diff options
author | Ted Trask <ttrask01@yahoo.com> | 2008-10-07 17:31:24 +0000 |
---|---|---|
committer | Ted Trask <ttrask01@yahoo.com> | 2008-10-07 17:31:24 +0000 |
commit | 3bb33adcf18437b925952d9e4155a4f5701b7634 (patch) | |
tree | f4eb15e6a5b8d46841712615b8721a08765b31ca | |
parent | e66d91b13dd7f80cb6706d286d0ca8f6478584d9 (diff) | |
download | acf-squid-3bb33adcf18437b925952d9e4155a4f5701b7634.tar.bz2 acf-squid-3bb33adcf18437b925952d9e4155a4f5701b7634.tar.xz |
Modified modelfunctions library to include validation in get/setfiledetails. Modified all uses to validate the file name - this was a major security hole.
git-svn-id: svn://svn.alpinelinux.org/acf/squid/trunk@1542 ab2d0c66-481e-0410-8bed-d214d4d58bed
-rw-r--r-- | squid-model.lua | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/squid-model.lua b/squid-model.lua index 33cf490..a726b96 100644 --- a/squid-model.lua +++ b/squid-model.lua @@ -46,8 +46,7 @@ get_configfile = function() end update_configfile = function( filedetails ) - filedetails.value.filename.value = squidconf - return modelfunctions.setfiledetails(filedetails) + return modelfunctions.setfiledetails(filedetails, {squidconf}) end read_digest_userlist = function() @@ -74,9 +73,8 @@ read_digest_userlist = function() end update_digest_userlist = function( userlistdetails ) - userlistdetails.value.filename.value = squiddigestusers -- FIXME - validate - modelfunctions.setfiledetails(userlistdetails) + modelfunctions.setfiledetails(userlistdetails, {squiddigestusers}) return read_digest_userlist() end |