Difuse/luci
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

applications/luci-wol: fix XSS

Browse source
This commit is contained in:
Jo-Philipp Wich 2010-11-24 05:05:39 +00:00
parent 168f025719
commit 305b25486a
1 changed files with 2 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
applications/luci-wol/luasrc/model/cbi/wol.lua
View file

@ -48,7 +48,7 @@ if has_ewk then
end end
iface:value("", translate("Broadcast on all interfaces")) iface:value("", translate("Broadcast on all interfaces"))
for _, e in ipairs(sys.net.devices()) do for _, e in ipairs(sys.net.devices()) do
if e ~= "lo" then iface:value(e) end if e ~= "lo" then iface:value(e) end
end end
@ -86,7 +86,7 @@ end
function host.write(self, s, val) function host.write(self, s, val)
local host = luci.http.formvalue("cbid.wol.1.mac") local host = luci.http.formvalue("cbid.wol.1.mac")
if host and #host > 0 then if host and #host > 0 and host:match("^[a-fA-F0-9:]+$") then
local cmd local cmd
local util = luci.http.formvalue("cbid.wol.1.binary") or ( local util = luci.http.formvalue("cbid.wol.1.binary") or (
has_ewk and "/usr/bin/etherwake" or "/usr/bin/wol" has_ewk and "/usr/bin/etherwake" or "/usr/bin/wol"
@ -127,4 +127,3 @@ end
return m return m