diff options
| author | Jo-Philipp Wich <jow@openwrt.org> | 2010-11-24 05:05:39 +0000 |
|---|---|---|
| committer | Jo-Philipp Wich <jow@openwrt.org> | 2010-11-24 05:05:39 +0000 |
| commit | 305b25486af424d89ccfc2fd7607579f90735602 (patch) | |
| tree | 9fade49233e1320d5283fe71037a991a90703798 | |
| parent | 168f025719868f6fc723fa87c27e71bad5027aa6 (diff) | |
applications/luci-wol: fix XSS
| -rw-r--r-- | applications/luci-wol/luasrc/model/cbi/wol.lua | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/applications/luci-wol/luasrc/model/cbi/wol.lua b/applications/luci-wol/luasrc/model/cbi/wol.lua index ac73919e2..30467f430 100644 --- a/applications/luci-wol/luasrc/model/cbi/wol.lua +++ b/applications/luci-wol/luasrc/model/cbi/wol.lua @@ -48,7 +48,7 @@ if has_ewk then end iface:value("", translate("Broadcast on all interfaces")) - + for _, e in ipairs(sys.net.devices()) do if e ~= "lo" then iface:value(e) end end @@ -86,7 +86,7 @@ end function host.write(self, s, val) local host = luci.http.formvalue("cbid.wol.1.mac") - if host and #host > 0 then + if host and #host > 0 and host:match("^[a-fA-F0-9:]+$") then local cmd local util = luci.http.formvalue("cbid.wol.1.binary") or ( has_ewk and "/usr/bin/etherwake" or "/usr/bin/wol" @@ -127,4 +127,3 @@ end return m - |