diff options
Diffstat (limited to 'modules/luci-base/luasrc')
| -rw-r--r-- | modules/luci-base/luasrc/cbi/datatypes.lua | 42 | ||||
| -rw-r--r-- | modules/luci-base/luasrc/http.lua | 10 |
2 files changed, 31 insertions, 21 deletions
diff --git a/modules/luci-base/luasrc/cbi/datatypes.lua b/modules/luci-base/luasrc/cbi/datatypes.lua index cf56566287..df23aaf135 100644 --- a/modules/luci-base/luasrc/cbi/datatypes.lua +++ b/modules/luci-base/luasrc/cbi/datatypes.lua @@ -132,38 +132,40 @@ function ip6prefix(val) return ( val and val >= 0 and val <= 128 ) end -function ipmask(val) - return ipmask4(val) or ipmask6(val) +function cidr4(val) + local ip, mask = val:match("^([^/]+)/([^/]+)$") + + return ip4addr(ip) and ip4prefix(mask) end -function ipmask4(val) +function cidr6(val) local ip, mask = val:match("^([^/]+)/([^/]+)$") - local bits = tonumber(mask) - if bits and (bits < 0 or bits > 32) then - return false - end + return ip6addr(ip) and ip6prefix(mask) +end - if not bits and mask and not ip4addr(mask) then - return false - end +function ipnet4(val) + local ip, mask = val:match("^([^/]+)/([^/]+)$") - return ip4addr(ip or val) + return ip4addr(ip) and ip4addr(mask) end -function ipmask6(val) +function ipnet6(val) local ip, mask = val:match("^([^/]+)/([^/]+)$") - local bits = tonumber(mask) - if bits and (bits < 0 or bits > 128) then - return false - end + return ip6addr(ip) and ip6addr(mask) +end - if not bits and mask and not ip6addr(mask) then - return false - end +function ipmask(val) + return ipmask4(val) or ipmask6(val) +end + +function ipmask4(val) + return cidr4(val) or ipnet4(val) or ip4addr(val) +end - return ip6addr(ip or val) +function ipmask6(val) + return cidr6(val) or ipnet6(val) or ip6addr(val) end function ip6hostid(val) diff --git a/modules/luci-base/luasrc/http.lua b/modules/luci-base/luasrc/http.lua index 8795dfc4b2..9cc9857867 100644 --- a/modules/luci-base/luasrc/http.lua +++ b/modules/luci-base/luasrc/http.lua @@ -224,7 +224,15 @@ function write(content, src_err) header("Cache-Control", "no-cache") header("Expires", "0") end - + if not context.headers["x-frame-options"] then + header("X-Frame-Options", "SAMEORIGIN") + end + if not context.headers["x-xss-protection"] then + header("X-XSS-Protection", "1; mode=block") + end + if not context.headers["x-content-type-options"] then + header("X-Content-Type-Options", "nosniff") + end context.eoh = true coroutine.yield(3) |