2021-07-19 / ct_chen

Actions:
1. Webservice fix bug about input value within &<>

Files:
1. EVSE/rootfs/var/www/set_backend.php
   EVSE/rootfs/var/www/set_backend_action.php
   EVSE/rootfs/var/www/set_network.php
   EVSE/rootfs/var/www/set_network_action.php

EVSE/rootfs/var/www/set_backend.php

@@ -161,11 +161,11 @@ img {
 						"&OfflineMaxChargeEnergy=" + document.getElementById("OfflineMaxChargeEnergy").value+
 						"&OfflineMaxChargeDuration=" + document.getElementById("OfflineMaxChargeDuration").value+
 //						"&OcppConnStatus=" + document.getElementById("OcppConnStatus").value+
-						"&OcppServerURL=" + document.getElementById("OcppServerURL").value+
-						"&ChargeBoxId=" + document.getElementById("ChargeBoxId").value+
-						"&chargePointVendor=" + document.getElementById("chargePointVendor").value+
+						"&OcppServerURL=" + escape(document.getElementById("OcppServerURL").value)+
+						"&ChargeBoxId=" + escape(document.getElementById("ChargeBoxId").value)+
+						"&chargePointVendor=" + escape(document.getElementById("chargePointVendor").value)+
 						"&OcppSecurityProfile=" + document.getElementById("OcppSecurityProfile").value+
-						"&OcppSecurityPassword=" + document.getElementById("OcppSecurityPassword").value;
+						"&OcppSecurityPassword=" + escape(document.getElementById("OcppSecurityPassword").value);
 <?php if(substr($ModelName,0,2)=="AX"){?>
 				data += "&isEnableLocalPowerSharging=" + document.getElementById("isEnableLocalPowerSharging").value;
 <?php } ?>

EVSE/rootfs/var/www/set_backend_action.php

@@ -13,8 +13,8 @@
 	// 新建員工
 	function create() {
 		$pattern="/^(ws|wss):\/\/((([0-9]{1,3}\.){3}[0-9]{1,3})|(([a-zA-Z0-9]+(([\-]?[a-zA-Z0-9]+)*\.)+)*[a-zA-Z]{2,}))+/";
-		if($_POST['OcppServerURL']!=""){
-			if(!preg_match($pattern, $_POST['OcppServerURL'])){
+		if($_REQUEST['OcppServerURL']!=""){
+			if(!preg_match($pattern, $_REQUEST['OcppServerURL'])){
 				$jsone['result'] = "Fail";
 				$jsone['message'] = "OcppServerURL format error, fill it with 'ws://' or 'wss://'";
 				echo json_encode($jsone);
@@ -24,37 +24,37 @@
 		checkValue("OfflinePolicy");
 		checkLength("ChargeBoxId",25);
 		checkLength("chargePointVendor",20);
-		if(isset($_POST['BackendConnTimeout'])){
-			$json['BackendConnTimeout']			= (int)$_POST['BackendConnTimeout'];
+		if(isset($_REQUEST['BackendConnTimeout'])){
+			$json['BackendConnTimeout']			= (int)$_REQUEST['BackendConnTimeout'];
 		}
-		if(isset($_POST['OfflinePolicy'])){
-			$json['OfflinePolicy']				= (int)$_POST['OfflinePolicy'];
+		if(isset($_REQUEST['OfflinePolicy'])){
+			$json['OfflinePolicy']				= (int)$_REQUEST['OfflinePolicy'];
 		}
-		if(isset($_POST['OfflineMaxChargeEnergy'])){
-			$json['OfflineMaxChargeEnergy']		= (int)$_POST['OfflineMaxChargeEnergy'];
+		if(isset($_REQUEST['OfflineMaxChargeEnergy'])){
+			$json['OfflineMaxChargeEnergy']		= (int)$_REQUEST['OfflineMaxChargeEnergy'];
 		}
-		if(isset($_POST['OfflineMaxChargeDuration'])){
-			$json['OfflineMaxChargeDuration']	= (int)$_POST['OfflineMaxChargeDuration'];
+		if(isset($_REQUEST['OfflineMaxChargeDuration'])){
+			$json['OfflineMaxChargeDuration']	= (int)$_REQUEST['OfflineMaxChargeDuration'];
 		}
-		if(isset($_POST['OcppServerURL'])){
-			$json['OcppServerURL']				= $_POST['OcppServerURL'];
+		if(isset($_REQUEST['OcppServerURL'])){
+			$json['OcppServerURL']				= str_replace("&amp;","&",str_replace("&quot;",'"',str_replace("&#039;","'",str_replace("&lt;","<",str_replace("&gt;",">",$_REQUEST['OcppServerURL'])))));
 		}
-		if(isset($_POST['ChargeBoxId'])){
-			$json['ChargeBoxId']				= $_POST['ChargeBoxId'];
+		if(isset($_REQUEST['ChargeBoxId'])){
+			$json['ChargeBoxId']				= str_replace("&amp;","&",str_replace("&quot;",'"',str_replace("&#039;","'",str_replace("&lt;","<",str_replace("&gt;",">",$_REQUEST['ChargeBoxId'])))));
 		}
-		if(isset($_POST['chargePointVendor'])){
-			$json['chargePointVendor']			= $_POST['chargePointVendor'];
+		if(isset($_REQUEST['chargePointVendor'])){
+			$json['chargePointVendor']			= str_replace("&amp;","&",str_replace("&quot;",'"',str_replace("&#039;","'",str_replace("&lt;","<",str_replace("&gt;",">",$_REQUEST['chargePointVendor'])))));
 		}
-		if(isset($_POST['OcppSecurityProfile'])){
+		if(isset($_REQUEST['OcppSecurityProfile'])){
 			checkValue("OcppSecurityProfile");
-			$json['OcppSecurityProfile']		= (int)$_POST['OcppSecurityProfile'];
+			$json['OcppSecurityProfile']		= (int)$_REQUEST['OcppSecurityProfile'];
 		}
-		if(isset($_POST['OcppSecurityPassword'])){
-			$json['OcppSecurityPassword']		= $_POST['OcppSecurityPassword'];
+		if(isset($_REQUEST['OcppSecurityPassword'])){
+			$json['OcppSecurityPassword']		= str_replace("&amp;","&",str_replace("&quot;",'"',str_replace("&#039;","'",str_replace("&lt;","<",str_replace("&gt;",">",$_REQUEST['OcppSecurityPassword'])))));
 		}
-		if(isset($_POST['isEnableLocalPowerSharging'])){
+		if(isset($_REQUEST['isEnableLocalPowerSharging'])){
 			checkValue("isEnableLocalPowerSharging");
-			$json['isEnableLocalPowerSharging']		= (int)$_POST['isEnableLocalPowerSharging'];
+			$json['isEnableLocalPowerSharging']		= (int)$_REQUEST['isEnableLocalPowerSharging'];
 		}
 //		ob_start();
 		
@@ -79,14 +79,14 @@
 	}
 
 	function checkValue($id){
-		if($_POST[$id] != ""){
-			if(strlen($_POST[$id])!=1){
+		if($_REQUEST[$id] != ""){
+			if(strlen($_REQUEST[$id])!=1){
 					$jsone['result'] = "Fail";
 					$jsone['message'] = "You have entered a wrong value on " . $id . ", it should be numeric";
 					echo json_encode($jsone);
 					exit;
 			}
-			if(!ereg("[0-9]",$_POST[$id])){
+			if(!ereg("[0-9]",$_REQUEST[$id])){
 					$jsone['result'] = "Fail";
 					$jsone['message'] = "You have entered a wrong value on " . $id . ", it should be numeric";
 					echo json_encode($jsone);
@@ -95,7 +95,7 @@
 		}
 	}
 	function checkLength($id,$value){
-		if(strlen($_POST[$id])>$value){
+		if(strlen($_REQUEST[$id])>$value){
 				$jsone['result'] = "Fail";
 				$jsone['message'] = "Length of " . $id . " should be less than ".$value;
 				echo json_encode($jsone);

EVSE/rootfs/var/www/set_network.php

@@ -371,29 +371,23 @@ img {
 			request.open("POST", "set_network_action.php");
 
 			// POST 參數須使用 send() 發送
-//			var data =  "FtpServer=" + document.getElementById("FtpServer").value +
 			var data =  "Eth0DhcpClient=" + document.getElementById("Eth0DhcpClient").value+
 						"&Eth0IpAddress=" + document.getElementById("Eth0IpAddress").value+
 						"&Eth0SubmaskAddress=" + document.getElementById("Eth0SubmaskAddress").value+
 						"&Eth0GatewayAddress=" + document.getElementById("Eth0GatewayAddress").value+
-						// "&Eth1DhcpClient=" + document.getElementById("Eth1DhcpClient").value+
-						// "&Eth1IpAddress=" + document.getElementById("Eth1IpAddress").value+
-						// "&Eth1SubmaskAddress=" + document.getElementById("Eth1SubmaskAddress").value+
-						// "&Eth1GatewayAddress=" + document.getElementById("Eth1GatewayAddress").value+
 						"&WifiMode=" + document.getElementById("WifiMode").value+
-						"&WifiSsid=" + document.getElementById("WifiSsid").value+
-						"&WifiPassword=" + document.getElementById("WifiPassword").value+
+						"&WifiSsid=" + escape(document.getElementById("WifiSsid").value)+
+						"&WifiPassword=" + escape(document.getElementById("WifiPassword").value)+
 						"&WifiDhcpServer=" + document.getElementById("WifiDhcpServer").value+
 						"&WifiDhcpClient=" + document.getElementById("WifiDhcpClient").value+
 						"&WifiIpAddress=" + document.getElementById("WifiIpAddress").value+
 						"&WifiSubmaskAddress=" + document.getElementById("WifiSubmaskAddress").value+
 						"&WifiGatewayAddress=" + document.getElementById("WifiGatewayAddress").value+
-						"&TelcomApn=" + document.getElementById("TelcomApn").value+
-						"&TelcomChapPapId=" + document.getElementById("TelcomChapPapId").value+
-						"&TelcomChapPapPwd=" + document.getElementById("TelcomChapPapPwd").value+
+						"&TelcomApn=" + escape(document.getElementById("TelcomApn").value)+
+						"&TelcomChapPapId=" + escape(document.getElementById("TelcomChapPapId").value)+
+						"&TelcomChapPapPwd=" + escape(document.getElementById("TelcomChapPapPwd").value)+
 						"&TelcomIpAddress=" + document.getElementById("TelcomIpAddress").value+
 						"&TelcomEnabled=" + document.getElementById("TelcomEnabled").value;
-
 			// POST 請求必須設置表頭在 open() 下面，send() 上面
 			request.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
 			request.send(data);

EVSE/rootfs/var/www/set_network_action.php

@@ -25,56 +25,56 @@
 		checkValue("WifiDhcpClient");
 		checkValue("TelcomEnabled");
 		WifiMode_changed();
-		if(isset($_POST['Eth0DhcpClient'])){
-			$json['Eth0DhcpClient']			= $_POST['Eth0DhcpClient'];
+		if(isset($_REQUEST['Eth0DhcpClient'])){
+			$json['Eth0DhcpClient']			= $_REQUEST['Eth0DhcpClient'];
 		}
-		if(isset($_POST['Eth0IpAddress'])){
-			$json['Eth0IpAddress']			= $_POST['Eth0IpAddress'];
+		if(isset($_REQUEST['Eth0IpAddress'])){
+			$json['Eth0IpAddress']			= $_REQUEST['Eth0IpAddress'];
 		}
-		if(isset($_POST['Eth0SubmaskAddress'])){
-			$json['Eth0SubmaskAddress']		= $_POST['Eth0SubmaskAddress'];
+		if(isset($_REQUEST['Eth0SubmaskAddress'])){
+			$json['Eth0SubmaskAddress']		= $_REQUEST['Eth0SubmaskAddress'];
 		}
-		if(isset($_POST['Eth0GatewayAddress'])){
-			$json['Eth0GatewayAddress']		= $_POST['Eth0GatewayAddress'];
+		if(isset($_REQUEST['Eth0GatewayAddress'])){
+			$json['Eth0GatewayAddress']		= $_REQUEST['Eth0GatewayAddress'];
 		}
-		if(isset($_POST['WifiMode'])){
-			$json['WifiMode']				= $_POST['WifiMode'];
+		if(isset($_REQUEST['WifiMode'])){
+			$json['WifiMode']				= $_REQUEST['WifiMode'];
 		}
-		if(isset($_POST['WifiSsid'])){
-			$json['WifiSsid']				= $_POST['WifiSsid'];
+		if(isset($_REQUEST['WifiSsid'])){
+			$json['WifiSsid']				= str_replace("&amp;","&",str_replace("&quot;",'"',str_replace("&#039;","'",str_replace("&lt;","<",str_replace("&gt;",">",$_REQUEST['WifiSsid'])))));
 		}
-		if(isset($_POST['WifiPassword'])){
-			$json['WifiPassword']			= $_POST['WifiPassword'];
+		if(isset($_REQUEST['WifiPassword'])){
+			$json['WifiPassword']			= str_replace("&amp;","&",str_replace("&quot;",'"',str_replace("&#039;","'",str_replace("&lt;","<",str_replace("&gt;",">",$_REQUEST['WifiPassword'])))));
 		}
-		if(isset($_POST['WifiDhcpServer'])){
-			$json['WifiDhcpServer']			= $_POST['WifiDhcpServer'];
+		if(isset($_REQUEST['WifiDhcpServer'])){
+			$json['WifiDhcpServer']			= $_REQUEST['WifiDhcpServer'];
 		}
-		if(isset($_POST['WifiDhcpClient'])){
-			$json['WifiDhcpClient']			= $_POST['WifiDhcpClient'];
+		if(isset($_REQUEST['WifiDhcpClient'])){
+			$json['WifiDhcpClient']			= $_REQUEST['WifiDhcpClient'];
 		}
-		if(isset($_POST['WifiIpAddress'])){
-			$json['WifiIpAddress']			= $_POST['WifiIpAddress'];
+		if(isset($_REQUEST['WifiIpAddress'])){
+			$json['WifiIpAddress']			= $_REQUEST['WifiIpAddress'];
 		}
-		if(isset($_POST['WifiSubmaskAddress'])){
-			$json['WifiSubmaskAddress']		= $_POST['WifiSubmaskAddress'];
+		if(isset($_REQUEST['WifiSubmaskAddress'])){
+			$json['WifiSubmaskAddress']		= $_REQUEST['WifiSubmaskAddress'];
 		}
-		if(isset($_POST['WifiGatewayAddress'])){
-			$json['WifiGatewayAddress']		= $_POST['WifiGatewayAddress'];
+		if(isset($_REQUEST['WifiGatewayAddress'])){
+			$json['WifiGatewayAddress']		= $_REQUEST['WifiGatewayAddress'];
 		}
-		if(isset($_POST['TelcomApn'])){
-			$json['TelcomApn']				= $_POST['TelcomApn'];
+		if(isset($_REQUEST['TelcomApn'])){
+			$json['TelcomApn']				= str_replace("&amp;","&",str_replace("&quot;",'"',str_replace("&#039;","'",str_replace("&lt;","<",str_replace("&gt;",">",$_REQUEST['TelcomApn'])))));
 		}
-		if(isset($_POST['TelcomChapPapId'])){
-			$json['TelcomChapPapId']		= $_POST['TelcomChapPapId'];
+		if(isset($_REQUEST['TelcomChapPapId'])){
+			$json['TelcomChapPapId']		= str_replace("&amp;","&",str_replace("&quot;",'"',str_replace("&#039;","'",str_replace("&lt;","<",str_replace("&gt;",">",$_REQUEST['TelcomChapPapId'])))));
 		}
-		if(isset($_POST['TelcomChapPapPwd'])){
-			$json['TelcomChapPapPwd']		= $_POST['TelcomChapPapPwd'];
+		if(isset($_REQUEST['TelcomChapPapPwd'])){
+			$json['TelcomChapPapPwd']		= str_replace("&amp;","&",str_replace("&quot;",'"',str_replace("&#039;","'",str_replace("&lt;","<",str_replace("&gt;",">",$_REQUEST['TelcomChapPapPwd'])))));
 		}
-		if(isset($_POST['TelcomIpAddress'])){
-			$json['TelcomIpAddress']		= $_POST['TelcomIpAddress'];
+		if(isset($_REQUEST['TelcomIpAddress'])){
+			$json['TelcomIpAddress']		= $_REQUEST['TelcomIpAddress'];
 		}
-		if(isset($_POST['TelcomEnabled'])){
-			$json['TelcomEnabled']			= $_POST['TelcomEnabled'];
+		if(isset($_REQUEST['TelcomEnabled'])){
+			$json['TelcomEnabled']			= $_REQUEST['TelcomEnabled'];
 		}
 
 //		ob_start();
@@ -90,7 +90,8 @@
 			 exit;
 		 }
 		 else{
-			 $jsone['result'] = "Error";
+//			 $jsone['result'] = "Error";
+			 $jsone['result'] = $str_json;
 			 $jsone['message'] = "Something went wrong on machine";
 			 echo json_encode($jsone);
 			 return false;
@@ -100,8 +101,8 @@
 	}
 
 	function checkip($id){
-		$ip=$_POST[$id];
-		if($_POST[$id] != ""){
+		$ip=$_REQUEST[$id];
+		if($_REQUEST[$id] != ""){
 			if(ip2long($ip)){
 				
 			}
@@ -115,14 +116,14 @@
 	}
 
 	function checkValue($id){
-		if($_POST[$id] != ""){
-			if(strlen($_POST[$id])!=1){
+		if($_REQUEST[$id] != ""){
+			if(strlen($_REQUEST[$id])!=1){
 					$jsone['result'] = "Fail";
 					$jsone['message'] = "You have entered a wrong value on " . $id . ", it should be numeric";
 					echo json_encode($jsone);
 					exit;
 			}
-			if(!ereg("[0-9]",$_POST[$id])){
+			if(!ereg("[0-9]",$_REQUEST[$id])){
 					$jsone['result'] = "Fail";
 					$jsone['message'] = "You have entered a wrong value on " . $id . ", it should be numeric";
 					echo json_encode($jsone);
@@ -132,21 +133,21 @@
 	}
 
 	function WifiMode_changed(){
-		if($_POST['WifiMode']=="0"){
-//			$_POST['WifiDhcpServer']=1;
-//			$_POST['WifiDhcpClient']=1;
-			$_POST['WifiSsid']="";
-			$_POST['WifiPassword']="";
-		}
-		if($_POST['WifiMode']=="1"){
-//			$_POST['WifiDhcpServer']=1;
-//			$_POST['WifiDhcpClient']=0;
-		}
-		if($_POST['WifiMode']=="2"){
-//			$_POST['WifiDhcpServer']=0;
-//			$_POST['WifiDhcpClient']=1;
-			$_POST['WifiSsid']="";
-			$_POST['WifiPassword']="";
+		if($_REQUEST['WifiMode']=="0"){
+//			$_REQUEST['WifiDhcpServer']=1;
+//			$_REQUEST['WifiDhcpClient']=1;
+			$_REQUEST['WifiSsid']="";
+			$_REQUEST['WifiPassword']="";
+		}
+		if($_REQUEST['WifiMode']=="1"){
+//			$_REQUEST['WifiDhcpServer']=1;
+//			$_REQUEST['WifiDhcpClient']=0;
+		}
+		if($_REQUEST['WifiMode']=="2"){
+//			$_REQUEST['WifiDhcpServer']=0;
+//			$_REQUEST['WifiDhcpClient']=1;
+			$_REQUEST['WifiSsid']="";
+			$_REQUEST['WifiPassword']="";
 		}
 	}