summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorJo-Philipp Wich <jow@openwrt.org>2015-10-21 00:11:28 +0200
committerJo-Philipp Wich <jow@openwrt.org>2015-10-21 00:11:28 +0200
commitf23f7b8751bb36829fd2136dffadcfe1e702149a (patch)
tree4a95693b1e9eccd4e6bce20f291201923b2ca735
parentc1278f967e90352506900d243888cd3ac9caee9f (diff)
luci-app-upnp: protect lease delete call with csrf token
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
-rw-r--r--applications/luci-app-upnp/luasrc/controller/upnp.lua2
-rw-r--r--applications/luci-app-upnp/luasrc/view/upnp_status.htm2
2 files changed, 2 insertions, 2 deletions
diff --git a/applications/luci-app-upnp/luasrc/controller/upnp.lua b/applications/luci-app-upnp/luasrc/controller/upnp.lua
index 790bf29d8..a0e2fd5a5 100644
--- a/applications/luci-app-upnp/luasrc/controller/upnp.lua
+++ b/applications/luci-app-upnp/luasrc/controller/upnp.lua
@@ -15,7 +15,7 @@ function index()
page.dependent = true
entry({"admin", "services", "upnp", "status"}, call("act_status")).leaf = true
- entry({"admin", "services", "upnp", "delete"}, call("act_delete")).leaf = true
+ entry({"admin", "services", "upnp", "delete"}, post("act_delete")).leaf = true
end
function act_status()
diff --git a/applications/luci-app-upnp/luasrc/view/upnp_status.htm b/applications/luci-app-upnp/luasrc/view/upnp_status.htm
index ce735cf7b..e358dcded 100644
--- a/applications/luci-app-upnp/luasrc/view/upnp_status.htm
+++ b/applications/luci-app-upnp/luasrc/view/upnp_status.htm
@@ -1,6 +1,6 @@
<script type="text/javascript">//<![CDATA[
function upnp_delete_fwd(idx) {
- XHR.get('<%=url('admin/services/upnp/delete')%>/' + idx, null,
+ (new XHR()).post('<%=url('admin/services/upnp/delete')%>/' + idx, { token: '<%=token%>' },
function(x)
{
var tb = document.getElementById('upnp_status_table');