treewide: filter shell arguments through shellquote() where applicable

[project/luci.git] / applications / luci-app-adblock / luasrc / controller / adblock.lua

diff --git a/applications/luci-app-adblock/luasrc/controller/adblock.lua b/applications/luci-app-adblock/luasrc/controller/adblock.lua
index 0cfbb5f..763c0b4 100644 (file)
--- a/applications/luci-app-adblock/luasrc/controller/adblock.lua
+++ b/applications/luci-app-adblock/luasrc/controller/adblock.lua
@@ -3,7 +3,6 @@
 
 module("luci.controller.adblock", package.seeall)
 
-local fs    = require("nixio.fs")
 local util  = require("luci.util")
 local templ = require("luci.template")
 local i18n  = require("luci.i18n")
@@ -27,7 +26,7 @@ function logread()
        local logfile
 
        if nixio.fs.access("/var/log/messages") then
-               logfile = util.trim(util.exec("cat /var/log/messages | grep -F 'adblock-'"))
+               logfile = util.trim(util.exec("grep -F 'adblock-' /var/log/messages"))
        else
                logfile = util.trim(util.exec("logread -e 'adblock-'"))
        end
@@ -35,10 +34,10 @@ function logread()
 end
 
 function queryData(domain)
-       if domain and domain:match("^[a-zA-Z0-9%-%._]+$") then
+       if domain then
                luci.http.prepare_content("text/plain")
-               local cmd = "/etc/init.d/adblock query %q 2>&1"
-               local util = io.popen(cmd % domain)
+               local cmd = "/etc/init.d/adblock query %s 2>&1"
+               local util = io.popen(cmd % util.shellquote(domain))
                if util then
                        while true do
                                local line = util:read("*l")