From 37b64e7d282bb5856fc2a8a4fd3f16af31eb212f Mon Sep 17 00:00:00 2001
From: Ted Trask <ttrask01@yahoo.com>
Date: Tue, 7 Oct 2008 17:31:24 +0000
Subject: Modified modelfunctions library to include validation in
 get/setfiledetails.  Modified all uses to validate the file name - this was a
 major security hole.

git-svn-id: svn://svn.alpinelinux.org/acf/alpine-conf/trunk@1542 ab2d0c66-481e-0410-8bed-d214d4d58bed
---
 lbu-model.lua | 21 +++++++--------------
 1 file changed, 7 insertions(+), 14 deletions(-)

diff --git a/lbu-model.lua b/lbu-model.lua
index 69eacfc..c190c34 100644
--- a/lbu-model.lua
+++ b/lbu-model.lua
@@ -153,8 +153,9 @@ local function validatefilelist(filelist)
 	return filelist
 end
 
-local function validatefilecontent (filecontent)
-	local config = getconfig(filecontent.value)
+local function validatefilecontent (filedetails)
+	local success = true
+	local config = getconfig(filedetails.value.filecontent.value)
 	local errors = {}
 	for name,value in pairs(config.value) do
 		if value.errtxt then	
@@ -162,10 +163,11 @@ local function validatefilecontent (filecontent)
 		end
 	end
 	if #errors > 0 then
-		filecontent.errtxt = table.concat(errors, "\n")
+		success = false
+		filedetails.value.filecontent.errtxt = table.concat(errors, "\n")
 	end
 
-	return filecontent
+	return success, filedetails
 end
 --[[
 local was_mounted
@@ -348,16 +350,7 @@ function get_filedetails()
 end
 
 function set_filedetails(filedetails)
-	local filecontent = filedetails.value.filecontent
-	filecontent.value = format.dostounix(filecontent.value)
-	filecontent.value = filecontent.value:gsub("\n+$", "")
-	validatefilecontent(filecontent)
-	if not filecontent.errtxt then
-		fs.write_file(configfile, filecontent.value)
-	else
-		filedetails.errtxt = "Failed to set config"
-	end
-	return filedetails
+	return modelfunctions.setfiledetails(filedetails, {configfile}, validatefilecontent)
 end
 
 function getcommit()
-- 
cgit v1.2.3