summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2015-10-21luci-base: remove security token from urlsJo-Philipp Wich
Now that sensitive urls require post requests and only accept them if a valid security token is sent along the request, we can drop the global random url token to improve LuCI usability. The main improvement is the ability to use multiple tabs with the same login session, but also deep linking to specific urls without the need for another login becomes feasible, e.g. for documentation purposes. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-21luci-app-upnp: protect lease delete call with csrf tokenJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-21luci-app-splash: protect admin status call with csrf tokenJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-21luci-app-radicale: protect start/stop actions with csrf tokenJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-21luci-app-privoxy: protect start/stop actions with csrf tokenJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-21luci-app-ocserv: protect disconnect action with csrf tokenJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-20luci-app-ddns: protect start/stop actions with csrf tokenJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-20luci-mod-admin-full: protect iptables counter reset and restart with tokenJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-20luci-mod-admin-full: protect network post actions with csrf tokensJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-20luci-base: filter invalid opkg status linesJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-20luci-mod-admin-full: protect clock, flash and opkg ops with submit tokenJo-Philipp Wich
* Use post_on() target to require csrf token verification for modifying actions * Ensure that package and flash operation handlers guard modifying operations with parameter check Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-20luci-base: generalize post security token handlingJo-Philipp Wich
* Add a generic helper function to check need for post / csrf token validation * Remove custom token verification in cbi targets * Support requiring post security depending on specific submit parameters, usable through post_on() action Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-13Merge pull request #513 from LuttyYang/masterHannu Nyman
luci-theme-material: PR from Version 0.2.11
2015-10-13luci-theme-material: PR from Version 0.2.11Lutty Yang
Signed-off-by: Lutty Yang <lutty@wcan.in>
2015-10-13i18n: Sync translationsHannu Nyman
Sync translations to the current strings. Changes in luci-app-ddns, luci-app-mjpg-streamer, luci-app-qos, luci-app-shadowsocks-libev, luci-app-statistics and luci-base Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2015-10-13luci-base: update i18n base templateHannu Nyman
Update i18n base template to match the current strings. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2015-10-13luci.mk: correct SK language name to SlovakHannu Nyman
SK language code refers to Slovak, not Slovene. Native language name is correct. References: https://forum.openwrt.org/viewtopic.php?id=60235 https://en.wikipedia.org/wiki/Slovak_language Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2015-10-12luci-app-ddns: fix typo in previous commitJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-12Timezone information: update to 2015gHannu Nyman
Changes in 2015g: http://mm.icann.org/pipermail/tz-announce/2015-October/000034.html Norfolk moves from +1130 to +1100 on 2015-10-04 at 02:00 local time. Fiji's 2016 fall-back transition is scheduled for January 17, not 24. Fort Nelson, British Columbia will not fall back on 2015-11-01. It has effectively been on MST (-0700) since it advanced its clocks on 2015-03-08. New zone America/Fort_Nelson. Note: the Turkey-related one-time rule change is not apparently catched by the zoneinfo2lua script, so that change is not included in this commit. (Turkey's 2015 fall-back transition is scheduled for Nov. 8, not Oct. 25.) Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2015-10-12luci-app-ddns: remove title <a> hacksJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-08Merge pull request #505 from roger-/dump1090-latlonJo-Philipp Wich
dump1090: lat/lon should be floats
2015-10-07dump1090: lat/lon should be floatsRoger
Signed-off-by: Roger D <rogerdammit@gmail.com>
2015-10-08luci-base: prevent UCI changes in CBI if form is not in submit stateJo-Philipp Wich
Only process submitted data if the "cbi.submit" parameter is present as the dispatcher will verify the integrity of the CSRF token in this case. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-07Globally replace luci.dispatcher.build_url(...) with url(...) invocationsJo-Philipp Wich
Also concat multiple string arguments into one while we're at it. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-07luci-base: expose luci.dispatcher.build_url() as url() in templatesJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-07luci-base: protect simpleforms with CSRF tokensJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-07luci-mod-admin-full: switch to POST action for rebootJo-Philipp Wich
Also rework the reboot tmeplate a little bit. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-06luci-base: switch to POST action for service reloadJo-Philipp Wich
Switches the service reload calls to CSRF token protected POST action. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-06luci-mod-admin-full: switch to POST actions for UCI changesJo-Philipp Wich
Switches UCI apply/revert/save to CSRF token protected POST actions. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-06luci-theme-bootstrap: add redir parameter to uci change menuJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-06luci-theme-material: add redir parameter to uci change menuJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-06luci-base: protect CBI forms with CSRF tokensJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-06luci-base: add support for POST-only actions with CSRF token checkJo-Philipp Wich
Add the dispatcher infrastructure to restrict certain routes to POST requests only in conjunction with verification of CSRF tokens. This is the first step to get rid of the CSRF token in the url in favor to tokens embedded in forms. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-06Merge pull request #503 from LuttyYang/masterHannu Nyman
luci-theme-material: fix some style bug in LUCI newest version
2015-10-06luci-theme-material: fix some style bug in LUCI newest versionLutty Yang
Signed-off-by: Lutty Yang <lutty@wcan.in>
2015-10-06Globally convert headline anchors into name attributes.Jo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-05Merge pull request #501 from LuttyYang/masterJo-Philipp Wich
luci-theme-material: PR from version 0.2.6
2015-10-05luci-app-statistics: reorder interface, netlink and openvpn datasourcesJo-Philipp Wich
This aligns the order and grouping of RX and TX network datasources. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-05luci-app-statistics: add support for sorting RRD data sourcesJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-05luci-app-statistics: add initial support for collectd-mod-openvpnJo-Philipp Wich
This changeset covers compression and traffic stats, not every combination has been tested yet. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-05luci-theme-material: PR from version 0.2.6Lutty Yang
PR from version 0.2.6 Signed-off-by: Lutty Yang <lutty@wcan.in>
2015-10-05luci-app-statistics: add initial support for collect-mod-sensorsJo-Philipp Wich
Due to a lack of a test environment this support only covers thermal graphs so far. Please send the output of "rrdtool info /tmp/rrd/*/sensors-*/*.rrd" if your system happens to support voltage, power or fanspeed sensors. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-04Merge pull request #488 from hnyman/black-flashHannu Nyman
luci-base: change index.html to be more like current themes
2015-10-04Merge pull request #489 from hnyman/remove-bno-themeHannu Nyman
themes: remove freifunk-bno theme
2015-10-03luci-mod-admin-full: status: survive broken DSL status outputJo-Philipp Wich
Only attempt to call "dsl_func" if the dsl_control lucistat output could be successfully evaluated. Works around https://dev.openwrt.org/ticket/20607 Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-03luci-app-statistics: improve diagram generation, add missing titleJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-03luci-app-statistics: rework graph label handlingJo-Philipp Wich
Remove leftover unused translation code and properly escape colons in line labels. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-03luci-app-statistics: only render index view for more than one instanceJo-Philipp Wich
If a plugin produces only one instance, e.g. netlink with just one interface configured, then the controller will register no detail views which would normally show all graphs but the index pacage of a given plugin will still display the collapsed view without any possibility to reach the full listing. Fix the problem by only rendering a linked index view when more than one instance is present. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-02proto_map: fix ealen rangeSteven Barth
Signed-off-by: Steven Barth <steven@midlink.org>
2015-09-29Merge pull request #496 from neheb/masterHannu Nyman
Use ZopfliPNG to save 5.4 KB