From 2c211e557ebdba4ec9d90ba8ed05c5bfe28d3f75 Mon Sep 17 00:00:00 2001
From: Ilia Ross <ilia@ross.gdn>
Date: Tue, 10 Mar 2026 17:29:16 +0200
Subject: [PATCH] Fix runlevel change input validation and escaping (#2)

---
 init/change_rl.cgi | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/init/change_rl.cgi b/init/change_rl.cgi
index f80daa552..91087cd92 100755
--- a/init/change_rl.cgi
+++ b/init/change_rl.cgi
@@ -5,10 +5,12 @@
 require './init-lib.pl';
 &ReadParse();
 $access{'bootup'} == 1 || &error($text{'change_ecannot'});
+my %ok_levels = map { $_, 1 } (&list_runlevels(), "S", "s");
+$ok_levels{$in{'level'}} || &error($text{'change_ecannot'});
 
 &ui_print_header(undef, $text{'change_title'}, "");
 
-$cmd = "telinit '$in{'level'}'";
+$cmd = "telinit ".quotemeta($in{'level'});
 print "<p>",&text('change_cmd', $in{'level'}, "<tt>$cmd</tt>"),"<p>\n";
 &system_logged("$cmd </dev/null >/dev/null 2>&1 &");
 &webmin_log("telinit", $in{'level'});