Commit eb7cf586 authored by Ted Trask's avatar Ted Trask

Modified modelfunctions library to include validation in get/setfiledetails. ...

Modified modelfunctions library to include validation in get/setfiledetails.  Modified all uses to validate the file name - this was a major security hole.

git-svn-id: svn://svn.alpinelinux.org/acf/dnscache/trunk@1542 ab2d0c66-481e-0410-8bed-d214d4d58bed
parent aba173b4
...@@ -101,27 +101,13 @@ function setconfig(config) ...@@ -101,27 +101,13 @@ function setconfig(config)
end end
function getconfigfile() function getconfigfile()
local config = modelfunctions.getfiledetails(configfile) -- FIXME Validate
return modelfunctions.getfiledetails(configfile)
-- Validate
return config
end end
function setconfigfile(config) function setconfigfile(filedetails)
local configcontent = string.gsub(format.dostounix(config.value.filecontent.value), "\n*$", "") -- FIXME Validate
return modelfunctions.setfiledetails(filedetails, {configfile})
-- Validate
if fs.is_file(configfile) then
fs.write_file(configfile, configcontent)
config = modelfunctions.getfiledetails(configfile)
else
config.value.filecontent.value = configcontent
config.errtxt = "Failed to set config"
end
return config
end end
function getIPs() function getIPs()
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment