Modified modelfunctions library to include validation in get/setfiledetails. Modified all uses to validate the file name - this was a major security hole.

git-svn-id: svn://svn.alpinelinux.org/acf/dansguardian/trunk@1542 ab2d0c66-481e-0410-8bed-d214d4d58bed

1 files changed, 2 insertions, 18 deletions

diff --git a/dansguardian-model.lua b/dansguardian-model.lua
index 66bd6a7..d54a87a 100644
--- a/dansguardian-model.lua
+++ b/dansguardian-model.lua
@@ -136,27 +136,11 @@ update_general_config = function( config )
 end
 
 get_file = function(filename)
-	local retval
-	if is_valid_filename(filename) then
-		retval = modelfunctions.getfiledetails(filename)
-	else
-		retval = modelfunctions.getfiledetails("")
-		retval.value.filename.value = filename
-	end
-
-	return retval
+	return modelfunctions.getfiledetails(filename, is_valid_filename)
 end
 
 update_file = function(filedetails)
-	local retval
-	if is_valid_filename(filedetails.value.filename.value) then
-		retval = modelfunctions.setfiledetails(filedetails)
-	else
-		retval.value.filename.errtxt = "Invalid filename"
-		retval.errtxt = "Failed to save file"
-	end
-
-	return retval
+	return modelfunctions.setfiledetails(filedetails, is_valid_filename)
 end
 
 list_files = function()