making things more secure

This commit is contained in:
ehpersonal38
2023-03-29 21:10:36 -04:00
parent 5f4fd66835
commit a45018b473
2 changed files with 23 additions and 17 deletions
+3 -3
View File
@@ -101,7 +101,7 @@ if(isset($_GET['submit'])) {
} }
} }
if(isset($_GET["freqshift_hi"])) { if(isset($_GET["freqshift_hi"]) && is_numeric($_GET['freqshift_hi'])) {
$freqshift_hi = $_GET["freqshift_hi"]; $freqshift_hi = $_GET["freqshift_hi"];
if(strcmp($freqshift_hi,$config['FREQSHIFT_HI']) !== 0) { if(strcmp($freqshift_hi,$config['FREQSHIFT_HI']) !== 0) {
$contents = preg_replace("/FREQSHIFT_HI=.*/", "FREQSHIFT_HI=$freqshift_hi", $contents); $contents = preg_replace("/FREQSHIFT_HI=.*/", "FREQSHIFT_HI=$freqshift_hi", $contents);
@@ -109,7 +109,7 @@ if(isset($_GET['submit'])) {
} }
} }
if(isset($_GET["freqshift_lo"])) { if(isset($_GET["freqshift_lo"]) && is_numeric($_GET['freqshift_lo'])) {
$freqshift_lo = $_GET["freqshift_lo"]; $freqshift_lo = $_GET["freqshift_lo"];
if(strcmp($freqshift_lo,$config['FREQSHIFT_LO']) !== 0) { if(strcmp($freqshift_lo,$config['FREQSHIFT_LO']) !== 0) {
$contents = preg_replace("/FREQSHIFT_LO=.*/", "FREQSHIFT_LO=$freqshift_lo", $contents); $contents = preg_replace("/FREQSHIFT_LO=.*/", "FREQSHIFT_LO=$freqshift_lo", $contents);
@@ -117,7 +117,7 @@ if(isset($_GET['submit'])) {
} }
} }
if(isset($_GET["freqshift_pitch"])) { if(isset($_GET["freqshift_pitch"]) && is_numeric($_GET['freqshift_pitch'])) {
$freqshift_pitch = $_GET["freqshift_pitch"]; $freqshift_pitch = $_GET["freqshift_pitch"];
if(strcmp($freqshift_pitch,$config['FREQSHIFT_PITCH']) !== 0) { if(strcmp($freqshift_pitch,$config['FREQSHIFT_PITCH']) !== 0) {
$contents = preg_replace("/FREQSHIFT_PITCH=.*/", "FREQSHIFT_PITCH=$freqshift_pitch", $contents); $contents = preg_replace("/FREQSHIFT_PITCH=.*/", "FREQSHIFT_PITCH=$freqshift_pitch", $contents);
+8 -2
View File
@@ -76,7 +76,7 @@ if(isset($_GET["latitude"])){
$apprise_weekly_report = 0; $apprise_weekly_report = 0;
} }
if(isset($timezone)) { if(isset($timezone) && in_array($timezone, DateTimeZone::listIdentifiers())) {
shell_exec("sudo timedatectl set-timezone ".$timezone); shell_exec("sudo timedatectl set-timezone ".$timezone);
date_default_timezone_set($timezone); date_default_timezone_set($timezone);
echo "<script>setTimeout( echo "<script>setTimeout(
@@ -92,7 +92,11 @@ if(isset($_GET["latitude"])){
// can't set the date manually if it's getting it from the internet, disable ntp // can't set the date manually if it's getting it from the internet, disable ntp
exec("sudo timedatectl set-ntp false"); exec("sudo timedatectl set-ntp false");
// check if valid date and time
$datetime = DateTime::createFromFormat('Y-m-d H:i', $_GET['date'] . ' ' . $_GET['time']);
if ($datetime && $datetime->format('Y-m-d H:i') === $_GET['date'] . ' ' . $_GET['time']) {
exec("sudo date -s '".$_GET['date']." ".$_GET['time']."'"); exec("sudo date -s '".$_GET['date']." ".$_GET['time']."'");
}
} else { } else {
// user checked 'use time from internet if available,' so make sure that's on // user checked 'use time from internet if available,' so make sure that's on
if(strlen(trim(exec("sudo timedatectl | grep \"NTP service: active\""))) == 0){ if(strlen(trim(exec("sudo timedatectl | grep \"NTP service: active\""))) == 0){
@@ -109,6 +113,7 @@ if(isset($_GET["latitude"])){
} }
if ($model != $lang_config['MODEL'] || $language != $lang_config['DATABASE_LANG']){ if ($model != $lang_config['MODEL'] || $language != $lang_config['DATABASE_LANG']){
if(strlen($language) == 2){
$user = trim(shell_exec("awk -F: '/1000/{print $1}' /etc/passwd")); $user = trim(shell_exec("awk -F: '/1000/{print $1}' /etc/passwd"));
$home = trim(shell_exec("awk -F: '/1000/{print $6}' /etc/passwd")); $home = trim(shell_exec("awk -F: '/1000/{print $6}' /etc/passwd"));
@@ -124,6 +129,7 @@ if(isset($_GET["latitude"])){
syslog(LOG_INFO, "Successfully changed language to '$language' and model to '$model'"); syslog(LOG_INFO, "Successfully changed language to '$language' and model to '$model'");
} }
}
$contents = file_get_contents("/etc/birdnet/birdnet.conf"); $contents = file_get_contents("/etc/birdnet/birdnet.conf");
@@ -271,7 +277,7 @@ if(isset($_GET['sendtest']) && $_GET['sendtest'] == "true") {
$body = str_replace("\$overlap", $overlap, $body); $body = str_replace("\$overlap", $overlap, $body);
$body = str_replace("\$flickrimage", $exampleimage, $body); $body = str_replace("\$flickrimage", $exampleimage, $body);
echo "<pre class=\"bash\">".shell_exec($home."/BirdNET-Pi/birdnet/bin/apprise -vv --plugin-path ".$home."/.apprise/plugins "." -t '".$title."' -b '".$body."' ".$attach." ".$cf." ")."</pre>"; echo "<pre class=\"bash\">".shell_exec($home."/BirdNET-Pi/birdnet/bin/apprise -vv --plugin-path ".$home."/.apprise/plugins "." -t '".escapeshellcmd($title)."' -b '".escapeshellcmd($body)."' ".$attach." ".$cf." ")."</pre>";
die(); die();
} }