From 66a6492ae5aa9779af6d22eaddf0f5f253ed1189 Mon Sep 17 00:00:00 2001 From: Steven Barth Date: Wed, 16 Jul 2008 14:26:40 +0000 Subject: [PATCH] libs/web: Prevent luci.http to prematurely parse the POST data modules/admin-mini: Added fw-upgrade page --- .../luci_statistics/luci_statistics.lua | 2 +- libs/web/luasrc/http.lua | 4 +- .../luasrc/controller/admin/system.lua | 29 +++++++-- .../luasrc/controller/mini/system.lua | 62 ++++++++++++++++++- .../admin-mini/luasrc/view/mini/passwd.htm | 49 +++++++++++++++ .../admin-mini/luasrc/view/mini/upgrade.htm | 47 ++++++++++++++ 6 files changed, 183 insertions(+), 10 deletions(-) create mode 100644 modules/admin-mini/luasrc/view/mini/passwd.htm create mode 100644 modules/admin-mini/luasrc/view/mini/upgrade.htm diff --git a/applications/luci-statistics/luasrc/controller/luci_statistics/luci_statistics.lua b/applications/luci-statistics/luasrc/controller/luci_statistics/luci_statistics.lua index 67ea8a6f0c..f16a655dcf 100644 --- a/applications/luci-statistics/luasrc/controller/luci_statistics/luci_statistics.lua +++ b/applications/luci-statistics/luasrc/controller/luci_statistics/luci_statistics.lua @@ -80,7 +80,7 @@ function index() page.setuser = "nobody" page.setgroup = "nogroup" - local vars = luci.http.formvalue() + local vars = luci.http.formvalue(nil, true) local span = vars.timespan or nil for i, plugin in luci.util.vspairs( tree:plugins() ) do diff --git a/libs/web/luasrc/http.lua b/libs/web/luasrc/http.lua index dbfcad7772..6838220ce8 100644 --- a/libs/web/luasrc/http.lua +++ b/libs/web/luasrc/http.lua @@ -51,8 +51,8 @@ function Request.__init__(self, env, sourcein, sinkerr) self.parsed_input = false end -function Request.formvalue(self, name) - if not self.parsed_input then +function Request.formvalue(self, name, noparse) + if not noparse and not self.parsed_input then self:_parse_input() end diff --git a/modules/admin-full/luasrc/controller/admin/system.lua b/modules/admin-full/luasrc/controller/admin/system.lua index 862a741cde..14fd813c38 100644 --- a/modules/admin-full/luasrc/controller/admin/system.lua +++ b/modules/admin-full/luasrc/controller/admin/system.lua @@ -197,13 +197,30 @@ end function action_upgrade() require("luci.model.uci") + local ret = nil local plat = luci.fs.mtime("/lib/upgrade/platform.sh") - - local image = luci.http.upload("image") + local tmpfile = "/tmp/firmware.img" + + local file + luci.http.setfilehandler( + function(meta, chunk, eof) + if not file then + file = io.open(tmpfile, "w") + end + if chunk then + file:write(chunk) + end + if eof then + file:close() + end + end + ) + + local fname = luci.http.formvalue("image") local keepcfg = luci.http.formvalue("keepcfg") - - if plat and image then + + if plat and fname then local kpattern = nil if keepcfg then local files = luci.model.uci.get_all("luci", "flash_keep") @@ -214,8 +231,8 @@ function action_upgrade() end end end - ret = luci.sys.flash(image, kpattern) + ret = luci.sys.flash(tmpfile, kpattern) end - + luci.template.render("admin_system/upgrade", {sysupgrade=plat, ret=ret}) end \ No newline at end of file diff --git a/modules/admin-mini/luasrc/controller/mini/system.lua b/modules/admin-mini/luasrc/controller/mini/system.lua index 7b13e20c62..3b3fea228d 100644 --- a/modules/admin-mini/luasrc/controller/mini/system.lua +++ b/modules/admin-mini/luasrc/controller/mini/system.lua @@ -20,7 +20,9 @@ function index() local i18n = luci.i18n.translate entry({"mini", "system"}, call("action_reboot"), i18n("system")) - entry({"mini", "system", "reboot"}, call("action_reboot"), i18n("reboot"), 10) + entry({"admin", "system", "passwd"}, call("action_passwd"), i18n("a_s_changepw"), 10) + entry({"mini", "system", "upgrade"}, call("action_upgrade"), i18n("a_s_flash"), 20) + entry({"mini", "system", "reboot"}, call("action_reboot"), i18n("reboot"), 30) end function action_reboot() @@ -29,4 +31,62 @@ function action_reboot() if reboot then luci.sys.reboot() end +end + +function action_upgrade() + require("luci.model.uci") + + local ret = nil + local plat = luci.fs.mtime("/lib/upgrade/platform.sh") + local tmpfile = "/tmp/firmware.img" + + local file + luci.http.setfilehandler( + function(meta, chunk, eof) + if not file then + file = io.open(tmpfile, "w") + end + if chunk then + file:write(chunk) + end + if eof then + file:close() + end + end + ) + + local fname = luci.http.formvalue("image") + local keepcfg = luci.http.formvalue("keepcfg") + + if plat and fname then + local kpattern = nil + if keepcfg then + local files = luci.model.uci.get_all("luci", "flash_keep") + if files.luci and files.luci.flash_keep then + kpattern = "" + for k,v in pairs(files.luci.flash_keep) do + kpattern = kpattern .. " " .. v + end + end + end + ret = luci.sys.flash(tmpfile, kpattern) + end + + luci.template.render("mini/upgrade", {sysupgrade=plat, ret=ret}) +end + +function action_passwd() + local p1 = luci.http.formvalue("pwd1") + local p2 = luci.http.formvalue("pwd2") + local stat = nil + + if p1 or p2 then + if p1 == p2 then + stat = luci.sys.user.setpasswd("root", p1) + else + stat = 10 + end + end + + luci.template.render("mini/passwd", {stat=stat}) end \ No newline at end of file diff --git a/modules/admin-mini/luasrc/view/mini/passwd.htm b/modules/admin-mini/luasrc/view/mini/passwd.htm new file mode 100644 index 0000000000..176abaea20 --- /dev/null +++ b/modules/admin-mini/luasrc/view/mini/passwd.htm @@ -0,0 +1,49 @@ +<%# +LuCI - Lua Configuration Interface +Copyright 2008 Steven Barth +Copyright 2008 Jo-Philipp Wich + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +$Id$ + +-%> +<%+header%> +

<%:system%>

+

<%:a_s_changepw%>

+

<%:a_s_changepw1%>

+

+<% if stat then %> + <% if stat == 0 then %> + <%:a_s_changepw_changed%>! + <% elseif stat == 10 then %> + <%:a_s_changepw_nomatch%>! + <% else %> + <%:unknownerror%>! + <% end %> +<% end %> +<% if not stat or stat == 10 then %> +
+
+
+
<%:password%>
+
+
+
+
<%:confirmation%>
+
+
+
+
+ + +
+
+
+<% end %> +
+<%+footer%> \ No newline at end of file diff --git a/modules/admin-mini/luasrc/view/mini/upgrade.htm b/modules/admin-mini/luasrc/view/mini/upgrade.htm new file mode 100644 index 0000000000..9120802228 --- /dev/null +++ b/modules/admin-mini/luasrc/view/mini/upgrade.htm @@ -0,0 +1,47 @@ +<%# +LuCI - Lua Configuration Interface +Copyright 2008 Steven Barth +Copyright 2008 Jo-Philipp Wich + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +$Id$ + +-%> +<%+header%> +

<%:system%>

+

<%:a_s_flash%>

+

<%:a_s_flash_upgrade1%>

+
+<% if sysupgrade and not ret then %> +
+
+
+
<%:a_s_flash_fwimage%>
+
+
+
+
+ + <%:a_s_flash_keepcfg%> +
+
+
+ +
+
+
+<% elseif ret then %> + <% if ret == 0 then %> +
<%:a_s_flash_flashed%>
+ <% else %> +
<%:a_s_flash_flasherr%>! (<%:code%> <%=ret%>)
+ <% end %> +<% else %> +
<%:a_s_flash_notimplemented%>
+<% end %> +<%+footer%> \ No newline at end of file -- 2.30.2