diff options
author | Steven Barth <steven@midlink.org> | 2008-07-16 14:26:40 +0000 |
---|---|---|
committer | Steven Barth <steven@midlink.org> | 2008-07-16 14:26:40 +0000 |
commit | 66a6492ae5aa9779af6d22eaddf0f5f253ed1189 (patch) | |
tree | 2b6b0ffb33b9b17a38ea51dc0c9dcf2790850310 /modules | |
parent | 65cde96c5b05e04c24b0f272b577df67193d7c0b (diff) |
libs/web: Prevent luci.http to prematurely parse the POST data
modules/admin-mini: Added fw-upgrade page
Diffstat (limited to 'modules')
-rw-r--r-- | modules/admin-full/luasrc/controller/admin/system.lua | 29 | ||||
-rw-r--r-- | modules/admin-mini/luasrc/controller/mini/system.lua | 62 | ||||
-rw-r--r-- | modules/admin-mini/luasrc/view/mini/passwd.htm | 49 | ||||
-rw-r--r-- | modules/admin-mini/luasrc/view/mini/upgrade.htm | 47 |
4 files changed, 180 insertions, 7 deletions
diff --git a/modules/admin-full/luasrc/controller/admin/system.lua b/modules/admin-full/luasrc/controller/admin/system.lua index 862a741cd..14fd813c3 100644 --- a/modules/admin-full/luasrc/controller/admin/system.lua +++ b/modules/admin-full/luasrc/controller/admin/system.lua @@ -197,13 +197,30 @@ end function action_upgrade() require("luci.model.uci") + local ret = nil local plat = luci.fs.mtime("/lib/upgrade/platform.sh") - - local image = luci.http.upload("image") + local tmpfile = "/tmp/firmware.img" + + local file + luci.http.setfilehandler( + function(meta, chunk, eof) + if not file then + file = io.open(tmpfile, "w") + end + if chunk then + file:write(chunk) + end + if eof then + file:close() + end + end + ) + + local fname = luci.http.formvalue("image") local keepcfg = luci.http.formvalue("keepcfg") - - if plat and image then + + if plat and fname then local kpattern = nil if keepcfg then local files = luci.model.uci.get_all("luci", "flash_keep") @@ -214,8 +231,8 @@ function action_upgrade() end end end - ret = luci.sys.flash(image, kpattern) + ret = luci.sys.flash(tmpfile, kpattern) end - + luci.template.render("admin_system/upgrade", {sysupgrade=plat, ret=ret}) end
\ No newline at end of file diff --git a/modules/admin-mini/luasrc/controller/mini/system.lua b/modules/admin-mini/luasrc/controller/mini/system.lua index 7b13e20c6..3b3fea228 100644 --- a/modules/admin-mini/luasrc/controller/mini/system.lua +++ b/modules/admin-mini/luasrc/controller/mini/system.lua @@ -20,7 +20,9 @@ function index() local i18n = luci.i18n.translate entry({"mini", "system"}, call("action_reboot"), i18n("system")) - entry({"mini", "system", "reboot"}, call("action_reboot"), i18n("reboot"), 10) + entry({"admin", "system", "passwd"}, call("action_passwd"), i18n("a_s_changepw"), 10) + entry({"mini", "system", "upgrade"}, call("action_upgrade"), i18n("a_s_flash"), 20) + entry({"mini", "system", "reboot"}, call("action_reboot"), i18n("reboot"), 30) end function action_reboot() @@ -29,4 +31,62 @@ function action_reboot() if reboot then luci.sys.reboot() end +end + +function action_upgrade() + require("luci.model.uci") + + local ret = nil + local plat = luci.fs.mtime("/lib/upgrade/platform.sh") + local tmpfile = "/tmp/firmware.img" + + local file + luci.http.setfilehandler( + function(meta, chunk, eof) + if not file then + file = io.open(tmpfile, "w") + end + if chunk then + file:write(chunk) + end + if eof then + file:close() + end + end + ) + + local fname = luci.http.formvalue("image") + local keepcfg = luci.http.formvalue("keepcfg") + + if plat and fname then + local kpattern = nil + if keepcfg then + local files = luci.model.uci.get_all("luci", "flash_keep") + if files.luci and files.luci.flash_keep then + kpattern = "" + for k,v in pairs(files.luci.flash_keep) do + kpattern = kpattern .. " " .. v + end + end + end + ret = luci.sys.flash(tmpfile, kpattern) + end + + luci.template.render("mini/upgrade", {sysupgrade=plat, ret=ret}) +end + +function action_passwd() + local p1 = luci.http.formvalue("pwd1") + local p2 = luci.http.formvalue("pwd2") + local stat = nil + + if p1 or p2 then + if p1 == p2 then + stat = luci.sys.user.setpasswd("root", p1) + else + stat = 10 + end + end + + luci.template.render("mini/passwd", {stat=stat}) end
\ No newline at end of file diff --git a/modules/admin-mini/luasrc/view/mini/passwd.htm b/modules/admin-mini/luasrc/view/mini/passwd.htm new file mode 100644 index 000000000..176abaea2 --- /dev/null +++ b/modules/admin-mini/luasrc/view/mini/passwd.htm @@ -0,0 +1,49 @@ +<%# +LuCI - Lua Configuration Interface +Copyright 2008 Steven Barth <steven@midlink.org> +Copyright 2008 Jo-Philipp Wich <xm@leipzig.freifunk.net> + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +$Id$ + +-%> +<%+header%> +<h1><%:system%></h1> +<h2><%:a_s_changepw%></h2> +<p><%:a_s_changepw1%></p> +<div><br /> +<% if stat then %> + <% if stat == 0 then %> + <code><%:a_s_changepw_changed%>!</code> + <% elseif stat == 10 then %> + <code class="error"><%:a_s_changepw_nomatch%>!</code> + <% else %> + <code class="error"><%:unknownerror%>!</code> + <% end %> +<% end %> +<% if not stat or stat == 10 then %> + <form method="post" action="<%=controller%>/admin/system/passwd"> + <div class="cbi-section-node"> + <div class="cbi-value"> + <div class="cbi-value-title"><%:password%></div> + <div class="cbi-value-field"><input type="password" name="pwd1" /></div> + </div> + <div class="cbi-value"> + <div class="cbi-value-title"><%:confirmation%></div> + <div class="cbi-value-field"><input type="password" name="pwd2" /></div> + </div> + <br /> + <div> + <input type="submit" value="<%:save%>" /> + <input type="reset" value="<%:reset%>" /> + </div> + </div> + </form> +<% end %> +</div> +<%+footer%>
\ No newline at end of file diff --git a/modules/admin-mini/luasrc/view/mini/upgrade.htm b/modules/admin-mini/luasrc/view/mini/upgrade.htm new file mode 100644 index 000000000..912080222 --- /dev/null +++ b/modules/admin-mini/luasrc/view/mini/upgrade.htm @@ -0,0 +1,47 @@ +<%# +LuCI - Lua Configuration Interface +Copyright 2008 Steven Barth <steven@midlink.org> +Copyright 2008 Jo-Philipp Wich <xm@leipzig.freifunk.net> + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +$Id$ + +-%> +<%+header%> +<h1><%:system%></h1> +<h2><%:a_s_flash%></h2> +<p><%:a_s_flash_upgrade1%></p> +<br /> +<% if sysupgrade and not ret then %> +<form method="post" action="<%=REQUEST_URI%>" enctype="multipart/form-data"> + <div class="cbi-section-node"> + <div class="cbi-value clear"> + <div class="cbi-value-title left"><%:a_s_flash_fwimage%></div> + <div class="cbi-value-field"><input type="file" size="30" name="image" /></div> + </div> + <br /> + <div class="cbi-value clear"> + <input type="checkbox" name="keepcfg" value="1" checked="checked" /> + <span class="bold"><%:a_s_flash_keepcfg%></span> + </div> + <br /> + <div> + <input type="submit" value="<%:a_s_flash_fwupgrade%>" /> + </div> + </div> +</form> +<% elseif ret then %> + <% if ret == 0 then %> +<div class="ok"><%:a_s_flash_flashed%></div> + <% else %> +<div class="error"><%:a_s_flash_flasherr%>! (<%:code%> <%=ret%>)</div> + <% end %> +<% else %> +<div class="error"><%:a_s_flash_notimplemented%></div> +<% end %> +<%+footer%>
\ No newline at end of file |