Bug #15844 » 15844-widgetkey-validation-24.03.patch
| src/etc/inc/util.inc | ||
|---|---|---|
| 5166 | 5166 |
return $data; |
| 5167 | 5167 |
} |
| 5168 | 5168 | |
| 5169 |
/* Get an array of active widgets and metadata from user settings */ |
|
| 5170 |
function get_active_widgets($user_settings) {
|
|
| 5171 |
$widgets = []; |
|
| 5172 | ||
| 5173 |
/* Break up the sequence string into an array of widget definitions */ |
|
| 5174 |
$widget_sep = ','; |
|
| 5175 |
$widget_seq_array = explode($widget_sep, rtrim($user_settings['widgets']['sequence'], $widget_sep)); |
|
| 5176 | ||
| 5177 |
foreach ($widget_seq_array as $widget_seq_data) {
|
|
| 5178 |
/* Break each widget definition into its component values */ |
|
| 5179 |
[$name, $column, $display, $instance] = explode(':', $widget_seq_data);
|
|
| 5180 |
$widgets[] = [ |
|
| 5181 |
'name' => $name, |
|
| 5182 |
'column' => $column, |
|
| 5183 |
'display' => $display, |
|
| 5184 |
'instance' => $instance |
|
| 5185 |
]; |
|
| 5186 |
} |
|
| 5187 |
return $widgets; |
|
| 5188 |
} |
|
| 5189 | ||
| 5190 |
/* Test the validity of a given widget key based on user settings. */ |
|
| 5191 |
function is_valid_widgetkey($widgetkey, $user_settings, $widgetfile = null) {
|
|
| 5192 |
/* Proper form of a widgetkey is <widget-name>-<instance-id> |
|
| 5193 |
* Where: |
|
| 5194 |
* widget-name : Name of an active widget, which should be found in |
|
| 5195 |
* the current sequence list. |
|
| 5196 |
* instance-id : An integer 0 or higher identifying a widget instance |
|
| 5197 |
* |
|
| 5198 |
* Additionally, for a widget to be valid in this context it must also |
|
| 5199 |
* be present on the current Dashboard layout. |
|
| 5200 |
*/ |
|
| 5201 | ||
| 5202 |
/* Break the given widgetkey into its component parts */ |
|
| 5203 |
[$wname, $wid] = explode('-', $widgetkey, 2);
|
|
| 5204 | ||
| 5205 |
/* Test for basic validity conditions */ |
|
| 5206 |
if (empty($wname) || |
|
| 5207 |
!is_numericint($wid) || |
|
| 5208 |
empty($user_settings)) {
|
|
| 5209 |
return false; |
|
| 5210 |
} |
|
| 5211 | ||
| 5212 |
/* Check if this widget also matches a specific widget name */ |
|
| 5213 |
if (!empty($widgetfile) && |
|
| 5214 |
($wname != basename($widgetfile, '.widget.php'))) {
|
|
| 5215 |
return false; |
|
| 5216 |
} |
|
| 5217 | ||
| 5218 |
/* Ensure the key is for a widget which is in the Dashboard |
|
| 5219 |
* configuration. */ |
|
| 5220 |
$widgets = get_active_widgets($user_settings); |
|
| 5221 |
foreach ($widgets as $widget) {
|
|
| 5222 |
if (($widget['name'] == $wname) && |
|
| 5223 |
($widget['instance'] == $wid)) {
|
|
| 5224 |
return true; |
|
| 5225 |
} |
|
| 5226 |
} |
|
| 5227 |
return false; |
|
| 5228 |
} |
|
| src/usr/local/www/guiconfig.inc | ||
|---|---|---|
| 599 | 599 |
} |
| 600 | 600 | |
| 601 | 601 |
function set_customwidgettitle(& $user_settings) {
|
| 602 |
if (!is_valid_widgetkey($_POST['widgetkey'], $user_settings)) {
|
|
| 603 |
return false; |
|
| 604 |
} |
|
| 602 | 605 |
if ($_POST['descr']) {
|
| 603 | 606 |
$user_settings['widgets'][$_POST['widgetkey']]['descr'] = trim($_POST['descr']); |
| 604 | 607 |
} else {
|
| src/usr/local/www/widgets/widgets/disks.widget.php | ||
|---|---|---|
| 25 | 25 |
// pfSense includes |
| 26 | 26 |
require_once('guiconfig.inc');
|
| 27 | 27 | |
| 28 |
/* |
|
| 29 |
* Validate the "widgetkey" value. |
|
| 30 |
* When this widget is present on the Dashboard, $widgetkey is defined before |
|
| 31 |
* the Dashboard includes the widget. During other types of requests, such as |
|
| 32 |
* saving settings or AJAX, the value may be set via $_POST or similar. |
|
| 33 |
*/ |
|
| 34 |
if ($_REQUEST['widgetkey']) {
|
|
| 35 |
if (is_valid_widgetkey($_REQUEST['widgetkey'], $user_settings, __FILE__)) {
|
|
| 36 |
$widgetkey = $_REQUEST['widgetkey']; |
|
| 37 |
} else {
|
|
| 38 |
print gettext("Invalid Widget Key");
|
|
| 39 |
exit; |
|
| 40 |
} |
|
| 41 |
} |
|
| 42 | ||
| 28 | 43 |
// Widget includes |
| 29 | 44 |
require_once('/usr/local/www/widgets/include/disks.inc');
|
| 30 | 45 | |
| 31 | 46 |
global $disks_widget_defaults; |
| 32 | 47 | |
| 33 |
$widgetkey = (isset($_POST['widgetkey'])) ? $_POST['widgetkey'] : $widgetkey; |
|
| 34 | ||
| 35 | 48 |
// Now override any defaults with user settings |
| 36 | 49 |
$widget_config = array_replace($disks_widget_defaults, (array) $user_settings['widgets'][$widgetkey]); |
| 37 | 50 | |
| src/usr/local/www/widgets/widgets/dyn_dns_status.widget.php | ||
|---|---|---|
| 29 | 29 |
require_once("functions.inc");
|
| 30 | 30 |
require_once("/usr/local/www/widgets/include/dyn_dns_status.inc");
|
| 31 | 31 | |
| 32 |
/* |
|
| 33 |
* Validate the "widgetkey" value. |
|
| 34 |
* When this widget is present on the Dashboard, $widgetkey is defined before |
|
| 35 |
* the Dashboard includes the widget. During other types of requests, such as |
|
| 36 |
* saving settings or AJAX, the value may be set via $_POST or similar. |
|
| 37 |
*/ |
|
| 38 |
if ($_REQUEST['widgetkey']) {
|
|
| 39 |
if (is_valid_widgetkey($_REQUEST['widgetkey'], $user_settings, __FILE__)) {
|
|
| 40 |
$widgetkey = $_REQUEST['widgetkey']; |
|
| 41 |
} else {
|
|
| 42 |
print gettext("Invalid Widget Key");
|
|
| 43 |
exit; |
|
| 44 |
} |
|
| 45 |
} |
|
| 46 | ||
| 32 | 47 |
// Constructs a unique key that will identify a Dynamic DNS entry in the filter list. |
| 33 | 48 |
if (!function_exists('get_dyndnsent_key')) {
|
| 34 | 49 |
function get_dyndnsent_key($dyndns) {
|
| src/usr/local/www/widgets/widgets/gateways.widget.php | ||
|---|---|---|
| 31 | 31 |
require_once("functions.inc");
|
| 32 | 32 |
require_once("/usr/local/www/widgets/include/gateways.inc");
|
| 33 | 33 | |
| 34 |
/* |
|
| 35 |
* Validate the "widgetkey" value. |
|
| 36 |
* When this widget is present on the Dashboard, $widgetkey is defined before |
|
| 37 |
* the Dashboard includes the widget. During other types of requests, such as |
|
| 38 |
* saving settings or AJAX, the value may be set via $_POST or similar. |
|
| 39 |
*/ |
|
| 40 |
if ($_REQUEST['widgetkey']) {
|
|
| 41 |
if (is_valid_widgetkey($_REQUEST['widgetkey'], $user_settings, __FILE__)) {
|
|
| 42 |
$widgetkey = $_REQUEST['widgetkey']; |
|
| 43 |
} else {
|
|
| 44 |
print gettext("Invalid Widget Key");
|
|
| 45 |
exit; |
|
| 46 |
} |
|
| 47 |
} |
|
| 48 | ||
| 49 |
global $display_types; |
|
| 50 |
$display_types = array( |
|
| 51 |
'gw_ip' => gettext('Gateway IP Address'),
|
|
| 52 |
'monitor_ip' => gettext('Monitor IP Address'),
|
|
| 53 |
'both_ip' => gettext('Both')
|
|
| 54 |
); |
|
| 55 | ||
| 34 | 56 |
if (!function_exists('compose_table_body_contents')) {
|
| 35 | 57 |
function compose_table_body_contents($widgetkey) {
|
| 36 |
global $user_settings; |
|
| 58 |
global $user_settings, $display_types;
|
|
| 37 | 59 | |
| 38 | 60 |
$rtnstr = ''; |
| 39 | 61 | |
| ... | ... | |
| 41 | 63 |
$gateways_status = array(); |
| 42 | 64 |
$gateways_status = return_gateways_status(true); |
| 43 | 65 | |
| 44 |
if (isset($user_settings["widgets"][$widgetkey]["display_type"])) {
|
|
| 66 |
if (isset($user_settings["widgets"][$widgetkey]["display_type"]) && |
|
| 67 |
array_key_exists($user_settings["widgets"][$widgetkey]["display_type"], $display_types)) {
|
|
| 45 | 68 |
$display_type = $user_settings["widgets"][$widgetkey]["display_type"]; |
| 46 | 69 |
} else {
|
| 47 | 70 |
$display_type = "gw_ip"; |
| ... | ... | |
| 211 | 234 |
$user_settings["widgets"][$_POST['widgetkey']] = array(); |
| 212 | 235 |
} |
| 213 | 236 | |
| 214 |
if (isset($_POST["display_type"])) {
|
|
| 237 |
if (isset($_POST["display_type"]) && |
|
| 238 |
array_key_exists($_POST["display_type"], $display_types)) {
|
|
| 215 | 239 |
$user_settings["widgets"][$_POST['widgetkey']]["display_type"] = $_POST["display_type"]; |
| 216 | 240 |
} |
| 217 | 241 | |
| src/usr/local/www/widgets/widgets/interface_statistics.widget.php | ||
|---|---|---|
| 33 | 33 |
require_once("functions.inc");
|
| 34 | 34 |
require_once("/usr/local/www/widgets/include/interface_statistics.inc");
|
| 35 | 35 | |
| 36 |
/* |
|
| 37 |
* Validate the "widgetkey" value. |
|
| 38 |
* When this widget is present on the Dashboard, $widgetkey is defined before |
|
| 39 |
* the Dashboard includes the widget. During other types of requests, such as |
|
| 40 |
* saving settings or AJAX, the value may be set via $_POST or similar. |
|
| 41 |
*/ |
|
| 42 |
if ($_REQUEST['widgetkey']) {
|
|
| 43 |
if (is_valid_widgetkey($_REQUEST['widgetkey'], $user_settings, __FILE__)) {
|
|
| 44 |
$widgetkey = $_REQUEST['widgetkey']; |
|
| 45 |
} else {
|
|
| 46 |
print gettext("Invalid Widget Key");
|
|
| 47 |
exit; |
|
| 48 |
} |
|
| 49 |
} |
|
| 50 | ||
| 51 |
$orientations = array( |
|
| 52 |
'if_columns' => gettext('Each interface in a column'),
|
|
| 53 |
'if_rows' => gettext('Each interface in a row')
|
|
| 54 |
); |
|
| 55 | ||
| 36 | 56 |
$ifdescrs = get_configured_interface_with_descr(); |
| 37 | 57 |
$ifstats = array( |
| 38 | 58 |
'inpkts' => gettext('Packets In'),
|
| ... | ... | |
| 53 | 73 |
$an_interface_is_displayed = false; // decide if at least 1 interface is displayed (i.e. not down) |
| 54 | 74 |
$an_ifstat_is_displayed = false; |
| 55 | 75 | |
| 56 |
if (isset($user_settings["widgets"][$_REQUEST['widgetkey']]["orientation_type"])) {
|
|
| 76 |
if (isset($user_settings["widgets"][$_REQUEST['widgetkey']]["orientation_type"]) && |
|
| 77 |
array_key_exists($user_settings["widgets"][$_REQUEST['widgetkey']]["orientation_type"], $orientations)) {
|
|
| 57 | 78 |
$orientation_type = $user_settings["widgets"][$_REQUEST['widgetkey']]["orientation_type"]; |
| 58 | 79 |
} else {
|
| 59 | 80 |
$orientation_type = "if_columns"; |
| ... | ... | |
| 160 | 181 |
} else if ($_POST['widgetkey']) {
|
| 161 | 182 |
set_customwidgettitle($user_settings); |
| 162 | 183 | |
| 163 |
if (isset($_POST['orientation_type'])) {
|
|
| 184 |
if (isset($_POST['orientation_type']) && |
|
| 185 |
array_key_exists($_POST['orientation_type'], $orientations)) {
|
|
| 164 | 186 |
$user_settings['widgets'][$_POST['widgetkey']]['orientation_type'] = $_POST['orientation_type']; |
| 165 | 187 |
} |
| 166 | 188 | |
| src/usr/local/www/widgets/widgets/interfaces.widget.php | ||
|---|---|---|
| 27 | 27 |
require_once("functions.inc");
|
| 28 | 28 |
require_once("/usr/local/www/widgets/include/interfaces.inc");
|
| 29 | 29 | |
| 30 |
/* |
|
| 31 |
* Validate the "widgetkey" value. |
|
| 32 |
* When this widget is present on the Dashboard, $widgetkey is defined before |
|
| 33 |
* the Dashboard includes the widget. During other types of requests, such as |
|
| 34 |
* saving settings or AJAX, the value may be set via $_POST or similar. |
|
| 35 |
*/ |
|
| 36 |
if ($_REQUEST['widgetkey']) {
|
|
| 37 |
if (is_valid_widgetkey($_REQUEST['widgetkey'], $user_settings, __FILE__)) {
|
|
| 38 |
$widgetkey = $_REQUEST['widgetkey']; |
|
| 39 |
} else {
|
|
| 40 |
print gettext("Invalid Widget Key");
|
|
| 41 |
exit; |
|
| 42 |
} |
|
| 43 |
} |
|
| 44 | ||
| 30 | 45 |
$platform = system_identify_specific_platform(); |
| 31 | 46 |
$ifdescrs = get_configured_interface_with_descr(); |
| 32 | 47 |
$has_switch = array("1100", "2100", "3100", "7100", "doorkeeper");
|
| ... | ... | |
| 50 | 65 |
header("Location: /index.php");
|
| 51 | 66 |
} |
| 52 | 67 | |
| 53 |
// When this widget is included in the dashboard, $widgetkey is already defined before the widget is included. |
|
| 54 |
// When the ajax call is made to refresh the interfaces table, 'widgetkey' comes in $_REQUEST. |
|
| 55 |
if ($_REQUEST['widgetkey']) {
|
|
| 56 |
$widgetkey = $_REQUEST['widgetkey']; |
|
| 57 |
} |
|
| 58 | ||
| 59 | 68 |
?> |
| 60 | 69 | |
| 61 | 70 |
<div class="table-responsive" id="ifaces_status_<?=htmlspecialchars($widgetkey)?>"> |
| src/usr/local/www/widgets/widgets/ipsec.widget.php | ||
|---|---|---|
| 33 | 33 |
require_once("service-utils.inc");
|
| 34 | 34 |
require_once("ipsec.inc");
|
| 35 | 35 | |
| 36 |
/* |
|
| 37 |
* Validate the "widgetkey" value. |
|
| 38 |
* When this widget is present on the Dashboard, $widgetkey is defined before |
|
| 39 |
* the Dashboard includes the widget. During other types of requests, such as |
|
| 40 |
* saving settings or AJAX, the value may be set via $_POST or similar. |
|
| 41 |
*/ |
|
| 42 |
if ($_REQUEST['widgetkey']) {
|
|
| 43 |
if (is_valid_widgetkey($_REQUEST['widgetkey'], $user_settings, __FILE__)) {
|
|
| 44 |
$widgetkey = $_REQUEST['widgetkey']; |
|
| 45 |
} else {
|
|
| 46 |
print gettext("Invalid Widget Key");
|
|
| 47 |
exit; |
|
| 48 |
} |
|
| 49 |
} |
|
| 50 | ||
| 36 | 51 |
// Should always be initialized |
| 37 | 52 |
$ipsec_widget_tabs = array( |
| 38 | 53 |
'overview' => gettext('Overview'),
|
| src/usr/local/www/widgets/widgets/log.widget.php | ||
|---|---|---|
| 48 | 48 |
/* In an effort to reduce duplicate code, many shared functions have been moved here. */ |
| 49 | 49 |
require_once("syslog.inc");
|
| 50 | 50 | |
| 51 |
/* |
|
| 52 |
* Validate the "widgetkey" value. |
|
| 53 |
* When this widget is present on the Dashboard, $widgetkey is defined before |
|
| 54 |
* the Dashboard includes the widget. During other types of requests, such as |
|
| 55 |
* saving settings or AJAX, the value may be set via $_POST or similar. |
|
| 56 |
*/ |
|
| 57 |
if ($_REQUEST['widgetkey']) {
|
|
| 58 |
if (is_valid_widgetkey($_REQUEST['widgetkey'], $user_settings, __FILE__)) {
|
|
| 59 |
$widgetkey = $_REQUEST['widgetkey']; |
|
| 60 |
} else {
|
|
| 61 |
print gettext("Invalid Widget Key");
|
|
| 62 |
exit; |
|
| 63 |
} |
|
| 64 |
} |
|
| 65 | ||
| 51 | 66 |
/* Enable or disable debugging (detail level depending on removed ^//DEBUG^statements */ |
| 52 | 67 |
$DebugOn = false; |
| 53 | 68 |
/* Debugging options */ |
| ... | ... | |
| 84 | 99 |
} |
| 85 | 100 |
unset($acts); |
| 86 | 101 | |
| 87 |
if (($_POST['filterlogentriesinterfaces']) and ($_POST['filterlogentriesinterfaces'] != "All")) {
|
|
| 102 |
if ($_POST['filterlogentriesinterfaces'] && |
|
| 103 |
($_POST['filterlogentriesinterfaces'] != "All") && |
|
| 104 |
array_key_exists($_POST['filterlogentriesinterfaces'], get_configured_interface_with_descr())) {
|
|
| 88 | 105 |
$user_settings['widgets'][$_POST['widgetkey']]['filterlogentriesinterfaces'] = trim($_POST['filterlogentriesinterfaces']); |
| 89 | 106 |
} else {
|
| 90 | 107 |
unset($user_settings['widgets'][$_POST['widgetkey']]['filterlogentriesinterfaces']); |
| ... | ... | |
| 106 | 123 | |
| 107 | 124 |
if ($DebugOn) { $logContent .= date($dateFormat)."_^START^".PHP_EOL; }
|
| 108 | 125 | |
| 109 |
// When this widget is included in the dashboard, $widgetkey is already defined before the widget is included. |
|
| 110 |
// When the ajax call is made to refresh the firewall log table, 'widgetkey' comes in $_REQUEST. |
|
| 111 |
if ($_REQUEST['widgetkey']) {
|
|
| 112 |
$widgetkey = $_REQUEST['widgetkey']; |
|
| 113 |
} |
|
| 114 | 126 |
//DEBUG: $logContent .= date($dateFormat)."_After request widgetkey".PHP_EOL; |
| 115 | 127 | |
| 116 | 128 |
$iface_descr_arr = get_configured_interface_with_descr(); |
| ... | ... | |
| 130 | 142 |
); |
| 131 | 143 |
//DEBUG: $logContent .= date($dateFormat)."_After filling_filter array".PHP_EOL; |
| 132 | 144 | |
| 133 |
$nentriesinterval = isset($user_settings['widgets'][$widgetkey]['filterlogentriesinterval']) ? $user_settings['widgets'][$widgetkey]['filterlogentriesinterval'] : 60;
|
|
| 145 |
$nentriesinterval = is_numeric($user_settings['widgets'][$widgetkey]['filterlogentriesinterval']) ? $user_settings['widgets'][$widgetkey]['filterlogentriesinterval'] : 60;
|
|
| 134 | 146 |
//DEBUG: $logContent .= date($dateFormat)."_After entries_interval".PHP_EOL; |
| 135 | 147 | |
| 136 | 148 |
$filter_logfile = "{$g['varlog_path']}/filter.log";
|
| src/usr/local/www/widgets/widgets/openvpn.widget.php | ||
|---|---|---|
| 24 | 24 |
require_once("guiconfig.inc");
|
| 25 | 25 |
require_once("openvpn.inc");
|
| 26 | 26 | |
| 27 |
/* |
|
| 28 |
* Validate the "widgetkey" value. |
|
| 29 |
* When this widget is present on the Dashboard, $widgetkey is defined before |
|
| 30 |
* the Dashboard includes the widget. During other types of requests, such as |
|
| 31 |
* saving settings or AJAX, the value may be set via $_POST or similar. |
|
| 32 |
*/ |
|
| 33 |
if ($_REQUEST['widgetkey']) {
|
|
| 34 |
if (is_valid_widgetkey($_REQUEST['widgetkey'], $user_settings, __FILE__)) {
|
|
| 35 |
$widgetkey = $_REQUEST['widgetkey']; |
|
| 36 |
} else {
|
|
| 37 |
print gettext("Invalid Widget Key");
|
|
| 38 |
exit; |
|
| 39 |
} |
|
| 40 |
} |
|
| 41 | ||
| 27 | 42 |
// Output the widget panel from this function so that it can be called from the AJAX handler as well as |
| 28 | 43 |
// when first rendering the page |
| 29 | 44 |
if (!function_exists('printPanel')) {
|
| src/usr/local/www/widgets/widgets/picture.widget.php | ||
|---|---|---|
| 25 | 25 |
require_once("pfsense-utils.inc");
|
| 26 | 26 |
require_once("functions.inc");
|
| 27 | 27 | |
| 28 |
/* |
|
| 29 |
* Validate the "widgetkey" value. |
|
| 30 |
* When this widget is present on the Dashboard, $widgetkey is defined before |
|
| 31 |
* the Dashboard includes the widget. During other types of requests, such as |
|
| 32 |
* saving settings or AJAX, the value may be set via $_POST or similar. |
|
| 33 |
*/ |
|
| 34 |
if ($_REQUEST['widgetkey']) {
|
|
| 35 |
if (is_valid_widgetkey($_REQUEST['widgetkey'], $user_settings, __FILE__)) {
|
|
| 36 |
$widgetkey = $_REQUEST['widgetkey']; |
|
| 37 |
} else {
|
|
| 38 |
print gettext("Invalid Widget Key");
|
|
| 39 |
exit; |
|
| 40 |
} |
|
| 41 |
} |
|
| 28 | 42 | |
| 29 | 43 |
if ($_GET['getpic']=="true") {
|
| 30 | 44 |
$wk = basename($_GET['widgetkey']); |
| src/usr/local/www/widgets/widgets/rss.widget.php | ||
|---|---|---|
| 25 | 25 |
require_once("pfsense-utils.inc");
|
| 26 | 26 |
require_once("functions.inc");
|
| 27 | 27 | |
| 28 |
/* |
|
| 29 |
* Validate the "widgetkey" value. |
|
| 30 |
* When this widget is present on the Dashboard, $widgetkey is defined before |
|
| 31 |
* the Dashboard includes the widget. During other types of requests, such as |
|
| 32 |
* saving settings or AJAX, the value may be set via $_POST or similar. |
|
| 33 |
*/ |
|
| 34 |
if ($_REQUEST['widgetkey']) {
|
|
| 35 |
if (is_valid_widgetkey($_REQUEST['widgetkey'], $user_settings, __FILE__)) {
|
|
| 36 |
$widgetkey = $_REQUEST['widgetkey']; |
|
| 37 |
} else {
|
|
| 38 |
print gettext("Invalid Widget Key");
|
|
| 39 |
exit; |
|
| 40 |
} |
|
| 41 |
} |
|
| 42 | ||
| 28 | 43 |
/* bring in the Composer autoloader */ |
| 29 | 44 |
require_once('vendor/autoload.php');
|
| 30 | 45 | |
| ... | ... | |
| 32 | 47 | |
| 33 | 48 |
if ($_POST['widgetkey']) {
|
| 34 | 49 |
set_customwidgettitle($user_settings); |
| 35 |
$user_settings['widgets'][$_POST['widgetkey']]['rssfeed'] = str_replace("\n", ",", htmlspecialchars($_POST['rssfeed'], ENT_QUOTES | ENT_HTML401));
|
|
| 36 |
$user_settings['widgets'][$_POST['widgetkey']]['rssmaxitems'] = str_replace("\n", ",", htmlspecialchars($_POST['rssmaxitems'], ENT_QUOTES | ENT_HTML401));
|
|
| 37 |
$user_settings['widgets'][$_POST['widgetkey']]['rsswidgetheight'] = htmlspecialchars($_POST['rsswidgetheight'], ENT_QUOTES | ENT_HTML401); |
|
| 38 |
$user_settings['widgets'][$_POST['widgetkey']]['rsswidgettextlength'] = htmlspecialchars($_POST['rsswidgettextlength'], ENT_QUOTES | ENT_HTML401); |
|
| 50 | ||
| 51 |
if ($_POST['rssfeed']) {
|
|
| 52 |
$validfeeds = []; |
|
| 53 |
/* Allow feeds separated by comma or newline */ |
|
| 54 |
$feeds = preg_split('/[,\n]/', $_POST['rssfeed']);
|
|
| 55 |
foreach ($feeds as $feed) {
|
|
| 56 |
/* Trim any extra whitespace as the submitted value may have \r at the end. */ |
|
| 57 |
$feed = trim($feed); |
|
| 58 |
if (is_URL($feed)) {
|
|
| 59 |
$validfeeds[] = $feed; |
|
| 60 |
} |
|
| 61 |
} |
|
| 62 |
$user_settings['widgets'][$_POST['widgetkey']]['rssfeed'] = htmlspecialchars(implode(",", $validfeeds), ENT_QUOTES | ENT_HTML401);
|
|
| 63 |
} |
|
| 64 | ||
| 65 |
if (is_numeric($_POST['rssmaxitems'])) {
|
|
| 66 |
$user_settings['widgets'][$_POST['widgetkey']]['rssmaxitems'] = $_POST['rssmaxitems']; |
|
| 67 |
} else {
|
|
| 68 |
unset($user_settings['widgets'][$_POST['widgetkey']]['rssmaxitems']); |
|
| 69 |
} |
|
| 70 |
if (is_numeric($_POST['rsswidgetheight'])) {
|
|
| 71 |
$user_settings['widgets'][$_POST['widgetkey']]['rsswidgetheight'] = $_POST['rsswidgetheight']; |
|
| 72 |
} else {
|
|
| 73 |
unset($user_settings['widgets'][$_POST['widgetkey']]['rsswidgetheight']); |
|
| 74 |
} |
|
| 75 |
if (is_numeric($_POST['rsswidgettextlength'])) {
|
|
| 76 |
$user_settings['widgets'][$_POST['widgetkey']]['rsswidgettextlength'] = $_POST['rsswidgettextlength']; |
|
| 77 |
} else {
|
|
| 78 |
unset($user_settings['widgets'][$_POST['widgetkey']]['rsswidgettextlength']); |
|
| 79 |
} |
|
| 80 | ||
| 39 | 81 |
save_widget_settings($_SESSION['Username'], $user_settings["widgets"], gettext("Saved RSS Widget feed via Dashboard."));
|
| 40 | 82 |
header("Location: /");
|
| 41 | 83 |
} |
| src/usr/local/www/widgets/widgets/services_status.widget.php | ||
|---|---|---|
| 29 | 29 |
require_once("vpn.inc");
|
| 30 | 30 |
require_once("/usr/local/www/widgets/include/services_status.inc");
|
| 31 | 31 | |
| 32 |
/* |
|
| 33 |
* Validate the "widgetkey" value. |
|
| 34 |
* When this widget is present on the Dashboard, $widgetkey is defined before |
|
| 35 |
* the Dashboard includes the widget. During other types of requests, such as |
|
| 36 |
* saving settings or AJAX, the value may be set via $_POST or similar. |
|
| 37 |
*/ |
|
| 38 |
if ($_REQUEST['widgetkey']) {
|
|
| 39 |
if (is_valid_widgetkey($_REQUEST['widgetkey'], $user_settings, __FILE__)) {
|
|
| 40 |
$widgetkey = $_REQUEST['widgetkey']; |
|
| 41 |
} else {
|
|
| 42 |
print gettext("Invalid Widget Key");
|
|
| 43 |
exit; |
|
| 44 |
} |
|
| 45 |
} |
|
| 46 | ||
| 32 | 47 |
$services = get_services(); |
| 33 | 48 | |
| 34 | 49 |
$numsvcs = count($services); |
| src/usr/local/www/widgets/widgets/smart_status.widget.php | ||
|---|---|---|
| 30 | 30 |
require_once("pfsense-utils.inc");
|
| 31 | 31 |
require_once("functions.inc");
|
| 32 | 32 |
require_once("/usr/local/www/widgets/include/smart_status.inc");
|
| 33 | ||
| 34 |
/* |
|
| 35 |
* Validate the "widgetkey" value. |
|
| 36 |
* When this widget is present on the Dashboard, $widgetkey is defined before |
|
| 37 |
* the Dashboard includes the widget. During other types of requests, such as |
|
| 38 |
* saving settings or AJAX, the value may be set via $_POST or similar. |
|
| 39 |
*/ |
|
| 40 |
if ($_REQUEST['widgetkey']) {
|
|
| 41 |
if (is_valid_widgetkey($_REQUEST['widgetkey'], $user_settings, __FILE__)) {
|
|
| 42 |
$widgetkey = $_REQUEST['widgetkey']; |
|
| 43 |
} else {
|
|
| 44 |
print gettext("Invalid Widget Key");
|
|
| 45 |
exit; |
|
| 46 |
} |
|
| 47 |
} |
|
| 48 | ||
| 33 | 49 |
$specplatform = system_identify_specific_platform(); |
| 34 | 50 | |
| 35 | 51 |
$devs = array(); |
| src/usr/local/www/widgets/widgets/system_information.widget.php | ||
|---|---|---|
| 32 | 32 |
require_once('system.inc');
|
| 33 | 33 |
include_once("includes/functions.inc.php");
|
| 34 | 34 | |
| 35 |
/* |
|
| 36 |
* Validate the "widgetkey" value. |
|
| 37 |
* When this widget is present on the Dashboard, $widgetkey is defined before |
|
| 38 |
* the Dashboard includes the widget. During other types of requests, such as |
|
| 39 |
* saving settings or AJAX, the value may be set via $_POST or similar. |
|
| 40 |
*/ |
|
| 41 |
if ($_REQUEST['widgetkey']) {
|
|
| 42 |
if (is_valid_widgetkey($_REQUEST['widgetkey'], $user_settings, __FILE__)) {
|
|
| 43 |
$widgetkey = $_REQUEST['widgetkey']; |
|
| 44 |
} else {
|
|
| 45 |
print gettext("Invalid Widget Key");
|
|
| 46 |
exit; |
|
| 47 |
} |
|
| 48 |
} |
|
| 49 | ||
| 35 | 50 |
$sysinfo_items = array( |
| 36 | 51 |
'name' => gettext('Name'),
|
| 37 | 52 |
'user' => gettext('User'),
|
| src/usr/local/www/widgets/widgets/thermal_sensors.widget.php | ||
|---|---|---|
| 24 | 24 |
require_once("guiconfig.inc");
|
| 25 | 25 |
require_once("system.inc");
|
| 26 | 26 | |
| 27 |
/* |
|
| 28 |
* Validate the "widgetkey" value. |
|
| 29 |
* When this widget is present on the Dashboard, $widgetkey is defined before |
|
| 30 |
* the Dashboard includes the widget. During other types of requests, such as |
|
| 31 |
* saving settings or AJAX, the value may be set via $_POST or similar. |
|
| 32 |
*/ |
|
| 33 |
if ($_REQUEST['widgetkey']) {
|
|
| 34 |
if (is_valid_widgetkey($_REQUEST['widgetkey'], $user_settings, __FILE__)) {
|
|
| 35 |
$widgetkey = $_REQUEST['widgetkey']; |
|
| 36 |
} else {
|
|
| 37 |
print gettext("Invalid Widget Key");
|
|
| 38 |
exit; |
|
| 39 |
} |
|
| 40 |
} |
|
| 27 | 41 | |
| 28 | 42 |
//========================================================================= |
| 29 | 43 |
//called by showThermalSensorsData() (jQuery Ajax call) in thermal_sensors.js |
| src/usr/local/www/widgets/widgets/wake_on_lan.widget.php | ||
|---|---|---|
| 26 | 26 |
require_once("system.inc");
|
| 27 | 27 |
require_once("/usr/local/www/widgets/include/wake_on_lan.inc");
|
| 28 | 28 | |
| 29 |
/* |
|
| 30 |
* Validate the "widgetkey" value. |
|
| 31 |
* When this widget is present on the Dashboard, $widgetkey is defined before |
|
| 32 |
* the Dashboard includes the widget. During other types of requests, such as |
|
| 33 |
* saving settings or AJAX, the value may be set via $_POST or similar. |
|
| 34 |
*/ |
|
| 35 |
if ($_REQUEST['widgetkey']) {
|
|
| 36 |
if (is_valid_widgetkey($_REQUEST['widgetkey'], $user_settings, __FILE__)) {
|
|
| 37 |
$widgetkey = $_REQUEST['widgetkey']; |
|
| 38 |
} else {
|
|
| 39 |
print gettext("Invalid Widget Key");
|
|
| 40 |
exit; |
|
| 41 |
} |
|
| 42 |
} |
|
| 43 | ||
| 29 | 44 |
if (isset($config['wol']['wolentry']) && is_array($config['wol']['wolentry'])) {
|
| 30 | 45 |
$wolcomputers = config_get_path('wol/wolentry');
|
| 31 | 46 |
} else {
|