LX3JL/xlxd
1
0
Fork 0
mirror of https://github.com/LX3JL/xlxd.git synced 2026-04-06 23:13:44 +00:00
Code Issues Projects Releases Packages Wiki Activity

Revert "More XSS and security fixes, this time for the OG Dashboard"

Browse source
This commit is contained in:
LX1IQ 2025-10-21 09:42:28 +02:00 committed by GitHub
parent b7d17ee3b3
commit 7356127c85
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
21 changed files with 329 additions and 689 deletions
Download patch file Download diff file Expand all files Collapse all files

57
dashboard/pgs/class.node.php Normal file → Executable file
View file

@ -14,44 +14,29 @@ class Node {
public function __construct($Callsign, $IP, $LinkedModule, $Protocol, $ConnectTime, $LastHeardTime, $RandomID) {
// Validate and sanitize IP
$IP = trim($IP);
$this->IP = filter_var($IP, FILTER_VALIDATE_IP) ? $IP : '0.0.0.0';
$this->IP = $IP;
// Validate protocol
$Protocol = trim($Protocol);
$allowed_protocols = ['DPlus', 'DExtra', 'DCS', 'DMR', 'YSF', 'DEXTRA', 'DPLUS', 'DMRMmdvm'];
$this->Protocol = in_array($Protocol, $allowed_protocols, true) ? $Protocol : 'Unknown';
$this->ConnectTime = ParseTime($ConnectTime);
$this->LastHeardTime = ParseTime($LastHeardTime);
$this->Protocol = $Protocol;
$this->ConnectTime = ParseTime($ConnectTime);
$this->LastHeardTime = ParseTime($LastHeardTime);
$this->FullCallsign = trim(str_replace(" ", "-", $Callsign));
$this->FullCallsign = str_replace(" ", "-", $this->FullCallsign);
$this->FullCallsign = str_replace(" ", "-", $this->FullCallsign);
if (strpos($Callsign, " ") !== false) {
$this->Callsign = trim(substr($Callsign, 0, strpos($Callsign, " ")));
$this->Suffix = trim(substr($Callsign, strpos($Callsign, " "), strlen($Callsign)));
$this->Prefix = strtoupper(trim(substr($Callsign, 0, 3)));
}
else {
$this->Callsign = trim($Callsign);
$this->Suffix = "";
$this->Prefix = "";
}
// Sanitize callsign (remove excessive spaces, validate format)
$Callsign = trim(preg_replace('/\s+/', ' ', $Callsign));
$this->FullCallsign = str_replace(" ", "-", $Callsign);
if (strpos($Callsign, " ") !== false) {
$this->Callsign = trim(substr($Callsign, 0, strpos($Callsign, " ")));
$this->Suffix = trim(substr($Callsign, strpos($Callsign, " ")));
$this->Prefix = strtoupper(trim(substr($Callsign, 0, 3)));
}
else {
$this->Callsign = trim($Callsign);
$this->Suffix = "";
$this->Prefix = "";
}
// Validate callsign format (basic check)
if (!preg_match('/^[A-Z0-9]{1,10}$/i', $this->Callsign)) {
$this->Callsign = 'INVALID';
}
// Validate LinkedModule (single letter A-Z)
$LinkedModule = trim(strtoupper($LinkedModule));
$this->LinkedModule = preg_match('/^[A-Z]$/', $LinkedModule) ? $LinkedModule : '';
$this->RandomID = $RandomID;
$this->LinkedModule = trim($LinkedModule);
$this->RandomID = $RandomID;
}
public function GetFullCallsign() { return $this->FullCallsign; }