diegods/homelabdspbx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Security add a shell arg escape function

Browse Source
This commit is contained in:
FusionPBX
2026-03-21 23:59:20 +00:00
committed by GitHub
parent bd906cd8c6
commit 07926f6b06
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/switch/resources/scripts/app/servers/resources/clear_cache.lua
+2 -2
View File
@@ -24,13 +24,13 @@
end
if (cmd == "flush") then
os.execute("rm " .. cache_dir .. "/*");
os.execute("rm " .. shell_esc(cache_dir) .. "/*");
end
if (cmd == "delete") then
if (file ~= nil) then
file = trim(file);
freeswitch.consoleLog("NOTICE","api_command: delete ".. cache_dir .. "/" .. file .. "\n");
freeswitch.consoleLog("NOTICE","api_command: delete ".. shell_esc(cache_dir .. "/" .. file) .. "\n");
os.remove(cache_dir.."/"..file);
end
app/switch/resources/scripts/app/servers/resources/memcache.lua
+2 -2
View File
@@ -78,14 +78,14 @@
for key,row in pairs(servers) do
if (row.method == "ssh") then
api_command_argument = api_command_argument:gsub("%%20", " ");
cmd = [[ssh ]]..row.username..[[@]]..row.hostname..[[ "fs_cli -x 'memcache ]]..api_command_argument..[['"]];
cmd = [[ssh ]]..row.username..[[@]]..row.hostname..[[ "fs_cli -x 'memcache ]]..shell_esc(api_command_argument)..[['"]];
freeswitch.consoleLog("INFO", "[notice] command: ".. cmd .. "\n");
os.execute(cmd);
end
if (row.method == "curl") then
api_command_argument = api_command_argument:gsub(" ", "%%20");
url = [[http://]]..row.username..[[:]]..row.password..[[@]]..row.hostname..[[:]]..row.port..[[/webapi/memcache?]]..api_command_argument;
os.execute("curl "..url);
os.execute("curl "..shell_esc(url));
freeswitch.consoleLog("INFO", "[notice] curl ".. url .. " \n");
end
end