luci-lua-runtime: dispatcher.lua: re-add test_post_security()

While no LuCI code utilizes this function anymore, some existing legacy Lua controllers expect the function to exist, so restore it. Fixes: #6532 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
author: Jo-Philipp Wich <jo@mein.io> 2023-08-21 15:35:41 +0200
committer: Jo-Philipp Wich <jo@mein.io> 2023-08-21 15:35:41 +0200
commit: 2fd74a8239c3986bb2e741e907b2a90f2833f073 (patch)
tree: 23be06564d7064e7cbddc826b5d43c69b4718134 /modules/luci-lua-runtime/luasrc
parent: a6a428fe60b6fd306bef6d0559bc1d78372b0e56 (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/modules/luci-lua-runtime/luasrc/dispatcher.lua b/modules/luci-lua-runtime/luasrc/dispatcher.lua
index dfbb225f0e..816c9f35e3 100644
--- a/modules/luci-lua-runtime/luasrc/dispatcher.lua
+++ b/modules/luci-lua-runtime/luasrc/dispatcher.lua
@@ -360,6 +360,22 @@ function render_lua_template(path)
 	tpl.render(path, getfenv(1))
 end
 
+function test_post_security()
+	if http:getenv("REQUEST_METHOD") ~= "POST" then
+		http:status(405, "Method Not Allowed")
+		http:header("Allow", "POST")
+		return false
+	end
+
+	if http:formvalue("token") ~= context.authtoken then
+		http:status(403, "Forbidden")
+		_G.L.include("csrftoken")
+		return false
+	end
+
+	return true
+end
+
 
 function call(name, ...)
 	return {
author	Jo-Philipp Wich <jo@mein.io>	2023-08-21 15:35:41 +0200
committer	Jo-Philipp Wich <jo@mein.io>	2023-08-21 15:35:41 +0200
commit	2fd74a8239c3986bb2e741e907b2a90f2833f073 (patch)
tree	23be06564d7064e7cbddc826b5d43c69b4718134 /modules/luci-lua-runtime/luasrc
parent	a6a428fe60b6fd306bef6d0559bc1d78372b0e56 (diff)