summaryrefslogtreecommitdiffhomepage
path: root/modules/luci-base
diff options
context:
space:
mode:
authorJo-Philipp Wich <jow@openwrt.org>2015-10-22 08:30:29 +0200
committerJo-Philipp Wich <jow@openwrt.org>2015-10-22 08:30:29 +0200
commitd32c68503994d46aa71473a647118b431119ae2a (patch)
tree74538ad95586b92a39ddf8803635055fd79fe282 /modules/luci-base
parent79383f5a74bcff528a5270a930c36b58e310010c (diff)
luci-base: dispatcher expose test_post_security()
Allows external code to perform POST and token checking manually. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Diffstat (limited to 'modules/luci-base')
-rw-r--r--modules/luci-base/luasrc/dispatcher.lua26
1 files changed, 17 insertions, 9 deletions
diff --git a/modules/luci-base/luasrc/dispatcher.lua b/modules/luci-base/luasrc/dispatcher.lua
index 6742a0b33d..cd5d77a12b 100644
--- a/modules/luci-base/luasrc/dispatcher.lua
+++ b/modules/luci-base/luasrc/dispatcher.lua
@@ -172,6 +172,22 @@ local function require_post_security(target)
return false
end
+function test_post_security()
+ if http.getenv("REQUEST_METHOD") ~= "POST" then
+ http.status(405, "Method Not Allowed")
+ http.header("Allow", "POST")
+ return false
+ end
+
+ if http.formvalue("token") ~= context.authtoken then
+ http.status(403, "Forbidden")
+ luci.template.render("csrftoken")
+ return false
+ end
+
+ return true
+end
+
function dispatch(request)
--context._disable_memtrace = require "luci.debug".trap_memtrace("l")
local ctx = context
@@ -376,15 +392,7 @@ function dispatch(request)
end
if c and require_post_security(c.target) then
- if http.getenv("REQUEST_METHOD") ~= "POST" then
- http.status(405, "Method Not Allowed")
- http.header("Allow", "POST")
- return
- end
-
- if http.formvalue("token") ~= ctx.authtoken then
- http.status(403, "Forbidden")
- luci.template.render("csrftoken")
+ if not test_post_security(c) then
return
end
end