From 39e5bdc0c438d109dcc4f744121e3eb742fd18ab Mon Sep 17 00:00:00 2001
From: Ted Trask <ttrask01@yahoo.com>
Date: Tue, 7 Oct 2008 17:31:24 +0000
Subject: Modified modelfunctions library to include validation in
 get/setfiledetails.  Modified all uses to validate the file name - this was a
 major security hole.

git-svn-id: svn://svn.alpinelinux.org/acf/tinydns/trunk@1542 ab2d0c66-481e-0410-8bed-d214d4d58bed
---
 tinydns-model.lua | 20 ++------------------
 1 file changed, 2 insertions(+), 18 deletions(-)

(limited to 'tinydns-model.lua')

diff --git a/tinydns-model.lua b/tinydns-model.lua
index 61840d9..95e5f4f 100644
--- a/tinydns-model.lua
+++ b/tinydns-model.lua
@@ -259,28 +259,12 @@ end
 
 function get_filedetails(self, path, userid)
 	configfiles = searchforconfigfiles(self, userid)
-	if not validfilename(path) then
-		local result = modelfunctions.getfiledetails("")
-		result.value.filename.value = path
-		return result
-	else
-		return modelfunctions.getfiledetails(path)
-	end
+	return modelfunctions.getfiledetails(path, validfilename)
 end
 
 function set_filedetails (self, filedetails, userid)
 	configfiles = searchforconfigfiles(self, userid)
-	filedetails.value.filecontent.value = string.gsub(format.dostounix(filedetails.value.filecontent.value), "\n+$", "")
-	local success, errtxt = validfilename(filedetails.value.filename.value)
-	if success then
-		fs.write_file(filedetails.value.filename.value, filedetails.value.filecontent.value)
-		filedetails = get_filedetails(self, filedetails.value.filename.value, userid)
-	else
-		filedetails.value.filename.errtxt = errtxt
-		filedetails.errtxt = "Failed to set config file"
-	end
-
-	return filedetails
+	return modelfunctions.setfiledetails(filedetails, validfilename)
 end
 
 function getnewconfigfile()
-- 
cgit v1.2.3