v0.3-dev

index.php

@@ -12,10 +12,10 @@ foreach($scans as $scan) {
     <link rel="stylesheet" href="css/nmaprincesspi.css">
     <script src="js/nmaprincesspi.js"></script>
     <link rel="icon" type="css/img/" href="css/img/favicon.ico">
-    <title>Princess Pi's Magical Nmap Web Thingy!</title>
+    <title>Princess Pi's Magical Nmap Web Thingy! (nmaprincesspi)</title>
 </head>
 <body>
-    <h1>Princess Pi's Magical Nmap Web Thingy!</h1>
+    <h1>Princess Pi's Magical Nmap Web Thingy! (nmapprincesspi)</h1>
         <label for="nmapcmd">nmap command</label>
         <br>
         <input type="text" id="nmapcmd" name="nmapcmd">
@@ -23,10 +23,11 @@ foreach($scans as $scan) {
         <br>
         <br>
         <span class="fakelink" id="showlist" onclick="toggleShow('scanlist', 'showlist', 'Hide Previous Scans', 'Show Previous Scans')">Show Previous Scans</span>
-        <br>
+        <br><br>
         <p class="hidden" id="link"></p>
         <div id="scanlist" class="hidden">
             <p><a href="run_clear_scans.php">Delete All Old Scans</a></p>
+            <p>Progress</p>
             <p><?php echo $scanList; ?></p>
         </div>
         <br>

run_scan.php

@@ -1,10 +1,13 @@
 <?php
     if(empty($_POST['nmapcmd'])) { die("nmapcmd POST var not found"); }
     
-    if(preg_match('/nmap/i', $_POST['nmapcmd']) !== 1) {
-        $post_cmd = $_POST['nmapcmd'];
+    $cleannmapcmd = escapeshellcmd($_POST['nmapcmd']);
+
+    // if(preg_match('/nmap/i', $cleannmapcmd) !== 1) {
+    if(substr($cleannmapcmd, 0, 5) == 'nmap ') {
+        $post_cmd = $cleannmapcmd;
     } else {
-        $post_cmd = substr($_POST['nmapcmd'], 5);
+        $post_cmd = substr($cleannmapcmd, 5);
     }
 
     $file_name = date("Ymd-Hi-s") . "-" . rand(1000000,9999999) . ".xml";

todo.txt

@@ -2,21 +2,24 @@ x xhr->run_scan.php
 x add random number to file to prevent enumeration
 x move and edit scripts
 x status/notify when done
-x     polling xml file?
+x   polling xml file?
 error handling
     nmap fail
     php script fail
     input validation fail
 containerize
 x scans listing
-clear scans buttons
+x clear scans buttons
 x work on scans filename?
 fix perms
 auth system
 input/output validation
+    x escapeshellcmd
 work on princesspi-nmap.xsl
     clean up
     minimize stuff
         remove rundundant code
     make prettier
-        green class
+        green class
+        padding on table items
+        centering text on table headers