summaryrefslogtreecommitdiffhomepage
path: root/modules/luci-base/luasrc/view
diff options
context:
space:
mode:
authorJo-Philipp Wich <jow@openwrt.org>2015-10-06 18:54:35 +0200
committerJo-Philipp Wich <jow@openwrt.org>2015-10-06 18:54:35 +0200
commit8d46c20327509dbafa3fd0dc4e4426765244c5a1 (patch)
tree3bf13d177475b1f347530c93813e2d86f1bec1e4 /modules/luci-base/luasrc/view
parent5a6382171da2c941e17d050cd357629f40541cb6 (diff)
luci-base: protect CBI forms with CSRF tokens
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Diffstat (limited to 'modules/luci-base/luasrc/view')
-rw-r--r--modules/luci-base/luasrc/view/cbi/header.htm1
1 files changed, 1 insertions, 0 deletions
diff --git a/modules/luci-base/luasrc/view/cbi/header.htm b/modules/luci-base/luasrc/view/cbi/header.htm
index 2bddaba61a..302df1d2fd 100644
--- a/modules/luci-base/luasrc/view/cbi/header.htm
+++ b/modules/luci-base/luasrc/view/cbi/header.htm
@@ -2,6 +2,7 @@
<form method="post" name="cbi" action="<%=REQUEST_URI%>" enctype="multipart/form-data" onreset="return cbi_validate_reset(this)" onsubmit="return cbi_validate_form(this, '<%:Some fields are invalid, cannot save values!%>')">
<div>
<script type="text/javascript" src="<%=resource%>/cbi.js"></script>
+ <input type="hidden" name="token" value="<%=token%>" />
<input type="hidden" name="cbi.submit" value="1" />
<input type="submit" value="<%:Save%>" class="hidden" />
</div>