summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--modules/luci-base/luasrc/util.lua6
-rw-r--r--modules/luci-base/luasrc/util.luadoc9
2 files changed, 14 insertions, 1 deletions
diff --git a/modules/luci-base/luasrc/util.lua b/modules/luci-base/luasrc/util.lua
index 28c126621d..06a889cfc8 100644
--- a/modules/luci-base/luasrc/util.lua
+++ b/modules/luci-base/luasrc/util.lua
@@ -164,6 +164,10 @@ function striptags(value)
return value and tparser.striptags(tostring(value))
end
+function shellquote(value)
+ return string.format("'%s'", string.gsub(value or "", "'", "'\\''"))
+end
+
-- for bash, ash and similar shells single-quoted strings are taken
-- literally except for single quotes (which terminate the string)
-- (and the exception noted below for dash (-) at the start of a
@@ -656,7 +660,7 @@ function checklib(fullpathexe, wantedlib)
if not haveldd or not haveexe then
return false
end
- local libs = exec("/usr/bin/ldd " .. fullpathexe)
+ local libs = exec(string.format("/usr/bin/ldd %s", shellquote(fullpathexe)))
if not libs then
return false
end
diff --git a/modules/luci-base/luasrc/util.luadoc b/modules/luci-base/luasrc/util.luadoc
index 949aeb21c0..79a17a2280 100644
--- a/modules/luci-base/luasrc/util.luadoc
+++ b/modules/luci-base/luasrc/util.luadoc
@@ -83,6 +83,15 @@ Strip HTML tags from given string.
]]
---[[
+Safely quote value for use in shell commands.
+
+@class function
+@name shellquote
+@param value String containing the value to quote
+@return Single-quote enclosed string with embedded quotes escaped
+]]
+
+---[[
Splits given string on a defined separator sequence and return a table
containing the resulting substrings. The optional max parameter specifies