summaryrefslogtreecommitdiffstats
path: root/opennhrp-model.lua
diff options
context:
space:
mode:
authorTed Trask <ttrask01@yahoo.com>2008-10-07 17:31:24 +0000
committerTed Trask <ttrask01@yahoo.com>2008-10-07 17:31:24 +0000
commitdb568f08d77df7cad6197e6fa3600e878c92d529 (patch)
tree2e399bcbbd70c43370ad024eca9c3cca80394abf /opennhrp-model.lua
parent8b2da2eda5e7ba891fc5cc2488f51b46e4023c2b (diff)
downloadacf-opennhrp-db568f08d77df7cad6197e6fa3600e878c92d529.tar.bz2
acf-opennhrp-db568f08d77df7cad6197e6fa3600e878c92d529.tar.xz
Modified modelfunctions library to include validation in get/setfiledetails. Modified all uses to validate the file name - this was a major security hole.
git-svn-id: svn://svn.alpinelinux.org/acf/opennhrp/trunk@1542 ab2d0c66-481e-0410-8bed-d214d4d58bed
Diffstat (limited to 'opennhrp-model.lua')
-rw-r--r--opennhrp-model.lua16
1 files changed, 2 insertions, 14 deletions
diff --git a/opennhrp-model.lua b/opennhrp-model.lua
index 42497c9..2601655 100644
--- a/opennhrp-model.lua
+++ b/opennhrp-model.lua
@@ -200,21 +200,9 @@ function setconfig(self, config)
end
function getconfigfile(self)
- local filedetails = modelfunctions.getfiledetails(configfile)
- local result, filedetails = validateconfigfile(self, filedetails)
- return filedetails
+ return modelfunctions.getfiledetails(configfile, nil, function(filedetails) return validateconfigfile(self, filedetails)end)
end
function setconfigfile(self, filedetails)
- filedetails.value.filename.value = configfile
- filedetails.value.filecontent.value = string.gsub(format.dostounix(filedetails.value.filecontent.value), "\n+$", "")
- local success, filedetails = validateconfigfile(self, filedetails)
- if success then
- fs.write_file(configfile, filedetails.value.filecontent.value)
- filedetails = getconfigfile(self)
- else
- filedetails.errtxt = "Failed to set configuration file"
- end
-
- return filedetails
+ return modelfunctions.setfiledetails(filedetails, {configfile}, function(filedetails) return validateconfigfile(self, filedetails)end)
end