Modified modelfunctions library to include validation in get/setfiledetails. Modified all uses to validate the file name - this was a major security hole.

git-svn-id: svn://svn.alpinelinux.org/acf/opennhrp/trunk@1542 ab2d0c66-481e-0410-8bed-d214d4d58bed

1 files changed, 2 insertions, 14 deletions

diff --git a/opennhrp-model.lua b/opennhrp-model.lua
index 42497c9..2601655 100644
--- a/opennhrp-model.lua
+++ b/opennhrp-model.lua
@@ -200,21 +200,9 @@ function setconfig(self, config)
 end
 
 function getconfigfile(self)
-	local filedetails = modelfunctions.getfiledetails(configfile)
-	local result, filedetails = validateconfigfile(self, filedetails)
-	return filedetails
+	return modelfunctions.getfiledetails(configfile, nil, function(filedetails) return validateconfigfile(self, filedetails)end)
 end
 
 function setconfigfile(self, filedetails)
-	filedetails.value.filename.value = configfile
-	filedetails.value.filecontent.value = string.gsub(format.dostounix(filedetails.value.filecontent.value), "\n+$", "")
-	local success, filedetails = validateconfigfile(self, filedetails)
-	if success then
-		fs.write_file(configfile, filedetails.value.filecontent.value)
-		filedetails = getconfigfile(self)
-	else
-		filedetails.errtxt = "Failed to set configuration file"
-	end
-	
-	return filedetails
+	return modelfunctions.setfiledetails(filedetails, {configfile}, function(filedetails) return validateconfigfile(self, filedetails)end)
 end