summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--applications/sgi-haserl/src/sgi/haserl.lua12
-rw-r--r--applications/sgi-webuci/src/sgi/webuci.lua6
-rw-r--r--modules/admin-core/src/controller/admin/system.lua5
3 files changed, 20 insertions, 3 deletions
diff --git a/applications/sgi-haserl/src/sgi/haserl.lua b/applications/sgi-haserl/src/sgi/haserl.lua
index 027697e2e4..0e388391db 100644
--- a/applications/sgi-haserl/src/sgi/haserl.lua
+++ b/applications/sgi-haserl/src/sgi/haserl.lua
@@ -24,6 +24,7 @@ limitations under the License.
]]--
module("ffluci.sgi.haserl", package.seeall)
+require("ffluci.fs")
-- Environment Table
ffluci.http.env = ENV
@@ -70,6 +71,17 @@ function ffluci.http.redirect(url)
print()
end
+-- Returns the path of an uploaded file
+-- WARNING! File uploads can be easily spoofed! Do additional sanity checks!
+function ffluci.http.upload(name)
+ local fpath = ffluci.http.formvalue(name)
+ local fname = ffluci.http.formvalue(name .. "_name")
+
+ if fpath and fname and ffluci.fs.isfile(fpath) then
+ return fpath
+ end
+end
+
-- Sets HTTP-Status-Header
function ffluci.http.status(code, message)
print("Status: " .. tostring(code) .. " " .. message)
diff --git a/applications/sgi-webuci/src/sgi/webuci.lua b/applications/sgi-webuci/src/sgi/webuci.lua
index bc1c7be7a2..d3d4cd4dc2 100644
--- a/applications/sgi-webuci/src/sgi/webuci.lua
+++ b/applications/sgi-webuci/src/sgi/webuci.lua
@@ -76,6 +76,12 @@ function ffluci.http.redirect(url)
print()
end
+-- Returns the path of an uploaded file
+-- WARNING! File uploads can be easily spoofed! Do additional sanity checks!
+function ffluci.http.upload(name)
+ -- To be implemented
+end
+
-- Sets HTTP-Status-Header
function ffluci.http.status(code, message)
print(webuci.env.SERVER_PROTOCOL .. " " .. tostring(code) .. " " .. message)
diff --git a/modules/admin-core/src/controller/admin/system.lua b/modules/admin-core/src/controller/admin/system.lua
index 7a927d6047..a612660092 100644
--- a/modules/admin-core/src/controller/admin/system.lua
+++ b/modules/admin-core/src/controller/admin/system.lua
@@ -178,11 +178,10 @@ function action_upgrade()
local ret = nil
local plat = ffluci.fs.mtime("/lib/upgrade/platform.sh")
- local image = ffluci.http.formvalue("image")
- local imgname = ffluci.http.formvalue("image_name")
+ local image = ffluci.http.upload("image")
local keepcfg = ffluci.http.formvalue("keepcfg")
- if plat and imgname then
+ if plat and image then
local kpattern = nil
if keepcfg then
local files = ffluci.model.uci.sections("luci").flash_keep