diff options
author | Jo-Philipp Wich <jow@openwrt.org> | 2015-10-06 18:54:35 +0200 |
---|---|---|
committer | Jo-Philipp Wich <jow@openwrt.org> | 2015-10-06 18:54:35 +0200 |
commit | 8d46c20327509dbafa3fd0dc4e4426765244c5a1 (patch) | |
tree | 3bf13d177475b1f347530c93813e2d86f1bec1e4 /modules/luci-base/luasrc/view | |
parent | 5a6382171da2c941e17d050cd357629f40541cb6 (diff) |
luci-base: protect CBI forms with CSRF tokens
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Diffstat (limited to 'modules/luci-base/luasrc/view')
-rw-r--r-- | modules/luci-base/luasrc/view/cbi/header.htm | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/modules/luci-base/luasrc/view/cbi/header.htm b/modules/luci-base/luasrc/view/cbi/header.htm index 2bddaba61a..302df1d2fd 100644 --- a/modules/luci-base/luasrc/view/cbi/header.htm +++ b/modules/luci-base/luasrc/view/cbi/header.htm @@ -2,6 +2,7 @@ <form method="post" name="cbi" action="<%=REQUEST_URI%>" enctype="multipart/form-data" onreset="return cbi_validate_reset(this)" onsubmit="return cbi_validate_form(this, '<%:Some fields are invalid, cannot save values!%>')"> <div> <script type="text/javascript" src="<%=resource%>/cbi.js"></script> + <input type="hidden" name="token" value="<%=token%>" /> <input type="hidden" name="cbi.submit" value="1" /> <input type="submit" value="<%:Save%>" class="hidden" /> </div> |