Dirk Brenken fdc8eb01d0
luci-app-lxc: fix authenticated path traversal and ACL bypass (host root) ...
* ucode fixes:
- tighten `is_valid_lxc_name` regex to `^[A-Za-z0-9_][A-Za-z0-9_-]{0,63}$`
- apply the validator in `lxc_configuration_get` and `lxc_configuration_set` before any filesystem access
- reject the `'lxc error: …'` sentinel string returned by `lxc_get_config_path()` on failure,
rather than concatenating it into a path.
- shellquote `LXC_URL` in `lxc_get_downloadable` and `lxc_create`
* ACL fix: add `depends.acl = ["luci-app-lxc"]` to each of the five backend entries,
so the routes share the same authorization gate as the view
Signed-off-by: Dirk Brenken <dev@brenken.org >
2026-05-27 14:21:12 +03:00
2026-05-12 12:12:31 +03:00
2026-05-21 08:06:26 +03:00
2026-05-26 17:20:55 +02:00
2026-05-23 09:52:34 +03:00
2026-05-15 13:49:20 +03:00
2026-05-12 12:12:31 +03:00
2026-05-21 08:06:26 +03:00
2026-05-21 08:06:26 +03:00
2026-05-27 14:01:28 +03:00
2026-05-12 07:45:26 +02:00
2026-05-23 09:52:34 +03:00
2026-05-12 12:12:31 +03:00
2026-05-21 08:06:26 +03:00
2026-05-21 08:06:26 +03:00
2026-05-12 12:12:31 +03:00
2026-05-23 09:52:34 +03:00
2026-05-21 08:06:26 +03:00
2026-05-21 08:06:26 +03:00
2026-05-12 12:12:31 +03:00
2026-05-17 19:44:43 +03:00
2026-05-17 19:44:43 +03:00
2026-05-15 13:49:20 +03:00
2026-05-23 09:52:34 +03:00
2026-05-23 09:52:34 +03:00
2026-05-21 08:06:26 +03:00
2026-05-21 08:06:26 +03:00
2026-05-15 13:49:20 +03:00
2026-05-12 12:12:31 +03:00
2026-05-12 12:12:31 +03:00
2026-05-17 19:44:43 +03:00
2026-05-25 11:35:28 +03:00
2026-05-15 13:49:20 +03:00
2026-05-15 13:49:20 +03:00
2026-05-15 13:49:20 +03:00
2026-05-15 13:49:20 +03:00
2026-05-23 09:52:34 +03:00
2026-05-12 12:12:31 +03:00
2026-05-23 09:52:34 +03:00
2026-05-12 12:12:31 +03:00
2026-05-21 08:06:26 +03:00
2026-05-21 08:06:26 +03:00
2026-05-27 14:21:12 +03:00
2026-05-15 13:49:20 +03:00
2026-05-17 19:44:43 +03:00
2026-05-23 09:52:34 +03:00
2026-05-12 12:12:31 +03:00
2026-05-21 08:06:26 +03:00
2026-05-23 09:52:34 +03:00
2026-05-21 08:06:26 +03:00
2026-05-21 08:06:26 +03:00
2026-05-17 19:44:43 +03:00
2026-05-15 13:49:20 +03:00
2026-05-12 12:12:31 +03:00
2026-05-15 13:49:20 +03:00
2026-05-21 08:06:26 +03:00
2026-05-15 13:49:20 +03:00
2026-05-15 13:49:20 +03:00
2026-05-25 11:48:47 +03:00
2026-05-15 13:49:20 +03:00
2026-05-23 09:52:34 +03:00
2026-05-17 19:44:43 +03:00
2026-05-15 13:49:20 +03:00
2026-05-21 08:06:26 +03:00
2026-05-15 13:49:20 +03:00
2026-05-23 09:52:34 +03:00
2026-05-15 13:49:20 +03:00
2026-05-15 13:49:20 +03:00
2026-05-23 09:52:34 +03:00
2026-05-21 08:06:26 +03:00
2026-05-15 13:49:20 +03:00
2026-05-15 13:49:20 +03:00
2026-05-12 12:12:31 +03:00
2026-05-17 19:44:43 +03:00
2026-05-21 08:06:26 +03:00
2026-05-23 09:52:34 +03:00
2026-05-05 13:42:55 +03:00
2026-05-15 13:49:20 +03:00
2026-05-15 13:49:20 +03:00
2026-05-17 19:44:43 +03:00
2026-05-23 09:52:34 +03:00
2026-05-17 19:44:43 +03:00
2026-05-17 19:44:43 +03:00
2026-05-22 13:40:12 +03:00
2026-05-17 19:44:43 +03:00
2026-05-17 19:44:43 +03:00
2026-05-21 08:06:26 +03:00
2026-05-21 08:06:26 +03:00
2026-05-17 19:44:43 +03:00
2026-05-15 13:49:20 +03:00
2026-05-12 12:12:31 +03:00
2026-05-12 12:12:31 +03:00
2026-05-12 12:12:31 +03:00
2026-05-21 08:06:26 +03:00
2026-05-21 08:06:26 +03:00
2026-05-15 13:49:20 +03:00
Dirk Brenken
fdc8eb01d0