Modify

Opened 11 years ago

Closed 10 years ago

#2058 closed defect (fixed)

UCI uses ' instead of "

Reported by: anonymous Owned by: developers
Priority: lowest Milestone:
Component: base system Version:
Keywords: UCI Cc:

Description

I would like to use essids like darran's etc.but this is not possible with
UCI since it uses ' as delimiter,while previous nvram used "

IMO a user would use ' in and essid more than " and hence using " like nvram would be a better idea :)

I did edit the uci scripts to use it for my needs but future upgrades would change it back.

Attachments (0)

Change History (7)

comment:1 Changed 11 years ago by mbm

export FOO=bar
export test1='$FOO'
export test2="$FOO"

echo $test1
echo $test2

need I say more?

comment:2 Changed 11 years ago by zabi@…

root@OpenWrt:~# uci get wireless.cfg2.ssid
Kamikaze_AP

root@OpenWrt:~# uci set wireless.cfg2.ssid="Kamikaze's AP"

root@OpenWrt:~# uci commit
/bin/uci: /tmp/.uci/wireless: 1: Syntax error: Unterminated quoted string

root@OpenWrt:~# uci get wireless.cfg2.ssid

root@OpenWrt:~# cat /tmp/.uci/wireless
config_set 'cfg2' 'ssid' 'Kamikaze's AP'

Frankly i dint understand what you meant by the example using export.
But what i understand by uci structure is that use of ' is hardcoded as a delimiter

as you see the value is stored in .uci/wireless as config_set 'cfg2' 'ssid' 'Kamikaze's AP'

for a ssid which if stored as "Kamikaze's AP" would have facilitated the use of '

comment:3 Changed 10 years ago by xerces8@…

The solution is "escaping".
I'm sure the devs will implement it when they have time ;-)

comment:4 Changed 10 years ago by blogic

  • Priority changed from normal to lowest

comment:5 Changed 10 years ago by fish

Wouldn't that possible lead to a shell injection vulnerability?
What would happen if i were setting something like this:

uci set wireless.cfg2.ssid=foo'; rm -rf ~/; '

...i.e. from the webif or some other script

comment:6 Changed 10 years ago by xerces8@…

Why would " be more sensitive to injection than ' ?

Besides, assigning variable names is nothing new or strange or hard. It is being done for 20 years.

I'll send a patch myself, when I'll have Kamikaze set up.

comment:7 Changed 10 years ago by nbd

  • Resolution set to fixed
  • Status changed from new to closed

works in r11361

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.