos($cfg[$proxy_pass], '%') === false) ? urlencode($cfg[$proxy_pass]) : $cfg[$proxy_pass]; - $cfg[$proxy_pass] = encrypt_data($cfg[$proxy_pass]); + $cfg[$proxy_pass] = addslashes(encrypt_data($cfg[$proxy_pass])); } else { /* The string does not contain 'http://' and/or a port designation at the end */ $cfg[$proxy_url] = ""; @@ -81,7 +80,7 @@ function apply() { } /* Write the INI string to the plugin config file. */ - file_put_contents($plg_config_file, $iniString); + file_put_contents(PLG_CONFIG_FILE, $iniString); /* Let things settle. */ sleep(1); From 3839ea4ee2f84f51b75f015cb8a4ef7b9857b297 Mon Sep 17 00:00:00 2001 From: SimonFair <39065407+SimonFair@users.noreply.github.com> Date: Sun, 15 Dec 2024 09:25:36 +0000 Subject: [PATCH 05/10] Fix for menu popup if double quotes in name. --- emhttp/plugins/dynamix.vm.manager/include/VMMachines.php | 2 +- emhttp/plugins/dynamix/include/DashboardApps.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/emhttp/plugins/dynamix.vm.manager/include/VMMachines.php b/emhttp/plugins/dynamix.vm.manager/include/VMMachines.php index 820a53f79..04de17132 100644 --- a/emhttp/plugins/dynamix.vm.manager/include/VMMachines.php +++ b/emhttp/plugins/dynamix.vm.manager/include/VMMachines.php @@ -113,7 +113,7 @@ foreach ($vms as $vm) { unset($dom); if (!isset($domain_cfg["CONSOLE"])) $vmrcconsole = "web" ; else $vmrcconsole = $domain_cfg["CONSOLE"] ; if (!isset($domain_cfg["RDPOPT"])) $vmrcconsole .= ";no" ; else $vmrcconsole .= ";".$domain_cfg["RDPOPT"] ; - $menu = sprintf("onclick=\"addVMContext('%s','%s','%s','%s','%s','%s','%s','%s','%s','%s', '%s')\"", addslashes($vm),addslashes($uuid),addslashes($template),$state,addslashes($vmrcurl),strtoupper($vmrcprotocol),addslashes($log),addslashes($fstype), $vmrcconsole,false,addslashes(str_replace('"',"'",$WebUI))); + $menu = sprintf("onclick=\"addVMContext('%s','%s','%s','%s','%s','%s','%s','%s','%s','%s', '%s')\"", htmlentities($vm, ENT_QUOTES),addslashes($uuid),addslashes($template),$state,addslashes($vmrcurl),strtoupper($vmrcprotocol),htmlentities($log,ENT_QUOTES),addslashes($fstype), $vmrcconsole,false,addslashes(str_replace('"',"'",$WebUI))); $kvm[] = "kvm.push({id:'$uuid',state:'$state'});"; switch ($state) { case 'running': diff --git a/emhttp/plugins/dynamix/include/DashboardApps.php b/emhttp/plugins/dynamix/include/DashboardApps.php index 871d29abb..919573871 100644 --- a/emhttp/plugins/dynamix/include/DashboardApps.php +++ b/emhttp/plugins/dynamix/include/DashboardApps.php @@ -126,7 +126,7 @@ if ($_POST['vms']) { if (!isset($domain_cfg["CONSOLE"])) $vmrcconsole = "web" ; else $vmrcconsole = $domain_cfg["CONSOLE"] ; if (!isset($domain_cfg["RDPOPT"])) $vmrcconsole .= ";no" ; else $vmrcconsole .= ";".$domain_cfg["RDPOPT"] ; $WebUI = html_entity_decode($arrConfig["template"]["webui"]); - $menu = sprintf("onclick=\"addVMContext('%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s')\"", addslashes($vm), addslashes($uuid), addslashes($template), $state, addslashes($vmrcurl), strtoupper($vmrcprotocol), addslashes($log),addslashes($fstype), $vmrcconsole,false,addslashes(str_replace('"',"'",$WebUI))); + $menu = sprintf("onclick=\"addVMContext('%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s')\"", htmlentities($log,ENT_QUOTES), addslashes($uuid), addslashes($template), $state, addslashes($vmrcurl), strtoupper($vmrcprotocol), htmlentities($log,ENT_QUOTES),addslashes($fstype), $vmrcconsole,false,addslashes(str_replace('"',"'",$WebUI))); $icon = $lv->domain_get_icon_url($res); switch ($state) { case 'running': From b454a9b7330d99444491585d63d076ce222a4b99 Mon Sep 17 00:00:00 2001 From: dlandon Date: Sun, 15 Dec 2024 06:11:25 -0600 Subject: [PATCH 06/10] Only do lsof on valid mount points. --- emhttp/plugins/dynamix/nchan/update_1 | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/emhttp/plugins/dynamix/nchan/update_1 b/emhttp/plugins/dynamix/nchan/update_1 index 43e0340f4..dd6ad1cb1 100755 --- a/emhttp/plugins/dynamix/nchan/update_1 +++ b/emhttp/plugins/dynamix/nchan/update_1 @@ -98,12 +98,19 @@ while (true) { // add streams information /* Extract keys from both ini files */ - $paths = array_merge(array_keys($shares), array_keys($disks)); + $paths = array_keys($disks); + + /* Validate and filter accessible mount points */ + $valid_paths = array_filter($paths, function($key) { + $mnt_path = '/mnt/' . $key; + /* Check if the directory exists and is a valid mount point */ + return is_dir($mnt_path) && trim(shell_exec("mountpoint -q " . escapeshellarg($mnt_path) . " && echo 1")) === '1'; + }); /* Construct the list of paths */ $mnt_paths = array_map(function($key) { return '/mnt/'.escapeshellarg($key); - }, $paths); + }, $valid_paths); /* Combine paths into the command */ $mnt_list = implode(' ', $mnt_paths); From f23caceceeb36aae6ec9b88ea29350992f458c2e Mon Sep 17 00:00:00 2001 From: Squidly271 Date: Sun, 15 Dec 2024 19:50:01 -0500 Subject: [PATCH 07/10] Fix PHP8 warning --- emhttp/plugins/dynamix.apcupsd/include/UPSstatus.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/emhttp/plugins/dynamix.apcupsd/include/UPSstatus.php b/emhttp/plugins/dynamix.apcupsd/include/UPSstatus.php index a4a479922..18eb58313 100644 --- a/emhttp/plugins/dynamix.apcupsd/include/UPSstatus.php +++ b/emhttp/plugins/dynamix.apcupsd/include/UPSstatus.php @@ -1,6 +1,6 @@ 0 ? "$power W" : "$power W"; } - if ($power && isset($load)) $status[5] = ($load<90 ? "" : "").round($power*$load/100)." W (".$status[5].")"; + if ( ($power??false) && isset($load)) $status[5] = ($load<90 ? "" : "").round($power*$load/100)." W (".$status[5].")"; elseif (isset($load)) $status[5] = ($load<90 ? "" : "").$status[5].""; $status[6] = isset($output) ? ((!$volt || ($minv<$output && $output<$maxv) ? "" : "").$status[6].(isset($freq) ? " ~ $freq Hz" : "")."") : $status[6]; } From a6905bc3ad85efe5591b4202bc572e8162517e6e Mon Sep 17 00:00:00 2001 From: dlandon Date: Mon, 16 Dec 2024 06:56:52 -0600 Subject: [PATCH 08/10] Use $varroot for the shares.ini file. --- emhttp/plugins/dynamix/nchan/update_1 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/emhttp/plugins/dynamix/nchan/update_1 b/emhttp/plugins/dynamix/nchan/update_1 index dd6ad1cb1..f26c3bc8a 100755 --- a/emhttp/plugins/dynamix/nchan/update_1 +++ b/emhttp/plugins/dynamix/nchan/update_1 @@ -29,7 +29,7 @@ require_once "$docroot/webGui/include/Translations.php"; $locale_init = $locale; /* Parse the ini files */ -$shares = parse_ini_file('state/shares.ini', true); +$shares = parse_ini_file($varroot.'/shares.ini', true); $disks = parse_ini_file('state/disks.ini', true); function update_translation($locale) { @@ -97,7 +97,6 @@ while (true) { if (count($fans)) $echo['fan'] = array_map(function($fan){return "$fan RPM";},$fans); // add streams information - /* Extract keys from both ini files */ $paths = array_keys($disks); /* Validate and filter accessible mount points */ From e27e33cc73d3c1195205a43add9694838aa6b244 Mon Sep 17 00:00:00 2001 From: dlandon Date: Mon, 16 Dec 2024 13:48:15 -0600 Subject: [PATCH 09/10] Revert "Use $varroot for the shares.ini file." This reverts commit a6905bc3ad85efe5591b4202bc572e8162517e6e. --- emhttp/plugins/dynamix/nchan/update_1 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/emhttp/plugins/dynamix/nchan/update_1 b/emhttp/plugins/dynamix/nchan/update_1 index f26c3bc8a..dd6ad1cb1 100755 --- a/emhttp/plugins/dynamix/nchan/update_1 +++ b/emhttp/plugins/dynamix/nchan/update_1 @@ -29,7 +29,7 @@ require_once "$docroot/webGui/include/Translations.php"; $locale_init = $locale; /* Parse the ini files */ -$shares = parse_ini_file($varroot.'/shares.ini', true); +$shares = parse_ini_file('state/shares.ini', true); $disks = parse_ini_file('state/disks.ini', true); function update_translation($locale) { @@ -97,6 +97,7 @@ while (true) { if (count($fans)) $echo['fan'] = array_map(function($fan){return "$fan RPM";},$fans); // add streams information + /* Extract keys from both ini files */ $paths = array_keys($disks); /* Validate and filter accessible mount points */ From 746b732de1d96dffc2a4f63de3992f1aadf52396 Mon Sep 17 00:00:00 2001 From: dlandon Date: Mon, 16 Dec 2024 17:39:12 -0600 Subject: [PATCH 10/10] Change sanitation to where variables are used in drop down. --- emhttp/plugins/dynamix/OutgoingProxy.page | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/emhttp/plugins/dynamix/OutgoingProxy.page b/emhttp/plugins/dynamix/OutgoingProxy.page index bd3d709dc..bae4eac28 100644 --- a/emhttp/plugins/dynamix/OutgoingProxy.page +++ b/emhttp/plugins/dynamix/OutgoingProxy.page @@ -32,9 +32,9 @@ if ($cfg['proxy_active'] != "0") { } /* Be sure proxy_mames are defined */ -$cfg['proxy_name_1'] = htmlspecialchars($cfg['proxy_name_1']) ?? ""; -$cfg['proxy_name_2'] = htmlspecialchars($cfg['proxy_name_2']) ?? ""; -$cfg['proxy_name_3'] = htmlspecialchars($cfg['proxy_name_3']) ?? ""; +$cfg['proxy_name_1'] = $cfg['proxy_name_1'] ?? ""; +$cfg['proxy_name_2'] = $cfg['proxy_name_2'] ?? ""; +$cfg['proxy_name_3'] = $cfg['proxy_name_3'] ?? ""; /* Parse the url, user, and password from the full url for proxy 1. */ $url_array = get_proxy_info($cfg['proxy_url_1'] ?? "", $cfg['proxy_user_1'] ?? "", $cfg['proxy_pass_1'] ?? ""); @@ -68,13 +68,13 @@ _(Select Proxy)_: :