summaryrefslogtreecommitdiffhomepage
path: root/modules/luci-base/luasrc
diff options
context:
space:
mode:
authorJo-Philipp Wich <jow@openwrt.org>2015-12-17 02:32:47 +0100
committerJo-Philipp Wich <jow@openwrt.org>2015-12-17 02:32:47 +0100
commit31816e92f109e0c534f176ca1e79b032917c876c (patch)
tree644be4426122b92673d1329e0313b93fface7275 /modules/luci-base/luasrc
parent3dfa111db87de7c5059cb6521c6e05b7f56af195 (diff)
parentb475ec699d0c16c4ac7f4abb7680c7e6011428f4 (diff)
Merge pull request #577 from cshore/pull-request-safe-file-upload
luci-base: Make default for FileUpload 'safe'
Diffstat (limited to 'modules/luci-base/luasrc')
-rw-r--r--modules/luci-base/luasrc/cbi.lua58
-rw-r--r--modules/luci-base/luasrc/view/cbi/upload.htm16
2 files changed, 57 insertions, 17 deletions
diff --git a/modules/luci-base/luasrc/cbi.lua b/modules/luci-base/luasrc/cbi.lua
index 8fd0a337e2..2c1bb4d226 100644
--- a/modules/luci-base/luasrc/cbi.lua
+++ b/modules/luci-base/luasrc/cbi.lua
@@ -1811,6 +1811,7 @@ function Button.__init__(self, ...)
self.template = "cbi/button"
self.inputstyle = nil
self.rmempty = true
+ self.unsafeupload = false
end
@@ -1827,9 +1828,15 @@ function FileUpload.__init__(self, ...)
end
function FileUpload.formcreated(self, section)
- return AbstractValue.formcreated(self, section) or
- self.map:formvalue("cbi.rlf."..section.."."..self.option) or
- self.map:formvalue("cbi.rlf."..section.."."..self.option..".x")
+ if self.unsafeupload then
+ return AbstractValue.formcreated(self, section) or
+ self.map:formvalue("cbi.rlf."..section.."."..self.option) or
+ self.map:formvalue("cbi.rlf."..section.."."..self.option..".x") or
+ self.map:formvalue("cbid."..self.map.config.."."..section.."."..self.option..".textbox")
+ else
+ return AbstractValue.formcreated(self, section) or
+ self.map:formvalue("cbid."..self.map.config.."."..section.."."..self.option..".textbox")
+ end
end
function FileUpload.cfgvalue(self, section)
@@ -1840,27 +1847,50 @@ function FileUpload.cfgvalue(self, section)
return nil
end
+-- If we have a new value, use it
+-- otherwise use old value
+-- deletion should be managed by a separate button object
+-- unless self.unsafeupload is set in which case if the user
+-- choose to remove the old file we do so.
+-- Also, allow to specify (via textbox) a file already on router
function FileUpload.formvalue(self, section)
local val = AbstractValue.formvalue(self, section)
if val then
- if not self.map:formvalue("cbi.rlf."..section.."."..self.option) and
- not self.map:formvalue("cbi.rlf."..section.."."..self.option..".x")
- then
+ if self.unsafeupload then
+ if not self.map:formvalue("cbi.rlf."..section.."."..self.option) and
+ not self.map:formvalue("cbi.rlf."..section.."."..self.option..".x")
+ then
+ return val
+ end
+ fs.unlink(val)
+ self.value = nil
+ return nil
+ elseif val ~= "" then
return val
- end
- fs.unlink(val)
- self.value = nil
+ end
end
- return nil
+ val = luci.http.formvalue("cbid."..self.map.config.."."..section.."."..self.option..".textbox")
+ if val == "" then
+ val = nil
+ end
+ if not self.unsafeupload then
+ if not val then
+ val = self.map:formvalue("cbi.rlf."..section.."."..self.option)
+ end
+ end
+ return val
end
function FileUpload.remove(self, section)
- local val = AbstractValue.formvalue(self, section)
- if val and fs.access(val) then fs.unlink(val) end
- return AbstractValue.remove(self, section)
+ if self.unsafeupload then
+ local val = AbstractValue.formvalue(self, section)
+ if val and fs.access(val) then fs.unlink(val) end
+ return AbstractValue.remove(self, section)
+ else
+ return nil
+ end
end
-
FileBrowser = class(AbstractValue)
function FileBrowser.__init__(self, ...)
diff --git a/modules/luci-base/luasrc/view/cbi/upload.htm b/modules/luci-base/luasrc/view/cbi/upload.htm
index 7770934111..157f3b36fa 100644
--- a/modules/luci-base/luasrc/view/cbi/upload.htm
+++ b/modules/luci-base/luasrc/view/cbi/upload.htm
@@ -6,9 +6,19 @@
<%+cbi/valueheader%>
<% if s then %>
<%:Uploaded File%> (<%=t.byte_format(s.size)%>)
- <input type="hidden"<%= attr("value", v) .. attr("name", cbid) .. attr("id", cbid) %> />
- <input class="cbi-button cbi-input-image" type="image" value="<%:Replace entry%>" name="cbi.rlf.<%=section .. "." .. self.option%>" alt="<%:Replace entry%>" title="<%:Replace entry%>" src="<%=resource%>/cbi/reload.gif" />
- <% else %>
+ <% if self.unsafeupload then %>
+ <input type="hidden"<%= attr("value", v) .. attr("name", cbid) .. attr("id", cbid) %> />
+ <input class="cbi-button cbi-input-image" type="image" value="<%:Replace entry%>" name="cbi.rlf.<%=section .. "." .. self.option%>" alt="<%:Replace entry%>" title="<%:Replace entry%>" src="<%=resource%>/cbi/reload.gif" />
+ <% end %>
+ <% end %>
+
+ <% if not self.unsafeupload then %>
+ <input type="hidden"<%= attr("value", v) .. attr("name", "cbi.rlf." .. section .. "." .. self.option) .. attr("id", "cbi.rlf." .. section .. "." .. self.option) %> />
+ <% end %>
+
+ <% if (not s) or (s and not self.unsafeupload) then %>
<input class="cbi-input-file" type="file"<%= attr("name", cbid) .. attr("id", cbid) %> />
<% end %>
+ <input type="text" class="cbi-input-text" onchange="cbi_d_update(this.id)"<%=
+ attr("name", cbid .. ".textbox") .. attr("id", cbid .. ".textbox") .. attr("value", luci.cbi.AbstractValue.cfgvalue(self, section) or self.default) .. ifattr(self.size, "size") .. ifattr(self.placeholder, "placeholder") .. ifattr(self.readonly, "readonly") .. ifattr(self.maxlength, "maxlength") %> />
<%+cbi/valuefooter%>