Commit a9195320 authored by Ted Trask's avatar Ted Trask

Modified modelfunctions library to include validation in get/setfiledetails. ...

Modified modelfunctions library to include validation in get/setfiledetails.  Modified all uses to validate the file name - this was a major security hole.

git-svn-id: svn://svn.alpinelinux.org/acf/dansguardian/trunk@1542 ab2d0c66-481e-0410-8bed-d214d4d58bed
parent 45372396
......@@ -136,27 +136,11 @@ update_general_config = function( config )
end
get_file = function(filename)
local retval
if is_valid_filename(filename) then
retval = modelfunctions.getfiledetails(filename)
else
retval = modelfunctions.getfiledetails("")
retval.value.filename.value = filename
end
return retval
return modelfunctions.getfiledetails(filename, is_valid_filename)
end
update_file = function(filedetails)
local retval
if is_valid_filename(filedetails.value.filename.value) then
retval = modelfunctions.setfiledetails(filedetails)
else
retval.value.filename.errtxt = "Invalid filename"
retval.errtxt = "Failed to save file"
end
return retval
return modelfunctions.setfiledetails(filedetails, is_valid_filename)
end
list_files = function()
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment