From c61ae0758baf76981fb670aeda48c1235c9e0800 Mon Sep 17 00:00:00 2001
From: Ted Trask <ttrask01@yahoo.com>
Date: Wed, 21 Jan 2009 22:04:37 +0000
Subject: Added escapespecialcharacters to format.lua to escape shell special
 characters.  Reviewed all calls to io.popen and os.execute to escape special
 characters.  Fixed file uploads in openssl and ipsectools with
 viewfunctions.lua.  Tried to fix openssl renew when subject contains special
 characters, but not done yet.

git-svn-id: svn://svn.alpinelinux.org/acf/gnats/trunk@1687 ab2d0c66-481e-0410-8bed-d214d4d58bed
---
 gnats-model.lua | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/gnats-model.lua b/gnats-model.lua
index a3afc02..c273fbc 100644
--- a/gnats-model.lua
+++ b/gnats-model.lua
@@ -115,7 +115,7 @@ end
 
 local function get_array(name)
 	local a = {}
-	local f = assert(io.popen("/usr/bin/query-pr "..gnatsopts.." --valid-values " .. tostring(name)))
+	local f = assert(io.popen("/usr/bin/query-pr "..gnatsopts.." --valid-values " .. format.escapespecialcharacters(name)))
 	for line in f:lines() do
 		table.insert(a, line)
 	end
@@ -170,7 +170,7 @@ function summary()
 		end
 	end
 
-	local f = assert(io.popen("query-pr "..gnatsopts.. (search_opts or "")))
+	local f = assert(io.popen("query-pr "..gnatsopts.. format.escapespecialcharacters(search_opts)))
 
 	i = 0
 	for line in f:lines() do
@@ -278,7 +278,7 @@ end
 -- read pr to header, sfields and mfields
 function read_pr(self, id)
 	local cmd = "query-pr -F "..gnatsopts.." "..tostring(id)
-	local f = assert(io.popen(cmd))
+	local f = assert(io.popen(format.escapespecialcharacters(cmd)))
 	local line
 	local section = SECT_HEADER
 
@@ -353,7 +353,7 @@ end
 
 function get_logfile ()
 	local file = {}
-	local cmdtxt = "cat /var/log/messages | grep " .. processname
+	local cmdtxt = "cat /var/log/messages | grep " .. format.escapespecialcharacters(processname)
 	local cmd, error = io.popen(cmdtxt ,r)
 	local cmdoutput = cmd:read("*a")
 	cmd:close()
@@ -475,12 +475,12 @@ function sendbug (self, message)
 	local mailtxt = "outgoing_mail"
 	fs.write_file(mailtxt, table.concat(message , "\n"))
 
-	local cmdtxt = "/usr/sbin/sendmail -oi -t < " .. mailtxt .. " 2>&1"
+	local cmdtxt = "/usr/sbin/sendmail -oi -t < " .. format.escapespecialcharacters(mailtxt) .. " 2>&1"
 	local cmd, error = io.popen(cmdtxt ,r)
 	local cmdoutput = cmd:read("*a")
 	cmd:close()
 
-	local cmd, error = io.popen("/bin/rm -f " .. mailtxt ,r)
+	local cmd, error = io.popen("/bin/rm -f " .. format.escapespecialcharacters(mailtxt) ,r)
 	cmd:close()
 
 	if (#cmdoutput > 0) then
-- 
cgit v1.2.3