3 жил өмнө · 65570860da
--- a/EVSE/rootfs/var/www/set_passwd.php
+++ b/EVSE/rootfs/var/www/set_passwd.php
@@ -68,7 +68,7 @@
 
				 		if(formCheck())
			
 
				 		{
			
 
				 			// POST 參數須使用 send() 發送
			
 
				-			var data =  "passwd=" + document.getElementById("passwd1").value+
			
 
				+			var data =  "passwd=" + escape(document.getElementById("passwd1").value)+
			
 
				 			"&user=<?php echo $_SERVER['PHP_AUTH_USER'];?>";
			
 
				 			// POST 請求必須設置表頭在 open() 下面，send() 上面
			
 
				 			request.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
			
@@ -116,9 +116,7 @@
 
				 		
			
 
				 		return true;
			
 
				 	}
			
 
				-	
			
 
				-	
			
 
				-	
			
 
				+
			
 
				 </script>
			
 
				 
			
 
				 
			
--- a/EVSE/rootfs/var/www/set_passwd_action.php
+++ b/EVSE/rootfs/var/www/set_passwd_action.php
@@ -14,7 +14,12 @@
 
				 		$json['admin'] 			= md5($_REQUEST['passwd']);
			
 
				 		$json['superPhihong'] 	= md5('1231231238');
			
 
				 		*/
			
 
				-		$json[$_REQUEST['user']]=md5($_REQUEST['passwd']);
			
 
				+		$passwd=str_replace("&amp;","&",$_REQUEST['passwd']);
			
 
				+		$passwd=str_replace("&quot;",'"',$passwd);
			
 
				+		$passwd=str_replace("&#039;","'",$passwd);
			
 
				+		$passwd=str_replace("&lt;","<",$passwd);
			
 
				+		$passwd=str_replace("&gt;",">",$passwd);
			
 
				+		$json[$_REQUEST['user']]=md5($passwd);
			
 
				 		file_put_contents("/var/www/valid_info", json_encode($json));
			
 
				 		exec("yes | cp -vf /var/www/valid_info /Storage/valid_info",$output,$return_var);
			
 
				 		 if(count($output)!=0){