Difuse/luci
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

luci-base: fs.js: properly escape arguments in exec_direct()

Browse source 
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit e884b63916)
This commit is contained in:
Jo-Philipp Wich 2019-12-18 21:22:06 +01:00
parent b26f16f241
commit f400982da4
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
modules/luci-base/htdocs/luci-static/resources/fs.js
View file

@ -374,11 +374,13 @@ var FileSystem = L.Class.extend(/** @lends LuCI.fs.prototype */ {
* rejecting with an error stating the failure reason.
*/
exec_direct: function(command, params) {
var cmdstr = command;
var cmdstr = String(command)
.replace(/\\/g, '\\\\').replace(/(\s)/g, '\\$1');
if (Array.isArray(params))
for (var i = 0; i < params.length; i++)
cmdstr += ' ' + params[i];
cmdstr += ' ' + String(params[i])
.replace(/\\/g, '\\\\').replace(/(\s)/g, '\\$1');
var postdata = 'sessionid=%s&command=%s'
.format(encodeURIComponent(L.env.sessionid), encodeURIComponent(cmdstr));