path: root/modules/luci-base
diff options
Diffstat (limited to 'modules/luci-base')
11 files changed, 409 insertions, 166 deletions
diff --git a/modules/luci-base/htdocs/luci-static/resources/cbi.js b/modules/luci-base/htdocs/luci-static/resources/cbi.js
index d40ec34bc6..6c35372cdd 100644
--- a/modules/luci-base/htdocs/luci-static/resources/cbi.js
+++ b/modules/luci-base/htdocs/luci-static/resources/cbi.js
@@ -218,12 +218,13 @@ var cbi_validators = {
((ipv4only == 1) && cbi_validators.ip4addr.apply(this));
- 'hostname': function()
+ 'hostname': function(strict)
if (this.length <= 253)
- return (this.match(/^[a-zA-Z0-9]+$/) != null ||
+ return (this.match(/^[a-zA-Z0-9_]+$/) != null ||
(this.match(/^[a-zA-Z0-9_][a-zA-Z0-9_\-.]*[a-zA-Z0-9]$/) &&
- this.match(/[^0-9.]/)));
+ this.match(/[^0-9.]/))) &&
+ (!strict || !this.match(/^_/));
return false;
diff --git a/modules/luci-base/luasrc/cbi/datatypes.lua b/modules/luci-base/luasrc/cbi/datatypes.lua
index 55cdf8a74b..99113e0b7a 100644
--- a/modules/luci-base/luasrc/cbi/datatypes.lua
+++ b/modules/luci-base/luasrc/cbi/datatypes.lua
@@ -199,13 +199,13 @@ function macaddr(val)
return ip.checkmac(val) and true or false
-function hostname(val)
+function hostname(val, strict)
if val and (#val < 254) and (
val:match("^[a-zA-Z_]+$") or
(val:match("^[a-zA-Z0-9_][a-zA-Z0-9_%-%.]*[a-zA-Z0-9]$") and
) then
- return true
+ return (not strict or not val:match("^_"))
return false
diff --git a/modules/luci-base/luasrc/dispatcher.lua b/modules/luci-base/luasrc/dispatcher.lua
index 16b32548e6..c93fd78a1b 100644
--- a/modules/luci-base/luasrc/dispatcher.lua
+++ b/modules/luci-base/luasrc/dispatcher.lua
@@ -346,15 +346,23 @@ function dispatch(request)
ifattr = function(...) return _ifattr(...) end;
attr = function(...) return _ifattr(true, ...) end;
url = build_url;
- }, {__index=function(table, key)
+ }, {__index=function(tbl, key)
if key == "controller" then
return build_url()
elseif key == "REQUEST_URI" then
return build_url(unpack(ctx.requestpath))
+ elseif key == "FULL_REQUEST_URI" then
+ local url = { http.getenv("SCRIPT_NAME"), http.getenv("PATH_INFO") }
+ local query = http.getenv("QUERY_STRING")
+ if query and #query > 0 then
+ url[#url+1] = "?"
+ url[#url+1] = query
+ end
+ return table.concat(url, "")
elseif key == "token" then
return ctx.authtoken
- return rawget(table, key) or _G[key]
+ return rawget(tbl, key) or _G[key]
@@ -884,7 +892,7 @@ end
function cbi(model, config)
return {
type = "cbi",
- post = { ["cbi.submit"] = "1" },
+ post = { ["cbi.submit"] = true },
config = config,
model = model,
target = _cbi
@@ -930,7 +938,7 @@ end
function form(model)
return {
type = "cbi",
- post = { ["cbi.submit"] = "1" },
+ post = { ["cbi.submit"] = true },
model = model,
target = _form
diff --git a/modules/luci-base/luasrc/model/ipkg.lua b/modules/luci-base/luasrc/model/ipkg.lua
index e653b03465..e27ea52895 100644
--- a/modules/luci-base/luasrc/model/ipkg.lua
+++ b/modules/luci-base/luasrc/model/ipkg.lua
@@ -20,12 +20,14 @@ module "luci.model.ipkg"
-- Internal action function
local function _action(cmd, ...)
- local pkg = ""
+ local cmdline = { ipkg, cmd }
+ local k, v
for k, v in pairs({...}) do
- pkg = pkg .. " '" .. v:gsub("'", "") .. "'"
+ cmdline[#cmdline+1] = util.shellquote(v)
- local c = "%s %s %s >/tmp/opkg.stdout 2>/tmp/opkg.stderr" %{ ipkg, cmd, pkg }
+ local c = "%s >/tmp/opkg.stdout 2>/tmp/opkg.stderr" % table.concat(cmdline, " ")
local r = os.execute(c)
local e = fs.readfile("/tmp/opkg.stderr")
local o = fs.readfile("/tmp/opkg.stdout")
@@ -74,17 +76,17 @@ local function _parselist(rawdata)
-- Internal lookup function
-local function _lookup(act, pkg)
- local cmd = ipkg .. " " .. act
+local function _lookup(cmd, pkg)
+ local cmdline = { ipkg, cmd }
if pkg then
- cmd = cmd .. " '" .. pkg:gsub("'", "") .. "'"
+ cmdline[#cmdline+1] = util.shellquote(pkg)
-- OPKG sometimes kills the whole machine because it sucks
-- Therefore we have to use a sucky approach too and use
-- tmpfiles instead of directly reading the output
local tmpfile = os.tmpname()
- os.execute(cmd .. (" >%s 2>/dev/null" % tmpfile))
+ os.execute("%s >%s 2>/dev/null" %{ table.concat(cmdline, " "), tmpfile })
local data = _parselist(io.lines(tmpfile))
@@ -123,9 +125,12 @@ end
-- List helper
local function _list(action, pat, cb)
- local fd = io.popen(ipkg .. " " .. action ..
- (pat and (" '%s'" % pat:gsub("'", "")) or ""))
+ local cmdline = { ipkg, action }
+ if pat then
+ cmdline[#cmdline+1] = util.shellquote(pat)
+ end
+ local fd = io.popen(table.concat(cmdline, " "))
if fd then
local name, version, sz, desc
while true do
diff --git a/modules/luci-base/luasrc/model/uci.lua b/modules/luci-base/luasrc/model/uci.lua
index 577c6cde08..bbd9b4cfbf 100644
--- a/modules/luci-base/luasrc/model/uci.lua
+++ b/modules/luci-base/luasrc/model/uci.lua
@@ -2,13 +2,12 @@
-- Licensed to the public under the Apache License 2.0.
local os = require "os"
-local uci = require "uci"
local util = require "luci.util"
local table = require "table"
local setmetatable, rawget, rawset = setmetatable, rawget, rawset
-local require, getmetatable = require, getmetatable
+local require, getmetatable, assert = require, getmetatable, assert
local error, pairs, ipairs = error, pairs, ipairs
local type, tostring, tonumber, unpack = type, tostring, tonumber, unpack
@@ -20,151 +19,410 @@ local type, tostring, tonumber, unpack = type, tostring, tonumber, unpack
-- reloaded.
module "luci.model.uci"
-cursor = uci.cursor
+local ERRSTR = {
+ "Invalid command",
+ "Invalid argument",
+ "Method not found",
+ "Entry not found",
+ "No data",
+ "Permission denied",
+ "Timeout",
+ "Not supported",
+ "Unknown error",
+ "Connection failed"
+function cursor()
+ return _M
function cursor_state()
- return cursor(nil, "/var/state")
+ return _M
+function substate(self)
+ return self
-inst = cursor()
-inst_state = cursor_state()
-local Cursor = getmetatable(inst)
+function get_confdir(self)
+ return "/etc/config"
-function Cursor.apply(self, configlist, command)
- configlist = self:_affected(configlist)
- if command then
- return { "/sbin/luci-reload", unpack(configlist) }
- else
- return os.execute("/sbin/luci-reload %s >/dev/null 2>&1"
- % table.concat(configlist, " "))
- end
+function get_savedir(self)
+ return "/tmp/.uci"
+function set_confdir(self, directory)
+ return false
+function set_savedir(self, directory)
+ return false
--- returns a boolean whether to delete the current section (optional)
-function Cursor.delete_all(self, config, stype, comparator)
- local del = {}
- if type(comparator) == "table" then
- local tbl = comparator
- comparator = function(section)
- for k, v in pairs(tbl) do
- if section[k] ~= v then
- return false
+function load(self, config)
+ return true
+function save(self, config)
+ return true
+function unload(self, config)
+ return true
+function changes(self, config)
+ local rv = util.ubus("uci", "changes", { config = config })
+ local res = {}
+ if type(rv) == "table" and type(rv.changes) == "table" then
+ local package, changes
+ for package, changes in pairs(rv.changes) do
+ res[package] = {}
+ local _, change
+ for _, change in ipairs(changes) do
+ local operation, section, option, value = unpack(change)
+ if option and value and operation ~= "add" then
+ res[package][section] = res[package][section] or { }
+ if operation == "list-add" then
+ local v = res[package][section][option]
+ if type(v) == "table" then
+ v[#v+1] = value or ""
+ elseif v ~= nil then
+ res[package][section][option] = { v, value }
+ else
+ res[package][section][option] = { value }
+ end
+ else
+ res[package][section][option] = value or ""
+ end
+ else
+ res[package][section] = res[package][section] or {}
+ res[package][section][".type"] = option or ""
- return true
- local function helper (section)
+ return res
+function revert(self, config)
+ local _, err = util.ubus("uci", "revert", { config = config })
+ return (err == nil), ERRSTR[err]
+function commit(self, config)
+ local _, err = util.ubus("uci", "commit", { config = config })
+ return (err == nil), ERRSTR[err]
+function apply(self, configs, command)
+ local _, config
- if not comparator or comparator(section) then
- del[#del+1] = section[".name"]
+ assert(not command, "Apply command not supported anymore")
+ if type(configs) == "table" then
+ for _, config in ipairs(configs) do
+ util.ubus("service", "event", {
+ type = "config.change",
+ data = { package = config }
+ })
+function foreach(self, config, stype, callback)
+ if type(callback) == "function" then
+ local rv, err = util.ubus("uci", "get", {
+ config = config,
+ type = stype
+ })
+ if type(rv) == "table" and type(rv.values) == "table" then
+ local sections = { }
+ local res = false
+ local index = 1
+ local _, section
+ for _, section in pairs(rv.values) do
+ section[".index"] = section[".index"] or index
+ sections[index] = section
+ index = index + 1
+ end
- self:foreach(config, stype, helper)
+ table.sort(sections, function(a, b)
+ return a[".index"] < b[".index"]
+ end)
- for i, j in ipairs(del) do
- self:delete(config, j)
+ for _, section in ipairs(sections) do
+ local continue = callback(section)
+ res = true
+ if continue == false then
+ break
+ end
+ end
+ return res
+ else
+ return false, ERRSTR[err] or "No data"
+ end
+ else
+ return false, "Invalid argument"
-function Cursor.section(self, config, type, name, values)
- local stat = true
- if name then
- stat = self:set(config, name, type)
+function get(self, config, section, option)
+ if section == nil then
+ return nil
+ elseif type(option) == "string" and option:byte(1) ~= 46 then
+ local rv, err = util.ubus("uci", "get", {
+ config = config,
+ section = section,
+ option = option
+ })
+ if type(rv) == "table" then
+ return rv.value or nil
+ elseif err then
+ return false, ERRSTR[err]
+ else
+ return nil
+ end
+ elseif option == nil then
+ local values = self:get_all(config, section)
+ if values then
+ return values[".type"], values[".name"]
+ else
+ return nil
+ end
- name = self:add(config, type)
- stat = name and true
+ return false, "Invalid argument"
+function get_all(self, config, section)
+ local rv, err = util.ubus("uci", "get", {
+ config = config,
+ section = section
+ })
- if stat and values then
- stat = self:tset(config, name, values)
+ if type(rv) == "table" and type(rv.values) == "table" then
+ return rv.values
+ elseif err then
+ return false, ERRSTR[err]
+ else
+ return nil
- return stat and name
+function get_bool(self, ...)
+ local val = self:get(...)
+ return (val == "1" or val == "true" or val == "yes" or val == "on")
-function Cursor.tset(self, config, section, values)
- local stat = true
- for k, v in pairs(values) do
- if k:sub(1, 1) ~= "." then
- stat = stat and self:set(config, section, k, v)
+function get_first(self, config, stype, option, default)
+ local rv = default
+ self:foreach(conf, stype, function(s)
+ local val = not option and s[".name"] or s[option]
+ if type(default) == "number" then
+ val = tonumber(val)
+ elseif type(default) == "boolean" then
+ val = (val == "1" or val == "true" or
+ val == "yes" or val == "on")
- end
- return stat
-function Cursor.get_bool(self, ...)
- local val = self:get(...)
- return ( val == "1" or val == "true" or val == "yes" or val == "on" )
+ if val ~= nil then
+ rv = val
+ return false
+ end
+ end)
+ return rv
-function Cursor.get_list(self, config, section, option)
+function get_list(self, config, section, option)
if config and section and option then
local val = self:get(config, section, option)
- return ( type(val) == "table" and val or { val } )
+ return (type(val) == "table" and val or { val })
- return {}
+ return { }
-function Cursor.get_first(self, conf, stype, opt, def)
- local rv = def
- self:foreach(conf, stype,
- function(s)
- local val = not opt and s['.name'] or s[opt]
+function section(self, config, stype, name, values)
+ local rv, err = util.ubus("uci", "add", {
+ config = config,
+ type = stype,
+ name = name,
+ values = values
+ })
- if type(def) == "number" then
- val = tonumber(val)
- elseif type(def) == "boolean" then
- val = (val == "1" or val == "true" or
- val == "yes" or val == "on")
+ if type(rv) == "table" then
+ return rv.section
+ elseif err then
+ return false, ERRSTR[err]
+ else
+ return nil
+ end
+function add(self, config, stype)
+ return self:section(config, stype)
+function set(self, config, section, option, value)
+ if value == nil then
+ local sname, err = self:section(config, option, section)
+ return (not not sname), err
+ else
+ local _, err = util.ubus("uci", "set", {
+ config = config,
+ section = section,
+ values = { [option] = value }
+ })
+ return (err == nil), ERRSTR[err]
+ end
+function set_list(self, config, section, option, value)
+ if section == nil or option == nil then
+ return false
+ elseif value == nil or (type(value) == "table" and #value == 0) then
+ return self:delete(config, section, option)
+ elseif type(value) == "table" then
+ return self:set(config, section, option, value)
+ else
+ return self:set(config, section, option, { value })
+ end
+function tset(self, config, section, values)
+ local _, err = util.ubus("uci", "set", {
+ config = config,
+ section = section,
+ values = values
+ })
+ return (err == nil), ERRSTR[err]
+function reorder(self, config, section, index)
+ local sections
+ if type(section) == "string" and type(index) == "number" then
+ local pos = 0
+ sections = { }
+ self:foreach(config, nil, function(s)
+ if pos == index then
+ pos = pos + 1
- if val ~= nil then
- rv = val
- return false
+ if s[".name"] ~= section then
+ pos = pos + 1
+ sections[pos] = s[".name"]
+ else
+ sections[index + 1] = section
+ elseif type(section) == "table" then
+ sections = section
+ else
+ return false, "Invalid argument"
+ end
- return rv
+ local _, err = util.ubus("uci", "order", {
+ config = config,
+ sections = sections
+ })
+ return (err == nil), ERRSTR[err]
-function Cursor.set_list(self, config, section, option, value)
- if config and section and option then
- if not value or #value == 0 then
- return self:delete(config, section, option)
+function delete(self, config, section, option)
+ local _, err = util.ubus("uci", "delete", {
+ config = config,
+ section = section,
+ option = option
+ })
+ return (err == nil), ERRSTR[err]
+function delete_all(self, config, stype, comparator)
+ local _, err
+ if type(comparator) == "table" then
+ _, err = util.ubus("uci", "delete", {
+ config = config,
+ type = stype,
+ match = comparator
+ })
+ elseif type(comparator) == "function" then
+ local rv = util.ubus("uci", "get", {
+ config = config,
+ type = stype
+ })
+ if type(rv) == "table" and type(rv.values) == "table" then
+ local sname, section
+ for sname, section in pairs(rv.values) do
+ if comparator(section) then
+ _, err = util.ubus("uci", "delete", {
+ config = config,
+ section = sname
+ })
+ end
+ end
- return self:set(
- config, section, option,
- ( type(value) == "table" and value or { value } )
- )
+ elseif comparator == nil then
+ _, err = util.ubus("uci", "delete", {
+ config = config,
+ type = stype
+ })
+ else
+ return false, "Invalid argument"
- return false
+ return (err == nil), ERRSTR[err]
--- Return a list of initscripts affected by configuration changes.
-function Cursor._affected(self, configlist)
- configlist = type(configlist) == "table" and configlist or {configlist}
- local c = cursor()
- c:load("ucitrack")
+function apply(self, configlist, command)
+ configlist = self:_affected(configlist)
+ if command then
+ return { "/sbin/luci-reload", unpack(configlist) }
+ else
+ return os.execute("/sbin/luci-reload %s >/dev/null 2>&1"
+ % util.shellquote(table.concat(configlist, " ")))
+ end
+-- Return a list of initscripts affected by configuration changes.
+function _affected(self, configlist)
+ configlist = type(configlist) == "table" and configlist or { configlist }
-- Resolve dependencies
- local reloadlist = {}
+ local reloadlist = { }
local function _resolve_deps(name)
- local reload = {name}
- local deps = {}
+ local reload = { name }
+ local deps = { }
- c:foreach("ucitrack", name,
+ self:foreach("ucitrack", name,
if section.affects then
for i, aff in ipairs(section.affects) do
@@ -173,7 +431,9 @@ function Cursor._affected(self, configlist)
+ local i, dep
for i, dep in ipairs(deps) do
+ local j, add
for j, add in ipairs(_resolve_deps(dep)) do
reload[#reload+1] = add
@@ -183,7 +443,9 @@ function Cursor._affected(self, configlist)
-- Collect initscripts
+ local j, config
for j, config in ipairs(configlist) do
+ local i, e
for i, e in ipairs(_resolve_deps(config)) do
if not util.contains(reloadlist, e) then
reloadlist[#reloadlist+1] = e
@@ -193,44 +455,3 @@ function Cursor._affected(self, configlist)
return reloadlist
--- curser, means it the parent unloads or loads configs, the sub state will
--- do so as well.
-function Cursor.substate(self)
- Cursor._substates = Cursor._substates or { }
- Cursor._substates[self] = Cursor._substates[self] or cursor_state()
- return Cursor._substates[self]
-local _load = Cursor.load
-function Cursor.load(self, ...)
- if Cursor._substates and Cursor._substates[self] then
- _load(Cursor._substates[self], ...)
- end
- return _load(self, ...)
-local _unload = Cursor.unload
-function Cursor.unload(self, ...)
- if Cursor._substates and Cursor._substates[self] then
- _unload(Cursor._substates[self], ...)
- end
- return _unload(self, ...)
diff --git a/modules/luci-base/luasrc/sys.lua b/modules/luci-base/luasrc/sys.lua
index 12b20e4c38..823e20770c 100644
--- a/modules/luci-base/luasrc/sys.lua
+++ b/modules/luci-base/luasrc/sys.lua
@@ -87,10 +87,10 @@ end
function httpget(url, stream, target)
if not target then
local source = stream and io.popen or luci.util.exec
- return source("wget -qO- '"..url:gsub("'", "").."'")
+ return source("wget -qO- %s" % luci.util.shellquote(url))
- return os.execute("wget -qO '%s' '%s'" %
- {target:gsub("'", ""), url:gsub("'", "")})
+ return os.execute("wget -qO %s %s" %
+ {luci.util.shellquote(target), luci.util.shellquote(url)})
@@ -443,18 +443,11 @@ function user.checkpasswd(username, pass)
function user.setpasswd(username, password)
- if password then
- password = password:gsub("'", [['"'"']])
- end
- if username then
- username = username:gsub("'", [['"'"']])
- end
- return os.execute(
- "(echo '" .. password .. "'; sleep 1; echo '" .. password .. "') | " ..
- "passwd '" .. username .. "' >/dev/null 2>&1"
- )
+ return os.execute("(echo %s; sleep 1; echo %s) | passwd %s >/dev/null 2>&1" %{
+ luci.util.shellquote(password),
+ luci.util.shellquote(password),
+ luci.util.shellquote(username)
+ })
diff --git a/modules/luci-base/luasrc/tools/status.lua b/modules/luci-base/luasrc/tools/status.lua
index 5012111815..06a9ad4154 100644
--- a/modules/luci-base/luasrc/tools/status.lua
+++ b/modules/luci-base/luasrc/tools/status.lua
@@ -187,7 +187,9 @@ function switch_status(devs)
local switches = { }
for dev in devs:gmatch("[^%s,]+") do
local ports = { }
- local swc = io.popen("swconfig dev %q show" % dev, "r")
+ local swc = io.popen("swconfig dev %s show"
+ % luci.util.shellquote(dev), "r")
if swc then
local l
diff --git a/modules/luci-base/luasrc/util.lua b/modules/luci-base/luasrc/util.lua
index 28c126621d..06a889cfc8 100644
--- a/modules/luci-base/luasrc/util.lua
+++ b/modules/luci-base/luasrc/util.lua
@@ -164,6 +164,10 @@ function striptags(value)
return value and tparser.striptags(tostring(value))
+function shellquote(value)
+ return string.format("'%s'", string.gsub(value or "", "'", "'\\''"))
-- for bash, ash and similar shells single-quoted strings are taken
-- literally except for single quotes (which terminate the string)
-- (and the exception noted below for dash (-) at the start of a
@@ -656,7 +660,7 @@ function checklib(fullpathexe, wantedlib)
if not haveldd or not haveexe then
return false
- local libs = exec("/usr/bin/ldd " .. fullpathexe)
+ local libs = exec(string.format("/usr/bin/ldd %s", shellquote(fullpathexe)))
if not libs then
return false
diff --git a/modules/luci-base/luasrc/util.luadoc b/modules/luci-base/luasrc/util.luadoc
index 949aeb21c0..79a17a2280 100644
--- a/modules/luci-base/luasrc/util.luadoc
+++ b/modules/luci-base/luasrc/util.luadoc
@@ -83,6 +83,15 @@ Strip HTML tags from given string.
+Safely quote value for use in shell commands.
+@class function
+@name shellquote
+@param value String containing the value to quote
+@return Single-quote enclosed string with embedded quotes escaped
Splits given string on a defined separator sequence and return a table
containing the resulting substrings. The optional max parameter specifies
diff --git a/modules/luci-base/luasrc/view/sysauth.htm b/modules/luci-base/luasrc/view/sysauth.htm
index f6b0f5706a..b3ec9b7617 100644
--- a/modules/luci-base/luasrc/view/sysauth.htm
+++ b/modules/luci-base/luasrc/view/sysauth.htm
@@ -6,7 +6,7 @@
-<form method="post" action="<%=pcdata(luci.http.getenv("REQUEST_URI"))%>">
+<form method="post" action="<%=pcdata(FULL_REQUEST_URI)%>">
<%- if fuser then %>
<div class="errorbox"><%:Invalid username and/or password! Please try again.%></div>
<% end -%>
diff --git a/modules/luci-base/po/zh-cn/base.po b/modules/luci-base/po/zh-cn/base.po
index d3ed1a52b3..188f8cb89b 100644
--- a/modules/luci-base/po/zh-cn/base.po
+++ b/modules/luci-base/po/zh-cn/base.po
@@ -723,7 +723,7 @@ msgstr "自定义软件源"
msgid ""
"Custom files (certificates, scripts) may remain on the system. To prevent "
"this, perform a factory-reset first."
-msgstr ""
+msgstr "自定义文件(证书、脚本)会保留在系统上。若无需保留,请先执行恢复出厂设置。"
msgid ""
"Customizes the behaviour of the device <abbr title=\"Light Emitting Diode"