diff options
| author | Ted Trask <ttrask01@yahoo.com> | 2008-10-07 17:31:24 +0000 |
|---|---|---|
| committer | Ted Trask <ttrask01@yahoo.com> | 2008-10-07 17:31:24 +0000 |
| commit | 1f66f44aee152299191c125656af0435a787169f (patch) | |
| tree | dce1d4e6defcdbee68c2b58cee0226503dca7eba | |
| parent | fba47dc0eafc168ddc42e08850244b5603d02132 (diff) | |
| download | acf-openntpd-1f66f44aee152299191c125656af0435a787169f.tar.bz2 acf-openntpd-1f66f44aee152299191c125656af0435a787169f.tar.xz | |
Modified modelfunctions library to include validation in get/setfiledetails. Modified all uses to validate the file name - this was a major security hole.
git-svn-id: svn://svn.alpinelinux.org/acf/openntpd/trunk@1542 ab2d0c66-481e-0410-8bed-d214d4d58bed
| -rw-r--r-- | openntpd-model.lua | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/openntpd-model.lua b/openntpd-model.lua index 42f17e4..a66160c 100644 --- a/openntpd-model.lua +++ b/openntpd-model.lua @@ -151,7 +151,6 @@ function get_filedetails() end function update_filedetails(filedetails) - filedetails.value.filename.value = configfile - return modelfunctions.setfiledetails(filedetails) + return modelfunctions.setfiledetails(filedetails, {configfile}) end |