<p>part of fix for <a href="https://github.com/opentechinstitute/luci-commotion-apps/issues/10" class="issue-link" title="RCE in add local applications form ‘ipaddr’ parameter (Critical)">opentechinstitute/luci-commotion-apps#10</a>, <a href="https://github.com/opentechinstitute/luci-commotion-apps/issues/11" class="issue-link" title="RCE in add local applications form ‘uuid’ parameter (Critical)">opentechinstitute/luci-commotion-apps#11</a>, <a href="https://github.com/opentechinstitute/luci-commotion-apps/issues/13" class="issue-link" title="Arbitrary file removal in add local applications form ‘uuid’ parameter (High)">opentechinstitute/luci-commotion-apps#13</a></p>

<hr>

<h4>You can merge this Pull Request by running</h4>
<pre>  git pull https://github.com/opentechinstitute/luci-commotion fix-RCE</pre>
<p>Or view, comment on, or merge it at:</p>
<p>  <a href='https://github.com/opentechinstitute/luci-commotion/pull/29'>https://github.com/opentechinstitute/luci-commotion/pull/29</a></p>

<h4>Commit Summary</h4>
<ul>
  <li>added validation and sanitizing functions for mitigating RCE vulnerabilities</li>
</ul>

<h4>File Changes</h4>
<ul>
  <li>
    <strong>M</strong>
    <a href="https://github.com/opentechinstitute/luci-commotion/pull/29/files#diff-0">luasrc/commotion_helpers.lua</a>
    (8)
  </li>
</ul>

<h4>Patch Links:</h4>
<ul>
  <li><a href='https://github.com/opentechinstitute/luci-commotion/pull/29.patch'>https://github.com/opentechinstitute/luci-commotion/pull/29.patch</a></li>
  <li><a href='https://github.com/opentechinstitute/luci-commotion/pull/29.diff'>https://github.com/opentechinstitute/luci-commotion/pull/29.diff</a></li>
</ul>