summaryrefslogtreecommitdiffhomepage
path: root/modules/luci-base
diff options
context:
space:
mode:
authorJo-Philipp Wich <jo@mein.io>2020-01-07 09:08:49 +0100
committerJo-Philipp Wich <jo@mein.io>2020-01-07 09:10:19 +0100
commit38c9c9e0a2564b9644a56f1143f6acf0c9e272c8 (patch)
tree4556a887f52bf8d907be54776d4faa3d9e0644a8 /modules/luci-base
parent4b22060823d5f1ef94c4c439afad3e5c79eb71bc (diff)
luci-base: dispatcher: fix rpc controller regression
When testing the luci-rpc authnetication, avoid clobbering the HTTP post request body. Fixes: #3470 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Diffstat (limited to 'modules/luci-base')
-rw-r--r--modules/luci-base/luasrc/dispatcher.lua4
1 files changed, 3 insertions, 1 deletions
diff --git a/modules/luci-base/luasrc/dispatcher.lua b/modules/luci-base/luasrc/dispatcher.lua
index d4293422b5..8dac8d6b6e 100644
--- a/modules/luci-base/luasrc/dispatcher.lua
+++ b/modules/luci-base/luasrc/dispatcher.lua
@@ -305,7 +305,7 @@ local function tree_to_json(node, json)
elseif subname == "rpc" and subnode.module == "luci.controller.rpc" then
spec.auth = {
login = false,
- methods = { "param:auth", "cookie:sysauth" }
+ methods = { "query:auth", "cookie:sysauth" }
}
elseif subnode.module == "luci.controller.admin.uci" then
spec.auth = {
@@ -546,6 +546,8 @@ local function check_authentication(method)
sid = http.getcookie(auth_param)
elseif auth_type == "param" then
sid = http.formvalue(auth_param)
+ elseif auth_type == "query" then
+ sid = http.formvalue(auth_param, true)
end
return session_retrieve(sid)