treewide: filter shell arguments through shellquote() where applicable
[project/luci.git] / modules / luci-mod-admin-full / luasrc / controller / admin / network.lua
index 6e578e0..070a9e6 100644 (file)
@@ -1,5 +1,5 @@
 -- Copyright 2008 Steven Barth <steven@midlink.org>
--- Copyright 2011 Jo-Philipp Wich <jow@openwrt.org>
+-- Copyright 2011-2015 Jo-Philipp Wich <jow@openwrt.org>
 -- Licensed to the public under the Apache License 2.0.
 
 module("luci.controller.admin.network", package.seeall)
@@ -43,25 +43,25 @@ function index()
                        end)
 
                if has_wifi then
-                       page = entry({"admin", "network", "wireless_join"}, call("wifi_join"), nil)
+                       page = entry({"admin", "network", "wireless_join"}, post("wifi_join"), nil)
                        page.leaf = true
 
-                       page = entry({"admin", "network", "wireless_add"}, call("wifi_add"), nil)
+                       page = entry({"admin", "network", "wireless_add"}, post("wifi_add"), nil)
                        page.leaf = true
 
-                       page = entry({"admin", "network", "wireless_delete"}, call("wifi_delete"), nil)
+                       page = entry({"admin", "network", "wireless_delete"}, post("wifi_delete"), nil)
                        page.leaf = true
 
                        page = entry({"admin", "network", "wireless_status"}, call("wifi_status"), nil)
                        page.leaf = true
 
-                       page = entry({"admin", "network", "wireless_reconnect"}, call("wifi_reconnect"), nil)
+                       page = entry({"admin", "network", "wireless_reconnect"}, post("wifi_reconnect"), nil)
                        page.leaf = true
 
-                       page = entry({"admin", "network", "wireless_shutdown"}, call("wifi_shutdown"), nil)
+                       page = entry({"admin", "network", "wireless_shutdown"}, post("wifi_shutdown"), nil)
                        page.leaf = true
 
-                       page = entry({"admin", "network", "wireless"}, arcombine(template("admin_network/wifi_overview"), cbi("admin_network/wifi")), _("Wifi"), 15)
+                       page = entry({"admin", "network", "wireless"}, arcombine(template("admin_network/wifi_overview"), cbi("admin_network/wifi")), _("Wireless"), 15)
                        page.leaf = true
                        page.subindex = true
 
@@ -85,16 +85,16 @@ function index()
                page = entry({"admin", "network", "iface_add"}, cbi("admin_network/iface_add"), nil)
                page.leaf = true
 
-               page = entry({"admin", "network", "iface_delete"}, call("iface_delete"), nil)
+               page = entry({"admin", "network", "iface_delete"}, post("iface_delete"), nil)
                page.leaf = true
 
                page = entry({"admin", "network", "iface_status"}, call("iface_status"), nil)
                page.leaf = true
 
-               page = entry({"admin", "network", "iface_reconnect"}, call("iface_reconnect"), nil)
+               page = entry({"admin", "network", "iface_reconnect"}, post("iface_reconnect"), nil)
                page.leaf = true
 
-               page = entry({"admin", "network", "iface_shutdown"}, call("iface_shutdown"), nil)
+               page = entry({"admin", "network", "iface_shutdown"}, post("iface_shutdown"), nil)
                page.leaf = true
 
                page = entry({"admin", "network", "network"}, arcombine(cbi("admin_network/network"), cbi("admin_network/ifaces")), _("Interfaces"), 10)
@@ -138,44 +138,33 @@ function index()
                page.title  = _("Diagnostics")
                page.order  = 60
 
-               page = entry({"admin", "network", "diag_ping"}, call("diag_ping"), nil)
+               page = entry({"admin", "network", "diag_ping"}, post("diag_ping"), nil)
                page.leaf = true
 
-               page = entry({"admin", "network", "diag_nslookup"}, call("diag_nslookup"), nil)
+               page = entry({"admin", "network", "diag_nslookup"}, post("diag_nslookup"), nil)
                page.leaf = true
 
-               page = entry({"admin", "network", "diag_traceroute"}, call("diag_traceroute"), nil)
+               page = entry({"admin", "network", "diag_traceroute"}, post("diag_traceroute"), nil)
                page.leaf = true
 
-               page = entry({"admin", "network", "diag_ping6"}, call("diag_ping6"), nil)
+               page = entry({"admin", "network", "diag_ping6"}, post("diag_ping6"), nil)
                page.leaf = true
 
-               page = entry({"admin", "network", "diag_traceroute6"}, call("diag_traceroute6"), nil)
+               page = entry({"admin", "network", "diag_traceroute6"}, post("diag_traceroute6"), nil)
                page.leaf = true
 --     end
 end
 
 function wifi_join()
-       local function param(x)
-               return luci.http.formvalue(x)
-       end
-
-       local function ptable(x)
-               x = param(x)
-               return x and (type(x) ~= "table" and { x } or x) or {}
-       end
-
-       local dev  = param("device")
-       local ssid = param("join")
+       local tpl  = require "luci.template"
+       local http = require "luci.http"
+       local dev  = http.formvalue("device")
+       local ssid = http.formvalue("join")
 
        if dev and ssid then
-               local cancel  = (param("cancel") or param("cbi.cancel")) and true or false
-
-               if cancel then
-                       luci.http.redirect(luci.dispatcher.build_url("admin/network/wireless_join?device=" .. dev))
-               else
+               local cancel = (http.formvalue("cancel") or http.formvalue("cbi.cancel"))
+               if not cancel then
                        local cbi = require "luci.cbi"
-                       local tpl = require "luci.template"
                        local map = luci.cbi.load("admin_network/wifi_add")[1]
 
                        if map:parse() ~= cbi.FORM_DONE then
@@ -183,10 +172,12 @@ function wifi_join()
                                map:render()
                                tpl.render("footer")
                        end
+
+                       return
                end
-       else
-               luci.template.render("admin_network/wifi_join")
        end
+
+       tpl.render("admin_network/wifi_join")
 end
 
 function wifi_add()
@@ -244,7 +235,10 @@ function iface_status(ifaces)
                                proto      = net:proto(),
                                uptime     = net:uptime(),
                                gwaddr     = net:gwaddr(),
+                               ipaddrs    = net:ipaddrs(),
+                               ip6addrs   = net:ip6addrs(),
                                dnsaddrs   = net:dnsaddrs(),
+                               ip6prefix  = net:ip6prefix(),
                                name       = device:shortname(),
                                type       = device:type(),
                                ifname     = device:name(),
@@ -255,36 +249,15 @@ function iface_status(ifaces)
                                rx_packets = device:rx_packets(),
                                tx_packets = device:tx_packets(),
 
-                               ipaddrs    = { },
-                               ip6addrs   = { },
                                subdevices = { }
                        }
 
-                       local _, a
-                       for _, a in ipairs(device:ipaddrs()) do
-                               data.ipaddrs[#data.ipaddrs+1] = {
-                                       addr      = a:host():string(),
-                                       netmask   = a:mask():string(),
-                                       prefix    = a:prefix()
-                               }
-                       end
-                       for _, a in ipairs(device:ip6addrs()) do
-                               if not a:is6linklocal() then
-                                       data.ip6addrs[#data.ip6addrs+1] = {
-                                               addr      = a:host():string(),
-                                               netmask   = a:mask():string(),
-                                               prefix    = a:prefix()
-                                       }
-                               end
-                       end
-
                        for _, device in ipairs(net:get_interfaces() or {}) do
                                data.subdevices[#data.subdevices+1] = {
                                        name       = device:shortname(),
                                        type       = device:type(),
                                        ifname     = device:name(),
                                        macaddr    = device:mac(),
-                                       macaddr    = device:mac(),
                                        is_up      = device:is_up(),
                                        rx_bytes   = device:rx_bytes(),
                                        tx_bytes   = device:tx_bytes(),
@@ -316,7 +289,8 @@ function iface_reconnect(iface)
        local netmd = require "luci.model.network".init()
        local net = netmd:get_network(iface)
        if net then
-               luci.sys.call("env -i /sbin/ifup %q >/dev/null 2>/dev/null" % iface)
+               luci.sys.call("env -i /sbin/ifup %s >/dev/null 2>/dev/null"
+                       % luci.util.shellquote(iface))
                luci.http.status(200, "Reconnected")
                return
        end
@@ -328,7 +302,8 @@ function iface_shutdown(iface)
        local netmd = require "luci.model.network".init()
        local net = netmd:get_network(iface)
        if net then
-               luci.sys.call("env -i /sbin/ifdown %q >/dev/null 2>/dev/null" % iface)
+               luci.sys.call("env -i /sbin/ifdown %s >/dev/null 2>/dev/null"
+                       % luci.util.shellquote(iface))
                luci.http.status(200, "Shutdown")
                return
        end
@@ -340,7 +315,8 @@ function iface_delete(iface)
        local netmd = require "luci.model.network".init()
        local net = netmd:del_network(iface)
        if net then
-               luci.sys.call("env -i /sbin/ifdown %q >/dev/null 2>/dev/null" % iface)
+               luci.sys.call("env -i /sbin/ifdown %s >/dev/null 2>/dev/null"
+                       % luci.util.shellquote(iface))
                luci.http.redirect(luci.dispatcher.build_url("admin/network/network"))
                netmd:commit("network")
                netmd:commit("wireless")
@@ -416,7 +392,7 @@ function diag_command(cmd, addr)
        if addr and addr:match("^[a-zA-Z0-9%-%.:_]+$") then
                luci.http.prepare_content("text/plain")
 
-               local util = io.popen(cmd % addr)
+               local util = io.popen(cmd % luci.util.shellquote(addr))
                if util then
                        while true do
                                local ln = util:read("*l")
@@ -435,21 +411,21 @@ function diag_command(cmd, addr)
 end
 
 function diag_ping(addr)
-       diag_command("ping -c 5 -W 1 %q 2>&1", addr)
+       diag_command("ping -c 5 -W 1 %s 2>&1", addr)
 end
 
 function diag_traceroute(addr)
-       diag_command("traceroute -q 1 -w 1 -n %q 2>&1", addr)
+       diag_command("traceroute -q 1 -w 1 -n %s 2>&1", addr)
 end
 
 function diag_nslookup(addr)
-       diag_command("nslookup %q 2>&1", addr)
+       diag_command("nslookup %s 2>&1", addr)
 end
 
 function diag_ping6(addr)
-       diag_command("ping6 -c 5 %q 2>&1", addr)
+       diag_command("ping6 -c 5 %s 2>&1", addr)
 end
 
 function diag_traceroute6(addr)
-       diag_command("traceroute6 -q 1 -w 2 -n %q 2>&1", addr)
+       diag_command("traceroute6 -q 1 -w 2 -n %s 2>&1", addr)
 end