From: Daniel Dickinson Date: Wed, 2 Dec 2015 04:47:42 +0000 (-0500) Subject: luci-base: Add function for shell single-quote parameter escaping X-Git-Url: http://git.cdn.openwrt.org/?a=commitdiff_plain;h=829467b62748e8c4fb587636801fa03165f72e8a;p=project%2Fluci.git luci-base: Add function for shell single-quote parameter escaping When using os.execute or luci.sys.call the shell is called with the command line which means that standard shell interpretation of strings occurs. To allow to use these commands more easily we add functions for properly escaping single-quoted strings used on the command line --- diff --git a/modules/luci-base/luasrc/util.lua b/modules/luci-base/luasrc/util.lua index 787bc66f90..5bf0beb6c2 100644 --- a/modules/luci-base/luasrc/util.lua +++ b/modules/luci-base/luasrc/util.lua @@ -151,6 +151,28 @@ function striptags(value) return value and tparser.striptags(tostring(value)) end +-- for bash, ash and similar shells single-quoted strings are taken +-- literally except for single quotes (which terminate the string) +-- (and the exception noted below for dash (-) at the start of a +-- command line parameter). +function shellsqescape(value) + local res + res, _ = string.gsub(res, "'", "'\\''") + return res +end + +-- bash, ash and other similar shells interpret a dash (-) at the start +-- of a command-line parameters as an option indicator regardless of +-- whether it is inside a single-quoted string. It must be backlash +-- escaped to resolve this. This requires in some funky special-case +-- handling. It may actually be a property of the getopt function +-- rather than the shell proper. +function shellstartsqescape(value) + res, _ = string.gsub(value, "^\-", "\\-") + res, _ = string.gsub(res, "^-", "\-") + return shellsqescape(value) +end + -- containing the resulting substrings. The optional max parameter specifies -- the number of bytes to process, regardless of the actual length of the given -- string. The optional last parameter, regex, specifies whether the separator