From 004ba283789d38cbad4054f7d0824f2850e03e20 Mon Sep 17 00:00:00 2001
From: DL6ER <derigs@ph1.uni-koeln.de>
Date: Tue, 13 Dec 2016 15:52:28 +0100
Subject: [PATCH 1/2] Prevent web UI password change by web user

---
 advanced/Scripts/webpage.sh | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh
index 0a79d853..db7d2026 100755
--- a/advanced/Scripts/webpage.sh
+++ b/advanced/Scripts/webpage.sh
@@ -41,6 +41,18 @@ SetTemperatureUnit(){
 
 SetWebPassword(){
 
+	if[ "$SUDO_USER" == "www-data" ]; then
+		echo "Security measure: user www-data is not allowed to change webUI password!"
+		echo "Exiting"
+		exit 1
+	fi
+
+	if[ "$SUDO_USER" == "lighttpd" ]; then
+		echo "Security measure: user lighttpd is not allowed to change webUI password!"
+		echo "Exiting"
+		exit 1
+	fi
+
 	# Remove password from file (create backup setupVars.conf.bak)
 	sed -i.bak '/WEBPASSWORD/d' /etc/pihole/setupVars.conf
 	# Set password only if there is one to be set

From 207422f83a4deccb0e932f78fbd0db02707810b6 Mon Sep 17 00:00:00 2001
From: DL6ER <derigs@ph1.uni-koeln.de>
Date: Tue, 13 Dec 2016 15:54:41 +0100
Subject: [PATCH 2/2] Added a missing space

---
 advanced/Scripts/webpage.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh
index db7d2026..0beb688f 100755
--- a/advanced/Scripts/webpage.sh
+++ b/advanced/Scripts/webpage.sh
@@ -41,13 +41,13 @@ SetTemperatureUnit(){
 
 SetWebPassword(){
 
-	if[ "$SUDO_USER" == "www-data" ]; then
+	if [ "${SUDO_USER}" == "www-data" ]; then
 		echo "Security measure: user www-data is not allowed to change webUI password!"
 		echo "Exiting"
 		exit 1
 	fi
 
-	if[ "$SUDO_USER" == "lighttpd" ]; then
+	if [ "${SUDO_USER}" == "lighttpd" ]; then
 		echo "Security measure: user lighttpd is not allowed to change webUI password!"
 		echo "Exiting"
 		exit 1