Difuse/luci
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
luci/modules
History
Jo-Philipp Wich cc8ba6e301 luci-base: sys: prevent path traversal via sys.init routines 
Filter the init script name parameter through fs.basename() to avoid
invoking paths outside of /etc/init.d/.

Reported-by: Graham R <gr348@cam.ac.uk>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 8752701b0d)
2022-01-19 16:34:21 +01:00
..
luci-base luci-base: sys: prevent path traversal via sys.init routines 2022-01-19 16:34:21 +01:00
luci-compat luci-base: move old cbi icons to luci-compat 2020-05-07 19:40:50 +02:00
luci-mod-admin-full luci-base: use cgi-io and rpcd-mod-file to handle file upload and browsing 2019-09-10 15:28:16 +02:00
luci-mod-admin-mini treewide: move server side CBI support to luci-compat 2019-11-03 20:49:31 +01:00
luci-mod-failsafe Revert "luci-base: move unused tools.webadmin class to luci-compat" 2020-03-06 17:35:08 +01:00
luci-mod-network luci-mod-network: allow literal "auto" value for distance 2021-09-28 08:58:09 -10:00
luci-mod-rpc luci-mod-rpc: drop "secret" value from rpc session objects 2019-01-30 16:51:49 +01:00
luci-mod-status luci-mod-status: fix potential XSS via specially crafted DNS names 2021-05-12 12:03:19 +02:00
luci-mod-system luci-mod-system: implement system.description, system.notes 2021-04-06 23:21:46 +03:00