diff options
author | Jo-Philipp Wich <jo@mein.io> | 2018-04-10 11:38:29 +0200 |
---|---|---|
committer | Jo-Philipp Wich <jo@mein.io> | 2018-04-10 11:41:32 +0200 |
commit | b194b8882e4d335a265f44c478ea8e3d7b2a99fc (patch) | |
tree | 8eae7b304755ddbc9afac70712ecc2467eac59f9 /modules/luci-base/luasrc | |
parent | ad7dc4a4928e77ae142d0fe040f9e9e64b530e82 (diff) |
luci-base: don't propagate null bytes in path information
It is possible to inject unescaped markup using a double encoded null byte
via PATH_INFO on certain leaf nodes.
Since there is no legitimate reason to handle null bytes in any part of the
requested url, simply skip over such bytes when parsing the PATH_INFO value.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Diffstat (limited to 'modules/luci-base/luasrc')
-rw-r--r-- | modules/luci-base/luasrc/dispatcher.lua | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/modules/luci-base/luasrc/dispatcher.lua b/modules/luci-base/luasrc/dispatcher.lua index 91b86679fd..fc497ca9f3 100644 --- a/modules/luci-base/luasrc/dispatcher.lua +++ b/modules/luci-base/luasrc/dispatcher.lua @@ -113,7 +113,8 @@ function httpdispatch(request, prefix) end end - for node in pathinfo:gmatch("[^/]+") do + local node + for node in pathinfo:gmatch("[^/%z]+") do r[#r+1] = node end |