summaryrefslogtreecommitdiffhomepage
path: root/applications/luci-app-splash/luasrc/view
diff options
context:
space:
mode:
authorJo-Philipp Wich <jow@openwrt.org>2015-10-21 00:09:55 +0200
committerJo-Philipp Wich <jow@openwrt.org>2015-10-21 00:09:55 +0200
commitc1278f967e90352506900d243888cd3ac9caee9f (patch)
treeefab2f495076a16b82ad94467092a6e2b1d97843 /applications/luci-app-splash/luasrc/view
parentac34dfa0bc65e2efeb9575d3cd42c4696d31bb1b (diff)
luci-app-splash: protect admin status call with csrf token
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Diffstat (limited to 'applications/luci-app-splash/luasrc/view')
-rw-r--r--applications/luci-app-splash/luasrc/view/admin_status/splash.htm2
1 files changed, 1 insertions, 1 deletions
diff --git a/applications/luci-app-splash/luasrc/view/admin_status/splash.htm b/applications/luci-app-splash/luasrc/view/admin_status/splash.htm
index 23982d449c..3415c205d5 100644
--- a/applications/luci-app-splash/luasrc/view/admin_status/splash.htm
+++ b/applications/luci-app-splash/luasrc/view/admin_status/splash.htm
@@ -214,7 +214,7 @@ end
<fieldset id="cbi-table-table" class="cbi-section">
<legend><%:Active Clients%></legend>
<div class="cbi-section-node">
- <% if is_admin then %><form action="<%=REQUEST_URI%>" method="post"><% end %>
+ <% if is_admin then %><form action="<%=REQUEST_URI%>" method="post"><input type="hidden" name="token" value="<%=token%>" /><% end %>
<table class="cbi-section-table">
<thead>
<tr class="cbi-section-table-titles">