summaryrefslogtreecommitdiffhomepage
path: root/applications
diff options
context:
space:
mode:
authorJo-Philipp Wich <jow@openwrt.org>2015-10-21 00:00:55 +0200
committerJo-Philipp Wich <jow@openwrt.org>2015-10-21 00:00:55 +0200
commit0f1f5140e36eff6d22de038f09f1d16b03e300e8 (patch)
tree8a86db0756767210265490d644e39ef2a1ef9a29 /applications
parentb9ed03c5a9a52c17b30f3fb61b81ce1c2ee0ea6e (diff)
luci-app-ocserv: protect disconnect action with csrf token
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Diffstat (limited to 'applications')
-rw-r--r--applications/luci-app-ocserv/luasrc/controller/ocserv.lua2
-rw-r--r--applications/luci-app-ocserv/luasrc/view/ocserv_status.htm2
2 files changed, 2 insertions, 2 deletions
diff --git a/applications/luci-app-ocserv/luasrc/controller/ocserv.lua b/applications/luci-app-ocserv/luasrc/controller/ocserv.lua
index dbeaaf8524..79c6ddb78e 100644
--- a/applications/luci-app-ocserv/luasrc/controller/ocserv.lua
+++ b/applications/luci-app-ocserv/luasrc/controller/ocserv.lua
@@ -28,7 +28,7 @@ function index()
call("ocserv_status")).leaf = true
entry({"admin", "services", "ocserv", "disconnect"},
- call("ocserv_disconnect")).leaf = true
+ post("ocserv_disconnect")).leaf = true
end
diff --git a/applications/luci-app-ocserv/luasrc/view/ocserv_status.htm b/applications/luci-app-ocserv/luasrc/view/ocserv_status.htm
index 138b03915a..03a9ed70ee 100644
--- a/applications/luci-app-ocserv/luasrc/view/ocserv_status.htm
+++ b/applications/luci-app-ocserv/luasrc/view/ocserv_status.htm
@@ -1,7 +1,7 @@
<script type="text/javascript">//<![CDATA[
function ocserv_disconnect(idx) {
- XHR.get('<%=url('admin/services/ocserv/disconnect')%>/' + idx, null,
+ (new XHR()).post('<%=url('admin/services/ocserv/disconnect')%>/' + idx, { token: '<%=token%>' },
function(x)
{
var tb = document.getElementById('ocserv_status_table');