summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorJo-Philipp Wich <jow@openwrt.org>2015-10-21 00:03:56 +0200
committerJo-Philipp Wich <jow@openwrt.org>2015-10-21 00:03:56 +0200
commitac34dfa0bc65e2efeb9575d3cd42c4696d31bb1b (patch)
tree0a98a525ad60c18cbdc77f4e5f1293c278c33364
parentae9fb03e74d54c5e11d6925e3ddc1bb5991cd733 (diff)
luci-app-radicale: protect start/stop actions with csrf token
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
-rw-r--r--applications/luci-app-radicale/luasrc/controller/radicale.lua2
-rw-r--r--applications/luci-app-radicale/luasrc/view/radicale/btn_startstop.htm2
2 files changed, 2 insertions, 2 deletions
diff --git a/applications/luci-app-radicale/luasrc/controller/radicale.lua b/applications/luci-app-radicale/luasrc/controller/radicale.lua
index d384b00d9..35f5a83a0 100644
--- a/applications/luci-app-radicale/luasrc/controller/radicale.lua
+++ b/applications/luci-app-radicale/luasrc/controller/radicale.lua
@@ -15,7 +15,7 @@ function index()
entry( {"admin", "services", "radicale"}, alias("admin", "services", "radicale", "edit"), _("CalDAV/CardDAV"), 58)
entry( {"admin", "services", "radicale", "edit"}, cbi("radicale") ).leaf = true
entry( {"admin", "services", "radicale", "logview"}, call("_logread") ).leaf = true
- entry( {"admin", "services", "radicale", "startstop"}, call("_startstop") ).leaf = true
+ entry( {"admin", "services", "radicale", "startstop"}, post("_startstop") ).leaf = true
entry( {"admin", "services", "radicale", "status"}, call("_status") ).leaf = true
end
diff --git a/applications/luci-app-radicale/luasrc/view/radicale/btn_startstop.htm b/applications/luci-app-radicale/luasrc/view/radicale/btn_startstop.htm
index b34627536..dbf4dddbc 100644
--- a/applications/luci-app-radicale/luasrc/view/radicale/btn_startstop.htm
+++ b/applications/luci-app-radicale/luasrc/view/radicale/btn_startstop.htm
@@ -21,7 +21,7 @@
function onclick_startstop(id) {
// do start/stop
var btnXHR = new XHR();
- btnXHR.get('<%=url('admin/services/radicale/startstop')%>', null,
+ btnXHR.post('<%=url('admin/services/radicale/startstop')%>', { token: '<%=token%>' },
function(x) { _data2elements(x); }
);
}