diff --git a/plugins/dynamix.docker.manager/DockerSettings.page b/plugins/dynamix.docker.manager/DockerSettings.page index bd2dc90c6..632eda060 100644 --- a/plugins/dynamix.docker.manager/DockerSettings.page +++ b/plugins/dynamix.docker.manager/DockerSettings.page @@ -465,7 +465,7 @@ _(Preserve user defined networks)_: $net = normalize($network); $docker_dhcp = "DOCKER_DHCP_$net"; ?> - + _(IPv4 custom network on interface)_ : : **_(Subnet)_:** **_(Gateway)_:** @@ -500,7 +500,7 @@ _(IPv4 custom network on interface)_ : +if (isset($dockercfg[$docker_dhcp6]) || empty($dockercfg["DOCKER_AUTO_$net"])):?> _(IPv6 custom network on interface)_ : : **_(Subnet)_:** diff --git a/plugins/dynamix.docker.manager/include/CreateDocker.php b/plugins/dynamix.docker.manager/include/CreateDocker.php index 7ddcbbc64..8c3a5b660 100644 --- a/plugins/dynamix.docker.manager/include/CreateDocker.php +++ b/plugins/dynamix.docker.manager/include/CreateDocker.php @@ -154,14 +154,14 @@ if (isset($_POST['contName'])) { ## UPDATE CONTAINER ## ########################## -if ($_GET['updateContainer']){ - $echo = $_GET['mute'] ? false : true; +if (unscript($_GET['updateContainer'])){ + $echo = isset($_GET['mute']); if ($echo) { readfile("$docroot/plugins/dynamix.docker.manager/log.htm"); @flush(); } foreach ($_GET['ct'] as $value) { - $tmpl = $DockerTemplates->getUserTemplate(urldecode($value)); + $tmpl = $DockerTemplates->getUserTemplate(unscript(urldecode($value))); if ($echo && !$tmpl) { echo ""; @flush(); @@ -205,8 +205,8 @@ if ($_POST['rmTemplate']) { ## LOAD TEMPLATE ## ######################### -if ($_GET['xmlTemplate']) { - [$xmlType, $xmlTemplate] = my_explode(':', urldecode($_GET['xmlTemplate'])); +if (unscript($_GET['xmlTemplate'])) { + [$xmlType, $xmlTemplate] = my_explode(':', unscript(urldecode($_GET['xmlTemplate']))); if (is_file($xmlTemplate)) { $xml = xmlToVar($xmlTemplate); $templateName = $xml['Name']; diff --git a/plugins/dynamix.docker.manager/include/Events.php b/plugins/dynamix.docker.manager/include/Events.php index 6d8887fa2..09c5e68e4 100644 --- a/plugins/dynamix.docker.manager/include/Events.php +++ b/plugins/dynamix.docker.manager/include/Events.php @@ -19,16 +19,18 @@ require_once "$docroot/webGui/include/Translations.php"; require_once "$docroot/plugins/dynamix.docker.manager/include/DockerClient.php"; +function unscript($text) { + return preg_replace('#(.+?)#','',html_entity_decode($text)); +} function safe($text) { - return preg_replace('/[!@#$%^&\*\(\)\[\]{}"\|\?<>\/;]+/','',html_entity_decode($text)); + return preg_replace('/[!@#$%^&\*\(\)\[\]{}"\|\?<>\/;]+/','',unscript($text)); } $DockerClient = new DockerClient(); -$_REQUEST = array_merge(array_map('safe',$_GET), $_POST); -$action = $_REQUEST['action'] ?? ''; -$container = $_REQUEST['container'] ?? ''; -$name = $_REQUEST['name'] ?? ''; -$image = $_REQUEST['image'] ?? ''; +$action = unscript($_REQUEST['action'] ?? ''); +$container = unscript($_REQUEST['container'] ?? ''); +$name = unscript($_REQUEST['name'] ?? ''); +$image = unscript($_REQUEST['image'] ?? ''); $arrResponse = ['error' => _('Missing parameters')]; switch ($action) { @@ -68,8 +70,8 @@ switch ($action) { break; case 'log': if ($container) { - $since = $_REQUEST['since'] ?? ''; - $title = $_REQUEST['title'] ?? ''; + $since = safe($_REQUEST['since'] ?? ''); + $title = safe($_REQUEST['title'] ?? ''); require_once "$docroot/webGui/include/ColorCoding.php"; if (!$since) { readfile("$docroot/plugins/dynamix.docker.manager/log.htm"); diff --git a/plugins/dynamix.plugin.manager/include/ShowChanges.php b/plugins/dynamix.plugin.manager/include/ShowChanges.php index fb216f2ca..587b5c009 100644 --- a/plugins/dynamix.plugin.manager/include/ShowChanges.php +++ b/plugins/dynamix.plugin.manager/include/ShowChanges.php @@ -1,6 +1,6 @@ diff --git a/plugins/dynamix.vm.manager/VMMachines.page b/plugins/dynamix.vm.manager/VMMachines.page index 58c8c7e13..9428d1008 100644 --- a/plugins/dynamix.vm.manager/VMMachines.page +++ b/plugins/dynamix.vm.manager/VMMachines.page @@ -52,10 +52,10 @@ function vsize($size,$expand=true) { } } -$uuid = $_GET['uuid']; +$uuid = unscript($_GET['uuid']); $subaction = $_GET['subaction'] ?? false; -if ($_GET['refresh']) { - $vm = $_GET['name']; +if (unscript($_GET['refresh'])) { + $vm = unscript($_GET['name']); if ($lv->domain_is_active($vm)) { echo ""; $msg = "Waiting for $vm to shutdown..."; diff --git a/plugins/dynamix.vm.manager/include/VMMachines.php b/plugins/dynamix.vm.manager/include/VMMachines.php index 14d07b414..f3cbb9fae 100644 --- a/plugins/dynamix.vm.manager/include/VMMachines.php +++ b/plugins/dynamix.vm.manager/include/VMMachines.php @@ -1,7 +1,7 @@ get_domain_by_name($vm); diff --git a/plugins/dynamix.vm.manager/include/VMajax.php b/plugins/dynamix.vm.manager/include/VMajax.php index adcdf7d4e..203096a91 100644 --- a/plugins/dynamix.vm.manager/include/VMajax.php +++ b/plugins/dynamix.vm.manager/include/VMajax.php @@ -63,8 +63,8 @@ function embed(&$syslinux, $key, $value) { $arrSizePrefix = [0 => '', 1 => 'K', 2 => 'M', 3 => 'G', 4 => 'T', 5 => 'P']; $_REQUEST = array_merge($_GET, $_POST); -$action = $_REQUEST['action'] ?? ''; -$uuid = $_REQUEST['uuid'] ?? ''; +$action = unscript($_REQUEST['action'] ?? ''); +$uuid = unscript($_REQUEST['uuid'] ?? ''); $arrResponse = []; if ($uuid) { diff --git a/plugins/dynamix.vm.manager/include/VMedit.php b/plugins/dynamix.vm.manager/include/VMedit.php index d654768a2..31ac0dcd0 100644 --- a/plugins/dynamix.vm.manager/include/VMedit.php +++ b/plugins/dynamix.vm.manager/include/VMedit.php @@ -1,6 +1,6 @@ domain_get_domain_by_uuid($_GET['uuid']); + $res = $lv->domain_get_domain_by_uuid(unscript($_GET['uuid'])); if ($res === false) { echo "

"._('Invalid VM to edit').".

"; @@ -59,7 +59,7 @@ if (!empty($_GET['uuid'])) { 'state' => $lv->domain_get_state($res) ]; - if (empty($_GET['template'])) { + if (empty(unscript($_GET['template']))) { // read vm-template attribute $strTemplateOS = $lv->_get_single_xpath_result($res, '//domain/metadata/*[local-name()=\'vmtemplate\']/@os'); $strLibreELEC = $lv->_get_single_xpath_result($res, '//domain/metadata/*[local-name()=\'vmtemplate\']/@libreelec'); diff --git a/plugins/dynamix.vm.manager/templates/Custom.form.php b/plugins/dynamix.vm.manager/templates/Custom.form.php index 7b38d9c72..ebd1b55f5 100644 --- a/plugins/dynamix.vm.manager/templates/Custom.form.php +++ b/plugins/dynamix.vm.manager/templates/Custom.form.php @@ -234,9 +234,9 @@ exit; } - if ($_GET['uuid']) { + if (unscript($_GET['uuid'])) { // edit an existing VM - $uuid = $_GET['uuid']; + $uuid = unscript($_GET['uuid']); $dom = $lv->domain_get_domain_by_uuid($uuid); $boolRunning = $lv->domain_get_state($dom)=='running'; $strXML = $lv->domain_get_xml($dom); diff --git a/plugins/dynamix.vm.manager/templates/LibreELEC.form.php b/plugins/dynamix.vm.manager/templates/LibreELEC.form.php index 4ea1ef982..6d60e3c16 100644 --- a/plugins/dynamix.vm.manager/templates/LibreELEC.form.php +++ b/plugins/dynamix.vm.manager/templates/LibreELEC.form.php @@ -389,9 +389,9 @@ $hdrXML = "\n"; // XML encoding declaratio exit; } - if ($_GET['uuid']) { + if (unscript($_GET['uuid'])) { // edit an existing VM - $uuid = $_GET['uuid']; + $uuid = unscript($_GET['uuid']); $dom = $lv->domain_get_domain_by_uuid($uuid); $boolRunning = $lv->domain_get_state($dom)=='running'; $strXML = $lv->domain_get_xml($dom); diff --git a/plugins/dynamix.vm.manager/templates/OpenELEC.form.php b/plugins/dynamix.vm.manager/templates/OpenELEC.form.php index 58f18da44..3a63c4f97 100644 --- a/plugins/dynamix.vm.manager/templates/OpenELEC.form.php +++ b/plugins/dynamix.vm.manager/templates/OpenELEC.form.php @@ -389,9 +389,9 @@ $hdrXML = "\n"; // XML encoding declaratio exit; } - if ($_GET['uuid']) { + if (unscript($_GET['uuid'])) { // edit an existing VM - $uuid = $_GET['uuid']; + $uuid = unscript($_GET['uuid']); $dom = $lv->domain_get_domain_by_uuid($uuid); $boolRunning = $lv->domain_get_state($dom)=='running'; $strXML = $lv->domain_get_xml($dom); diff --git a/plugins/dynamix.vm.manager/templates/XML_Expert.form.php b/plugins/dynamix.vm.manager/templates/XML_Expert.form.php index ed364c362..e339eb8f7 100644 --- a/plugins/dynamix.vm.manager/templates/XML_Expert.form.php +++ b/plugins/dynamix.vm.manager/templates/XML_Expert.form.php @@ -62,9 +62,9 @@ exit; } - if ($_GET['uuid']) { + if (unscript($_GET['uuid'])) { // edit an existing VM - $uuid = $_GET['uuid']; + $uuid = unscript($_GET['uuid']); $dom = $lv->domain_get_domain_by_uuid($uuid); $boolRunning = $lv->domain_get_state($dom)=='running'; $strXML = $lv->domain_get_xml($dom); diff --git a/plugins/dynamix/DiskSettings.page b/plugins/dynamix/DiskSettings.page index 48585be79..9ec4b0846 100644 --- a/plugins/dynamix/DiskSettings.page +++ b/plugins/dynamix/DiskSettings.page @@ -236,7 +236,7 @@ _(Default SMART controller type)_: :disk_default_smart_controller_help: _(Default SMART attribute notifications)_: -: _(Custom attributes (use comma to separate numbers))_ +: _(Custom attributes (use comma to separate numbers))_   diff --git a/plugins/dynamix/WG0.page b/plugins/dynamix/WG0.page index fb8851ddf..858f352e8 100644 --- a/plugins/dynamix/WG0.page +++ b/plugins/dynamix/WG0.page @@ -1220,7 +1220,7 @@ $(function(){ _(Local name)_: -: " pattern="" title="_(Use only letters A-Z, digits or space,dash,underscore)_" placeholder="(_(optional)_)"> +: " pattern="" title="_(Use only letters A-Z, digits or space,dash,underscore)_" placeholder="(_(optional)_)"> @@ -1229,13 +1229,13 @@ _(Local name)_: _(Local tunnel firewall)_: -: +: _(Rule)_: _(bytes)_ +: _(bytes)_ :wg_mtu_size_help: @@ -1341,7 +1341,7 @@ _(DNS servers)_:
_(Peer name)_: -: " onchange="quickValidate(this);" pattern="" title="_(Use only letters A-Z, digits or space,dash,underscore)_" placeholder="(_(optional)_)"> +: " onchange="quickValidate(this);" pattern="" title="_(Use only letters A-Z, digits or space,dash,underscore)_" placeholder="(_(optional)_)"> " style="cursor:pointer" onclick="WGconfig(this,'peer--wg0-','/peers')" title="_(View Peer Config)_"> " style="cursor:pointer" onclick="openClose($(document.wg0),null,'div.key')" title="_(Toggle keys)_"> @@ -1368,18 +1368,18 @@ _(Peer type of access)_: