diff options
-rw-r--r-- | libs/core/luasrc/fs.lua | 1 | ||||
-rw-r--r-- | libs/web/luasrc/http.lua | 16 | ||||
-rw-r--r-- | libs/web/luasrc/template.lua | 14 |
3 files changed, 24 insertions, 7 deletions
diff --git a/libs/core/luasrc/fs.lua b/libs/core/luasrc/fs.lua index 35b8289af4..5c1f2a051b 100644 --- a/libs/core/luasrc/fs.lua +++ b/libs/core/luasrc/fs.lua @@ -27,7 +27,6 @@ limitations under the License. module("luci.fs", package.seeall) require("posix") -posix.umask("rwx------") -- Glob glob = posix.glob diff --git a/libs/web/luasrc/http.lua b/libs/web/luasrc/http.lua index 68dad8f1ec..3bff28adde 100644 --- a/libs/web/luasrc/http.lua +++ b/libs/web/luasrc/http.lua @@ -43,4 +43,20 @@ function build_querystring(table) end return s +end + +function urldecode(str) + str = str:gsub("+", " ") + str = str:gsub("%%(%x%x)", + function(h) return string.char(tonumber(h,16)) end) + str = str:gsub("\r\n", "\n") + return str +end + +function urlencode(str) + str = str:gsub("\n", "\r\n") + str = str:gsub("([^%w ])", + function (c) return string.format ("%%%02X", string.byte(c)) end) + str = str:gsub(" ", "+") + return str end
\ No newline at end of file diff --git a/libs/web/luasrc/template.lua b/libs/web/luasrc/template.lua index c672f16bfd..ce54d17f31 100644 --- a/libs/web/luasrc/template.lua +++ b/libs/web/luasrc/template.lua @@ -35,6 +35,9 @@ luci.config.template = luci.config.template or {} viewdir = luci.config.template.viewdir or luci.sys.libpath() .. "/view" compiledir = luci.config.template.compiledir or luci.sys.libpath() .. "/view" +-- Enforce cache security +compiledir = compiledir .. "/" .. luci.sys.process.info("uid") + -- Compile modes: -- none: Never compile, only use precompiled data from files @@ -147,12 +150,16 @@ function Template.__init__(self, name) -- Compile and build local sourcefile = viewdir .. "/" .. name .. ".htm" - local compiledfile = compiledir .. "/" .. name .. ".lua" + local compiledfile = compiledir .. "/" .. luci.http.urlencode(name) .. ".lua" local err if compiler_mode == "file" then local tplmt = luci.fs.mtime(sourcefile) local commt = luci.fs.mtime(compiledfile) + + if not luci.fs.mtime(compiledir) then + luci.fs.mkdir(compiledir, true) + end -- Build if there is no compiled file or if compiled file is outdated if ((commt == nil) and not (tplmt == nil)) @@ -163,11 +170,6 @@ function Template.__init__(self, name) if source then local compiled, err = compile(source) - local compiledfile_dir = luci.fs.dirname(compiledfile) - if not luci.fs.mtime(compiledfile_dir) then - luci.fs.mkdir(compiledfile_dir) - end - luci.fs.writefile(compiledfile, luci.util.dump(compiled)) self.template = compiled end |