diff options
| author | Jo-Philipp Wich <jow@openwrt.org> | 2015-10-06 22:29:07 +0200 |
|---|---|---|
| committer | Jo-Philipp Wich <jow@openwrt.org> | 2015-10-06 22:29:07 +0200 |
| commit | e440144d5693eee6858151e8e52b98b594069265 (patch) | |
| tree | 275febba35292807d9034bfa9582201ea0605eb5 /modules/luci-mod-admin-full/luasrc/view/admin_uci | |
| parent | 9b75d8ec364d37361d25177738bf31897d650ba8 (diff) | |
luci-mod-admin-full: switch to POST actions for UCI changes
Switches UCI apply/revert/save to CSRF token protected POST actions.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Diffstat (limited to 'modules/luci-mod-admin-full/luasrc/view/admin_uci')
| -rw-r--r-- | modules/luci-mod-admin-full/luasrc/view/admin_uci/changes.htm | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/modules/luci-mod-admin-full/luasrc/view/admin_uci/changes.htm b/modules/luci-mod-admin-full/luasrc/view/admin_uci/changes.htm index 865780ff0f..c3373604f3 100644 --- a/modules/luci-mod-admin-full/luasrc/view/admin_uci/changes.htm +++ b/modules/luci-mod-admin-full/luasrc/view/admin_uci/changes.htm @@ -1,6 +1,6 @@ <%# Copyright 2008 Steven Barth <steven@midlink.org> - Copyright 2008 Jo-Philipp Wich <jow@openwrt.org> + Copyright 2008-2015 Jo-Philipp Wich <jow@openwrt.org> Licensed to the public under the Apache License 2.0. -%> @@ -25,15 +25,18 @@ <% end %> <div style="text-align:right"> - <form class="inline" method="get" action="<%=controller%>/admin/uci/apply"> + <form class="inline" method="post" action="<%=controller%>/admin/uci/apply"> + <input type="hidden" name="token" value="<%=token%>" /> <input type="hidden" name="redir" value="<%=pcdata(luci.http.formvalue("redir"))%>" /> <input class="cbi-button cbi-button-apply" type="submit" value="<%:Apply%>" /> </form> - <form class="inline" method="get" action="<%=controller%>/admin/uci/saveapply"> + <form class="inline" method="post" action="<%=controller%>/admin/uci/saveapply"> + <input type="hidden" name="token" value="<%=token%>" /> <input type="hidden" name="redir" value="<%=pcdata(luci.http.formvalue("redir"))%>" /> <input class="cbi-button cbi-button-save" type="submit" value="<%:Save & Apply%>" /> </form> - <form class="inline" method="get" action="<%=controller%>/admin/uci/revert"> + <form class="inline" method="post" action="<%=controller%>/admin/uci/revert"> + <input type="hidden" name="token" value="<%=token%>" /> <input type="hidden" name="redir" value="<%=pcdata(luci.http.formvalue("redir"))%>" /> <input class="cbi-button cbi-button-reset" type="submit" value="<%:Revert%>" /> </form> |