treewide: filter shell arguments through shellquote() where applicable

[project/luci.git] / modules / luci-mod-admin-full / luasrc / controller / admin / network.lua

diff --git a/modules/luci-mod-admin-full/luasrc/controller/admin/network.lua b/modules/luci-mod-admin-full/luasrc/controller/admin/network.lua
index 2cb2108..070a9e6 100644 (file)
--- a/modules/luci-mod-admin-full/luasrc/controller/admin/network.lua
+++ b/modules/luci-mod-admin-full/luasrc/controller/admin/network.lua
@@ -258,7 +258,6 @@ function iface_status(ifaces)
                                        type       = device:type(),
                                        ifname     = device:name(),
                                        macaddr    = device:mac(),
-                                       macaddr    = device:mac(),
                                        is_up      = device:is_up(),
                                        rx_bytes   = device:rx_bytes(),
                                        tx_bytes   = device:tx_bytes(),
@@ -290,7 +289,8 @@ function iface_reconnect(iface)
        local netmd = require "luci.model.network".init()
        local net = netmd:get_network(iface)
        if net then
-               luci.sys.call("env -i /sbin/ifup %q >/dev/null 2>/dev/null" % iface)
+               luci.sys.call("env -i /sbin/ifup %s >/dev/null 2>/dev/null"
+                       % luci.util.shellquote(iface))
                luci.http.status(200, "Reconnected")
                return
        end
@@ -302,7 +302,8 @@ function iface_shutdown(iface)
        local netmd = require "luci.model.network".init()
        local net = netmd:get_network(iface)
        if net then
-               luci.sys.call("env -i /sbin/ifdown %q >/dev/null 2>/dev/null" % iface)
+               luci.sys.call("env -i /sbin/ifdown %s >/dev/null 2>/dev/null"
+                       % luci.util.shellquote(iface))
                luci.http.status(200, "Shutdown")
                return
        end
@@ -314,7 +315,8 @@ function iface_delete(iface)
        local netmd = require "luci.model.network".init()
        local net = netmd:del_network(iface)
        if net then
-               luci.sys.call("env -i /sbin/ifdown %q >/dev/null 2>/dev/null" % iface)
+               luci.sys.call("env -i /sbin/ifdown %s >/dev/null 2>/dev/null"
+                       % luci.util.shellquote(iface))
                luci.http.redirect(luci.dispatcher.build_url("admin/network/network"))
                netmd:commit("network")
                netmd:commit("wireless")
@@ -390,7 +392,7 @@ function diag_command(cmd, addr)
        if addr and addr:match("^[a-zA-Z0-9%-%.:_]+$") then
                luci.http.prepare_content("text/plain")
 
-               local util = io.popen(cmd % addr)
+               local util = io.popen(cmd % luci.util.shellquote(addr))
                if util then
                        while true do
                                local ln = util:read("*l")
@@ -409,21 +411,21 @@ function diag_command(cmd, addr)
 end
 
 function diag_ping(addr)
-       diag_command("ping -c 5 -W 1 %q 2>&1", addr)
+       diag_command("ping -c 5 -W 1 %s 2>&1", addr)
 end
 
 function diag_traceroute(addr)
-       diag_command("traceroute -q 1 -w 1 -n %q 2>&1", addr)
+       diag_command("traceroute -q 1 -w 1 -n %s 2>&1", addr)
 end
 
 function diag_nslookup(addr)
-       diag_command("nslookup %q 2>&1", addr)
+       diag_command("nslookup %s 2>&1", addr)
 end
 
 function diag_ping6(addr)
-       diag_command("ping6 -c 5 %q 2>&1", addr)
+       diag_command("ping6 -c 5 %s 2>&1", addr)
 end
 
 function diag_traceroute6(addr)
-       diag_command("traceroute6 -q 1 -w 2 -n %q 2>&1", addr)
+       diag_command("traceroute6 -q 1 -w 2 -n %s 2>&1", addr)
 end