summaryrefslogtreecommitdiffhomepage
path: root/applications/luci-app-vnstat/luasrc/view
diff options
context:
space:
mode:
authorJo-Philipp Wich <jo@mein.io>2018-04-05 09:32:22 +0200
committerJo-Philipp Wich <jo@mein.io>2018-04-05 09:37:43 +0200
commitc0d9c4f3ce7bda19081d0da01a599bec067338a3 (patch)
treea46fcf6c6a594ad1a2ab3fe09f2e4860355a27fb /applications/luci-app-vnstat/luasrc/view
parent45cefe71f6069b088e14dd913eb382816acb945c (diff)
treewide: filter shell arguments through shellquote() where applicable
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Diffstat (limited to 'applications/luci-app-vnstat/luasrc/view')
-rw-r--r--applications/luci-app-vnstat/luasrc/view/vnstat.htm11
1 files changed, 6 insertions, 5 deletions
diff --git a/applications/luci-app-vnstat/luasrc/view/vnstat.htm b/applications/luci-app-vnstat/luasrc/view/vnstat.htm
index 2b8d9ff9c..42d7d2404 100644
--- a/applications/luci-app-vnstat/luasrc/view/vnstat.htm
+++ b/applications/luci-app-vnstat/luasrc/view/vnstat.htm
@@ -21,12 +21,13 @@ style = (style and #style > 0) and style or "s"
-- render image
--
if iface then
- style = style:gsub("[^%w]", "")
- iface = iface:gsub("[^%w%.%-%_]", "")
-
luci.http.prepare_content("image/png")
- local png = io.popen("vnstati -i '%s' '-%s' -o -" % { iface, style })
+ local png = io.popen("vnstati -i %s -%s -o -" %{
+ utl.shellquote(iface),
+ utl.shellquote(style)
+ })
+
luci.http.write(png:read("*a"))
png:close()
@@ -89,7 +90,7 @@ dbdir = dbdir or "/var/lib/vnstat"
<%
end
end
- end
+ end
%>
<% if empty then %>