summaryrefslogtreecommitdiffhomepage
path: root/modules/luci-base/luasrc/view
diff options
context:
space:
mode:
Diffstat (limited to 'modules/luci-base/luasrc/view')
-rw-r--r--modules/luci-base/luasrc/view/cbi/apply_xhr.htm4
-rw-r--r--modules/luci-base/luasrc/view/cbi/browser.htm2
-rw-r--r--modules/luci-base/luasrc/view/cbi/error.htm2
-rw-r--r--modules/luci-base/luasrc/view/cbi/header.htm1
-rw-r--r--modules/luci-base/luasrc/view/cbi/map.htm2
-rw-r--r--modules/luci-base/luasrc/view/cbi/simpleform.htm3
-rw-r--r--modules/luci-base/luasrc/view/csrftoken.htm24
-rw-r--r--modules/luci-base/luasrc/view/error404.htm2
-rw-r--r--modules/luci-base/luasrc/view/error500.htm2
-rw-r--r--modules/luci-base/luasrc/view/sysauth.htm2
10 files changed, 35 insertions, 9 deletions
diff --git a/modules/luci-base/luasrc/view/cbi/apply_xhr.htm b/modules/luci-base/luasrc/view/cbi/apply_xhr.htm
index 1814c9393b..daa57c1db7 100644
--- a/modules/luci-base/luasrc/view/cbi/apply_xhr.htm
+++ b/modules/luci-base/luasrc/view/cbi/apply_xhr.htm
@@ -4,10 +4,10 @@
<script type="text/javascript">//<![CDATA[
var apply_xhr = new XHR();
- apply_xhr.get('<%=luci.dispatcher.build_url("servicectl", "restart", table.concat(configs, ","))%>', null,
+ apply_xhr.post('<%=url('servicectl/restart', table.concat(configs, ","))%>', { token: '<%=token%>' },
function() {
var checkfinish = function() {
- apply_xhr.get('<%=luci.dispatcher.build_url("servicectl", "status")%>', null,
+ apply_xhr.get('<%=url('servicectl/status')%>', null,
function(x) {
if( x.responseText == 'finish' )
{
diff --git a/modules/luci-base/luasrc/view/cbi/browser.htm b/modules/luci-base/luasrc/view/cbi/browser.htm
index e4a4077d55..a18120141d 100644
--- a/modules/luci-base/luasrc/view/cbi/browser.htm
+++ b/modules/luci-base/luasrc/view/cbi/browser.htm
@@ -2,6 +2,6 @@
<%+cbi/valueheader%>
<input class="cbi-input-text" type="text"<%= attr("value", v) .. attr("name", cbid) .. attr("id", cbid) %> />
<script type="text/javascript">
-cbi_browser_init('<%=cbid%>', '<%=resource%>', '<%=luci.dispatcher.build_url("admin", "filebrowser")%>'<%=self.default_path and ", '"..self.default_path.."'"%>);
+cbi_browser_init('<%=cbid%>', '<%=resource%>', '<%=url('admin/filebrowser')%>'<%=self.default_path and ", '"..self.default_path.."'"%>);
</script>
<%+cbi/valuefooter%>
diff --git a/modules/luci-base/luasrc/view/cbi/error.htm b/modules/luci-base/luasrc/view/cbi/error.htm
index 2acb96924e..75ec1082aa 100644
--- a/modules/luci-base/luasrc/view/cbi/error.htm
+++ b/modules/luci-base/luasrc/view/cbi/error.htm
@@ -1,5 +1,5 @@
<div class="cbi-map" id="cbi-<%=self.config%>">
- <% if self.title and #self.title > 0 then %><h2><a id="content" name="content"><%=self.title%></a></h2><% end %>
+ <% if self.title and #self.title > 0 then %><h2 name="content"><%=self.title%></h2><% end %>
<% if self.description and #self.description > 0 then %><div class="cbi-map-descr"><%=self.description%></div><% end %>
<p class="alert-message danger">
diff --git a/modules/luci-base/luasrc/view/cbi/header.htm b/modules/luci-base/luasrc/view/cbi/header.htm
index 2bddaba61a..302df1d2fd 100644
--- a/modules/luci-base/luasrc/view/cbi/header.htm
+++ b/modules/luci-base/luasrc/view/cbi/header.htm
@@ -2,6 +2,7 @@
<form method="post" name="cbi" action="<%=REQUEST_URI%>" enctype="multipart/form-data" onreset="return cbi_validate_reset(this)" onsubmit="return cbi_validate_form(this, '<%:Some fields are invalid, cannot save values!%>')">
<div>
<script type="text/javascript" src="<%=resource%>/cbi.js"></script>
+ <input type="hidden" name="token" value="<%=token%>" />
<input type="hidden" name="cbi.submit" value="1" />
<input type="submit" value="<%:Save%>" class="hidden" />
</div>
diff --git a/modules/luci-base/luasrc/view/cbi/map.htm b/modules/luci-base/luasrc/view/cbi/map.htm
index 053220d185..e90c3f589f 100644
--- a/modules/luci-base/luasrc/view/cbi/map.htm
+++ b/modules/luci-base/luasrc/view/cbi/map.htm
@@ -5,7 +5,7 @@
<%-+cbi/apply_xhr-%>
<div class="cbi-map" id="cbi-<%=self.config%>">
- <% if self.title and #self.title > 0 then %><h2><a id="content" name="content"><%=self.title%></a></h2><% end %>
+ <% if self.title and #self.title > 0 then %><h2 name="content"><%=self.title%></h2><% end %>
<% if self.description and #self.description > 0 then %><div class="cbi-map-descr"><%=self.description%></div><% end %>
<%- if firstmap and applymap then cbi_apply_xhr(self.config, parsechain, redirect) end -%>
<%- self:render_children() %>
diff --git a/modules/luci-base/luasrc/view/cbi/simpleform.htm b/modules/luci-base/luasrc/view/cbi/simpleform.htm
index 5216cd50f1..78f5c5a544 100644
--- a/modules/luci-base/luasrc/view/cbi/simpleform.htm
+++ b/modules/luci-base/luasrc/view/cbi/simpleform.htm
@@ -2,11 +2,12 @@
<form method="post" enctype="multipart/form-data" action="<%=REQUEST_URI%>">
<div>
<script type="text/javascript" src="<%=resource%>/cbi.js"></script>
+ <input type="hidden" name="token" value="<%=token%>" />
<input type="hidden" name="cbi.submit" value="1" />
</div>
<% end %>
<div class="cbi-map" id="cbi-<%=self.config%>">
- <% if self.title and #self.title > 0 then %><h2><a id="content" name="content"><%=self.title%></a></h2><% end %>
+ <% if self.title and #self.title > 0 then %><h2 name="content"><%=self.title%></h2><% end %>
<% if self.description and #self.description > 0 then %><div class="cbi-map-descr"><%=self.description%></div><% end %>
<% self:render_children() %>
<br />
diff --git a/modules/luci-base/luasrc/view/csrftoken.htm b/modules/luci-base/luasrc/view/csrftoken.htm
new file mode 100644
index 0000000000..57ac03f3bf
--- /dev/null
+++ b/modules/luci-base/luasrc/view/csrftoken.htm
@@ -0,0 +1,24 @@
+<%#
+ Copyright 2015 Jo-Philipp Wich <jow@openwrt.org>
+ Licensed to the public under the Apache License 2.0.
+-%>
+
+<%+header%>
+
+<h2 name="content"><%:Form token mismatch%></h2>
+<br />
+
+<p class="alert-message"><%:The submitted security token is invalid or already expired!%></p>
+
+<p><%:
+ In order to prevent unauthorized access to the system, your request has
+ been blocked. Click "Continue »" below to return to the previous page.
+%></p>
+
+<hr />
+
+<p class="right">
+ <strong><a href="#" onclick="window.history.back();">Continue »</a></strong>
+</p>
+
+<%+footer%>
diff --git a/modules/luci-base/luasrc/view/error404.htm b/modules/luci-base/luasrc/view/error404.htm
index c2be29ed58..bc74226830 100644
--- a/modules/luci-base/luasrc/view/error404.htm
+++ b/modules/luci-base/luasrc/view/error404.htm
@@ -5,7 +5,7 @@
-%>
<%+header%>
-<h2><a id="content" name="content">404 <%:Not Found%></a></h2>
+<h2 name="content">404 <%:Not Found%></h2>
<p><%:Sorry, the object you requested was not found.%></p>
<tt><%:Unable to dispatch%>: <%=luci.http.request.env.PATH_INFO%></tt>
<%+footer%>
diff --git a/modules/luci-base/luasrc/view/error500.htm b/modules/luci-base/luasrc/view/error500.htm
index 8fb18ed076..34a52cda84 100644
--- a/modules/luci-base/luasrc/view/error500.htm
+++ b/modules/luci-base/luasrc/view/error500.htm
@@ -5,7 +5,7 @@
-%>
<%+header%>
-<h2><a id="content" name="content">500 <%:Internal Server Error%></a></h2>
+<h2 name="content">500 <%:Internal Server Error%></h2>
<p><%:Sorry, the server encountered an unexpected error.%></p>
<pre class="error500"><%=message%></pre>
<%+footer%>
diff --git a/modules/luci-base/luasrc/view/sysauth.htm b/modules/luci-base/luasrc/view/sysauth.htm
index 7f0f0a622b..e207504911 100644
--- a/modules/luci-base/luasrc/view/sysauth.htm
+++ b/modules/luci-base/luasrc/view/sysauth.htm
@@ -8,7 +8,7 @@
<form method="post" action="<%=pcdata(luci.http.getenv("REQUEST_URI"))%>">
<div class="cbi-map">
- <h2><a id="content" name="content"><%:Authorization Required%></a></h2>
+ <h2 name="content"><%:Authorization Required%></h2>
<div class="cbi-map-descr">
<%:Please enter your username and password.%>
<%- if fuser then %>