summaryrefslogtreecommitdiffhomepage
path: root/modules/luci-base/luasrc
diff options
context:
space:
mode:
authorJo-Philipp Wich <jo@mein.io>2018-04-10 11:38:29 +0200
committerJo-Philipp Wich <jo@mein.io>2018-04-10 11:41:32 +0200
commitb194b8882e4d335a265f44c478ea8e3d7b2a99fc (patch)
tree8eae7b304755ddbc9afac70712ecc2467eac59f9 /modules/luci-base/luasrc
parentad7dc4a4928e77ae142d0fe040f9e9e64b530e82 (diff)
luci-base: don't propagate null bytes in path information
It is possible to inject unescaped markup using a double encoded null byte via PATH_INFO on certain leaf nodes. Since there is no legitimate reason to handle null bytes in any part of the requested url, simply skip over such bytes when parsing the PATH_INFO value. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Diffstat (limited to 'modules/luci-base/luasrc')
-rw-r--r--modules/luci-base/luasrc/dispatcher.lua3
1 files changed, 2 insertions, 1 deletions
diff --git a/modules/luci-base/luasrc/dispatcher.lua b/modules/luci-base/luasrc/dispatcher.lua
index 91b86679fd..fc497ca9f3 100644
--- a/modules/luci-base/luasrc/dispatcher.lua
+++ b/modules/luci-base/luasrc/dispatcher.lua
@@ -113,7 +113,8 @@ function httpdispatch(request, prefix)
end
end
- for node in pathinfo:gmatch("[^/]+") do
+ local node
+ for node in pathinfo:gmatch("[^/%z]+") do
r[#r+1] = node
end