Hello Erik,
Thank you for your patch.
I cannot quite merge this because the patch changes behaviour so that the
browser could write arbitrary values into the configuration file without
further sanitisation. To fix this, we must check if $cgiparams{'IEEE80211W’}
contains one of three possible values.
Would you like to update this patch accordingly?
-Michael
> On 17 Oct 2025, at 10:42, ummeegge <[email protected]> wrote:
>
> Original ternary ignored 'optional' and forced 'off'.
> Use defined-or (//) to preserve all select values.
>
> Signed-off-by: ummeegge <[email protected]>
> ---
> html/cgi-bin/wlanap.cgi | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/html/cgi-bin/wlanap.cgi b/html/cgi-bin/wlanap.cgi
> index 600ddc489..afdba59b3 100644
> --- a/html/cgi-bin/wlanap.cgi
> +++ b/html/cgi-bin/wlanap.cgi
> @@ -118,7 +118,7 @@ if ($cgiparams{'ACTION'} eq "$Lang::tr{'save'}") {
> $wlanapsettings{'NOSCAN'} = ($cgiparams{'NOSCAN'} eq 'on') ? 'on' : 'off';
> $wlanapsettings{'ENC'} = $cgiparams{'ENC'};
> $wlanapsettings{'PWD'} = $cgiparams{'PWD'};
> - $wlanapsettings{'IEEE80211W'} = ($cgiparams{'IEEE80211W'} eq 'on') ? 'on' :
> 'off';
> + $wlanapsettings{'IEEE80211W'} = $cgiparams{'IEEE80211W'} // 'off';
> $wlanapsettings{'TX_POWER'} = $cgiparams{'TX_POWER'};
>
> if ($errormessage eq '') {
> --
> 2.47.2
>
>
