projects
/
project
/
luci.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(from parent 1:
186e690
)
luci-base: fix possible shell injection in luci.tools.status.switch_status()
author
Jo-Philipp Wich
<jo@mein.io>
Wed, 4 Apr 2018 22:32:28 +0000
(
00:32
+0200)
committer
Jo-Philipp Wich
<jo@mein.io>
Wed, 4 Apr 2018 22:32:56 +0000
(
00:32
+0200)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
modules/luci-base/luasrc/tools/status.lua
patch
|
blob
|
history
diff --git
a/modules/luci-base/luasrc/tools/status.lua
b/modules/luci-base/luasrc/tools/status.lua
index
5012111
..
1c40387
100644
(file)
--- a/
modules/luci-base/luasrc/tools/status.lua
+++ b/
modules/luci-base/luasrc/tools/status.lua
@@
-187,7
+187,7
@@
function switch_status(devs)
local switches = { }
for dev in devs:gmatch("[^%s,]+") do
local ports = { }
- local swc = io.popen("swconfig dev
%q show" % dev
, "r")
+ local swc = io.popen("swconfig dev
'%s' show" % dev:gsub("'", "")
, "r")
if swc then
local l
repeat