projects
/
project
/
luci.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
treewide: filter shell arguments through shellquote() where applicable
[project/luci.git]
/
applications
/
luci-app-vnstat
/
luasrc
/
view
/
vnstat.htm
diff --git
a/applications/luci-app-vnstat/luasrc/view/vnstat.htm
b/applications/luci-app-vnstat/luasrc/view/vnstat.htm
index
2b50255
..
42d7d24
100644
(file)
--- a/
applications/luci-app-vnstat/luasrc/view/vnstat.htm
+++ b/
applications/luci-app-vnstat/luasrc/view/vnstat.htm
@@
-21,12
+21,13
@@
style = (style and #style > 0) and style or "s"
-- render image
--
if iface then
-- render image
--
if iface then
- style = style:gsub("[^%w]", "")
- iface = iface:gsub("[^%w%.%-%_]", "")
-
luci.http.prepare_content("image/png")
luci.http.prepare_content("image/png")
- local png = io.popen("vnstati -i '%s' '-%s' -o -" % { iface, style })
+ local png = io.popen("vnstati -i %s -%s -o -" %{
+ utl.shellquote(iface),
+ utl.shellquote(style)
+ })
+
luci.http.write(png:read("*a"))
png:close()
luci.http.write(png:read("*a"))
png:close()
@@
-56,7
+57,7
@@
dbdir = dbdir or "/var/lib/vnstat"
<%+header%>
<%+header%>
-<h2
><a id="content" name="content"><%:VnStat Graphs%></a
></h2>
+<h2
name="content"><%:VnStat Graphs%
></h2>
<form action="" method="get">
<form action="" method="get">
@@
-89,7
+90,7
@@
dbdir = dbdir or "/var/lib/vnstat"
<%
end
end
<%
end
end
- end
+ end
%>
<% if empty then %>
%>
<% if empty then %>