C3MA/DD3-LoRa-Bridge-MultiSender
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Harden web UI auth, input handling, and SD path validation

Browse Source 
- Add optional Basic Auth with NVS-backed credentials and STA/AP flags; protect status, wifi, history, and download routes

- Stop pre-filling WiFi/MQTT/Web UI password fields; keep stored secrets on blank and add clear-password checkboxes

- Add HTML escaping + URL encoding helpers and apply to user-controlled strings; add unit test

- Harden /sd/download path validation (prefix, length, dotdot, slashes) and log rejections

- Enforce protocol version in LoRa receive and release GPIO14 before SD init

- Update README security, SD, and GPIO sharing notes
This commit is contained in:
acidburns
2026-02-02 21:07:37 +01:00
parent b5477262ea
commit 0e12b406de
10 changed files with 260 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
test/test_html_escape/test_html_escape.cpp Normal file
View File

@@ -0,0 +1,21 @@
#include <Arduino.h>
#include <unity.h>
#include "html_util.h"
static void test_html_escape_basic() {
TEST_ASSERT_EQUAL_STRING("", html_escape("").c_str());
TEST_ASSERT_EQUAL_STRING("plain", html_escape("plain").c_str());
TEST_ASSERT_EQUAL_STRING("a&amp;b", html_escape("a&b").c_str());
TEST_ASSERT_EQUAL_STRING("&lt;tag&gt;", html_escape("<tag>").c_str());
TEST_ASSERT_EQUAL_STRING("&quot;hi&quot;", html_escape("\"hi\"").c_str());
TEST_ASSERT_EQUAL_STRING("it&#39;s", html_escape("it's").c_str());
TEST_ASSERT_EQUAL_STRING("&amp;&lt;&gt;&quot;&#39;", html_escape("&<>\"'").c_str());
}
void setup() {
UNITY_BEGIN();
RUN_TEST(test_html_escape_basic);
UNITY_END();
}
void loop() {}