summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--libs/core/luasrc/fs.lua1
-rw-r--r--libs/web/luasrc/http.lua16
-rw-r--r--libs/web/luasrc/template.lua14
3 files changed, 24 insertions, 7 deletions
diff --git a/libs/core/luasrc/fs.lua b/libs/core/luasrc/fs.lua
index 35b8289af4..5c1f2a051b 100644
--- a/libs/core/luasrc/fs.lua
+++ b/libs/core/luasrc/fs.lua
@@ -27,7 +27,6 @@ limitations under the License.
module("luci.fs", package.seeall)
require("posix")
-posix.umask("rwx------")
-- Glob
glob = posix.glob
diff --git a/libs/web/luasrc/http.lua b/libs/web/luasrc/http.lua
index 68dad8f1ec..3bff28adde 100644
--- a/libs/web/luasrc/http.lua
+++ b/libs/web/luasrc/http.lua
@@ -43,4 +43,20 @@ function build_querystring(table)
end
return s
+end
+
+function urldecode(str)
+ str = str:gsub("+", " ")
+ str = str:gsub("%%(%x%x)",
+ function(h) return string.char(tonumber(h,16)) end)
+ str = str:gsub("\r\n", "\n")
+ return str
+end
+
+function urlencode(str)
+ str = str:gsub("\n", "\r\n")
+ str = str:gsub("([^%w ])",
+ function (c) return string.format ("%%%02X", string.byte(c)) end)
+ str = str:gsub(" ", "+")
+ return str
end \ No newline at end of file
diff --git a/libs/web/luasrc/template.lua b/libs/web/luasrc/template.lua
index c672f16bfd..ce54d17f31 100644
--- a/libs/web/luasrc/template.lua
+++ b/libs/web/luasrc/template.lua
@@ -35,6 +35,9 @@ luci.config.template = luci.config.template or {}
viewdir = luci.config.template.viewdir or luci.sys.libpath() .. "/view"
compiledir = luci.config.template.compiledir or luci.sys.libpath() .. "/view"
+-- Enforce cache security
+compiledir = compiledir .. "/" .. luci.sys.process.info("uid")
+
-- Compile modes:
-- none: Never compile, only use precompiled data from files
@@ -147,12 +150,16 @@ function Template.__init__(self, name)
-- Compile and build
local sourcefile = viewdir .. "/" .. name .. ".htm"
- local compiledfile = compiledir .. "/" .. name .. ".lua"
+ local compiledfile = compiledir .. "/" .. luci.http.urlencode(name) .. ".lua"
local err
if compiler_mode == "file" then
local tplmt = luci.fs.mtime(sourcefile)
local commt = luci.fs.mtime(compiledfile)
+
+ if not luci.fs.mtime(compiledir) then
+ luci.fs.mkdir(compiledir, true)
+ end
-- Build if there is no compiled file or if compiled file is outdated
if ((commt == nil) and not (tplmt == nil))
@@ -163,11 +170,6 @@ function Template.__init__(self, name)
if source then
local compiled, err = compile(source)
- local compiledfile_dir = luci.fs.dirname(compiledfile)
- if not luci.fs.mtime(compiledfile_dir) then
- luci.fs.mkdir(compiledfile_dir)
- end
-
luci.fs.writefile(compiledfile, luci.util.dump(compiled))
self.template = compiled
end