diff options
author | Jo-Philipp Wich <jow@openwrt.org> | 2015-10-21 00:11:28 +0200 |
---|---|---|
committer | Jo-Philipp Wich <jow@openwrt.org> | 2015-10-21 00:11:28 +0200 |
commit | f23f7b8751bb36829fd2136dffadcfe1e702149a (patch) | |
tree | 4a95693b1e9eccd4e6bce20f291201923b2ca735 /applications | |
parent | c1278f967e90352506900d243888cd3ac9caee9f (diff) |
luci-app-upnp: protect lease delete call with csrf token
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Diffstat (limited to 'applications')
-rw-r--r-- | applications/luci-app-upnp/luasrc/controller/upnp.lua | 2 | ||||
-rw-r--r-- | applications/luci-app-upnp/luasrc/view/upnp_status.htm | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/applications/luci-app-upnp/luasrc/controller/upnp.lua b/applications/luci-app-upnp/luasrc/controller/upnp.lua index 790bf29d8..a0e2fd5a5 100644 --- a/applications/luci-app-upnp/luasrc/controller/upnp.lua +++ b/applications/luci-app-upnp/luasrc/controller/upnp.lua @@ -15,7 +15,7 @@ function index() page.dependent = true entry({"admin", "services", "upnp", "status"}, call("act_status")).leaf = true - entry({"admin", "services", "upnp", "delete"}, call("act_delete")).leaf = true + entry({"admin", "services", "upnp", "delete"}, post("act_delete")).leaf = true end function act_status() diff --git a/applications/luci-app-upnp/luasrc/view/upnp_status.htm b/applications/luci-app-upnp/luasrc/view/upnp_status.htm index ce735cf7b..e358dcded 100644 --- a/applications/luci-app-upnp/luasrc/view/upnp_status.htm +++ b/applications/luci-app-upnp/luasrc/view/upnp_status.htm @@ -1,6 +1,6 @@ <script type="text/javascript">//<![CDATA[ function upnp_delete_fwd(idx) { - XHR.get('<%=url('admin/services/upnp/delete')%>/' + idx, null, + (new XHR()).post('<%=url('admin/services/upnp/delete')%>/' + idx, { token: '<%=token%>' }, function(x) { var tb = document.getElementById('upnp_status_table'); |