From cad4d26fcb3d7c28358b0a5aef786da29c369cca Mon Sep 17 00:00:00 2001
From: bergware <bergware@users.noreply.github.com>
Date: Thu, 12 Aug 2021 10:21:42 +0200
Subject: [PATCH 1/7] Script protection

---
 .../include/CreateDocker.php                      | 10 +++++-----
 plugins/dynamix.docker.manager/include/Events.php | 15 +++++++--------
 .../include/ShowChanges.php                       |  8 ++++----
 plugins/dynamix.vm.manager/VMMachines.page        |  6 +++---
 plugins/dynamix.vm.manager/include/VMMachines.php |  8 ++++----
 plugins/dynamix.vm.manager/include/VMajax.php     |  4 ++--
 plugins/dynamix.vm.manager/include/VMedit.php     | 14 +++++++-------
 .../dynamix.vm.manager/templates/Custom.form.php  |  4 ++--
 .../templates/LibreELEC.form.php                  |  4 ++--
 .../templates/OpenELEC.form.php                   |  4 ++--
 .../templates/XML_Expert.form.php                 |  4 ++--
 plugins/dynamix/include/Browse.php                | 10 +++++-----
 plugins/dynamix/include/DefaultPageLayout.php     |  2 +-
 plugins/dynamix/include/DiskList.php              | 14 +++++++-------
 plugins/dynamix/include/Helpers.php               |  3 +++
 plugins/dynamix/include/ShareList.php             | 10 +++++-----
 plugins/dynamix/include/WGconfig.php              |  2 +-
 plugins/dynamix/include/update.crypto.php         |  4 ++--
 plugins/dynamix/template.php                      |  4 ++--
 19 files changed, 66 insertions(+), 64 deletions(-)

diff --git a/plugins/dynamix.docker.manager/include/CreateDocker.php b/plugins/dynamix.docker.manager/include/CreateDocker.php
index 7ddcbbc64..8c3a5b660 100644
--- a/plugins/dynamix.docker.manager/include/CreateDocker.php
+++ b/plugins/dynamix.docker.manager/include/CreateDocker.php
@@ -154,14 +154,14 @@ if (isset($_POST['contName'])) {
 ##   UPDATE CONTAINER   ##
 ##########################
 
-if ($_GET['updateContainer']){
-  $echo = $_GET['mute'] ? false : true;
+if (unscript($_GET['updateContainer'])){
+  $echo = isset($_GET['mute']);
   if ($echo) {
     readfile("$docroot/plugins/dynamix.docker.manager/log.htm");
     @flush();
   }
   foreach ($_GET['ct'] as $value) {
-    $tmpl = $DockerTemplates->getUserTemplate(urldecode($value));
+    $tmpl = $DockerTemplates->getUserTemplate(unscript(urldecode($value)));
     if ($echo && !$tmpl) {
       echo "<script>addLog('<p>"._('Configuration not found').". "._('Was this container created using this plugin')."?</p>');</script>";
       @flush();
@@ -205,8 +205,8 @@ if ($_POST['rmTemplate']) {
 ##    LOAD TEMPLATE    ##
 #########################
 
-if ($_GET['xmlTemplate']) {
-  [$xmlType, $xmlTemplate] = my_explode(':', urldecode($_GET['xmlTemplate']));
+if (unscript($_GET['xmlTemplate'])) {
+  [$xmlType, $xmlTemplate] = my_explode(':', unscript(urldecode($_GET['xmlTemplate'])));
   if (is_file($xmlTemplate)) {
     $xml = xmlToVar($xmlTemplate);
     $templateName = $xml['Name'];
diff --git a/plugins/dynamix.docker.manager/include/Events.php b/plugins/dynamix.docker.manager/include/Events.php
index 6d8887fa2..48b62665d 100644
--- a/plugins/dynamix.docker.manager/include/Events.php
+++ b/plugins/dynamix.docker.manager/include/Events.php
@@ -20,15 +20,14 @@ require_once "$docroot/webGui/include/Translations.php";
 require_once "$docroot/plugins/dynamix.docker.manager/include/DockerClient.php";
 
 function safe($text) {
-  return preg_replace('/[!@#$%^&\*\(\)\[\]{}"\|\?<>\/;]+/','',html_entity_decode($text));
+  return preg_replace('/[!@#$%^&\*\(\)\[\]{}"\|\?<>\/;]+/','',unscript(html_entity_decode($text));
 }
 
 $DockerClient = new DockerClient();
-$_REQUEST     = array_merge(array_map('safe',$_GET), $_POST);
-$action       = $_REQUEST['action'] ?? '';
-$container    = $_REQUEST['container'] ?? '';
-$name         = $_REQUEST['name'] ?? '';
-$image        = $_REQUEST['image'] ?? '';
+$action       = unscript($_REQUEST['action'] ?? '');
+$container    = unscript($_REQUEST['container'] ?? '');
+$name         = unscript($_REQUEST['name'] ?? '');
+$image        = unscript($_REQUEST['image'] ?? '');
 $arrResponse  = ['error' => _('Missing parameters')];
 
 switch ($action) {
@@ -68,8 +67,8 @@ switch ($action) {
 		break;
 	case 'log':
 		if ($container) {
-			$since = $_REQUEST['since'] ?? '';
-			$title = $_REQUEST['title'] ?? '';
+			$since = safe($_REQUEST['since'] ?? '');
+			$title = safe($_REQUEST['title'] ?? '');
 			require_once "$docroot/webGui/include/ColorCoding.php";
 			if (!$since) {
 				readfile("$docroot/plugins/dynamix.docker.manager/log.htm");
diff --git a/plugins/dynamix.plugin.manager/include/ShowChanges.php b/plugins/dynamix.plugin.manager/include/ShowChanges.php
index fb216f2ca..587b5c009 100644
--- a/plugins/dynamix.plugin.manager/include/ShowChanges.php
+++ b/plugins/dynamix.plugin.manager/include/ShowChanges.php
@@ -1,6 +1,6 @@
 <?PHP
-/* Copyright 2005-2020, Lime Technology
- * Copyright 2012-2020, Bergware International.
+/* Copyright 2005-2021, Lime Technology
+ * Copyright 2012-2021, Bergware International.
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License version 2,
@@ -34,8 +34,8 @@ extract(parse_plugin_cfg('dynamix',true));
 </head>
 <body style="margin:14px 10px">
 <?
-$file = $_GET['file'];
-$tmp = $_GET['tmp'] ? '/var/tmp' : '/tmp/plugins/';
+$file = unscript($_GET['file']);
+$tmp = unscript($_GET['tmp']) ? '/var/tmp' : '/tmp/plugins/';
 
 if (file_exists($file) && strpos(realpath($file),$tmp)===0 && substr($file,-4)=='.txt') echo Markdown(file_get_contents($file)); else echo Markdown("*"._('No release notes available')."!*");
 ?>
diff --git a/plugins/dynamix.vm.manager/VMMachines.page b/plugins/dynamix.vm.manager/VMMachines.page
index 58c8c7e13..5ba8dea67 100644
--- a/plugins/dynamix.vm.manager/VMMachines.page
+++ b/plugins/dynamix.vm.manager/VMMachines.page
@@ -52,10 +52,10 @@ function vsize($size,$expand=true) {
   }
 }
 
-$uuid = $_GET['uuid'];
+$uuid = unscript($_GET['uuid'];
 $subaction = $_GET['subaction'] ?? false;
-if ($_GET['refresh']) {
-  $vm = $_GET['name'];
+if (unscript($_GET['refresh'])) {
+  $vm = unscript($_GET['name']);
   if ($lv->domain_is_active($vm)) {
     echo "<meta http-equiv='refresh' content='5; url=/VMs?name=$vm&amp;refresh=true'>";
     $msg = "Waiting for $vm to shutdown...";
diff --git a/plugins/dynamix.vm.manager/include/VMMachines.php b/plugins/dynamix.vm.manager/include/VMMachines.php
index 14d07b414..f3cbb9fae 100644
--- a/plugins/dynamix.vm.manager/include/VMMachines.php
+++ b/plugins/dynamix.vm.manager/include/VMMachines.php
@@ -1,7 +1,7 @@
 <?PHP
-/* Copyright 2005-2020, Lime Technology
- * Copyright 2015-2020, Derek Macias, Eric Schultz, Jon Panozzo.
- * Copyright 2012-2020, Bergware International.
+/* Copyright 2005-2021, Lime Technology
+ * Copyright 2015-2021, Derek Macias, Eric Schultz, Jon Panozzo.
+ * Copyright 2012-2021, Bergware International.
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License version 2,
@@ -37,7 +37,7 @@ if (file_exists($user_prefs)) {
 $i = 0;
 $menu = [];
 $kvm = ['var kvm=[];'];
-$show = explode(',',$_GET['show']) ?? [];
+$show = explode(',',unscript($_GET['show'])) ?? [];
 
 foreach ($vms as $vm) {
   $res = $lv->get_domain_by_name($vm);
diff --git a/plugins/dynamix.vm.manager/include/VMajax.php b/plugins/dynamix.vm.manager/include/VMajax.php
index adcdf7d4e..203096a91 100644
--- a/plugins/dynamix.vm.manager/include/VMajax.php
+++ b/plugins/dynamix.vm.manager/include/VMajax.php
@@ -63,8 +63,8 @@ function embed(&$syslinux, $key, $value) {
 
 $arrSizePrefix = [0 => '', 1 => 'K', 2 => 'M', 3 => 'G', 4 => 'T', 5 => 'P'];
 $_REQUEST      = array_merge($_GET, $_POST);
-$action        = $_REQUEST['action'] ?? '';
-$uuid          = $_REQUEST['uuid'] ?? '';
+$action        = unscript($_REQUEST['action'] ?? '');
+$uuid          = unscript($_REQUEST['uuid'] ?? '');
 $arrResponse   = [];
 
 if ($uuid) {
diff --git a/plugins/dynamix.vm.manager/include/VMedit.php b/plugins/dynamix.vm.manager/include/VMedit.php
index d654768a2..31ac0dcd0 100644
--- a/plugins/dynamix.vm.manager/include/VMedit.php
+++ b/plugins/dynamix.vm.manager/include/VMedit.php
@@ -1,6 +1,6 @@
 <?PHP
-/* Copyright 2005-2020, Lime Technology
- * Copyright 2015-2020, Derek Macias, Eric Schultz, Jon Panozzo.
+/* Copyright 2005-2021, Lime Technology
+ * Copyright 2015-2021, Derek Macias, Eric Schultz, Jon Panozzo.
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License version 2,
@@ -28,8 +28,8 @@ switch ($display['theme']) {
 }
 
 $strSelectedTemplate = array_keys($arrAllTemplates)[1];
-if (!empty($_GET['template']) && !(empty($arrAllTemplates[$_GET['template']]))) {
-	$strSelectedTemplate = $_GET['template'];
+if (!empty(unscript($_GET['template'])) && !(empty($arrAllTemplates[unscript($_GET['template'])]))) {
+	$strSelectedTemplate = unscript($_GET['template']);
 }
 
 $arrLoad = [
@@ -41,9 +41,9 @@ $arrLoad = [
 ];
 $strIconURL = '/plugins/dynamix.vm.manager/templates/images/'.$arrLoad['icon'];
 
-if (!empty($_GET['uuid'])) {
+if (!empty(unscript($_GET['uuid']))) {
 	// Edit VM mode
-	$res = $lv->domain_get_domain_by_uuid($_GET['uuid']);
+	$res = $lv->domain_get_domain_by_uuid(unscript($_GET['uuid']));
 
 	if ($res === false) {
 		echo "<p class='notice'>"._('Invalid VM to edit').".</p><input type='button' value=\""._('Done')."\" onclick='done()'>";
@@ -59,7 +59,7 @@ if (!empty($_GET['uuid'])) {
 		'state' => $lv->domain_get_state($res)
 	];
 
-	if (empty($_GET['template'])) {
+	if (empty(unscript($_GET['template']))) {
 		// read vm-template attribute
 		$strTemplateOS = $lv->_get_single_xpath_result($res, '//domain/metadata/*[local-name()=\'vmtemplate\']/@os');
 		$strLibreELEC = $lv->_get_single_xpath_result($res, '//domain/metadata/*[local-name()=\'vmtemplate\']/@libreelec');
diff --git a/plugins/dynamix.vm.manager/templates/Custom.form.php b/plugins/dynamix.vm.manager/templates/Custom.form.php
index 7b38d9c72..ebd1b55f5 100644
--- a/plugins/dynamix.vm.manager/templates/Custom.form.php
+++ b/plugins/dynamix.vm.manager/templates/Custom.form.php
@@ -234,9 +234,9 @@
 		exit;
 	}
 
-	if ($_GET['uuid']) {
+	if (unscript($_GET['uuid'])) {
 		// edit an existing VM
-		$uuid = $_GET['uuid'];
+		$uuid = unscript($_GET['uuid']);
 		$dom = $lv->domain_get_domain_by_uuid($uuid);
 		$boolRunning = $lv->domain_get_state($dom)=='running';
 		$strXML = $lv->domain_get_xml($dom);
diff --git a/plugins/dynamix.vm.manager/templates/LibreELEC.form.php b/plugins/dynamix.vm.manager/templates/LibreELEC.form.php
index 4ea1ef982..6d60e3c16 100644
--- a/plugins/dynamix.vm.manager/templates/LibreELEC.form.php
+++ b/plugins/dynamix.vm.manager/templates/LibreELEC.form.php
@@ -389,9 +389,9 @@ $hdrXML = "<?xml version='1.0' encoding='UTF-8'?>\n"; // XML encoding declaratio
 		exit;
 	}
 
-	if ($_GET['uuid']) {
+	if (unscript($_GET['uuid'])) {
 		// edit an existing VM
-		$uuid = $_GET['uuid'];
+		$uuid = unscript($_GET['uuid']);
 		$dom = $lv->domain_get_domain_by_uuid($uuid);
 		$boolRunning = $lv->domain_get_state($dom)=='running';
 		$strXML = $lv->domain_get_xml($dom);
diff --git a/plugins/dynamix.vm.manager/templates/OpenELEC.form.php b/plugins/dynamix.vm.manager/templates/OpenELEC.form.php
index 58f18da44..3a63c4f97 100644
--- a/plugins/dynamix.vm.manager/templates/OpenELEC.form.php
+++ b/plugins/dynamix.vm.manager/templates/OpenELEC.form.php
@@ -389,9 +389,9 @@ $hdrXML = "<?xml version='1.0' encoding='UTF-8'?>\n"; // XML encoding declaratio
 		exit;
 	}
 
-	if ($_GET['uuid']) {
+	if (unscript($_GET['uuid'])) {
 		// edit an existing VM
-		$uuid = $_GET['uuid'];
+		$uuid = unscript($_GET['uuid']);
 		$dom = $lv->domain_get_domain_by_uuid($uuid);
 		$boolRunning = $lv->domain_get_state($dom)=='running';
 		$strXML = $lv->domain_get_xml($dom);
diff --git a/plugins/dynamix.vm.manager/templates/XML_Expert.form.php b/plugins/dynamix.vm.manager/templates/XML_Expert.form.php
index ed364c362..e339eb8f7 100644
--- a/plugins/dynamix.vm.manager/templates/XML_Expert.form.php
+++ b/plugins/dynamix.vm.manager/templates/XML_Expert.form.php
@@ -62,9 +62,9 @@
 		exit;
 	}
 
-	if ($_GET['uuid']) {
+	if (unscript($_GET['uuid'])) {
 		// edit an existing VM
-		$uuid = $_GET['uuid'];
+		$uuid = unscript($_GET['uuid']);
 		$dom = $lv->domain_get_domain_by_uuid($uuid);
 		$boolRunning = $lv->domain_get_state($dom)=='running';
 		$strXML = $lv->domain_get_xml($dom);
diff --git a/plugins/dynamix/include/Browse.php b/plugins/dynamix/include/Browse.php
index 2ecc95dd8..7c9d9d3a3 100644
--- a/plugins/dynamix/include/Browse.php
+++ b/plugins/dynamix/include/Browse.php
@@ -1,6 +1,6 @@
 <?PHP
-/* Copyright 2005-2020, Lime Technology
- * Copyright 2012-2020, Bergware International.
+/* Copyright 2005-2021, Lime Technology
+ * Copyright 2012-2021, Bergware International.
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License version 2,
@@ -42,9 +42,9 @@ function my_devs(&$devs) {
 }
 extract(parse_plugin_cfg('dynamix',true));
 $disks = parse_ini_file('state/disks.ini',true);
-$dir   = urldecode($_GET['dir']);
-$path  = $_GET['path'];
-$user  = $_GET['user'];
+$dir   = unscript(urldecode($_GET['dir']));
+$path  = unscript($_GET['path']);
+$user  = unscript($_GET['user']);
 $all   = $docroot.preg_replace('/([\'" &()[\]\\\\])/','\\\\$1',$dir).'/*';
 $fix   = substr($dir,0,4)=='/mnt' ? (explode('/',trim_slash($dir))[2] ?: _('---')) : _('flash');
 $fmt   = "%F {$display['time']}";
diff --git a/plugins/dynamix/include/DefaultPageLayout.php b/plugins/dynamix/include/DefaultPageLayout.php
index 2850bbdbe..8041632dc 100644
--- a/plugins/dynamix/include/DefaultPageLayout.php
+++ b/plugins/dynamix/include/DefaultPageLayout.php
@@ -11,7 +11,7 @@
  */
 ?>
 <?
-$display['font'] = $_COOKIE['fontSize'] ?? $display['font'];
+$display['font'] = unscript($_COOKIE['fontSize'] ?? $display['font']);
 $theme   = strtok($display['theme'],'-');
 $header  = $display['header'];
 $backgnd = $display['background'];
diff --git a/plugins/dynamix/include/DiskList.php b/plugins/dynamix/include/DiskList.php
index 84ec641a1..08b8999ba 100644
--- a/plugins/dynamix/include/DiskList.php
+++ b/plugins/dynamix/include/DiskList.php
@@ -1,6 +1,6 @@
 <?PHP
-/* Copyright 2005-2020, Lime Technology
- * Copyright 2012-2020, Bergware International.
+/* Copyright 2005-2021, Lime Technology
+ * Copyright 2012-2021, Bergware International.
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License version 2,
@@ -23,13 +23,13 @@ $disks   = parse_ini_file('state/disks.ini',true);
 $var     = parse_ini_file('state/var.ini');
 $sec     = parse_ini_file('state/sec.ini',true);
 $sec_nfs = parse_ini_file('state/sec_nfs.ini',true);
-$compute = $_GET['compute'];
-$path    = $_GET['path'];
-$fill    = $_GET['fill'];
+$compute = unscript($_GET['compute']);
+$path    = unscript($_GET['path']);
+$fill    = unscript($_GET['fill']);
 
 $display = [];
-$display['scale'] = $_GET['scale'];
-$display['number'] = $_GET['number'];
+$display['scale'] = unscript($_GET['scale']);
+$display['number'] = unscript($_GET['number']);
 
 // Display export settings
 function disk_share_settings($protocol,$share) {
diff --git a/plugins/dynamix/include/Helpers.php b/plugins/dynamix/include/Helpers.php
index ca535437e..8c1057050 100644
--- a/plugins/dynamix/include/Helpers.php
+++ b/plugins/dynamix/include/Helpers.php
@@ -263,4 +263,7 @@ function my_explode($split,$text,$count=2) {
 function my_preg_split($split,$text,$count=2) {
   return array_pad(preg_split($split,$text,$count),$count,'');
 }
+function unscript($text) {
+  return preg_replace('#<script(.*?)>(.+?)</script>#','',html_entity_decode($text));
+}
 ?>
diff --git a/plugins/dynamix/include/ShareList.php b/plugins/dynamix/include/ShareList.php
index 237a166db..4b0cf2791 100644
--- a/plugins/dynamix/include/ShareList.php
+++ b/plugins/dynamix/include/ShareList.php
@@ -1,6 +1,6 @@
 <?PHP
-/* Copyright 2005-2020, Lime Technology
- * Copyright 2012-2020, Bergware International.
+/* Copyright 2005-2021, Lime Technology
+ * Copyright 2012-2021, Bergware International.
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License version 2,
@@ -23,9 +23,9 @@ $disks   = parse_ini_file('state/disks.ini',true);
 $var     = parse_ini_file('state/var.ini');
 $sec     = parse_ini_file('state/sec.ini',true);
 $sec_nfs = parse_ini_file('state/sec_nfs.ini',true);
-$compute = $_GET['compute'];
-$path    = $_GET['path'];
-$fill    = $_GET['fill'];
+$compute = unscript($_GET['compute']);
+$path    = unscript($_GET['path']);
+$fill    = unscript($_GET['fill']);
 
 $display = [];
 $display['scale'] = $_GET['scale'];
diff --git a/plugins/dynamix/include/WGconfig.php b/plugins/dynamix/include/WGconfig.php
index 47b3788aa..9e0ff9625 100644
--- a/plugins/dynamix/include/WGconfig.php
+++ b/plugins/dynamix/include/WGconfig.php
@@ -18,7 +18,7 @@ require_once "$docroot/webGui/include/Translations.php";
 
 require_once "$docroot/webGui/include/Helpers.php";
 
-$file = $_GET['file'];
+$file = unscript($_GET['file']);
 $path = realpath('/etc/wireguard'.$_GET['path']);
 $csrf = exec("grep -Pom1 '^csrf_token=\"\K.[^\"]+' /var/local/emhttp/var.ini");
 if (!$path || strpos($path,'/boot/config/wireguard')!==0 || !$_GET['csrf_token'] || $_GET['csrf_token']!=$csrf) return;
diff --git a/plugins/dynamix/include/update.crypto.php b/plugins/dynamix/include/update.crypto.php
index 3b80843ec..7e3f232a8 100644
--- a/plugins/dynamix/include/update.crypto.php
+++ b/plugins/dynamix/include/update.crypto.php
@@ -16,8 +16,8 @@ $_SERVER['REQUEST_URI'] = '';
 require_once "$docroot/webGui/include/Translations.php";
 require_once "$docroot/webGui/include/Helpers.php";
 
-$index = $_GET['index'];
-$tests = explode(',',$_GET['test']);
+$index = unscript($_GET['index']);
+$tests = explode(',',unscript($_GET['test']));
 if ($index < count($tests)) {
   $test = $tests[$index];
   [$name,$size] = my_explode(':',$test);
diff --git a/plugins/dynamix/template.php b/plugins/dynamix/template.php
index a52793687..288fee5ec 100644
--- a/plugins/dynamix/template.php
+++ b/plugins/dynamix/template.php
@@ -63,8 +63,8 @@ foreach (glob('plugins/*', GLOB_ONLYDIR) as $plugin) {
 }
 
 // Get general variables
-$name = $_GET['name'] ?? '';
-$dir  = $_GET['dir'] ?? '';
+$name = unscript($_GET['name'] ?? '');
+$dir  = unscript($_GET['dir'] ?? '');
 $path = substr(strtok($_SERVER['REQUEST_URI'],'?'),1);
 
 // The current "task" is the first element of the path

From a6934899d4809b4ae7cbbab9a146b8146e087afb Mon Sep 17 00:00:00 2001
From: bergware <bergware@users.noreply.github.com>
Date: Thu, 12 Aug 2021 10:31:40 +0200
Subject: [PATCH 2/7] Script protection

---
 plugins/dynamix.docker.manager/include/Events.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/dynamix.docker.manager/include/Events.php b/plugins/dynamix.docker.manager/include/Events.php
index 48b62665d..528e5abb5 100644
--- a/plugins/dynamix.docker.manager/include/Events.php
+++ b/plugins/dynamix.docker.manager/include/Events.php
@@ -20,7 +20,7 @@ require_once "$docroot/webGui/include/Translations.php";
 require_once "$docroot/plugins/dynamix.docker.manager/include/DockerClient.php";
 
 function safe($text) {
-  return preg_replace('/[!@#$%^&\*\(\)\[\]{}"\|\?<>\/;]+/','',unscript(html_entity_decode($text));
+  return preg_replace('/[!@#$%^&\*\(\)\[\]{}"\|\?<>\/;]+/','',unscript(html_entity_decode($text)));
 }
 
 $DockerClient = new DockerClient();

From d266020764d864906b18663cb9c49c6886f0f10d Mon Sep 17 00:00:00 2001
From: bergware <bergware@users.noreply.github.com>
Date: Thu, 12 Aug 2021 10:33:38 +0200
Subject: [PATCH 3/7] Script protection

---
 plugins/dynamix.vm.manager/VMMachines.page | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/dynamix.vm.manager/VMMachines.page b/plugins/dynamix.vm.manager/VMMachines.page
index 5ba8dea67..9428d1008 100644
--- a/plugins/dynamix.vm.manager/VMMachines.page
+++ b/plugins/dynamix.vm.manager/VMMachines.page
@@ -52,7 +52,7 @@ function vsize($size,$expand=true) {
   }
 }
 
-$uuid = unscript($_GET['uuid'];
+$uuid = unscript($_GET['uuid']);
 $subaction = $_GET['subaction'] ?? false;
 if (unscript($_GET['refresh'])) {
   $vm = unscript($_GET['name']);

From 3fec3fe37c5bd536c076a48bb3832996ece1ed1d Mon Sep 17 00:00:00 2001
From: bergware <bergware@users.noreply.github.com>
Date: Thu, 12 Aug 2021 10:56:29 +0200
Subject: [PATCH 4/7] Script protection

---
 plugins/dynamix.docker.manager/include/Events.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/plugins/dynamix.docker.manager/include/Events.php b/plugins/dynamix.docker.manager/include/Events.php
index 528e5abb5..fa1a05433 100644
--- a/plugins/dynamix.docker.manager/include/Events.php
+++ b/plugins/dynamix.docker.manager/include/Events.php
@@ -19,6 +19,9 @@ require_once "$docroot/webGui/include/Translations.php";
 
 require_once "$docroot/plugins/dynamix.docker.manager/include/DockerClient.php";
 
+function unscript($text) {
+  return preg_replace('#<script(.*?)>(.+?)</script>#','',html_entity_decode($text));
+}
 function safe($text) {
   return preg_replace('/[!@#$%^&\*\(\)\[\]{}"\|\?<>\/;]+/','',unscript(html_entity_decode($text)));
 }

From 7186e8a8bcc688048e9d7085894acadcfee146cb Mon Sep 17 00:00:00 2001
From: bergware <bergware@users.noreply.github.com>
Date: Thu, 12 Aug 2021 11:04:10 +0200
Subject: [PATCH 5/7] Script protection

---
 plugins/dynamix.docker.manager/include/Events.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/dynamix.docker.manager/include/Events.php b/plugins/dynamix.docker.manager/include/Events.php
index fa1a05433..09c5e68e4 100644
--- a/plugins/dynamix.docker.manager/include/Events.php
+++ b/plugins/dynamix.docker.manager/include/Events.php
@@ -23,7 +23,7 @@ function unscript($text) {
   return preg_replace('#<script(.*?)>(.+?)</script>#','',html_entity_decode($text));
 }
 function safe($text) {
-  return preg_replace('/[!@#$%^&\*\(\)\[\]{}"\|\?<>\/;]+/','',unscript(html_entity_decode($text)));
+  return preg_replace('/[!@#$%^&\*\(\)\[\]{}"\|\?<>\/;]+/','',unscript($text));
 }
 
 $DockerClient = new DockerClient();

From f8f3376b72a2847b210211e17d518db7e67e4e3e Mon Sep 17 00:00:00 2001
From: bergware <bergware@users.noreply.github.com>
Date: Thu, 12 Aug 2021 11:59:17 +0200
Subject: [PATCH 6/7] PHP code error corrections

---
 .../DockerSettings.page                       |  4 +--
 plugins/dynamix/WG0.page                      | 32 +++++++++----------
 plugins/dynamix/WGX.page                      | 32 +++++++++----------
 3 files changed, 34 insertions(+), 34 deletions(-)

diff --git a/plugins/dynamix.docker.manager/DockerSettings.page b/plugins/dynamix.docker.manager/DockerSettings.page
index bd2dc90c6..632eda060 100644
--- a/plugins/dynamix.docker.manager/DockerSettings.page
+++ b/plugins/dynamix.docker.manager/DockerSettings.page
@@ -465,7 +465,7 @@ _(Preserve user defined networks)_:
 $net = normalize($network);
 $docker_dhcp = "DOCKER_DHCP_$net";
 ?>
-<?if ($dockercfg[$docker_dhcp] || empty($dockercfg["DOCKER_AUTO_$net"])):?>
+<?if (isset($dockercfg[$docker_dhcp]) || empty($dockercfg["DOCKER_AUTO_$net"])):?>
 _(IPv4 custom network on interface)_ <?=$network?>:
 : <span class="<?=$gw4class?>">**_(Subnet)_:** <?=$route?></span>
   <span class="<?=$gw4class?>">**_(Gateway)_:** <?=$gateway[$network]?></span>
@@ -500,7 +500,7 @@ _(IPv4 custom network on interface)_ <?=$network?>:
 <?
 $net = normalize($network);
 $docker_dhcp6 = "DOCKER_DHCP6_$net";
-if ($dockercfg[$docker_dhcp6] || empty($dockercfg["DOCKER_AUTO_$net"])):?>
+if (isset($dockercfg[$docker_dhcp6]) || empty($dockercfg["DOCKER_AUTO_$net"])):?>
 <?$wide = true;?>
 _(IPv6 custom network on interface)_ <?=$network?>:
 : <span class="gw6">**_(Subnet)_:** <?=$route?></span>
diff --git a/plugins/dynamix/WG0.page b/plugins/dynamix/WG0.page
index fb8851ddf..858f352e8 100644
--- a/plugins/dynamix/WG0.page
+++ b/plugins/dynamix/WG0.page
@@ -1220,7 +1220,7 @@ $(function(){
 <input type="hidden" name="#deleted" value="">
 <input type="hidden" name="#locale" value="<?=$locale?>">
 _(Local name)_:
-: <span class="input"><input type="text" name="Name:0" class="wide" maxlength="99" value="<?=$wg0["Name:0"]?>" pattern="<?=$validname?>" title="_(Use only letters A-Z, digits or space,dash,underscore)_" placeholder="(_(optional)_)"></span>
+: <span class="input"><input type="text" name="Name:0" class="wide" maxlength="99" value="<?=$wg0["Name:0"]??''?>" pattern="<?=$validname?>" title="_(Use only letters A-Z, digits or space,dash,underscore)_" placeholder="(_(optional)_)"></span>
   <span class="pin"><i class="fa fa-fw fa-eye eye0<?=$this_wg0?'':' key-off'?>" style="cursor:pointer" onclick="WGconfig(this,'wg0','')" title="_(View Local Config)_"></i>
   <i class="fa fa-fw fa-key zone0<?=$wg0['PublicKey:0']?'':' key-off'?>" style="cursor:pointer" onclick="openClose($(document.wg0),null,'div.key0')" title="_(Toggle keys)_"></i>
   <i id="chevron-wg0-0" class="fa fa-fw fa-chevron-down" style="cursor:pointer" onclick="openClose($(document.wg0),this,'div.zone0')" title="_(Toggle view)_"></i></span>
@@ -1229,13 +1229,13 @@ _(Local name)_:
 
 <div markdown="1" class="keys wg0 key0"<?=$wg0['PublicKey:0']?' style="display:none">':'>'?>
 _(Local private key)_:
-: <span class="input"><input type="text" name="PrivateKey:0" class="wide private-0" maxlength="64" value="<?=$wg0['PrivateKey:0']?>" onchange="highlight($(document.wg0),this,0)" placeholder="(_(mandatory)_)" required></span>
+: <span class="input"><input type="text" name="PrivateKey:0" class="wide private-0" maxlength="64" value="<?=$wg0['PrivateKey:0']??''?>" onchange="highlight($(document.wg0),this,0)" placeholder="(_(mandatory)_)" required></span>
   <input type="button" class="form" value="_(Generate Keypair)_" onclick="keypair($(document.wg0),'0')">
 
 :wg_generate_keypair_help:
 
 _(Local public key)_:
-: <span class="input"><input type="text" name="PublicKey:0" class="wide public-0" maxlength="64" value="<?=$wg0['PublicKey:0']?>" onchange="highlight($(document.wg0),this,0)" placeholder="(_(mandatory)_)" required></span>
+: <span class="input"><input type="text" name="PublicKey:0" class="wide public-0" maxlength="64" value="<?=$wg0['PublicKey:0']??''?>" onchange="highlight($(document.wg0),this,0)" placeholder="(_(mandatory)_)" required></span>
 
 :wg_generate_keypair_help:
 
@@ -1308,7 +1308,7 @@ _(Local gateway uses UPnP)_:
 
 </div>
 _(Local tunnel firewall)_:
-: <span class="input"><input type="text" name="DROP:0" class="wide" value="<?=$wg0['DROP:0']?>" onchange="quickValidate(this);" pattern="<?=$validList?>" title="_(Comma separated list of IPv4 and IPv6 IP addresses)_, _(CIDR optional)_" placeholder="(_(optional)_)"></span>
+: <span class="input"><input type="text" name="DROP:0" class="wide" value="<?=$wg0['DROP:0']??''?>" onchange="quickValidate(this);" pattern="<?=$validList?>" title="_(Comma separated list of IPv4 and IPv6 IP addresses)_, _(CIDR optional)_" placeholder="(_(optional)_)"></span>
   _(Rule)_: <select name="RULE:0" class="auto">
   <?=mk_option($wg0['RULE:0'], "", _("Deny"))?>
   <?=mk_option($wg0['RULE:0'], "1", _("Allow"))?>
@@ -1317,7 +1317,7 @@ _(Local tunnel firewall)_:
 :wg_local_tunnel_firewall_help:
 
 _(MTU size)_:
-: <span class="input"><input type="number" name="MTU:0" class="trim" min="68" max="9198" value="<?=$wg0['MTU:0']?>" onchange="quickValidate(this);" placeholder="(_(automatic)_)">_(bytes)_</span>
+: <span class="input"><input type="number" name="MTU:0" class="trim" min="68" max="9198" value="<?=$wg0['MTU:0']??''?>" onchange="quickValidate(this);" placeholder="(_(automatic)_)">_(bytes)_</span>
 
 :wg_mtu_size_help:
 
@@ -1341,7 +1341,7 @@ _(DNS servers)_:
 <?foreach ($peer_wg0 as $i):?>
 <div markdown="1" id="index-wg0-<?=$i?>" class="shade-<?=$display['theme']?>">
 _(Peer name)_:
-: <span class="input"><input type="text" name="Name:<?=$i?>" class="wide" maxlength="99" value="<?=$wg0["Name:$i"]?>" onchange="quickValidate(this);" pattern="<?=$validname?>" title="_(Use only letters A-Z, digits or space,dash,underscore)_" placeholder="(_(optional)_)"></span>
+: <span class="input"><input type="text" name="Name:<?=$i?>" class="wide" maxlength="99" value="<?=$wg0["Name:$i"]??''?>" onchange="quickValidate(this);" pattern="<?=$validname?>" title="_(Use only letters A-Z, digits or space,dash,underscore)_" placeholder="(_(optional)_)"></span>
   <input type="button" class="form" value="_(Delete Peer)_" onclick="delPeer($(document.wg0),'#index-wg0-<?=$i?>')">
   <span class="pin"><i class="fa fa-fw fa-eye eye<?=$i?><?=(file_exists("$etc/peers/peer-$tower-wg0-$i.conf")&&(int)$wg0["TYPE:$i"]!=7)?'':' key-off'?>" style="cursor:pointer" onclick="WGconfig(this,'peer-<?=$tower?>-wg0-<?=$i?>','/peers')" title="_(View Peer Config)_"></i>
   <i class="fa fa-fw fa-key zone<?=$i?><?=$wg0["PublicKey:$i"]?'':' key-off'?>" style="cursor:pointer" onclick="openClose($(document.wg0),null,'div.key<?=$i?>')" title="_(Toggle keys)_"></i>
@@ -1368,18 +1368,18 @@ _(Peer type of access)_:
 
 <div markdown="1" class="keys wg0 key<?=$i?>"<?=$wg0["PublicKey:$i"]?' style="display:none">':'>'?>
 _(Peer private key)_:
-: <span class="input"><input type="text" name="PrivateKey:<?=$i?>" class="wide private-<?=$i?>" maxlength="64" value="<?=$wg0["PrivateKey:$i"]?>" onchange="highlight($(document.wg0),this,<?=$i?>)" placeholder="(_(optional)_)"></span>
+: <span class="input"><input type="text" name="PrivateKey:<?=$i?>" class="wide private-<?=$i?>" maxlength="64" value="<?=$wg0["PrivateKey:$i"]??''?>" onchange="highlight($(document.wg0),this,<?=$i?>)" placeholder="(_(optional)_)"></span>
   <input type="button" class="form" value="_(Generate Keypair)_" onclick="keypair($(document.wg0),'<?=$i?>')">
 
 :wg_generate_keypair_help:
 
 _(Peer public key)_:
-: <span class="input"><input type="text" name="PublicKey:<?=$i?>" class="wide public-<?=$i?>" maxlength="64" value="<?=$wg0["PublicKey:$i"]?>" onchange="highlight($(document.wg0),this,<?=$i?>)" placeholder="(_(mandatory)_)" required></span>
+: <span class="input"><input type="text" name="PublicKey:<?=$i?>" class="wide public-<?=$i?>" maxlength="64" value="<?=$wg0["PublicKey:$i"]??''?>" onchange="highlight($(document.wg0),this,<?=$i?>)" placeholder="(_(mandatory)_)" required></span>
 
 :wg_generate_keypair_help:
 
 _(Peer preshared key)_:
-: <span class="input"><input type="text" name="PresharedKey:<?=$i?>" class="wide preshared-<?=$i?>" maxlength="64" value="<?=$wg0["PresharedKey:$i"]?>" onchange="highlight($(document.wg0),this,<?=$i?>)" placeholder="(_(optional)_)"></span>
+: <span class="input"><input type="text" name="PresharedKey:<?=$i?>" class="wide preshared-<?=$i?>" maxlength="64" value="<?=$wg0["PresharedKey:$i"]??''?>" onchange="highlight($(document.wg0),this,<?=$i?>)" placeholder="(_(optional)_)"></span>
   <input type="button" class="form" value="_(Generate Key)_" onclick="presharedkey($(document.wg0),'<?=$i?>')">
 
 : wg_peer_preshared_key_help:
@@ -1388,13 +1388,13 @@ _(Peer preshared key)_:
 <div markdown="1" class="advanced wg0 zone<?=$i?>" style="display:none">
 <div markdown="1" class="ipv4 wg0" style="display:none">
 _(Peer tunnel address)_:
-: <span class="input"><input type="text" name="Address:<?=$i?>" class="subnet" maxlength="15" value="<?=$wg0["Address:$i"]?>" onchange="if(verifyInSubnet(this)){setAllow($(document.wg0),this.value,<?=$i?>)}" pattern="<?=$validIP4?>" title="_(IPv4 address)_"></span>
+: <span class="input"><input type="text" name="Address:<?=$i?>" class="subnet" maxlength="15" value="<?=$wg0["Address:$i"]??''?>" onchange="if(verifyInSubnet(this)){setAllow($(document.wg0),this.value,<?=$i?>)}" pattern="<?=$validIP4?>" title="_(IPv4 address)_"></span>
   <input type="button" class="form ping-button1-<?=$i?>" value="_(Ping)_" onclick="ping($(document.wg0),this,'input[name=&quot;Address:<?=$i?>&quot;]')"<?=$wg0["Address:$i"]?'':' disabled'?>>
 
 </div>
 <div markdown="1" class="ipv6 wg0" style="display:none">
 _(Peer tunnel address IPv6)_:
-: <span class="input"><input type="text" name="Address6:<?=$i?>" class="subnet" maxlength="40" value="<?=$wg0["Address6:$i"]?>" onchange="if(verifyInSubnet6(this)){setAllow6($(document.wg0),this.value,<?=$i?>)}" pattern="<?=$validIP6?>" title="_(IPv6 address)_"></span>
+: <span class="input"><input type="text" name="Address6:<?=$i?>" class="subnet" maxlength="40" value="<?=$wg0["Address6:$i"]??''?>" onchange="if(verifyInSubnet6(this)){setAllow6($(document.wg0),this.value,<?=$i?>)}" pattern="<?=$validIP6?>" title="_(IPv6 address)_"></span>
   <input type="button" class="form ping-button6-<?=$i?>" value="_(Ping)_" onclick="ping($(document.wg0),this,'input[name=&quot;Address6:<?=$i?>&quot;]')"<?=$wg0["Address6:$i"]?'':' disabled'?>>
 
 </div>
@@ -1402,24 +1402,24 @@ _(Peer tunnel address IPv6)_:
 
 _(Peer endpoint)_:
 <input type="hidden" name="Endpoint:<?=$i?>" value="">
-: <span class="input"><input type="text" name="gui:Endpoint:<?=$i?>" class="subnet" value="<?=$wg0["Endpoint:$i"]?>" pattern="<?=$validText?>" title="_(IP address or FQDN)_" onchange="toLC(this);quickValidate(this);" <?=($vpn_wg0||(int)$wg0["TYPE:$i"]==2||(int)$wg0["TYPE:$i"]==3)?'placeholder="(_(mandatory)_)" required':'placeholder="(_(not used)_)"'?>>:
-  <input type="number" name="gui:ListenPort:<?=$i?>" class="port" min="1" max="65535" value="<?=$wg0["ListenPort:$i"]?>" onchange="quickValidate(this);"<?=$wg0["Endpoint:$i"]?" placeholder=\"".($wg0['ListenPort:0']?:$netport['wg0'])."\"":""?>></span>
+: <span class="input"><input type="text" name="gui:Endpoint:<?=$i?>" class="subnet" value="<?=$wg0["Endpoint:$i"]??''?>" pattern="<?=$validText?>" title="_(IP address or FQDN)_" onchange="toLC(this);quickValidate(this);" <?=($vpn_wg0||(int)$wg0["TYPE:$i"]==2||(int)$wg0["TYPE:$i"]==3)?'placeholder="(_(mandatory)_)" required':'placeholder="(_(not used)_)"'?>>:
+  <input type="number" name="gui:ListenPort:<?=$i?>" class="port" min="1" max="65535" value="<?=$wg0["ListenPort:$i"]??''?>" onchange="quickValidate(this);"<?=$wg0["Endpoint:$i"]?" placeholder=\"".($wg0['ListenPort:0']?:$netport['wg0'])."\"":""?>></span>
   <input type="button" class="form ping-button2-<?=$i?>" value="_(Ping)_" onclick="ping($(document.wg0),this,'input[name=&quot;gui:Endpoint:<?=$i?>&quot;]')"<?=$wg0["Endpoint:$i"]?'':' disabled'?>>
 
 :wg_peer_endpoint_help:
 
 _(Peer allowed IPs)_:
-: <span class="input"><input type="text" name="AllowedIPs:<?=$i?>" class="wide" value="<?=$wg0["AllowedIPs:$i"]?>" onchange="quickValidate(this);" pattern="<?=$validList?>" title="_(Comma separated list of IPv4 and IPv6 IP addresses)_, _(CIDR optional)_" placeholder="(_(mandatory)_)" required></span>
+: <span class="input"><input type="text" name="AllowedIPs:<?=$i?>" class="wide" value="<?=$wg0["AllowedIPs:$i"]??''?>" onchange="quickValidate(this);" pattern="<?=$validList?>" title="_(Comma separated list of IPv4 and IPv6 IP addresses)_, _(CIDR optional)_" placeholder="(_(mandatory)_)" required></span>
 
 :wg_peer_allowed_ips_help:
 
 _(Peer DNS server)_:
-: <span class="input"><input type="text" name="DNS:<?=$i?>" class="subnet" maxlength="40" value="<?=$wg0["DNS:$i"]?>" onchange="quickValidate(this);" pattern="<?=$validDNSServerList?>" title="_(Comma separated list of IPv4 and IPv6 IP addresses)_" <?=(int)$wg0["TYPE:$i"]!=6?'placeholder="(_(optional)_)"':'placeholder="(_(mandatory)_)" required'?>></span>
+: <span class="input"><input type="text" name="DNS:<?=$i?>" class="subnet" maxlength="40" value="<?=$wg0["DNS:$i"]??''?>" onchange="quickValidate(this);" pattern="<?=$validDNSServerList?>" title="_(Comma separated list of IPv4 and IPv6 IP addresses)_" <?=(int)$wg0["TYPE:$i"]!=6?'placeholder="(_(optional)_)"':'placeholder="(_(mandatory)_)" required'?>></span>
 
 :wg_peer_dns_server_help:
 
 _(Persistent keepalive)_:
-: <span class="input"><input type="number" name="PersistentKeepalive:<?=$i?>" class="trim" min="0" max="600" value="<?=$wg0["PersistentKeepalive:$i"]?>" onchange="quickValidate(this);" placeholder="(_(disabled)_)">_(seconds)_</span>
+: <span class="input"><input type="number" name="PersistentKeepalive:<?=$i?>" class="trim" min="0" max="600" value="<?=$wg0["PersistentKeepalive:$i"]??''?>" onchange="quickValidate(this);" placeholder="(_(disabled)_)">_(seconds)_</span>
 
 :wg_persistent_keepalive_help:
 
diff --git a/plugins/dynamix/WGX.page b/plugins/dynamix/WGX.page
index 11da8ec02..34bf33cf3 100644
--- a/plugins/dynamix/WGX.page
+++ b/plugins/dynamix/WGX.page
@@ -156,7 +156,7 @@ $(function(){
 <input type="hidden" name="#deleted" value="">
 <input type="hidden" name="#locale" value="<?=$locale?>">
 _(Local name)_:
-: <span class="input"><input type="text" name="Name:0" class="wide" maxlength="99" value="<?=$wgX["Name:0"]?>" pattern="<?=$validname?>" title="_(Use only letters A-Z, digits or space,dash,underscore)_" placeholder="(_(optional)_)"></span>
+: <span class="input"><input type="text" name="Name:0" class="wide" maxlength="99" value="<?=$wgX["Name:0"]??''?>" pattern="<?=$validname?>" title="_(Use only letters A-Z, digits or space,dash,underscore)_" placeholder="(_(optional)_)"></span>
   <span class="pin"><i class="fa fa-fw fa-eye eye0<?=$this_wgX?'':' key-off'?>" style="cursor:pointer" onclick="WGconfig(this,'wgX','')" title="_(View Local Config)_"></i>
   <i class="fa fa-fw fa-key zone0<?=$wgX['PublicKey:0']?'':' key-off'?>" style="cursor:pointer" onclick="openClose($(document.wgX),null,'div.key0')" title="_(Toggle keys)_"></i>
   <i id="chevron-wgX-0" class="fa fa-fw fa-chevron-down" style="cursor:pointer" onclick="openClose($(document.wgX),this,'div.zone0')" title="_(Toggle view)_"></i></span>
@@ -165,13 +165,13 @@ _(Local name)_:
 
 <div markdown="1" class="keys wgX key0"<?=$wgX['PublicKey:0']?' style="display:none">':'>'?>
 _(Local private key)_:
-: <span class="input"><input type="text" name="PrivateKey:0" class="wide private-0" maxlength="64" value="<?=$wgX['PrivateKey:0']?>" onchange="highlight($(document.wgX),this,0)" placeholder="(_(mandatory)_)" required></span>
+: <span class="input"><input type="text" name="PrivateKey:0" class="wide private-0" maxlength="64" value="<?=$wgX['PrivateKey:0']??''?>" onchange="highlight($(document.wgX),this,0)" placeholder="(_(mandatory)_)" required></span>
   <input type="button" class="form" value="_(Generate Keypair)_" onclick="keypair($(document.wgX),'0')">
 
 :wg_generate_keypair_help:
 
 _(Local public key)_:
-: <span class="input"><input type="text" name="PublicKey:0" class="wide public-0" maxlength="64" value="<?=$wgX['PublicKey:0']?>" onchange="highlight($(document.wgX),this,0)" placeholder="(_(mandatory)_)" required></span>
+: <span class="input"><input type="text" name="PublicKey:0" class="wide public-0" maxlength="64" value="<?=$wgX['PublicKey:0']??''?>" onchange="highlight($(document.wgX),this,0)" placeholder="(_(mandatory)_)" required></span>
 
 :wg_generate_keypair_help:
 
@@ -244,7 +244,7 @@ _(Local gateway uses UPnP)_:
 
 </div>
 _(Local tunnel firewall)_:
-: <span class="input"><input type="text" name="DROP:0" class="wide" value="<?=$wgX['DROP:0']?>" onchange="quickValidate(this);" pattern="<?=$validList?>" title="_(Comma separated list of IPv4 and IPv6 IP addresses)_, _(CIDR optional)_" placeholder="(_(optional)_)"></span>
+: <span class="input"><input type="text" name="DROP:0" class="wide" value="<?=$wgX['DROP:0']??''?>" onchange="quickValidate(this);" pattern="<?=$validList?>" title="_(Comma separated list of IPv4 and IPv6 IP addresses)_, _(CIDR optional)_" placeholder="(_(optional)_)"></span>
   _(Rule)_: <select name="RULE:0" class="auto">
   <?=mk_option($wgX['RULE:0'], "", _("Deny"))?>
   <?=mk_option($wgX['RULE:0'], "1", _("Allow"))?>
@@ -253,7 +253,7 @@ _(Local tunnel firewall)_:
 :wg_local_tunnel_firewall_help:
 
 _(MTU size)_:
-: <span class="input"><input type="number" name="MTU:0" class="trim" min="68" max="9198" value="<?=$wgX['MTU:0']?>" onchange="quickValidate(this);" placeholder="(_(automatic)_)">_(bytes)_</span>
+: <span class="input"><input type="number" name="MTU:0" class="trim" min="68" max="9198" value="<?=$wgX['MTU:0']??''?>" onchange="quickValidate(this);" placeholder="(_(automatic)_)">_(bytes)_</span>
 
 :wg_mtu_size_help:
 
@@ -277,7 +277,7 @@ _(DNS servers)_:
 <?foreach ($peer_wgX as $i):?>
 <div markdown="1" id="index-wgX-<?=$i?>" class="shade-<?=$display['theme']?>">
 _(Peer name)_:
-: <span class="input"><input type="text" name="Name:<?=$i?>" class="wide" maxlength="99" value="<?=$wgX["Name:$i"]?>" onchange="quickValidate(this);" pattern="<?=$validname?>" title="_(Use only letters A-Z, digits or space,dash,underscore)_" placeholder="(_(optional)_)"></span>
+: <span class="input"><input type="text" name="Name:<?=$i?>" class="wide" maxlength="99" value="<?=$wgX["Name:$i"]??''?>" onchange="quickValidate(this);" pattern="<?=$validname?>" title="_(Use only letters A-Z, digits or space,dash,underscore)_" placeholder="(_(optional)_)"></span>
   <input type="button" class="form" value="_(Delete Peer)_" onclick="delPeer($(document.wgX),'#index-wgX-<?=$i?>')">
   <span class="pin"><i class="fa fa-fw fa-eye eye<?=$i?><?=(file_exists("$etc/peers/peer-$tower-wgX-$i.conf")&&(int)$wgX["TYPE:$i"]!=7)?'':' key-off'?>" style="cursor:pointer" onclick="WGconfig(this,'peer-<?=$tower?>-wgX-<?=$i?>','/peers')" title="_(View Peer Config)_"></i>
   <i class="fa fa-fw fa-key zone<?=$i?><?=$wgX["PublicKey:$i"]?'':' key-off'?>" style="cursor:pointer" onclick="openClose($(document.wgX),null,'div.key<?=$i?>')" title="_(Toggle keys)_"></i>
@@ -304,18 +304,18 @@ _(Peer type of access)_:
 
 <div markdown="1" class="keys wgX key<?=$i?>"<?=$wgX["PublicKey:$i"]?' style="display:none">':'>'?>
 _(Peer private key)_:
-: <span class="input"><input type="text" name="PrivateKey:<?=$i?>" class="wide private-<?=$i?>" maxlength="64" value="<?=$wgX["PrivateKey:$i"]?>" onchange="highlight($(document.wgX),this,<?=$i?>)" placeholder="(_(optional)_)"></span>
+: <span class="input"><input type="text" name="PrivateKey:<?=$i?>" class="wide private-<?=$i?>" maxlength="64" value="<?=$wgX["PrivateKey:$i"]??''?>" onchange="highlight($(document.wgX),this,<?=$i?>)" placeholder="(_(optional)_)"></span>
   <input type="button" class="form" value="_(Generate Keypair)_" onclick="keypair($(document.wgX),'<?=$i?>')">
 
 :wg_generate_keypair_help:
 
 _(Peer public key)_:
-: <span class="input"><input type="text" name="PublicKey:<?=$i?>" class="wide public-<?=$i?>" maxlength="64" value="<?=$wgX["PublicKey:$i"]?>" onchange="highlight($(document.wgX),this,<?=$i?>)" placeholder="(_(mandatory)_)" required></span>
+: <span class="input"><input type="text" name="PublicKey:<?=$i?>" class="wide public-<?=$i?>" maxlength="64" value="<?=$wgX["PublicKey:$i"]??''?>" onchange="highlight($(document.wgX),this,<?=$i?>)" placeholder="(_(mandatory)_)" required></span>
 
 :wg_generate_keypair_help:
 
 _(Peer preshared key)_:
-: <span class="input"><input type="text" name="PresharedKey:<?=$i?>" class="wide preshared-<?=$i?>" maxlength="64" value="<?=$wgX["PresharedKey:$i"]?>" onchange="highlight($(document.wgX),this,<?=$i?>)" placeholder="(_(optional)_)"></span>
+: <span class="input"><input type="text" name="PresharedKey:<?=$i?>" class="wide preshared-<?=$i?>" maxlength="64" value="<?=$wgX["PresharedKey:$i"]??''?>" onchange="highlight($(document.wgX),this,<?=$i?>)" placeholder="(_(optional)_)"></span>
   <input type="button" class="form" value="_(Generate Key)_" onclick="presharedkey($(document.wgX),'<?=$i?>')">
 
 : wg_peer_preshared_key_help:
@@ -324,13 +324,13 @@ _(Peer preshared key)_:
 <div markdown="1" class="advanced wgX zone<?=$i?>" style="display:none">
 <div markdown="1" class="ipv4 wgX" style="display:none">
 _(Peer tunnel address)_:
-: <span class="input"><input type="text" name="Address:<?=$i?>" class="subnet" maxlength="15" value="<?=$wgX["Address:$i"]?>" onchange="if(verifyInSubnet(this)){setAllow($(document.wgX),this.value,<?=$i?>)}" pattern="<?=$validIP4?>" title="_(IPv4 address)_"></span>
+: <span class="input"><input type="text" name="Address:<?=$i?>" class="subnet" maxlength="15" value="<?=$wgX["Address:$i"]??''?>" onchange="if(verifyInSubnet(this)){setAllow($(document.wgX),this.value,<?=$i?>)}" pattern="<?=$validIP4?>" title="_(IPv4 address)_"></span>
   <input type="button" class="form ping-button1-<?=$i?>" value="_(Ping)_" onclick="ping($(document.wgX),this,'input[name=&quot;Address:<?=$i?>&quot;]')"<?=$wgX["Address:$i"]?'':' disabled'?>>
 
 </div>
 <div markdown="1" class="ipv6 wgX" style="display:none">
 _(Peer tunnel address IPv6)_:
-: <span class="input"><input type="text" name="Address6:<?=$i?>" class="subnet" maxlength="40" value="<?=$wgX["Address6:$i"]?>" onchange="if(verifyInSubnet6(this)){setAllow6($(document.wgX),this.value,<?=$i?>)}" pattern="<?=$validIP6?>" title="_(IPv6 address)_"></span>
+: <span class="input"><input type="text" name="Address6:<?=$i?>" class="subnet" maxlength="40" value="<?=$wgX["Address6:$i"]??''?>" onchange="if(verifyInSubnet6(this)){setAllow6($(document.wgX),this.value,<?=$i?>)}" pattern="<?=$validIP6?>" title="_(IPv6 address)_"></span>
   <input type="button" class="form ping-button6-<?=$i?>" value="_(Ping)_" onclick="ping($(document.wgX),this,'input[name=&quot;Address6:<?=$i?>&quot;]')"<?=$wgX["Address6:$i"]?'':' disabled'?>>
 
 </div>
@@ -338,24 +338,24 @@ _(Peer tunnel address IPv6)_:
 
 _(Peer endpoint)_:
 <input type="hidden" name="Endpoint:<?=$i?>" value="">
-: <span class="input"><input type="text" name="gui:Endpoint:<?=$i?>" class="subnet" value="<?=$wgX["Endpoint:$i"]?>" pattern="<?=$validText?>" title="_(IP address or FQDN)_" onchange="toLC(this);quickValidate(this);" <?=($vpn_wgX||(int)$wgX["TYPE:$i"]==2||(int)$wgX["TYPE:$i"]==3)?'placeholder="(_(mandatory)_)" required':'placeholder="(_(not used)_)"'?>>:
-  <input type="number" name="gui:ListenPort:<?=$i?>" class="port" min="1" max="65535" value="<?=$wgX["ListenPort:$i"]?>" onchange="quickValidate(this);"<?=$wgX["Endpoint:$i"]?" placeholder=\"".($wgX['ListenPort:0']?:$netport['wgX'])."\"":""?>></span>
+: <span class="input"><input type="text" name="gui:Endpoint:<?=$i?>" class="subnet" value="<?=$wgX["Endpoint:$i"]??''?>" pattern="<?=$validText?>" title="_(IP address or FQDN)_" onchange="toLC(this);quickValidate(this);" <?=($vpn_wgX||(int)$wgX["TYPE:$i"]==2||(int)$wgX["TYPE:$i"]==3)?'placeholder="(_(mandatory)_)" required':'placeholder="(_(not used)_)"'?>>:
+  <input type="number" name="gui:ListenPort:<?=$i?>" class="port" min="1" max="65535" value="<?=$wgX["ListenPort:$i"]??''?>" onchange="quickValidate(this);"<?=$wgX["Endpoint:$i"]?" placeholder=\"".($wgX['ListenPort:0']?:$netport['wgX'])."\"":""?>></span>
   <input type="button" class="form ping-button2-<?=$i?>" value="Ping" onclick="ping($(document.wgX),this,'input[name=&quot;gui:Endpoint:<?=$i?>&quot;]')"<?=$wgX["Endpoint:$i"]?'':' disabled'?>>
 
 :wg_peer_endpoint_help:
 
 _(Peer allowed IPs)_:
-: <span class="input"><input type="text" name="AllowedIPs:<?=$i?>" class="wide" value="<?=$wgX["AllowedIPs:$i"]?>" onchange="quickValidate(this);" pattern="<?=$validList?>" title="_(Comma separated list of IPv4 and IPv6 IP addresses)_, _(CIDR optional)_" placeholder="(_(mandatory)_)" required></span>
+: <span class="input"><input type="text" name="AllowedIPs:<?=$i?>" class="wide" value="<?=$wgX["AllowedIPs:$i"]??''?>" onchange="quickValidate(this);" pattern="<?=$validList?>" title="_(Comma separated list of IPv4 and IPv6 IP addresses)_, _(CIDR optional)_" placeholder="(_(mandatory)_)" required></span>
 
 :wg_peer_allowed_ips_help:
 
 _(Peer DNS server)_:
-: <span class="input"><input type="text" name="DNS:<?=$i?>" class="subnet" maxlength="40" value="<?=$wgX["DNS:$i"]?>" onchange="quickValidate(this);" pattern="<?=$validDNSServerList?>" title="_(Comma separated list of IPv4 and IPv6 IP addresses)_"<?=(int)$wgX["TYPE:$i"]!=6?'placeholder="(_(optional)_)"':'placeholder="(_(mandatory)_)" required'?>></span>
+: <span class="input"><input type="text" name="DNS:<?=$i?>" class="subnet" maxlength="40" value="<?=$wgX["DNS:$i"]??''?>" onchange="quickValidate(this);" pattern="<?=$validDNSServerList?>" title="_(Comma separated list of IPv4 and IPv6 IP addresses)_"<?=(int)$wgX["TYPE:$i"]!=6?'placeholder="(_(optional)_)"':'placeholder="(_(mandatory)_)" required'?>></span>
 
 :wg_peer_dns_server_help:
 
 _(Persistent keepalive)_:
-: <span class="input"><input type="number" name="PersistentKeepalive:<?=$i?>" class="trim" min="0" max="600" value="<?=$wgX["PersistentKeepalive:$i"]?>" onchange="quickValidate(this);" placeholder="(_(disabled)_)">_(seconds)_</span>
+: <span class="input"><input type="number" name="PersistentKeepalive:<?=$i?>" class="trim" min="0" max="600" value="<?=$wgX["PersistentKeepalive:$i"]??''?>" onchange="quickValidate(this);" placeholder="(_(disabled)_)">_(seconds)_</span>
 
 :wg_persistent_keepalive_help:
 

From 401ac15ea7a7ac6ce4e616923495877a1e6ec6ae Mon Sep 17 00:00:00 2001
From: bergware <bergware@users.noreply.github.com>
Date: Thu, 12 Aug 2021 12:06:19 +0200
Subject: [PATCH 7/7] PHP code error corrections

---
 plugins/dynamix/DiskSettings.page | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/dynamix/DiskSettings.page b/plugins/dynamix/DiskSettings.page
index 48585be79..9ec4b0846 100644
--- a/plugins/dynamix/DiskSettings.page
+++ b/plugins/dynamix/DiskSettings.page
@@ -236,7 +236,7 @@ _(Default SMART controller type)_:
 :disk_default_smart_controller_help:
 
 _(Default SMART attribute notifications)_:
-: <input type="text" name="smCustom" value="<?=$var['smCustom']?>" class="narrow">_(Custom attributes (use comma to separate numbers))_
+: <input type="text" name="smCustom" value="<?=$var['smCustom']??''?>" class="narrow">_(Custom attributes (use comma to separate numbers))_
 
 <?for ($x = 0; $x < count($preselect); $x++):?>
 &nbsp;