From d4dfd2d7b87cccdb8f01188a645226eb8c1c9b20 Mon Sep 17 00:00:00 2001
From: Eric Schultz <eric@startuperic.com>
Date: Mon, 4 Nov 2019 02:32:12 -0600
Subject: [PATCH] prevent remote access when root is passwordless

---
 Unraid.net.plg | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Unraid.net.plg b/Unraid.net.plg
index 2f15d16..3bd3357 100644
--- a/Unraid.net.plg
+++ b/Unraid.net.plg
@@ -145,7 +145,7 @@ if (empty($remote['wanport'])) {
 
 $hasCert = file_exists('/boot/config/ssl/certs/certificate_bundle.pem');
 $isRegistered = !empty($remote['apikey']);
-$boolWebUIAuth = $isRegistered || file_exists('/etc/nginx/htpasswd');
+$boolWebUIAuth = ($remote['wanaccess']=='yes' && $remote['wanport']!='0') || file_exists('/etc/nginx/htpasswd');
 
 $isActivated = false;
 $isUptodate = false;
@@ -173,7 +173,7 @@ function registerServer(button) {
             $.post('/webGui/include/Dispatcher.php',{
                 "#cfg": "/boot/config/plugins/dynamix/dynamix.cfg",
                 "remote_apikey": data.apikey,
-                "remote_wanaccess": $('#wanaccess').val(),
+                "remote_wanaccess": $('#wanport').val()==0?'no':$('#wanaccess').val(),
                 "remote_wanport": $('#wanport').val()
             });
             $(button).prop("disabled", false).html(oldlabel);