Age | Commit message (Collapse) | Author |
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Due to the fact that luci.model.cbi reacts on any "cbi.submit" value while
the dispatcher only required POST for cbi.submit == 1, the CSRF token
protection could be bypassed.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Switch from using the REQUEST_URI CGI variable directly to the canonicalized
FULL_REQUEST_URI property.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Switch from using the REQUEST_URI CGI variable directly to the canonicalized
FULL_REQUEST_URI property.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Switch from using the REQUEST_URI CGI variable directly to the canonicalized
FULL_REQUEST_URI property.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Introduce a new template property FULL_REQUEST_URI which returns the full
canonicalized request URL built from SCRIPT_NAME, PATH_INFO and QUERY_STRING.
This new property is safer to use compared to using the raw REQUEST_URI CGI
environment variable directly as this value is essentially untrusted user
input which may contain embedded escaped slashes, double forward slashes and
other oddities allowing XSS exploitation or request redirection.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Some applications, e.g. dnsmasq, do not allow hostnames starting with an
underscore, therefor extend the existing hostname datatype validator with
a `strict` which disallows a leading underscore.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Switch luci.model.uci to use ubus uci calls instead of driving libuci-lua
directly.
This prepares support for more advanced features such as per-session change
isolation and configuration rollback on errors.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
luci-app-mwan3: fixes and improvments
|
|
Remove the unnecessary 'tracking active' hint from the status interface
page.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
|
On the material theme the "Collecting data" hint in the status pages
was still present on the page even though the command was sucessfull executed.
Remove the legend tag and move the info "Collecting data" to the
"diag-rc-output" tag will solve this issue.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
|
Show max interface value on interface page dependent on the mmx_mask
value
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
|
Signed-off-by: Qian Zheng <sotux82@gmail.com>
|
|
luci-app-travelmate: update Japanese translation
|
|
Updated Japanese translations.
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
|
|
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
|
|
luci-app-travelmate: made "ignore bssid" flag conditional
|
|
luci-app-mwan3: fix syntax error and update notify page
|
|
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
|
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
|
* made the "ignore bssid" flag conditional to ease connection
to hidden networks:
* default for hidden networks "disabled"
* default for all others "enabled"
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
|
luci-base: add missing colspan in tblsection if table is empty
|
|
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
|
wireguard: add dependency to luci-proto-wireguard
|
|
Installing luci-app-wireguard should also install luci-proto-wireguard, to have it as an protocol for interface setup.
Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
|
|
luci-app-mwan3: add boxes again and update css in luci-theme-material
|
|
* Add missing css class danger
* Add missing css class success
* Update background color for css class warning
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
|
Add css boxes for mwan3 status again
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
|
This case is not supported by mwan3 anymore
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
|
luci-base/util.lua: enhance checklib function
|
|
* enhance the checklib function in util.lua to check the 'fullpathexe'
as well, e.g. this fixes runtime errors on the dhcp/dns template in
environments without dnsmasq
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
|
luci-app-upnp: zh_CN: Update Simplified Chinese translation
|
|
Signed-off-by: Qian Zheng <sotux82@gmail.com>
|
|
unbound: add domain resolution control options
|
|
luci-app-attendedsysupgrade: fixup missing package
|
|
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
|
luci-app-travelmate: final frontend changes for 18.x
|
|
* made qrencode support optional (remove hardcoded dependency)
* add a conditional QR Code button on overview page,
remove separate "QR Codes" tab
* move trigger timeout setting to extra section
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
|
Signed-off-by: Paul Spooren <spooren@informatik.uni-leipzig.de>
|
|
luci-app-adblock: remaining fixes
|
|
* missed in the last (untested) commit - sorry.
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
|
luci-app-wifischedule: fix function calls
|
|
luci-app-travelmate: fix function calls
|
|
luci-app-adblock: fix function calls
|
|
* fix function calls that have an implicit extra parameter self,
pre-requisite for PR #1681
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
|
* fix function calls that have an implicit extra parameter self,
pre-requisite for PR #1681
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
|
* fix function calls that have an implicit extra parameter self,
pre-requisite for PR #1681
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
|
luci-app-firewall/luci-base/luci-mod-admin-full: some fixes and improvements
|
|
luci-app-ocserv: match default value of compression
|