From 47596652337e32766c2232d52a4a09d6da865ed1 Mon Sep 17 00:00:00 2001
From: Ted Trask <ttrask01@yahoo.com>
Date: Tue, 7 Oct 2008 17:31:24 +0000
Subject: Modified modelfunctions library to include validation in
 get/setfiledetails.  Modified all uses to validate the file name - this was a
 major security hole.

git-svn-id: svn://svn.alpinelinux.org/acf/alpine-baselayout/trunk@1542 ab2d0c66-481e-0410-8bed-d214d4d58bed
---
 logfiles-model.lua | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

(limited to 'logfiles-model.lua')

diff --git a/logfiles-model.lua b/logfiles-model.lua
index 41c2308..d255256 100644
--- a/logfiles-model.lua
+++ b/logfiles-model.lua
@@ -73,18 +73,18 @@ local do_grep = function(filecontent, grep)
 end
 
 get_filedetails = function (path, grep)
-	local filedetails
 	local available_files = get()
-	for i,file in ipairs(available_files.value) do
-		if ( file.value.filename.value == path ) then
-			filedetails = modelfunctions.getfiledetails(path)
-			do_grep(filedetails.value.filecontent, grep)
-			break
-		end
-	end
-	if not filedetails then
-		filedetails = modelfunctions.getfiledetails("")
-		filedetails.value.filename.value = path
+	local filedetails = modelfunctions.getfiledetails(path, 
+		function(filename)
+			for i,file in ipairs(available_files.value) do
+				if file.value.filename.value == filename then
+					return true
+				end
+			end
+			return false
+		end)
+	if not filedetails.errtxt then
+		do_grep(filedetails.value.filecontent, grep)
 	end
 	filedetails.value.grep = cfe({ value=grep or "", label="Grep" })
 	return filedetails
-- 
cgit v1.2.3