diff options
Diffstat (limited to 'modules/luci-base/luasrc/view')
-rw-r--r-- | modules/luci-base/luasrc/view/cbi/apply_xhr.htm | 4 | ||||
-rw-r--r-- | modules/luci-base/luasrc/view/cbi/browser.htm | 2 | ||||
-rw-r--r-- | modules/luci-base/luasrc/view/cbi/error.htm | 2 | ||||
-rw-r--r-- | modules/luci-base/luasrc/view/cbi/header.htm | 1 | ||||
-rw-r--r-- | modules/luci-base/luasrc/view/cbi/map.htm | 2 | ||||
-rw-r--r-- | modules/luci-base/luasrc/view/cbi/simpleform.htm | 3 | ||||
-rw-r--r-- | modules/luci-base/luasrc/view/csrftoken.htm | 24 | ||||
-rw-r--r-- | modules/luci-base/luasrc/view/error404.htm | 2 | ||||
-rw-r--r-- | modules/luci-base/luasrc/view/error500.htm | 2 | ||||
-rw-r--r-- | modules/luci-base/luasrc/view/sysauth.htm | 2 |
10 files changed, 35 insertions, 9 deletions
diff --git a/modules/luci-base/luasrc/view/cbi/apply_xhr.htm b/modules/luci-base/luasrc/view/cbi/apply_xhr.htm index 1814c9393b..daa57c1db7 100644 --- a/modules/luci-base/luasrc/view/cbi/apply_xhr.htm +++ b/modules/luci-base/luasrc/view/cbi/apply_xhr.htm @@ -4,10 +4,10 @@ <script type="text/javascript">//<![CDATA[ var apply_xhr = new XHR(); - apply_xhr.get('<%=luci.dispatcher.build_url("servicectl", "restart", table.concat(configs, ","))%>', null, + apply_xhr.post('<%=url('servicectl/restart', table.concat(configs, ","))%>', { token: '<%=token%>' }, function() { var checkfinish = function() { - apply_xhr.get('<%=luci.dispatcher.build_url("servicectl", "status")%>', null, + apply_xhr.get('<%=url('servicectl/status')%>', null, function(x) { if( x.responseText == 'finish' ) { diff --git a/modules/luci-base/luasrc/view/cbi/browser.htm b/modules/luci-base/luasrc/view/cbi/browser.htm index e4a4077d55..a18120141d 100644 --- a/modules/luci-base/luasrc/view/cbi/browser.htm +++ b/modules/luci-base/luasrc/view/cbi/browser.htm @@ -2,6 +2,6 @@ <%+cbi/valueheader%> <input class="cbi-input-text" type="text"<%= attr("value", v) .. attr("name", cbid) .. attr("id", cbid) %> /> <script type="text/javascript"> -cbi_browser_init('<%=cbid%>', '<%=resource%>', '<%=luci.dispatcher.build_url("admin", "filebrowser")%>'<%=self.default_path and ", '"..self.default_path.."'"%>); +cbi_browser_init('<%=cbid%>', '<%=resource%>', '<%=url('admin/filebrowser')%>'<%=self.default_path and ", '"..self.default_path.."'"%>); </script> <%+cbi/valuefooter%> diff --git a/modules/luci-base/luasrc/view/cbi/error.htm b/modules/luci-base/luasrc/view/cbi/error.htm index 2acb96924e..75ec1082aa 100644 --- a/modules/luci-base/luasrc/view/cbi/error.htm +++ b/modules/luci-base/luasrc/view/cbi/error.htm @@ -1,5 +1,5 @@ <div class="cbi-map" id="cbi-<%=self.config%>"> - <% if self.title and #self.title > 0 then %><h2><a id="content" name="content"><%=self.title%></a></h2><% end %> + <% if self.title and #self.title > 0 then %><h2 name="content"><%=self.title%></h2><% end %> <% if self.description and #self.description > 0 then %><div class="cbi-map-descr"><%=self.description%></div><% end %> <p class="alert-message danger"> diff --git a/modules/luci-base/luasrc/view/cbi/header.htm b/modules/luci-base/luasrc/view/cbi/header.htm index 2bddaba61a..302df1d2fd 100644 --- a/modules/luci-base/luasrc/view/cbi/header.htm +++ b/modules/luci-base/luasrc/view/cbi/header.htm @@ -2,6 +2,7 @@ <form method="post" name="cbi" action="<%=REQUEST_URI%>" enctype="multipart/form-data" onreset="return cbi_validate_reset(this)" onsubmit="return cbi_validate_form(this, '<%:Some fields are invalid, cannot save values!%>')"> <div> <script type="text/javascript" src="<%=resource%>/cbi.js"></script> + <input type="hidden" name="token" value="<%=token%>" /> <input type="hidden" name="cbi.submit" value="1" /> <input type="submit" value="<%:Save%>" class="hidden" /> </div> diff --git a/modules/luci-base/luasrc/view/cbi/map.htm b/modules/luci-base/luasrc/view/cbi/map.htm index 053220d185..e90c3f589f 100644 --- a/modules/luci-base/luasrc/view/cbi/map.htm +++ b/modules/luci-base/luasrc/view/cbi/map.htm @@ -5,7 +5,7 @@ <%-+cbi/apply_xhr-%> <div class="cbi-map" id="cbi-<%=self.config%>"> - <% if self.title and #self.title > 0 then %><h2><a id="content" name="content"><%=self.title%></a></h2><% end %> + <% if self.title and #self.title > 0 then %><h2 name="content"><%=self.title%></h2><% end %> <% if self.description and #self.description > 0 then %><div class="cbi-map-descr"><%=self.description%></div><% end %> <%- if firstmap and applymap then cbi_apply_xhr(self.config, parsechain, redirect) end -%> <%- self:render_children() %> diff --git a/modules/luci-base/luasrc/view/cbi/simpleform.htm b/modules/luci-base/luasrc/view/cbi/simpleform.htm index 5216cd50f1..78f5c5a544 100644 --- a/modules/luci-base/luasrc/view/cbi/simpleform.htm +++ b/modules/luci-base/luasrc/view/cbi/simpleform.htm @@ -2,11 +2,12 @@ <form method="post" enctype="multipart/form-data" action="<%=REQUEST_URI%>"> <div> <script type="text/javascript" src="<%=resource%>/cbi.js"></script> + <input type="hidden" name="token" value="<%=token%>" /> <input type="hidden" name="cbi.submit" value="1" /> </div> <% end %> <div class="cbi-map" id="cbi-<%=self.config%>"> - <% if self.title and #self.title > 0 then %><h2><a id="content" name="content"><%=self.title%></a></h2><% end %> + <% if self.title and #self.title > 0 then %><h2 name="content"><%=self.title%></h2><% end %> <% if self.description and #self.description > 0 then %><div class="cbi-map-descr"><%=self.description%></div><% end %> <% self:render_children() %> <br /> diff --git a/modules/luci-base/luasrc/view/csrftoken.htm b/modules/luci-base/luasrc/view/csrftoken.htm new file mode 100644 index 0000000000..57ac03f3bf --- /dev/null +++ b/modules/luci-base/luasrc/view/csrftoken.htm @@ -0,0 +1,24 @@ +<%# + Copyright 2015 Jo-Philipp Wich <jow@openwrt.org> + Licensed to the public under the Apache License 2.0. +-%> + +<%+header%> + +<h2 name="content"><%:Form token mismatch%></h2> +<br /> + +<p class="alert-message"><%:The submitted security token is invalid or already expired!%></p> + +<p><%: + In order to prevent unauthorized access to the system, your request has + been blocked. Click "Continue »" below to return to the previous page. +%></p> + +<hr /> + +<p class="right"> + <strong><a href="#" onclick="window.history.back();">Continue »</a></strong> +</p> + +<%+footer%> diff --git a/modules/luci-base/luasrc/view/error404.htm b/modules/luci-base/luasrc/view/error404.htm index c2be29ed58..bc74226830 100644 --- a/modules/luci-base/luasrc/view/error404.htm +++ b/modules/luci-base/luasrc/view/error404.htm @@ -5,7 +5,7 @@ -%> <%+header%> -<h2><a id="content" name="content">404 <%:Not Found%></a></h2> +<h2 name="content">404 <%:Not Found%></h2> <p><%:Sorry, the object you requested was not found.%></p> <tt><%:Unable to dispatch%>: <%=luci.http.request.env.PATH_INFO%></tt> <%+footer%> diff --git a/modules/luci-base/luasrc/view/error500.htm b/modules/luci-base/luasrc/view/error500.htm index 8fb18ed076..34a52cda84 100644 --- a/modules/luci-base/luasrc/view/error500.htm +++ b/modules/luci-base/luasrc/view/error500.htm @@ -5,7 +5,7 @@ -%> <%+header%> -<h2><a id="content" name="content">500 <%:Internal Server Error%></a></h2> +<h2 name="content">500 <%:Internal Server Error%></h2> <p><%:Sorry, the server encountered an unexpected error.%></p> <pre class="error500"><%=message%></pre> <%+footer%> diff --git a/modules/luci-base/luasrc/view/sysauth.htm b/modules/luci-base/luasrc/view/sysauth.htm index 7f0f0a622b..e207504911 100644 --- a/modules/luci-base/luasrc/view/sysauth.htm +++ b/modules/luci-base/luasrc/view/sysauth.htm @@ -8,7 +8,7 @@ <form method="post" action="<%=pcdata(luci.http.getenv("REQUEST_URI"))%>"> <div class="cbi-map"> - <h2><a id="content" name="content"><%:Authorization Required%></a></h2> + <h2 name="content"><%:Authorization Required%></h2> <div class="cbi-map-descr"> <%:Please enter your username and password.%> <%- if fuser then %> |