summaryrefslogtreecommitdiffhomepage
path: root/modules/luci-mod-admin-full/luasrc/controller
diff options
context:
space:
mode:
authorJo-Philipp Wich <jow@openwrt.org>2015-10-20 22:17:23 +0200
committerJo-Philipp Wich <jow@openwrt.org>2015-10-20 22:17:23 +0200
commit8bb749ecc3b5f7f836f744f0056e90ac78522926 (patch)
tree9a461a1a779f8b2b484cee6784cd4dd2697a8193 /modules/luci-mod-admin-full/luasrc/controller
parent6b3f804956e50b3e3afc96bd866b089d4523c6e2 (diff)
luci-mod-admin-full: protect network post actions with csrf tokens
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Diffstat (limited to 'modules/luci-mod-admin-full/luasrc/controller')
-rw-r--r--modules/luci-mod-admin-full/luasrc/controller/admin/network.lua57
1 files changed, 24 insertions, 33 deletions
diff --git a/modules/luci-mod-admin-full/luasrc/controller/admin/network.lua b/modules/luci-mod-admin-full/luasrc/controller/admin/network.lua
index 6e578e013c..879e54b249 100644
--- a/modules/luci-mod-admin-full/luasrc/controller/admin/network.lua
+++ b/modules/luci-mod-admin-full/luasrc/controller/admin/network.lua
@@ -1,5 +1,5 @@
-- Copyright 2008 Steven Barth <steven@midlink.org>
--- Copyright 2011 Jo-Philipp Wich <jow@openwrt.org>
+-- Copyright 2011-2015 Jo-Philipp Wich <jow@openwrt.org>
-- Licensed to the public under the Apache License 2.0.
module("luci.controller.admin.network", package.seeall)
@@ -43,22 +43,22 @@ function index()
end)
if has_wifi then
- page = entry({"admin", "network", "wireless_join"}, call("wifi_join"), nil)
+ page = entry({"admin", "network", "wireless_join"}, post("wifi_join"), nil)
page.leaf = true
- page = entry({"admin", "network", "wireless_add"}, call("wifi_add"), nil)
+ page = entry({"admin", "network", "wireless_add"}, post("wifi_add"), nil)
page.leaf = true
- page = entry({"admin", "network", "wireless_delete"}, call("wifi_delete"), nil)
+ page = entry({"admin", "network", "wireless_delete"}, post("wifi_delete"), nil)
page.leaf = true
page = entry({"admin", "network", "wireless_status"}, call("wifi_status"), nil)
page.leaf = true
- page = entry({"admin", "network", "wireless_reconnect"}, call("wifi_reconnect"), nil)
+ page = entry({"admin", "network", "wireless_reconnect"}, post("wifi_reconnect"), nil)
page.leaf = true
- page = entry({"admin", "network", "wireless_shutdown"}, call("wifi_shutdown"), nil)
+ page = entry({"admin", "network", "wireless_shutdown"}, post("wifi_shutdown"), nil)
page.leaf = true
page = entry({"admin", "network", "wireless"}, arcombine(template("admin_network/wifi_overview"), cbi("admin_network/wifi")), _("Wifi"), 15)
@@ -85,16 +85,16 @@ function index()
page = entry({"admin", "network", "iface_add"}, cbi("admin_network/iface_add"), nil)
page.leaf = true
- page = entry({"admin", "network", "iface_delete"}, call("iface_delete"), nil)
+ page = entry({"admin", "network", "iface_delete"}, post("iface_delete"), nil)
page.leaf = true
page = entry({"admin", "network", "iface_status"}, call("iface_status"), nil)
page.leaf = true
- page = entry({"admin", "network", "iface_reconnect"}, call("iface_reconnect"), nil)
+ page = entry({"admin", "network", "iface_reconnect"}, post("iface_reconnect"), nil)
page.leaf = true
- page = entry({"admin", "network", "iface_shutdown"}, call("iface_shutdown"), nil)
+ page = entry({"admin", "network", "iface_shutdown"}, post("iface_shutdown"), nil)
page.leaf = true
page = entry({"admin", "network", "network"}, arcombine(cbi("admin_network/network"), cbi("admin_network/ifaces")), _("Interfaces"), 10)
@@ -138,44 +138,33 @@ function index()
page.title = _("Diagnostics")
page.order = 60
- page = entry({"admin", "network", "diag_ping"}, call("diag_ping"), nil)
+ page = entry({"admin", "network", "diag_ping"}, post("diag_ping"), nil)
page.leaf = true
- page = entry({"admin", "network", "diag_nslookup"}, call("diag_nslookup"), nil)
+ page = entry({"admin", "network", "diag_nslookup"}, post("diag_nslookup"), nil)
page.leaf = true
- page = entry({"admin", "network", "diag_traceroute"}, call("diag_traceroute"), nil)
+ page = entry({"admin", "network", "diag_traceroute"}, post("diag_traceroute"), nil)
page.leaf = true
- page = entry({"admin", "network", "diag_ping6"}, call("diag_ping6"), nil)
+ page = entry({"admin", "network", "diag_ping6"}, post("diag_ping6"), nil)
page.leaf = true
- page = entry({"admin", "network", "diag_traceroute6"}, call("diag_traceroute6"), nil)
+ page = entry({"admin", "network", "diag_traceroute6"}, post("diag_traceroute6"), nil)
page.leaf = true
-- end
end
function wifi_join()
- local function param(x)
- return luci.http.formvalue(x)
- end
-
- local function ptable(x)
- x = param(x)
- return x and (type(x) ~= "table" and { x } or x) or {}
- end
-
- local dev = param("device")
- local ssid = param("join")
+ local tpl = require "luci.template"
+ local http = require "luci.http"
+ local dev = http.formvalue("device")
+ local ssid = http.formvalue("join")
if dev and ssid then
- local cancel = (param("cancel") or param("cbi.cancel")) and true or false
-
- if cancel then
- luci.http.redirect(luci.dispatcher.build_url("admin/network/wireless_join?device=" .. dev))
- else
+ local cancel = (http.formvalue("cancel") or http.formvalue("cbi.cancel"))
+ if not cancel then
local cbi = require "luci.cbi"
- local tpl = require "luci.template"
local map = luci.cbi.load("admin_network/wifi_add")[1]
if map:parse() ~= cbi.FORM_DONE then
@@ -183,10 +172,12 @@ function wifi_join()
map:render()
tpl.render("footer")
end
+
+ return
end
- else
- luci.template.render("admin_network/wifi_join")
end
+
+ tpl.render("admin_network/wifi_join")
end
function wifi_add()