diff options
| author | Jo-Philipp Wich <jow@openwrt.org> | 2015-10-22 08:30:29 +0200 |
|---|---|---|
| committer | Jo-Philipp Wich <jow@openwrt.org> | 2015-10-22 08:30:29 +0200 |
| commit | d32c68503994d46aa71473a647118b431119ae2a (patch) | |
| tree | 74538ad95586b92a39ddf8803635055fd79fe282 /modules/luci-base/luasrc | |
| parent | 79383f5a74bcff528a5270a930c36b58e310010c (diff) | |
luci-base: dispatcher expose test_post_security()
Allows external code to perform POST and token checking manually.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Diffstat (limited to 'modules/luci-base/luasrc')
| -rw-r--r-- | modules/luci-base/luasrc/dispatcher.lua | 26 |
1 files changed, 17 insertions, 9 deletions
diff --git a/modules/luci-base/luasrc/dispatcher.lua b/modules/luci-base/luasrc/dispatcher.lua index 6742a0b33..cd5d77a12 100644 --- a/modules/luci-base/luasrc/dispatcher.lua +++ b/modules/luci-base/luasrc/dispatcher.lua @@ -172,6 +172,22 @@ local function require_post_security(target) return false end +function test_post_security() + if http.getenv("REQUEST_METHOD") ~= "POST" then + http.status(405, "Method Not Allowed") + http.header("Allow", "POST") + return false + end + + if http.formvalue("token") ~= context.authtoken then + http.status(403, "Forbidden") + luci.template.render("csrftoken") + return false + end + + return true +end + function dispatch(request) --context._disable_memtrace = require "luci.debug".trap_memtrace("l") local ctx = context @@ -376,15 +392,7 @@ function dispatch(request) end if c and require_post_security(c.target) then - if http.getenv("REQUEST_METHOD") ~= "POST" then - http.status(405, "Method Not Allowed") - http.header("Allow", "POST") - return - end - - if http.formvalue("token") ~= ctx.authtoken then - http.status(403, "Forbidden") - luci.template.render("csrftoken") + if not test_post_security(c) then return end end |