diff options
-rw-r--r-- | modules/luci-base/luasrc/util.lua | 6 | ||||
-rw-r--r-- | modules/luci-base/luasrc/util.luadoc | 9 |
2 files changed, 14 insertions, 1 deletions
diff --git a/modules/luci-base/luasrc/util.lua b/modules/luci-base/luasrc/util.lua index 28c126621d..06a889cfc8 100644 --- a/modules/luci-base/luasrc/util.lua +++ b/modules/luci-base/luasrc/util.lua @@ -164,6 +164,10 @@ function striptags(value) return value and tparser.striptags(tostring(value)) end +function shellquote(value) + return string.format("'%s'", string.gsub(value or "", "'", "'\\''")) +end + -- for bash, ash and similar shells single-quoted strings are taken -- literally except for single quotes (which terminate the string) -- (and the exception noted below for dash (-) at the start of a @@ -656,7 +660,7 @@ function checklib(fullpathexe, wantedlib) if not haveldd or not haveexe then return false end - local libs = exec("/usr/bin/ldd " .. fullpathexe) + local libs = exec(string.format("/usr/bin/ldd %s", shellquote(fullpathexe))) if not libs then return false end diff --git a/modules/luci-base/luasrc/util.luadoc b/modules/luci-base/luasrc/util.luadoc index 949aeb21c0..79a17a2280 100644 --- a/modules/luci-base/luasrc/util.luadoc +++ b/modules/luci-base/luasrc/util.luadoc @@ -83,6 +83,15 @@ Strip HTML tags from given string. ]] ---[[ +Safely quote value for use in shell commands. + +@class function +@name shellquote +@param value String containing the value to quote +@return Single-quote enclosed string with embedded quotes escaped +]] + +---[[ Splits given string on a defined separator sequence and return a table containing the resulting substrings. The optional max parameter specifies |