From eb7cf586fd93454a27ac7337a189981611c9378b Mon Sep 17 00:00:00 2001
From: Ted Trask <ttrask01@yahoo.com>
Date: Tue, 7 Oct 2008 17:31:24 +0000
Subject: Modified modelfunctions library to include validation in
 get/setfiledetails.  Modified all uses to validate the file name - this was a
 major security hole.

git-svn-id: svn://svn.alpinelinux.org/acf/dnscache/trunk@1542 ab2d0c66-481e-0410-8bed-d214d4d58bed
---
 dnscache-model.lua | 24 +++++-------------------
 1 file changed, 5 insertions(+), 19 deletions(-)

diff --git a/dnscache-model.lua b/dnscache-model.lua
index f098caf..46684cf 100644
--- a/dnscache-model.lua
+++ b/dnscache-model.lua
@@ -101,27 +101,13 @@ function setconfig(config)
 end
 
 function getconfigfile()
-	local config = modelfunctions.getfiledetails(configfile)
-
-	-- Validate
-
-	return config
+	-- FIXME Validate
+	return modelfunctions.getfiledetails(configfile)
 end
 
-function setconfigfile(config)
-	local configcontent = string.gsub(format.dostounix(config.value.filecontent.value), "\n*$", "")
-
-	-- Validate
-
-	if fs.is_file(configfile) then
-		fs.write_file(configfile, configcontent)
-		config = modelfunctions.getfiledetails(configfile)
-	else
-		config.value.filecontent.value = configcontent
-		config.errtxt = "Failed to set config"
-	end
-
-	return config
+function setconfigfile(filedetails)
+	-- FIXME Validate
+	return modelfunctions.setfiledetails(filedetails, {configfile})
 end
 
 function getIPs()
-- 
cgit v1.2.3