diff options
author | Jo-Philipp Wich <jo@mein.io> | 2018-04-05 09:32:22 +0200 |
---|---|---|
committer | Jo-Philipp Wich <jo@mein.io> | 2018-04-05 09:37:43 +0200 |
commit | c0d9c4f3ce7bda19081d0da01a599bec067338a3 (patch) | |
tree | a46fcf6c6a594ad1a2ab3fe09f2e4860355a27fb /applications/luci-app-tinyproxy/luasrc/view | |
parent | 45cefe71f6069b088e14dd913eb382816acb945c (diff) |
treewide: filter shell arguments through shellquote() where applicable
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Diffstat (limited to 'applications/luci-app-tinyproxy/luasrc/view')
-rw-r--r-- | applications/luci-app-tinyproxy/luasrc/view/tinyproxy_status.htm | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/applications/luci-app-tinyproxy/luasrc/view/tinyproxy_status.htm b/applications/luci-app-tinyproxy/luasrc/view/tinyproxy_status.htm index d43a887b07..2ba9dddb8e 100644 --- a/applications/luci-app-tinyproxy/luasrc/view/tinyproxy_status.htm +++ b/applications/luci-app-tinyproxy/luasrc/view/tinyproxy_status.htm @@ -13,7 +13,11 @@ if luci.http.formvalue("frame") == "1" then end) local data = false - local wget = io.popen("wget -qO- http://%s:%s" % { addr, port }) + local wget = io.popen("wget -qO- http://%s:%s" %{ + luci.util.shellquote(addr), + luci.util.shellquote(port) + }) + if wget then while true do local l = wget:read("*l") @@ -30,7 +34,10 @@ if luci.http.formvalue("frame") == "1" then if not data then luci.http.write(translate("Failed to retrieve statistics from url:")) - luci.http.write(" http://%s:%s" % { addr, port }) + luci.http.write(" http://%s:%s" %{ + luci.util.pcdata(addr), + luci.util.pcdata(port) + }) end return @@ -43,7 +50,7 @@ end <div class="cbi-map"> <h2 name="content"><%:Tinyproxy Status%></h2> <div class="cbi-section"> - <iframe src="<%=REQUESTURL%>?frame=1" style="width:100%; height:350px; border:none"></iframe> + <iframe src="<%=REQUEST_URI%>?frame=1" style="width:100%; height:350px; border:none"></iframe> </div> </div> |