Update views.php

homepage/views.php

@@ -7,14 +7,14 @@
 		$sys_timezone = trim($tz_data);
 	}
 } else {
-// Else get timezone from the timedatectl command
+// else get timezone from the timedatectl command
 	$tz_data = shell_exec('timedatectl show');
 	$tz_data_array = parse_ini_string($tz_data);
 	if (is_array($tz_data_array) && array_key_exists('Timezone', $tz_data_array)) {
 		$sys_timezone = $tz_data_array['Timezone'];
 	}
 }
-//Finally if we have a valod timezone, set it as the one PHP uses
+// finally if we have a valod timezone, set it as the one PHP uses
 if ($sys_timezone !== "") {
 	date_default_timezone_set($sys_timezone);
 }

scripts/config.php

@@ -2,6 +2,36 @@
 error_reporting(E_ERROR);
 ini_set('display_errors',1);
 
+if (file_exists('./scripts/thisrun.txt')) {
+  $config = parse_ini_file('./scripts/thisrun.txt');
+} elseif (file_exists('./scripts/firstrun.ini')) {
+  $config = parse_ini_file('./scripts/firstrun.ini');
+}
+$user = shell_exec("awk -F: '/1000/{print $1}' /etc/passwd");
+$home = shell_exec("awk -F: '/1000/{print $6}' /etc/passwd");
+$home = trim($home);
+if (file_exists($home."/BirdNET-Pi/apprise.txt")) {
+  $apprise_config = file_get_contents($home."/BirdNET-Pi/apprise.txt");
+} else {
+  $apprise_config = "";
+}
+$caddypwd = $config['CADDY_PWD'];
+if (!isset($_SERVER['PHP_AUTH_USER'])) {
+  header('WWW-Authenticate: Basic realm="My Realm"');
+  header('HTTP/1.0 401 Unauthorized');
+  echo '<table><tr><td>You cannot edit the settings for this installation</td></tr></table>';
+  exit;
+} else {
+  $submittedpwd = $_SERVER['PHP_AUTH_PW'];
+  $submitteduser = $_SERVER['PHP_AUTH_USER'];
+  if($submittedpwd !== $caddypwd || $submitteduser !== 'birdnet'){
+    header('WWW-Authenticate: Basic realm="My Realm"');
+    header('HTTP/1.0 401 Unauthorized');
+    echo '<table><tr><td>You cannot edit the settings for this installation</td></tr></table>';
+    exit;
+  }
+}
+
 function syslog_shell_exec($cmd, $sudo_user = null) {
   if ($sudo_user) {
     $cmd = "sudo -u $sudo_user $cmd";
@@ -293,37 +323,7 @@ function() {
 <div class="settings">
       <div class="brbanner"><h1>Basic Settings</h1></div><br>
     <form id="basicform" action=""  method="GET">
-<?php
-if (file_exists('./scripts/thisrun.txt')) {
-  $config = parse_ini_file('./scripts/thisrun.txt');
-} elseif (file_exists('./scripts/firstrun.ini')) {
-  $config = parse_ini_file('./scripts/firstrun.ini');
-}
-$user = shell_exec("awk -F: '/1000/{print $1}' /etc/passwd");
-$home = shell_exec("awk -F: '/1000/{print $6}' /etc/passwd");
-$home = trim($home);
-if (file_exists($home."/BirdNET-Pi/apprise.txt")) {
-  $apprise_config = file_get_contents($home."/BirdNET-Pi/apprise.txt");
-} else {
-  $apprise_config = "";
-}
-$caddypwd = $config['CADDY_PWD'];
-if (!isset($_SERVER['PHP_AUTH_USER'])) {
-  header('WWW-Authenticate: Basic realm="My Realm"');
-  header('HTTP/1.0 401 Unauthorized');
-  echo '<table><tr><td>You cannot edit the settings for this installation</td></tr></table>';
-  exit;
-} else {
-  $submittedpwd = $_SERVER['PHP_AUTH_PW'];
-  $submitteduser = $_SERVER['PHP_AUTH_USER'];
-  if($submittedpwd !== $caddypwd || $submitteduser !== 'birdnet'){
-    header('WWW-Authenticate: Basic realm="My Realm"');
-    header('HTTP/1.0 401 Unauthorized');
-    echo '<table><tr><td>You cannot edit the settings for this installation</td></tr></table>';
-    exit;
-  }
-}
-?>    
+
 
 <script>
   document.addEventListener('DOMContentLoaded', function() {

scripts/play.php

@@ -101,7 +101,7 @@
 
 if(isset($_GET['shiftfile'])) {
 
-    $filename = $_GET['shiftfile'];
+    $filename = escapeshellarg($_GET['shiftfile']);
     $pp = pathinfo($filename);
     $dir = $pp['dirname'];
     $fn  = $pp['filename'];