projects / project / luci.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
treewide: filter shell arguments through shellquote() where applicable
[project/luci.git] / applications / luci-app-vnstat / luasrc / view / vnstat.htm
diff --git a/applications/luci-app-vnstat/luasrc/view/vnstat.htm b/applications/luci-app-vnstat/luasrc/view/vnstat.htm
index 2b8d9ff..42d7d24 100644 (file)
--- a/applications/luci-app-vnstat/luasrc/view/vnstat.htm
+++ b/applications/luci-app-vnstat/luasrc/view/vnstat.htm
@@ -21,12 +21,13 @@ style = (style and #style > 0) and style or "s"
 -- render image
 --
 if iface then
 -- render image
 --
 if iface then
-       style = style:gsub("[^%w]", "")
-       iface = iface:gsub("[^%w%.%-%_]", "")
-
        luci.http.prepare_content("image/png")
 
        luci.http.prepare_content("image/png")
 
-       local png = io.popen("vnstati -i '%s' '-%s' -o -" % { iface, style })
+       local png = io.popen("vnstati -i %s -%s -o -" %{
+               utl.shellquote(iface),
+               utl.shellquote(style)
+       })
+
        luci.http.write(png:read("*a"))
        png:close()
 
        luci.http.write(png:read("*a"))
        png:close()
 
@@ -89,7 +90,7 @@ dbdir = dbdir or "/var/lib/vnstat"
 <%
        end
      end
 <%
        end
      end
-   end 
+   end
 %>
 
 <% if empty then %>
 %>
 
 <% if empty then %>
Lua Configuration Interface (mirror)