From 297d691ef4a429d798eda666bc6662243a4d7230 Mon Sep 17 00:00:00 2001
From: Ted Trask <ttrask01@yahoo.com>
Date: Tue, 7 Oct 2008 17:31:24 +0000
Subject: Modified modelfunctions library to include validation in
 get/setfiledetails.  Modified all uses to validate the file name - this was a
 major security hole.

git-svn-id: svn://svn.alpinelinux.org/acf/fetchmail/trunk@1542 ab2d0c66-481e-0410-8bed-d214d4d58bed
---
 fetchmail-model.lua | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/fetchmail-model.lua b/fetchmail-model.lua
index d3dd51c..456a12e 100644
--- a/fetchmail-model.lua
+++ b/fetchmail-model.lua
@@ -316,9 +316,8 @@ function get_filedetails()
 end
 
 function update_filecontent(filedetails)
-	filedetails.value.filename.value = configfile
 	-- FIXME - validation
-	local retval = modelfunctions.setfiledetails(filedetails)
+	local retval = modelfunctions.setfiledetails(filedetails, {configfile})
 	posix.chmod(configfile, "rwx--x---")
 	config = nil
 	return retval
-- 
cgit v1.2.3