summaryrefslogtreecommitdiffhomepage
path: root/applications
diff options
context:
space:
mode:
authorJo-Philipp Wich <jow@openwrt.org>2015-10-20 23:58:01 +0200
committerJo-Philipp Wich <jow@openwrt.org>2015-10-20 23:58:01 +0200
commitb9ed03c5a9a52c17b30f3fb61b81ce1c2ee0ea6e (patch)
tree44225c3a48e919f2a5949cab867b1faec7f21408 /applications
parentd4666757b746fe88c517a605a6f3b9dbcaa0ff93 (diff)
luci-app-ddns: protect start/stop actions with csrf token
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Diffstat (limited to 'applications')
-rw-r--r--applications/luci-app-ddns/luasrc/controller/ddns.lua2
-rw-r--r--applications/luci-app-ddns/luasrc/view/ddns/overview_status.htm2
2 files changed, 2 insertions, 2 deletions
diff --git a/applications/luci-app-ddns/luasrc/controller/ddns.lua b/applications/luci-app-ddns/luasrc/controller/ddns.lua
index 946dfefbc8..4fbd3c3fcf 100644
--- a/applications/luci-app-ddns/luasrc/controller/ddns.lua
+++ b/applications/luci-app-ddns/luasrc/controller/ddns.lua
@@ -38,7 +38,7 @@ function index()
{hideapplybtn=true, hidesavebtn=true, hideresetbtn=true}), nil ).leaf = true
entry( {"admin", "services", "ddns", "global"}, cbi("ddns/global"), nil ).leaf = true
entry( {"admin", "services", "ddns", "logview"}, call("logread") ).leaf = true
- entry( {"admin", "services", "ddns", "startstop"}, call("startstop") ).leaf = true
+ entry( {"admin", "services", "ddns", "startstop"}, post("startstop") ).leaf = true
entry( {"admin", "services", "ddns", "status"}, call("status") ).leaf = true
end
diff --git a/applications/luci-app-ddns/luasrc/view/ddns/overview_status.htm b/applications/luci-app-ddns/luasrc/view/ddns/overview_status.htm
index 5464812223..b6d4ebb9fd 100644
--- a/applications/luci-app-ddns/luasrc/view/ddns/overview_status.htm
+++ b/applications/luci-app-ddns/luasrc/view/ddns/overview_status.htm
@@ -136,7 +136,7 @@
// do start/stop
var btnXHR = new XHR();
- btnXHR.get('<%=url('admin/services/ddns/startstop')%>/' + section + '/' + cbx.checked, null,
+ btnXHR.post('<%=url('admin/services/ddns/startstop')%>/' + section + '/' + cbx.checked, { token: '<%=token%>' },
function(x, data) {
if (x.responseText == "_uncommitted_") {
// we need a trick to display Ampersand "&" in stead of "&#38;" or "&amp;"