libs/web: Prevent luci.http to prematurely parse the POST data

modules/admin-mini: Added fw-upgrade page
2008-07-16 14:26:40 +00:00 · 2008-07-16 14:26:40 +00:00 · 66a6492ae5
commit 66a6492ae5
parent 65cde96c5b
6 changed files with 183 additions and 10 deletions
--- a/applications/luci-statistics/luasrc/controller/luci_statistics/luci_statistics.lua
+++ b/applications/luci-statistics/luasrc/controller/luci_statistics/luci_statistics.lua
@ -80,7 +80,7 @@ function index()
 	      page.setuser  = "nobody"
 	      page.setgroup = "nogroup"

-	local vars = luci.http.formvalue()
+	local vars = luci.http.formvalue(nil, true)
 	local span = vars.timespan or nil

 	for i, plugin in luci.util.vspairs( tree:plugins() ) do
--- a/libs/web/luasrc/http.lua
+++ b/libs/web/luasrc/http.lua
@ -51,8 +51,8 @@ function Request.__init__(self, env, sourcein, sinkerr)
 	self.parsed_input = false
 end

-function Request.formvalue(self, name)
-	if not self.parsed_input then
+function Request.formvalue(self, name, noparse)
+	if not noparse and not self.parsed_input then
 		self:_parse_input()
 	end
 	
--- a/modules/admin-full/luasrc/controller/admin/system.lua
+++ b/modules/admin-full/luasrc/controller/admin/system.lua
@ -197,13 +197,30 @@ end

 function action_upgrade()
 	require("luci.model.uci")
+
 	local ret  = nil
 	local plat = luci.fs.mtime("/lib/upgrade/platform.sh")
-	
-	local image   = luci.http.upload("image")
+	local tmpfile = "/tmp/firmware.img"
+
+	local file
+	luci.http.setfilehandler(
+		function(meta, chunk, eof)
+			if not file then
+				file = io.open(tmpfile, "w")
+			end
+			if chunk then
+				file:write(chunk)
+			end
+			if eof then
+				file:close()
+			end
+		end
+	)
+
+	local fname   = luci.http.formvalue("image")
 	local keepcfg = luci.http.formvalue("keepcfg")
-	
-	if plat and image then
+
+	if plat and fname then
 		local kpattern = nil
 		if keepcfg then
 			local files = luci.model.uci.get_all("luci", "flash_keep")
@ -214,8 +231,8 @@ function action_upgrade()
 				end
 			end
 		end
-		ret = luci.sys.flash(image, kpattern)
+		ret = luci.sys.flash(tmpfile, kpattern)
 	end
-	
+
 	luci.template.render("admin_system/upgrade", {sysupgrade=plat, ret=ret})
 end
--- a/modules/admin-mini/luasrc/controller/mini/system.lua
+++ b/modules/admin-mini/luasrc/controller/mini/system.lua
@ -20,7 +20,9 @@ function index()
 	local i18n = luci.i18n.translate

 	entry({"mini", "system"}, call("action_reboot"), i18n("system"))
-	entry({"mini", "system", "reboot"}, call("action_reboot"), i18n("reboot"), 10)
+	entry({"admin", "system", "passwd"}, call("action_passwd"), i18n("a_s_changepw"), 10)
+	entry({"mini", "system", "upgrade"}, call("action_upgrade"), i18n("a_s_flash"), 20)
+	entry({"mini", "system", "reboot"}, call("action_reboot"), i18n("reboot"), 30)
 end

 function action_reboot()
@ -29,4 +31,62 @@ function action_reboot()
 	if reboot then
 		luci.sys.reboot()
 	end
+end
+
+function action_upgrade()
+	require("luci.model.uci")
+
+	local ret  = nil
+	local plat = luci.fs.mtime("/lib/upgrade/platform.sh")
+	local tmpfile = "/tmp/firmware.img"
+
+	local file
+	luci.http.setfilehandler(
+		function(meta, chunk, eof)
+			if not file then
+				file = io.open(tmpfile, "w")
+			end
+			if chunk then
+				file:write(chunk)
+			end
+			if eof then
+				file:close()
+			end
+		end
+	)
+
+	local fname   = luci.http.formvalue("image")
+	local keepcfg = luci.http.formvalue("keepcfg")
+
+	if plat and fname then
+		local kpattern = nil
+		if keepcfg then
+			local files = luci.model.uci.get_all("luci", "flash_keep")
+			if files.luci and files.luci.flash_keep then
+				kpattern = ""
+				for k,v in pairs(files.luci.flash_keep) do
+					kpattern = kpattern .. " " ..  v
+				end
+			end
+		end
+		ret = luci.sys.flash(tmpfile, kpattern)
+	end
+
+	luci.template.render("mini/upgrade", {sysupgrade=plat, ret=ret})
+end
+
+function action_passwd()
+	local p1 = luci.http.formvalue("pwd1")
+	local p2 = luci.http.formvalue("pwd2")
+	local stat = nil
+
+	if p1 or p2 then
+		if p1 == p2 then
+			stat = luci.sys.user.setpasswd("root", p1)
+		else
+			stat = 10
+		end
+	end
+
+	luci.template.render("mini/passwd", {stat=stat})
 end
--- a/modules/admin-mini/luasrc/view/mini/passwd.htm
+++ b/modules/admin-mini/luasrc/view/mini/passwd.htm
@ -0,0 +1,49 @@
+<%#
+LuCI - Lua Configuration Interface
+Copyright 2008 Steven Barth <steven@midlink.org>
+Copyright 2008 Jo-Philipp Wich <xm@leipzig.freifunk.net>
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+$Id$
+
+-%>
+<%+header%>
+<h1><%:system%></h1>
+<h2><%:a_s_changepw%></h2>
+<p><%:a_s_changepw1%></p>
+<div><br />
+<% if stat then %>
+	<% if stat == 0 then %>
+		<code><%:a_s_changepw_changed%>!</code>
+	<% elseif stat == 10 then %>
+		<code class="error"><%:a_s_changepw_nomatch%>!</code>
+	<% else %>
+		<code class="error"><%:unknownerror%>!</code>
+	<% end %>
+<% end %>
+<% if not stat or stat == 10 then %>
+	<form method="post" action="<%=controller%>/admin/system/passwd">
+		<div class="cbi-section-node">
+			<div class="cbi-value">
+				<div class="cbi-value-title"><%:password%></div>
+				<div class="cbi-value-field"><input type="password" name="pwd1" /></div>
+			</div>
+			<div class="cbi-value">
+				<div class="cbi-value-title"><%:confirmation%></div>
+				<div class="cbi-value-field"><input type="password" name="pwd2" /></div>
+			</div>
+			<br />
+			<div>
+				<input type="submit" value="<%:save%>" />
+				<input type="reset" value="<%:reset%>" />
+			</div>
+		</div>
+	</form>
+<% end %>
+</div>
+<%+footer%>
--- a/modules/admin-mini/luasrc/view/mini/upgrade.htm
+++ b/modules/admin-mini/luasrc/view/mini/upgrade.htm
@ -0,0 +1,47 @@
+<%#
+LuCI - Lua Configuration Interface
+Copyright 2008 Steven Barth <steven@midlink.org>
+Copyright 2008 Jo-Philipp Wich <xm@leipzig.freifunk.net>
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+$Id$
+
+-%>
+<%+header%>
+<h1><%:system%></h1>
+<h2><%:a_s_flash%></h2>
+<p><%:a_s_flash_upgrade1%></p>
+<br />
+<% if sysupgrade and not ret then %>
+<form method="post" action="<%=REQUEST_URI%>" enctype="multipart/form-data">
+	<div class="cbi-section-node">
+		<div class="cbi-value clear">
+			<div class="cbi-value-title left"><%:a_s_flash_fwimage%></div>
+			<div class="cbi-value-field"><input type="file" size="30" name="image" /></div>
+		</div>
+		<br />
+		<div class="cbi-value clear">
+			<input type="checkbox" name="keepcfg" value="1" checked="checked" />
+			<span class="bold"><%:a_s_flash_keepcfg%></span>
+		</div>
+		<br />
+		<div>
+			<input type="submit" value="<%:a_s_flash_fwupgrade%>" />
+		</div>
+	</div>
+</form>
+<% elseif ret then %>
+	<% if ret == 0 then %>
+<div class="ok"><%:a_s_flash_flashed%></div>
+	<% else %>
+<div class="error"><%:a_s_flash_flasherr%>! (<%:code%> <%=ret%>)</div>	
+	<% end %>
+<% else %>
+<div class="error"><%:a_s_flash_notimplemented%></div>
+<% end %>
+<%+footer%>