From c0ea7ee2987984d1fb048cd6d48a919564d56ba0 Mon Sep 17 00:00:00 2001
From: Sunil Mohan Adapa <sunil@medhas.org>
Date: Sat, 5 Apr 2014 15:38:19 +0900
Subject: [PATCH] Dont use exec() in system/wan module

Also make the form submission actually work by adding hidden form
value and '/' at the end of form submission URL.
---
 modules/installed/system/wan.py | 30 ++++++++++++++++--------------
 1 file changed, 16 insertions(+), 14 deletions(-)

diff --git a/modules/installed/system/wan.py b/modules/installed/system/wan.py
index 55ce1ec1b..061ef50d1 100644
--- a/modules/installed/system/wan.py
+++ b/modules/installed/system/wan.py
@@ -5,7 +5,6 @@ try:
 except ImportError:
     import json
 from gettext import gettext as _
-from filedict import FileDict
 from modules.auth import require
 from plugin_mount import PagePlugin, FormPlugin
 import cfg
@@ -45,32 +44,35 @@ class wan(FormPlugin, PagePlugin):
     def main(self, message='', **kwargs):
         store = filedict_con(cfg.store_file, 'sys')
 
-        defaults = {'wan_admin': "''",
-                    'wan_ssh': "''",
-                    'lan_ssh': "''",
+        defaults = {'wan_admin': '',
+                    'wan_ssh': '',
+                    'lan_ssh': '',
                     }
-        for k,c in defaults.items():
-            if not k in kwargs:
+        for key, value in defaults.items():
+            if not key in kwargs:
                 try:
-                    kwargs[k] = store[k]
+                    kwargs[key] = store[key]
                 except KeyError:
-                    exec("if not '%(k)s' in kwargs: store['%(k)s'] = kwargs['%(k)s'] = %(c)s" % {'k':k, 'c':c})
+                    store[key] = kwargs[key] = value
 
-        form = Form(title=_("Accessing the %s" % cfg.box_name), 
-                        action=cfg.server_dir + "/sys/config/wan", 
-                        name="admin_wan_form",
-                        message=message )
+        form = Form(title=_("Accessing the %s" % cfg.box_name),
+                    action=cfg.server_dir + "/sys/config/wan/",
+                    name="admin_wan_form",
+                    message=message)
         form.html(self.help())
         if cfg.users.expert():
             form.checkbox(_("Allow access to Plinth from WAN"), name="wan_admin", checked=kwargs['wan_admin'])
             form.checkbox(_("Allow SSH access from LAN"), name="lan_ssh", checked=kwargs['lan_ssh'])
             form.checkbox(_("Allow SSH access from WAN"), name="wan_ssh", checked=kwargs['wan_ssh'])
+
+        # Hidden field is needed because checkbox doesn't post if not checked
+        form.hidden(name="submitted", value="True")
+
         form.submit(_("Submit"))
         return form.render()
 
     def process_form(self, wan_admin='', wan_ssh='', lan_ssh='', *args, **kwargs):
         store = filedict_con(cfg.store_file, 'sys')
         for field in ['wan_admin', 'wan_ssh', 'lan_ssh']:
-            exec("store['%s'] = %s" % (field, field))
+            store[field] = locals()[field]
         return "Settings updated."
-