<p>See <a href="https://github.com/opentechinstitute/luci-commotion-apps/pull/21" class="issue-link" title="added input validation and sanitizing for mitigating RCE vulnerabilities">opentechinstitute/luci-commotion-apps#21</a> for testing instructions</p>

<hr>

<h4>You can merge this Pull Request by running</h4>
<pre>  git pull https://github.com/opentechinstitute/luci-commotion-linux fix-RCE</pre>
<p>Or view, comment on, or merge it at:</p>
<p>  <a href='https://github.com/opentechinstitute/luci-commotion-linux/pull/4'>https://github.com/opentechinstitute/luci-commotion-linux/pull/4</a></p>

<h4>Commit Summary</h4>
<ul>
  <li>fixed a few RCE vulnerabilities.</li>
  <li>added XSS protection for submitted URLS</li>
</ul>

<h4>File Changes</h4>
<ul>
  <li>
    <strong>M</strong>
    <a href="https://github.com/opentechinstitute/luci-commotion-linux/pull/4/files#diff-0">modules/commotion/luasrc/controller/commotion/apps_controller.lua</a>
    (21)
  </li>
  <li>
    <strong>M</strong>
    <a href="https://github.com/opentechinstitute/luci-commotion-linux/pull/4/files#diff-1">modules/commotion/root/usr/lib/lua/commotion_helpers.lua</a>
    (59)
  </li>
</ul>

<h4>Patch Links:</h4>
<ul>
  <li><a href='https://github.com/opentechinstitute/luci-commotion-linux/pull/4.patch'>https://github.com/opentechinstitute/luci-commotion-linux/pull/4.patch</a></li>
  <li><a href='https://github.com/opentechinstitute/luci-commotion-linux/pull/4.diff'>https://github.com/opentechinstitute/luci-commotion-linux/pull/4.diff</a></li>
</ul>