summaryrefslogtreecommitdiffhomepage
path: root/applications/luci-app-cshark/luasrc/controller
diff options
context:
space:
mode:
authorJo-Philipp Wich <jo@mein.io>2018-04-05 09:32:22 +0200
committerJo-Philipp Wich <jo@mein.io>2018-04-05 09:37:43 +0200
commitc0d9c4f3ce7bda19081d0da01a599bec067338a3 (patch)
treea46fcf6c6a594ad1a2ab3fe09f2e4860355a27fb /applications/luci-app-cshark/luasrc/controller
parent45cefe71f6069b088e14dd913eb382816acb945c (diff)
treewide: filter shell arguments through shellquote() where applicable
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Diffstat (limited to 'applications/luci-app-cshark/luasrc/controller')
-rw-r--r--applications/luci-app-cshark/luasrc/controller/cshark.lua8
1 files changed, 7 insertions, 1 deletions
diff --git a/applications/luci-app-cshark/luasrc/controller/cshark.lua b/applications/luci-app-cshark/luasrc/controller/cshark.lua
index 4d9bbba290..43410a0045 100644
--- a/applications/luci-app-cshark/luasrc/controller/cshark.lua
+++ b/applications/luci-app-cshark/luasrc/controller/cshark.lua
@@ -53,7 +53,13 @@ function cshark_iface_dump_start(ifname, value, flag, filter)
luci.http.prepare_content("text/plain")
- local res = os.execute("(/sbin/cshark -i " .. ifname .. " -" .. flag .. " " .. value .. " -p /tmp/cshark-luci.pid " .. filter .. " > /tmp/cshark-luci.out 2>&1) &")
+ local res = os.execute("(/sbin/cshark -i %s -%s %s -p /tmp/cshark-luci.pid %s > /tmp/cshark-luci.out 2>&1) &" %{
+ luci.util.shellquote(ifname),
+ luci.util.shellquote(flag),
+ luci.util.shellquote(value),
+ luci.util.shellquote(filter)
+ })
+
luci.http.write(tostring(res))
end