Difuse/luci
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

applications/luci-wol: fix XSS

Browse source
This commit is contained in:
Jo-Philipp Wich 2010-11-24 05:05:39 +00:00
parent 168f025719
commit 305b25486a
1 changed files with 2 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
applications/luci-wol/luasrc/model/cbi/wol.lua
View file

@ -86,7 +86,7 @@ end
function host.write(self, s, val) function host.write(self, s, val)
local host = luci.http.formvalue("cbid.wol.1.mac") local host = luci.http.formvalue("cbid.wol.1.mac")
if host and #host > 0 then if host and #host > 0 and host:match("^[a-fA-F0-9:]+$") then
local cmd local cmd
local util = luci.http.formvalue("cbid.wol.1.binary") or ( local util = luci.http.formvalue("cbid.wol.1.binary") or (
has_ewk and "/usr/bin/etherwake" or "/usr/bin/wol" has_ewk and "/usr/bin/etherwake" or "/usr/bin/wol"
@ -127,4 +127,3 @@ end
return m return m