diff options
author | Jo-Philipp Wich <jow@openwrt.org> | 2015-10-21 00:03:56 +0200 |
---|---|---|
committer | Jo-Philipp Wich <jow@openwrt.org> | 2015-10-21 00:03:56 +0200 |
commit | ac34dfa0bc65e2efeb9575d3cd42c4696d31bb1b (patch) | |
tree | 0a98a525ad60c18cbdc77f4e5f1293c278c33364 | |
parent | ae9fb03e74d54c5e11d6925e3ddc1bb5991cd733 (diff) |
luci-app-radicale: protect start/stop actions with csrf token
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
-rw-r--r-- | applications/luci-app-radicale/luasrc/controller/radicale.lua | 2 | ||||
-rw-r--r-- | applications/luci-app-radicale/luasrc/view/radicale/btn_startstop.htm | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/applications/luci-app-radicale/luasrc/controller/radicale.lua b/applications/luci-app-radicale/luasrc/controller/radicale.lua index d384b00d9..35f5a83a0 100644 --- a/applications/luci-app-radicale/luasrc/controller/radicale.lua +++ b/applications/luci-app-radicale/luasrc/controller/radicale.lua @@ -15,7 +15,7 @@ function index() entry( {"admin", "services", "radicale"}, alias("admin", "services", "radicale", "edit"), _("CalDAV/CardDAV"), 58) entry( {"admin", "services", "radicale", "edit"}, cbi("radicale") ).leaf = true entry( {"admin", "services", "radicale", "logview"}, call("_logread") ).leaf = true - entry( {"admin", "services", "radicale", "startstop"}, call("_startstop") ).leaf = true + entry( {"admin", "services", "radicale", "startstop"}, post("_startstop") ).leaf = true entry( {"admin", "services", "radicale", "status"}, call("_status") ).leaf = true end diff --git a/applications/luci-app-radicale/luasrc/view/radicale/btn_startstop.htm b/applications/luci-app-radicale/luasrc/view/radicale/btn_startstop.htm index b34627536..dbf4dddbc 100644 --- a/applications/luci-app-radicale/luasrc/view/radicale/btn_startstop.htm +++ b/applications/luci-app-radicale/luasrc/view/radicale/btn_startstop.htm @@ -21,7 +21,7 @@ function onclick_startstop(id) { // do start/stop var btnXHR = new XHR(); - btnXHR.get('<%=url('admin/services/radicale/startstop')%>', null, + btnXHR.post('<%=url('admin/services/radicale/startstop')%>', { token: '<%=token%>' }, function(x) { _data2elements(x); } ); } |