summaryrefslogtreecommitdiffhomepage
path: root/modules/rpc/luasrc/controller
diff options
context:
space:
mode:
authorSteven Barth <steven@midlink.org>2008-12-15 10:40:45 +0000
committerSteven Barth <steven@midlink.org>2008-12-15 10:40:45 +0000
commit1ee5ba632ab52b5d3af5c88803fee89c8eaf6fe1 (patch)
treec71bbbb5247bb5f2a48f1f5e78d90dfe71d424b3 /modules/rpc/luasrc/controller
parent73109f3e46bc112faa9ebac16417b423d8661645 (diff)
Refined urltokens and XSRF protection
Diffstat (limited to 'modules/rpc/luasrc/controller')
-rw-r--r--modules/rpc/luasrc/controller/rpc.lua3
1 files changed, 2 insertions, 1 deletions
diff --git a/modules/rpc/luasrc/controller/rpc.lua b/modules/rpc/luasrc/controller/rpc.lua
index d83c26d45..e0aeb3bf0 100644
--- a/modules/rpc/luasrc/controller/rpc.lua
+++ b/modules/rpc/luasrc/controller/rpc.lua
@@ -25,7 +25,8 @@ function index()
local function authenticator(validator, accs)
local auth = luci.http.formvalue("auth", true)
if auth then
- local user = luci.sauth.read(auth)
+ local sdat = luci.sauth.read(auth)
+ user = loadstring(sdat)().user
if user and luci.util.contains(accs, user) then
return user, auth
end