diff options
-rw-r--r-- | applications/sgi-haserl/src/sgi/haserl.lua | 12 | ||||
-rw-r--r-- | applications/sgi-webuci/src/sgi/webuci.lua | 6 | ||||
-rw-r--r-- | modules/admin-core/src/controller/admin/system.lua | 5 |
3 files changed, 20 insertions, 3 deletions
diff --git a/applications/sgi-haserl/src/sgi/haserl.lua b/applications/sgi-haserl/src/sgi/haserl.lua index 027697e2e4..0e388391db 100644 --- a/applications/sgi-haserl/src/sgi/haserl.lua +++ b/applications/sgi-haserl/src/sgi/haserl.lua @@ -24,6 +24,7 @@ limitations under the License. ]]-- module("ffluci.sgi.haserl", package.seeall) +require("ffluci.fs") -- Environment Table ffluci.http.env = ENV @@ -70,6 +71,17 @@ function ffluci.http.redirect(url) print() end +-- Returns the path of an uploaded file +-- WARNING! File uploads can be easily spoofed! Do additional sanity checks! +function ffluci.http.upload(name) + local fpath = ffluci.http.formvalue(name) + local fname = ffluci.http.formvalue(name .. "_name") + + if fpath and fname and ffluci.fs.isfile(fpath) then + return fpath + end +end + -- Sets HTTP-Status-Header function ffluci.http.status(code, message) print("Status: " .. tostring(code) .. " " .. message) diff --git a/applications/sgi-webuci/src/sgi/webuci.lua b/applications/sgi-webuci/src/sgi/webuci.lua index bc1c7be7a2..d3d4cd4dc2 100644 --- a/applications/sgi-webuci/src/sgi/webuci.lua +++ b/applications/sgi-webuci/src/sgi/webuci.lua @@ -76,6 +76,12 @@ function ffluci.http.redirect(url) print() end +-- Returns the path of an uploaded file +-- WARNING! File uploads can be easily spoofed! Do additional sanity checks! +function ffluci.http.upload(name) + -- To be implemented +end + -- Sets HTTP-Status-Header function ffluci.http.status(code, message) print(webuci.env.SERVER_PROTOCOL .. " " .. tostring(code) .. " " .. message) diff --git a/modules/admin-core/src/controller/admin/system.lua b/modules/admin-core/src/controller/admin/system.lua index 7a927d6047..a612660092 100644 --- a/modules/admin-core/src/controller/admin/system.lua +++ b/modules/admin-core/src/controller/admin/system.lua @@ -178,11 +178,10 @@ function action_upgrade() local ret = nil local plat = ffluci.fs.mtime("/lib/upgrade/platform.sh") - local image = ffluci.http.formvalue("image") - local imgname = ffluci.http.formvalue("image_name") + local image = ffluci.http.upload("image") local keepcfg = ffluci.http.formvalue("keepcfg") - if plat and imgname then + if plat and image then local kpattern = nil if keepcfg then local files = ffluci.model.uci.sections("luci").flash_keep |