diff options
author | Ted Trask <ttrask01@yahoo.com> | 2008-10-07 17:31:24 +0000 |
---|---|---|
committer | Ted Trask <ttrask01@yahoo.com> | 2008-10-07 17:31:24 +0000 |
commit | 47596652337e32766c2232d52a4a09d6da865ed1 (patch) | |
tree | 0db7e7f19719a7d7efb5068e84440a379d7f259d /logfiles-model.lua | |
parent | ed1cb667362918a39dd62b7fb77d8da4293d27ae (diff) | |
download | acf-alpine-baselayout-47596652337e32766c2232d52a4a09d6da865ed1.tar.bz2 acf-alpine-baselayout-47596652337e32766c2232d52a4a09d6da865ed1.tar.xz |
Modified modelfunctions library to include validation in get/setfiledetails. Modified all uses to validate the file name - this was a major security hole.
git-svn-id: svn://svn.alpinelinux.org/acf/alpine-baselayout/trunk@1542 ab2d0c66-481e-0410-8bed-d214d4d58bed
Diffstat (limited to 'logfiles-model.lua')
-rw-r--r-- | logfiles-model.lua | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/logfiles-model.lua b/logfiles-model.lua index 41c2308..d255256 100644 --- a/logfiles-model.lua +++ b/logfiles-model.lua @@ -73,18 +73,18 @@ local do_grep = function(filecontent, grep) end get_filedetails = function (path, grep) - local filedetails local available_files = get() - for i,file in ipairs(available_files.value) do - if ( file.value.filename.value == path ) then - filedetails = modelfunctions.getfiledetails(path) - do_grep(filedetails.value.filecontent, grep) - break - end - end - if not filedetails then - filedetails = modelfunctions.getfiledetails("") - filedetails.value.filename.value = path + local filedetails = modelfunctions.getfiledetails(path, + function(filename) + for i,file in ipairs(available_files.value) do + if file.value.filename.value == filename then + return true + end + end + return false + end) + if not filedetails.errtxt then + do_grep(filedetails.value.filecontent, grep) end filedetails.value.grep = cfe({ value=grep or "", label="Grep" }) return filedetails |