luci-mod-admin-full: fix possible shell injection in bandwith status

author Jo-Philipp Wich <jo@mein.io>

Wed, 4 Apr 2018 22:33:09 +0000 (00:33 +0200)

committer Jo-Philipp Wich <jo@mein.io>

Wed, 4 Apr 2018 22:33:09 +0000 (00:33 +0200)
author Jo-Philipp Wich <jo@mein.io>
Wed, 4 Apr 2018 22:33:09 +0000 (00:33 +0200)
committer Jo-Philipp Wich <jo@mein.io>
Wed, 4 Apr 2018 22:33:09 +0000 (00:33 +0200)
diff --git a/modules/luci-mod-admin-full/luasrc/controller/admin/status.lua b/modules/luci-mod-admin-full/luasrc/controller/admin/status.lua

index 22e1b7e173a5907bc8c45eadec4b7e5a45d8d552..4b03a188639bc6df0b3d32b285022e516d99cf1c 100644 (file)
--- a/modules/luci-mod-admin-full/luasrc/controller/admin/status.lua
+++ b/modules/luci-mod-admin-full/luasrc/controller/admin/status.lua
@@ -62,7 +62,7 @@ end
  function action_bandwidth(iface)
         luci.http.prepare_content("application/json")
  
-       local bwc = io.popen("luci-bwc -i %q 2>/dev/null" % iface)
+       local bwc = io.popen("luci-bwc -i '%s' 2>/dev/null" % iface:gsub("'", ""))
         if bwc then
                 luci.http.write("[")
  
@@ -80,7 +80,7 @@ end
  function action_wireless(iface)
         luci.http.prepare_content("application/json")
  
-       local bwc = io.popen("luci-bwc -r %q 2>/dev/null" % iface)
+       local bwc = io.popen("luci-bwc -r '%s' 2>/dev/null" % iface:gsub("'", ""))
         if bwc then
                 luci.http.write("[")
author	Jo-Philipp Wich <jo@mein.io>
	Wed, 4 Apr 2018 22:33:09 +0000 (00:33 +0200)
committer	Jo-Philipp Wich <jo@mein.io>
	Wed, 4 Apr 2018 22:33:09 +0000 (00:33 +0200)