diff options
author | Ted Trask <ttrask01@yahoo.com> | 2008-10-07 17:31:24 +0000 |
---|---|---|
committer | Ted Trask <ttrask01@yahoo.com> | 2008-10-07 17:31:24 +0000 |
commit | 7b01417e3d68a286f50a4a77667f3f5befe12871 (patch) | |
tree | 2046f5e38520656555cb2575f338d886c467ee6b | |
parent | a3f9d00a6ceae235e3adf378c49a4d2c8513f191 (diff) | |
download | acf-chrony-7b01417e3d68a286f50a4a77667f3f5befe12871.tar.bz2 acf-chrony-7b01417e3d68a286f50a4a77667f3f5befe12871.tar.xz |
Modified modelfunctions library to include validation in get/setfiledetails. Modified all uses to validate the file name - this was a major security hole.
git-svn-id: svn://svn.alpinelinux.org/acf/chrony/trunk@1542 ab2d0c66-481e-0410-8bed-d214d4d58bed
-rw-r--r-- | chrony-model.lua | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/chrony-model.lua b/chrony-model.lua index 33cec37..7dbf994 100644 --- a/chrony-model.lua +++ b/chrony-model.lua @@ -33,7 +33,6 @@ end function update_filedetails(filedetails) -- FIXME validate - filedetails.value.filename.value = configfile - return modelfunctions.setfiledetails(filedetails) + return modelfunctions.setfiledetails(filedetails, {configfile}) end |