diff options
author | Jo-Philipp Wich <jow@openwrt.org> | 2015-10-21 00:00:55 +0200 |
---|---|---|
committer | Jo-Philipp Wich <jow@openwrt.org> | 2015-10-21 00:00:55 +0200 |
commit | 0f1f5140e36eff6d22de038f09f1d16b03e300e8 (patch) | |
tree | 8a86db0756767210265490d644e39ef2a1ef9a29 | |
parent | b9ed03c5a9a52c17b30f3fb61b81ce1c2ee0ea6e (diff) |
luci-app-ocserv: protect disconnect action with csrf token
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
-rw-r--r-- | applications/luci-app-ocserv/luasrc/controller/ocserv.lua | 2 | ||||
-rw-r--r-- | applications/luci-app-ocserv/luasrc/view/ocserv_status.htm | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/applications/luci-app-ocserv/luasrc/controller/ocserv.lua b/applications/luci-app-ocserv/luasrc/controller/ocserv.lua index dbeaaf852..79c6ddb78 100644 --- a/applications/luci-app-ocserv/luasrc/controller/ocserv.lua +++ b/applications/luci-app-ocserv/luasrc/controller/ocserv.lua @@ -28,7 +28,7 @@ function index() call("ocserv_status")).leaf = true entry({"admin", "services", "ocserv", "disconnect"}, - call("ocserv_disconnect")).leaf = true + post("ocserv_disconnect")).leaf = true end diff --git a/applications/luci-app-ocserv/luasrc/view/ocserv_status.htm b/applications/luci-app-ocserv/luasrc/view/ocserv_status.htm index 138b03915..03a9ed70e 100644 --- a/applications/luci-app-ocserv/luasrc/view/ocserv_status.htm +++ b/applications/luci-app-ocserv/luasrc/view/ocserv_status.htm @@ -1,7 +1,7 @@ <script type="text/javascript">//<![CDATA[ function ocserv_disconnect(idx) { - XHR.get('<%=url('admin/services/ocserv/disconnect')%>/' + idx, null, + (new XHR()).post('<%=url('admin/services/ocserv/disconnect')%>/' + idx, { token: '<%=token%>' }, function(x) { var tb = document.getElementById('ocserv_status_table'); |