diff options
author | Steven Barth <steven@midlink.org> | 2008-12-15 10:40:45 +0000 |
---|---|---|
committer | Steven Barth <steven@midlink.org> | 2008-12-15 10:40:45 +0000 |
commit | 1ee5ba632ab52b5d3af5c88803fee89c8eaf6fe1 (patch) | |
tree | c71bbbb5247bb5f2a48f1f5e78d90dfe71d424b3 /modules/rpc/luasrc/controller | |
parent | 73109f3e46bc112faa9ebac16417b423d8661645 (diff) |
Refined urltokens and XSRF protection
Diffstat (limited to 'modules/rpc/luasrc/controller')
-rw-r--r-- | modules/rpc/luasrc/controller/rpc.lua | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/modules/rpc/luasrc/controller/rpc.lua b/modules/rpc/luasrc/controller/rpc.lua index d83c26d45..e0aeb3bf0 100644 --- a/modules/rpc/luasrc/controller/rpc.lua +++ b/modules/rpc/luasrc/controller/rpc.lua @@ -25,7 +25,8 @@ function index() local function authenticator(validator, accs) local auth = luci.http.formvalue("auth", true) if auth then - local user = luci.sauth.read(auth) + local sdat = luci.sauth.read(auth) + user = loadstring(sdat)().user if user and luci.util.contains(accs, user) then return user, auth end |