summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTed Trask <ttrask01@yahoo.com>2008-10-07 17:31:24 +0000
committerTed Trask <ttrask01@yahoo.com>2008-10-07 17:31:24 +0000
commit3bb33adcf18437b925952d9e4155a4f5701b7634 (patch)
treef4eb15e6a5b8d46841712615b8721a08765b31ca
parente66d91b13dd7f80cb6706d286d0ca8f6478584d9 (diff)
downloadacf-squid-3bb33adcf18437b925952d9e4155a4f5701b7634.tar.bz2
acf-squid-3bb33adcf18437b925952d9e4155a4f5701b7634.tar.xz
Modified modelfunctions library to include validation in get/setfiledetails. Modified all uses to validate the file name - this was a major security hole.
git-svn-id: svn://svn.alpinelinux.org/acf/squid/trunk@1542 ab2d0c66-481e-0410-8bed-d214d4d58bed
-rw-r--r--squid-model.lua6
1 files changed, 2 insertions, 4 deletions
diff --git a/squid-model.lua b/squid-model.lua
index 33cf490..a726b96 100644
--- a/squid-model.lua
+++ b/squid-model.lua
@@ -46,8 +46,7 @@ get_configfile = function()
end
update_configfile = function( filedetails )
- filedetails.value.filename.value = squidconf
- return modelfunctions.setfiledetails(filedetails)
+ return modelfunctions.setfiledetails(filedetails, {squidconf})
end
read_digest_userlist = function()
@@ -74,9 +73,8 @@ read_digest_userlist = function()
end
update_digest_userlist = function( userlistdetails )
- userlistdetails.value.filename.value = squiddigestusers
-- FIXME - validate
- modelfunctions.setfiledetails(userlistdetails)
+ modelfunctions.setfiledetails(userlistdetails, {squiddigestusers})
return read_digest_userlist()
end