summaryrefslogtreecommitdiffhomepage
path: root/modules/luci-mod-admin-full/luasrc/view
diff options
context:
space:
mode:
authorJo-Philipp Wich <jow@openwrt.org>2015-10-22 08:35:34 +0200
committerJo-Philipp Wich <jow@openwrt.org>2015-10-22 08:48:06 +0200
commit94ab57f48c9a8704a0a7da87bfa6ced9e73ca9be (patch)
treea4e362c10f884766fe0ba3b0aa3399d2ad191921 /modules/luci-mod-admin-full/luasrc/view
parentd32c68503994d46aa71473a647118b431119ae2a (diff)
luci-mod-admin-full: restructure and fix backup, restore and sysuprade (#517)
Do not use standard post security checking for actions that require file upload since reading the token value will trigger parsing of the http message body before the file upload handler has been set, which causes LuCI to buffer the entire request body in memory. In order to simplify the code and logic flow, split action_flashops() into separate handlers for reset, backup, restore and sysupgrade. Let the backup restore and sysupgrade handlers use the new test_post_security() method in luci.dispatcher to perform token checking *after* setting the upload handler. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Diffstat (limited to 'modules/luci-mod-admin-full/luasrc/view')
-rw-r--r--modules/luci-mod-admin-full/luasrc/view/admin_system/flashops.htm34
-rw-r--r--modules/luci-mod-admin-full/luasrc/view/admin_system/upgrade.htm7
2 files changed, 22 insertions, 19 deletions
diff --git a/modules/luci-mod-admin-full/luasrc/view/admin_system/flashops.htm b/modules/luci-mod-admin-full/luasrc/view/admin_system/flashops.htm
index 8bf1992944..82a1fdbc9c 100644
--- a/modules/luci-mod-admin-full/luasrc/view/admin_system/flashops.htm
+++ b/modules/luci-mod-admin-full/luasrc/view/admin_system/flashops.htm
@@ -17,38 +17,43 @@
<fieldset class="cbi-section">
<legend><%:Backup / Restore%></legend>
- <form method="post" action="<%=url('admin/system/flashops')%>" enctype="multipart/form-data">
- <input type="hidden" name="exec" value="1" />
- <input type="hidden" name="token" value="<%=token%>" />
- <div class="cbi-section-descr"><%:Click "Generate archive" to download a tar archive of the current configuration files. To reset the firmware to its initial state, click "Perform reset" (only possible with squashfs images).%></div>
- <div class="cbi-section-node">
+ <div class="cbi-section-descr"><%:Click "Generate archive" to download a tar archive of the current configuration files. To reset the firmware to its initial state, click "Perform reset" (only possible with squashfs images).%></div>
+ <div class="cbi-section-node">
+ <form class="inline" method="post" action="<%=url('admin/system/flashops/backup')%>">
+ <input type="hidden" name="token" value="<%=token%>" />
<div class="cbi-value<% if not reset_avail then %> cbi-value-last<% end %>">
<label class="cbi-value-title" for="image"><%:Download backup%>:</label>
<div class="cbi-value-field">
<input class="cbi-button cbi-button-apply" type="submit" name="backup" value="<%:Generate archive%>" />
</div>
</div>
- <% if reset_avail then %>
+ </form>
+ <% if reset_avail then %>
+ <form class="inline" method="post" action="<%=url('admin/system/flashops/reset')%>">
+ <input type="hidden" name="token" value="<%=token%>" />
<div class="cbi-value cbi-value-last">
<label class="cbi-value-title"><%:Reset to defaults%>:</label>
<div class="cbi-value-field">
<input onclick="return confirm('<%:Really reset all changes?%>')" class="cbi-button cbi-button-reset" type="submit" name="reset" value="<%:Perform reset%>" />
</div>
</div>
- <% end %>
- </div>
- <br />
- <div class="cbi-section-descr"><%:To restore configuration files, you can upload a previously generated backup archive here.%></div>
- <div class="cbi-section-node">
+ </form>
+ <% end %>
+ </div>
+ <br />
+ <div class="cbi-section-descr"><%:To restore configuration files, you can upload a previously generated backup archive here.%></div>
+ <div class="cbi-section-node">
+ <form class="inline" method="post" action="<%=url('admin/system/flashops/restore')%>" enctype="multipart/form-data">
<div class="cbi-value cbi-value-last">
<label class="cbi-value-title" for="archive"><%:Restore backup%>:</label>
<div class="cbi-value-field">
+ <input type="hidden" name="token" value="<%=token%>" />
<input type="file" name="archive" id="archive" />
<input type="submit" class="cbi-button cbi-input-apply" name="restore" value="<%:Upload archive...%>" />
</div>
</div>
- </div>
- </form>
+ </form>
+ </div>
</fieldset>
<br />
@@ -56,8 +61,7 @@
<fieldset class="cbi-section">
<legend><%:Flash new firmware image%></legend>
<% if upgrade_avail then %>
- <form method="post" action="<%=url('admin/system/flashops')%>" enctype="multipart/form-data">
- <input type="hidden" name="exec" value="1" />
+ <form method="post" action="<%=url('admin/system/flashops/sysupgrade')%>" enctype="multipart/form-data">
<input type="hidden" name="token" value="<%=token%>" />
<div class="cbi-section-descr"><%:Upload a sysupgrade-compatible image here to replace the running firmware. Check "Keep settings" to retain the current configuration (requires an OpenWrt compatible firmware image).%></div>
<div class="cbi-section-node">
diff --git a/modules/luci-mod-admin-full/luasrc/view/admin_system/upgrade.htm b/modules/luci-mod-admin-full/luasrc/view/admin_system/upgrade.htm
index 1985058829..5ca0398e13 100644
--- a/modules/luci-mod-admin-full/luasrc/view/admin_system/upgrade.htm
+++ b/modules/luci-mod-admin-full/luasrc/view/admin_system/upgrade.htm
@@ -45,12 +45,11 @@
</fieldset>
<div class="cbi-page-actions right">
- <form style="display:inline" action="<%=REQUEST_URI%>" method="post">
- <input class="cbi-button cbi-button-reset" type="submit" value="<%:Cancel%>" />
- </form>
- <form style="display:inline" action="<%=REQUEST_URI%>" method="post">
+ <form class="inline" action="<%=REQUEST_URI%>" method="post">
+ <input type="hidden" name="token" value="<%=token%>" />
<input type="hidden" name="step" value="2" />
<input type="hidden" name="keep" value="<%=keep and "1" or ""%>" />
+ <input class="cbi-button cbi-button-reset" name="cancel" type="submit" value="<%:Cancel%>" />
<input class="cbi-button cbi-button-apply" type="submit" value="<%:Proceed%>" />
</form>
</div>