summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2018-04-05luci-base: fix possible shell injection in luci.tools.status.switch_status()Jo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-05luci-base: dispatcher: reject non-POST requests with any cbi.submit valueJo-Philipp Wich
Due to the fact that luci.model.cbi reacts on any "cbi.submit" value while the dispatcher only required POST for cbi.submit == 1, the CSRF token protection could be bypassed. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-04luci-app-freifunk-diagnostics: use FULL_REQUEST_URIJo-Philipp Wich
Switch from using the REQUEST_URI CGI variable directly to the canonicalized FULL_REQUEST_URI property. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-04luci-app-commands: use FULL_REQUEST_URIJo-Philipp Wich
Switch from using the REQUEST_URI CGI variable directly to the canonicalized FULL_REQUEST_URI property. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-04luci-base: use FULL_REQUEST_URI on login form templatesJo-Philipp Wich
Switch from using the REQUEST_URI CGI variable directly to the canonicalized FULL_REQUEST_URI property. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-04luci-base: add FULL_REQUEST_URI template propertyJo-Philipp Wich
Introduce a new template property FULL_REQUEST_URI which returns the full canonicalized request URL built from SCRIPT_NAME, PATH_INFO and QUERY_STRING. This new property is safer to use compared to using the raw REQUEST_URI CGI environment variable directly as this value is essentially untrusted user input which may contain embedded escaped slashes, double forward slashes and other oddities allowing XSS exploitation or request redirection. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-04luci-mod-admin-full: use strict hostname validation for dhcp hostsJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-04luci-base: add a strict flag to the hostname validatorJo-Philipp Wich
Some applications, e.g. dnsmasq, do not allow hostnames starting with an underscore, therefor extend the existing hostname datatype validator with a `strict` which disallows a leading underscore. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-04luci-base: switch to ubus uci operationsJo-Philipp Wich
Switch luci.model.uci to use ubus uci calls instead of driving libuci-lua directly. This prepares support for more advanced features such as per-session change isolation and configuration rollback on errors. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-03Merge pull request #1715 from TDT-AG/pr/20180403-luci-app-mwan3-updateHannu Nyman
luci-app-mwan3: fixes and improvments
2018-04-03luci-app-mwan3: remove unnecessary 'tracking active' hintFlorian Eckert
Remove the unnecessary 'tracking active' hint from the status interface page. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2018-04-03luci-app-mwan3: remove diag-rc-legend field idFlorian Eckert
On the material theme the "Collecting data" hint in the status pages was still present on the page even though the command was sucessfull executed. Remove the legend tag and move the info "Collecting data" to the "diag-rc-output" tag will solve this issue. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2018-04-03luci-app-mwan3: calculate max interface usage from mmx_mask valueFlorian Eckert
Show max interface value on interface page dependent on the mmx_mask value Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2018-04-02luci-base: zh_CN: update Simplified Chinese translationQian Zheng
Signed-off-by: Qian Zheng <sotux82@gmail.com>
2018-03-29Merge pull request #1706 from musashino205/l10n/tmate-upd-jaHannu Nyman
luci-app-travelmate: update Japanese translation
2018-03-29luci-app-travelmate: update Japanese translationINAGAKI Hiroshi
Updated Japanese translations. Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
2018-03-29i18n: sync translationsINAGAKI Hiroshi
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
2018-03-28Merge pull request #1703 from dibdot/travelmateDirk Brenken
luci-app-travelmate: made "ignore bssid" flag conditional
2018-03-28Merge pull request #1704 from TDT-AG/pr/20180328-luci-app-mwan3-fixesDirk Brenken
luci-app-mwan3: fix syntax error and update notify page
2018-03-28luci-app-mwan3: update notify infoFlorian Eckert
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2018-03-28luci-app-mwan3: fix strict XHTML syntax errorFlorian Eckert
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2018-03-28luci-app-travelmate: made "ignore bssid" flag conditionalDirk Brenken
* made the "ignore bssid" flag conditional to ease connection to hidden networks: * default for hidden networks "disabled" * default for all others "enabled" Signed-off-by: Dirk Brenken <dev@brenken.org>
2018-03-27Merge pull request #1697 from TDT-AG/pr/20180323-luci-base-fix-tblsectionDirk Brenken
luci-base: add missing colspan in tblsection if table is empty
2018-03-27luci-base: fix colspans calculation in tblsectionFlorian Eckert
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2018-03-26Merge pull request #1701 from SvenRoederer/patch-2Hannu Nyman
wireguard: add dependency to luci-proto-wireguard
2018-03-26wireguard: add dependency to luci-proto-wireguardSven Roederer
Installing luci-app-wireguard should also install luci-proto-wireguard, to have it as an protocol for interface setup. Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
2018-03-23Merge pull request #1696 from TDT-AG/pr/20180323-luci-app-mwan3-add-boxes-againHannu Nyman
luci-app-mwan3: add boxes again and update css in luci-theme-material
2018-03-23luci-theme-material: add missing css classesFlorian Eckert
* Add missing css class danger * Add missing css class success * Update background color for css class warning Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2018-03-23luci-app-mwan3: add missing graphics boxes againFlorian Eckert
Add css boxes for mwan3 status again Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2018-03-23luci-app-mwan3: remove notMonitored status informationFlorian Eckert
This case is not supported by mwan3 anymore Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2018-03-22Merge pull request #1695 from dibdot/regex-dhcphostJo-Philipp Wich
luci-base/util.lua: enhance checklib function
2018-03-22luci-base/util.lua: enhance checklib functionDirk Brenken
* enhance the checklib function in util.lua to check the 'fullpathexe' as well, e.g. this fixes runtime errors on the dhcp/dns template in environments without dnsmasq Signed-off-by: Dirk Brenken <dev@brenken.org>
2018-03-20Merge pull request #1693 from sotux/master_zh-cn-translationHannu Nyman
luci-app-upnp: zh_CN: Update Simplified Chinese translation
2018-03-20luci-app-upnp: zh_CN: Update Simplified Chinese translationQian Zheng
Signed-off-by: Qian Zheng <sotux82@gmail.com>
2018-03-19Merge pull request #1692 from EricLuehrsen/unbound_pnetHannu Nyman
unbound: add domain resolution control options
2018-03-19Merge pull request #1689 from aparcar/asu-fixupHannu Nyman
luci-app-attendedsysupgrade: fixup missing package
2018-03-18unbound: add domain resolution control optionsEric Luehrsen
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
2018-03-18Merge pull request #1691 from dibdot/travelmateDirk Brenken
luci-app-travelmate: final frontend changes for 18.x
2018-03-17luci-app-travelmate: final frontend changes for 18.xDirk Brenken
* made qrencode support optional (remove hardcoded dependency) * add a conditional QR Code button on overview page, remove separate "QR Codes" tab * move trigger timeout setting to extra section Signed-off-by: Dirk Brenken <dev@brenken.org>
2018-03-16luci-app-attendedsysupgrade: fixup missing packagePaul Spooren
Signed-off-by: Paul Spooren <spooren@informatik.uni-leipzig.de>
2018-03-16Merge pull request #1688 from dibdot/adblockDirk Brenken
luci-app-adblock: remaining fixes
2018-03-16luci-app-adblock: remaining fixesDirk Brenken
* missed in the last (untested) commit - sorry. Signed-off-by: Dirk Brenken <dev@brenken.org>
2018-03-16Merge pull request #1686 from dibdot/wifischeduleDirk Brenken
luci-app-wifischedule: fix function calls
2018-03-16Merge pull request #1685 from dibdot/travelmateDirk Brenken
luci-app-travelmate: fix function calls
2018-03-16Merge pull request #1684 from dibdot/adblockDirk Brenken
luci-app-adblock: fix function calls
2018-03-15luci-app-wifischedule: fix function callsDirk Brenken
* fix function calls that have an implicit extra parameter self, pre-requisite for PR #1681 Signed-off-by: Dirk Brenken <dev@brenken.org>
2018-03-15luci-app-adblock: fix function callsDirk Brenken
* fix function calls that have an implicit extra parameter self, pre-requisite for PR #1681 Signed-off-by: Dirk Brenken <dev@brenken.org>
2018-03-15luci-app-travelmate: fix function callsDirk Brenken
* fix function calls that have an implicit extra parameter self, pre-requisite for PR #1681 Signed-off-by: Dirk Brenken <dev@brenken.org>
2018-03-15Merge pull request #1654 from TDT-AG/pr/20180301-luci-several-fixesJo-Philipp Wich
luci-app-firewall/luci-base/luci-mod-admin-full: some fixes and improvements
2018-03-12Merge pull request #1680 from rtau/bugfix-ocserv_comprHannu Nyman
luci-app-ocserv: match default value of compression