From db568f08d77df7cad6197e6fa3600e878c92d529 Mon Sep 17 00:00:00 2001
From: Ted Trask <ttrask01@yahoo.com>
Date: Tue, 7 Oct 2008 17:31:24 +0000
Subject: Modified modelfunctions library to include validation in
 get/setfiledetails.  Modified all uses to validate the file name - this was a
 major security hole.

git-svn-id: svn://svn.alpinelinux.org/acf/opennhrp/trunk@1542 ab2d0c66-481e-0410-8bed-d214d4d58bed
---
 opennhrp-model.lua | 16 ++--------------
 1 file changed, 2 insertions(+), 14 deletions(-)

diff --git a/opennhrp-model.lua b/opennhrp-model.lua
index 42497c9..2601655 100644
--- a/opennhrp-model.lua
+++ b/opennhrp-model.lua
@@ -200,21 +200,9 @@ function setconfig(self, config)
 end
 
 function getconfigfile(self)
-	local filedetails = modelfunctions.getfiledetails(configfile)
-	local result, filedetails = validateconfigfile(self, filedetails)
-	return filedetails
+	return modelfunctions.getfiledetails(configfile, nil, function(filedetails) return validateconfigfile(self, filedetails)end)
 end
 
 function setconfigfile(self, filedetails)
-	filedetails.value.filename.value = configfile
-	filedetails.value.filecontent.value = string.gsub(format.dostounix(filedetails.value.filecontent.value), "\n+$", "")
-	local success, filedetails = validateconfigfile(self, filedetails)
-	if success then
-		fs.write_file(configfile, filedetails.value.filecontent.value)
-		filedetails = getconfigfile(self)
-	else
-		filedetails.errtxt = "Failed to set configuration file"
-	end
-	
-	return filedetails
+	return modelfunctions.setfiledetails(filedetails, {configfile}, function(filedetails) return validateconfigfile(self, filedetails)end)
 end
-- 
cgit v1.2.3