mirror of https://github.com/openwrt/luci.git synced 2026-04-15 10:51:51 +00:00

Go to file

Tim Nordell 122839294a luci-proto-modemmanager: fix ACL command injection

The ACL permissions were originally authored to support just a single
set of modem interfaces, at the numbers 0-9.  Eventually this was
adjusted to support from 0 to 999 avoiding command injection.

However, as new commands were added, this was reverted again
unfortunately. Language like "regex" has been used in the commit history
for this ACL, and likely the core of the issue is confusion on how these
are parsed.  These are all parsed [1] with fnmatch(...), and not regex(..).

A future useful change could be for rpcd to set the FNM_EXTMATCH option
for fnmatch(...) to simplify this particular match statement, but that's
not considered here since that's a much broader change that needs a
longer discussion.

[1] a4a5a29858/session.c (L143-L147)

Fixes: 54aa70112c ("luci-proto-modemmanager: add status page")
Signed-off-by: Tim Nordell <tnordell@airgain.com>

2026-03-17 08:34:07 +01:00

.github

github: re-work github pages deploy

2026-02-16 03:22:54 +01:00

applications

luci-app-usteer: add parameters for usteer-ng

2026-03-16 23:19:13 +01:00

build

build: do not run ./build/mkbasepot.sh twice

2026-02-03 08:49:03 +01:00

collections

luci-layer2: create a minimal collection for layer-2 devices

2026-03-04 20:34:46 +01:00

contrib/package

lucihttp: adjust to cmake 4.x compatibility

2025-10-07 18:56:21 +03:00

doc_gen

docs: favicon and hierarchy

2026-02-22 16:51:25 +01:00

docs

docs: favicon and hierarchy

2026-02-22 16:51:25 +01:00

libs

luci-lib-chartjs: js linting fixes

2026-02-17 00:26:47 +01:00

modules

luci-mod-status: fix syslog page with syslog-ng

2026-03-16 23:22:31 +01:00

protocols

luci-proto-modemmanager: fix ACL command injection

2026-03-17 08:34:07 +01:00

themes

luci-theme: remove LuCI from title, material changes

2026-03-02 19:14:01 +01:00

.gitignore

docs: refresh for JS and drop Lua references

2026-02-16 01:06:46 +01:00

CONTRIBUTING.md

treewide: Add a link to Weblate

2024-12-24 17:02:14 +00:00

eslint.config.mjs

github: add linting for JS and MD

2026-02-16 01:42:55 +01:00

jsdoc.conf.json

docs: favicon and hierarchy

2026-02-22 16:51:25 +01:00

LICENSE

…

luci.mk

luci.mk: add support for DEFAULT option

2026-02-08 22:41:34 +01:00

NOTICE

luci-lib-nixio: remove unmaintained axTLS lib

2025-09-25 14:55:12 +02:00

package.json

lint: bump package dependencies for node

2026-03-10 19:28:46 +01:00

README.md

docs: refresh for JS and drop Lua references

2026-02-16 01:06:46 +01:00

README.md

OpenWrt luci feed

Description

This is the OpenWrt "luci"-feed containing LuCI - OpenWrt Configuration Interface.

Usage

This feed is enabled by default. Your feeds.conf.default (or feeds.conf) should contain a line like:

src-git luci https://github.com/openwrt/luci.git

To install all its package definitions, run:

./scripts/feeds update luci
./scripts/feeds install -a -p luci

API Reference

You can browse the generated API documentation directly on Github.

Use ucode and rpcd for server side operations.

Client side JavaScript APIs

Development

Documentation for developing and extending LuCI can be found in the Wiki

License

See LICENSE file.

Package Guidelines

See CONTRIBUTING.md file.

Translation status

Use Weblate instead of direct editing of the *.po files.

Languages

JavaScript 65.1%

C 17.3%

Lua 6.6%

CSS 3.7%

UnrealScript 3%

Other 4.2%