diff options
author | Jo-Philipp Wich <jow@openwrt.org> | 2015-10-21 00:09:55 +0200 |
---|---|---|
committer | Jo-Philipp Wich <jow@openwrt.org> | 2015-10-21 00:09:55 +0200 |
commit | c1278f967e90352506900d243888cd3ac9caee9f (patch) | |
tree | efab2f495076a16b82ad94467092a6e2b1d97843 /applications/luci-app-splash/luasrc/view | |
parent | ac34dfa0bc65e2efeb9575d3cd42c4696d31bb1b (diff) |
luci-app-splash: protect admin status call with csrf token
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Diffstat (limited to 'applications/luci-app-splash/luasrc/view')
-rw-r--r-- | applications/luci-app-splash/luasrc/view/admin_status/splash.htm | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/applications/luci-app-splash/luasrc/view/admin_status/splash.htm b/applications/luci-app-splash/luasrc/view/admin_status/splash.htm index 23982d449c..3415c205d5 100644 --- a/applications/luci-app-splash/luasrc/view/admin_status/splash.htm +++ b/applications/luci-app-splash/luasrc/view/admin_status/splash.htm @@ -214,7 +214,7 @@ end <fieldset id="cbi-table-table" class="cbi-section"> <legend><%:Active Clients%></legend> <div class="cbi-section-node"> - <% if is_admin then %><form action="<%=REQUEST_URI%>" method="post"><% end %> + <% if is_admin then %><form action="<%=REQUEST_URI%>" method="post"><input type="hidden" name="token" value="<%=token%>" /><% end %> <table class="cbi-section-table"> <thead> <tr class="cbi-section-table-titles"> |