diff options
| author | Ted Trask <ttrask01@yahoo.com> | 2009-01-21 22:04:37 +0000 |
|---|---|---|
| committer | Ted Trask <ttrask01@yahoo.com> | 2009-01-21 22:04:37 +0000 |
| commit | fb64467361f779e4f9eea5b923056f85af2ed911 (patch) | |
| tree | ec10a0b878f3126d66e0c21bfa89688aaecd6e6d | |
| parent | 078aeba6444620d99dd5c201d8492d2471d2bc3b (diff) | |
| download | acf-alpine-baselayout-fb64467361f779e4f9eea5b923056f85af2ed911.tar.bz2 acf-alpine-baselayout-fb64467361f779e4f9eea5b923056f85af2ed911.tar.xz | |
Added escapespecialcharacters to format.lua to escape shell special characters. Reviewed all calls to io.popen and os.execute to escape special characters. Fixed file uploads in openssl and ipsectools with viewfunctions.lua. Tried to fix openssl renew when subject contains special characters, but not done yet.
git-svn-id: svn://svn.alpinelinux.org/acf/alpine-baselayout/trunk@1687 ab2d0c66-481e-0410-8bed-d214d4d58bed
| -rw-r--r-- | health-model.lua | 4 | ||||
| -rw-r--r-- | interfaces-model.lua | 11 | ||||
| -rw-r--r-- | logfiles-model.lua | 3 | ||||
| -rw-r--r-- | password-model.lua | 3 | ||||
| -rw-r--r-- | skins-model.lua | 4 |
5 files changed, 15 insertions, 10 deletions
diff --git a/health-model.lua b/health-model.lua index e012bf1..52b4fa9 100644 --- a/health-model.lua +++ b/health-model.lua @@ -8,7 +8,7 @@ require("format") -- ############################################################### -- Private functions local function querycmd ( cmdline ) - local cmd = io.popen( cmdline ) + local cmd = io.popen( format.escapespecialcharacters(cmdline) ) local cmd_result = cmd:read("*a") or "unknown" cmd:close() return cmd_result @@ -16,7 +16,7 @@ end local function diskfree ( media ) if not (media) then media = "" end - local cmd = io.popen( "df -h " .. media ) + local cmd = io.popen( "df -h " .. format.escapespecialcharacters(media) ) local cmd_result = cmd:read("*a") or "unknown" cmd:close() return cmd_result diff --git a/interfaces-model.lua b/interfaces-model.lua index 93456e4..fdff2e2 100644 --- a/interfaces-model.lua +++ b/interfaces-model.lua @@ -4,6 +4,7 @@ module (..., package.seeall) require("modelfunctions") require("fs") +require("format") -- iface is a local (private) table with private methods for managing -- the interfaces file. All low-level stuff is done here. It exposes @@ -364,7 +365,7 @@ end iface.ifup = function (name) name = name or "" local cmd = "PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin ifup "..name - local f = io.popen(cmd) + local f = io.popen(format.escapespecialcharacters(cmd)) local cmdresult = f:read("*a") f:close() @@ -378,7 +379,7 @@ end iface.ifdown = function (name) name = name or "" local cmd = "PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin ifdown "..name - local f = io.popen(cmd) + local f = io.popen(format.escapespecialcharacters(cmd)) local cmdresult = f:read("*a") f:close() @@ -391,7 +392,7 @@ end iface.ipaddr = function () local cmd = "PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin ip addr" - local f = io.popen(cmd) + local f = io.popen(format.escapespecialcharacters(cmd)) local cmdresult = f:read("*a") f:close() @@ -400,7 +401,7 @@ end iface.iproute = function () local cmd = "PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin ip route" - local f = io.popen(cmd) + local f = io.popen(format.escapespecialcharacters(cmd)) local cmdresult = f:read("*a") f:close() @@ -409,7 +410,7 @@ end iface.ifconfig = function () local cmd = "PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin ifconfig" - local f = io.popen(cmd) + local f = io.popen(format.escapespecialcharacters(cmd)) local cmdresult = f:read("*a") f:close() diff --git a/logfiles-model.lua b/logfiles-model.lua index d255256..174d389 100644 --- a/logfiles-model.lua +++ b/logfiles-model.lua @@ -1,6 +1,7 @@ -- acf model for displaying logfiles module (..., package.seeall) require("fs") +require("format") require("modelfunctions") -- Function to get detailed information on a specific file. @@ -9,7 +10,7 @@ local function file_info ( path ) local st = fs.stat(path) local size = st.size or "0" local lastmod = st.mtime or "---" - local file_inuse = io.popen("fuser " .. path ) + local file_inuse = io.popen("fuser " .. format.escapespecialcharacters(path) ) local fileinuseresult = file_inuse:read("*a") or "unknown" file_inuse:close() fileinuseresult = (fileinuseresult == "") diff --git a/password-model.lua b/password-model.lua index 7dd9cd6..accab05 100644 --- a/password-model.lua +++ b/password-model.lua @@ -2,6 +2,7 @@ module (..., package.seeall) require ("fs") +require ("format") read_password = function() pw = {} @@ -25,7 +26,7 @@ update_password = function (pw) end if success then - local f = io.popen("/usr/bin/cryptpw " .. pw.value.password.value) + local f = io.popen("/usr/bin/cryptpw " .. format.escapespecialcharacters(pw.value.password.value)) local newpass = f:read("*l") f:close() local new = string.gsub(filecontent, "(\n"..pw.value.user.value..":)[^:]*", "%1"..newpass) diff --git a/skins-model.lua b/skins-model.lua index 441298e..620e7a7 100644 --- a/skins-model.lua +++ b/skins-model.lua @@ -1,8 +1,10 @@ -- acf model for displaying logfiles recusivly module (..., package.seeall) +require("format") + local function set_skins(skin) - local cmd = "/bin/sed -i 's/skin=.*/skin=" .. skin .. "/' /etc/acf/acf.conf" + local cmd = "/bin/sed -i 's/skin=.*/skin=" .. format.escapespecialcharacters(skin) .. "/' /etc/acf/acf.conf" local f, errtxt = io.popen(cmd) local cmdoutput = f:read("*a") if cmdoutput == "" then cmdoutput = "New skin selected" end |