Age | Commit message (Collapse) | Author |
|
Due to the fact that luci.model.cbi reacts on any "cbi.submit" value while
the dispatcher only required POST for cbi.submit == 1, the CSRF token
protection could be bypassed.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Switch from using the REQUEST_URI CGI variable directly to the canonicalized
FULL_REQUEST_URI property.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Introduce a new template property FULL_REQUEST_URI which returns the full
canonicalized request URL built from SCRIPT_NAME, PATH_INFO and QUERY_STRING.
This new property is safer to use compared to using the raw REQUEST_URI CGI
environment variable directly as this value is essentially untrusted user
input which may contain embedded escaped slashes, double forward slashes and
other oddities allowing XSS exploitation or request redirection.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Some applications, e.g. dnsmasq, do not allow hostnames starting with an
underscore, therefor extend the existing hostname datatype validator with
a `strict` which disallows a leading underscore.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Switch luci.model.uci to use ubus uci calls instead of driving libuci-lua
directly.
This prepares support for more advanced features such as per-session change
isolation and configuration rollback on errors.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
* fix wrong private function call to handle
section id as parameter (fix for #1687)
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
|
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
|
* enhance the checklib function in util.lua to check the 'fullpathexe'
as well, e.g. this fixes runtime errors on the dhcp/dns template in
environments without dnsmasq
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
|
luci-app-firewall/luci-base/luci-mod-admin-full: some fixes and improvements
|
|
Use the new luci.ip MAC address facilities to parse and verify MAC addresses
in a common way, instead of relying on various ad-hoc solutions.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
The /etc/ethers file may contain any number of white space characters
between the mac address and the IP/hostname field, so extend the pattern
to allow for that.
Man ethers(5) also states that the IP field may be a symbolic hostname,
so test whether the name is an IP address or hostname before adding it
to the hints structure.
Fixes #1674.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
luci-base/firewall_zonelist: fix visual interface/background alignment
|
|
* fix for #1667, tested with all standard themes
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
|
If IPv6 prefix assignment is disabled, the "local-address" structure
might exist, but be empty which causes the adress formatting in the
network model class to bail out.
Verify the completeness of the "local-address" structure before using
it in order to avoid runtime errors.
Fixes #1657.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Keep the ifname and bridge state backup variables in /etc/config/luci to not
pollute /etc/config/network.
Fixes #1655.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
If cbi_init() is not called first browser gif will not be found.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
|
OpenWrt/LEDE introduced the "local-address" field a while back to expose the
effective local host address of the delegated prefix, so use that information
instead of assuming `[prefix]:1`.
Fixes #1484.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
A valid host ID as accepted by netifd must meet the following criteria:
- Is either one of the two special "random" or "eui64" strings
- Or is a valid IPv6 address according to inet_pton(AF_INET6)
- Has the first 64 bit set to zero
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Update timezone data to 2018c
http://mm.icann.org/pipermail/tz-announce/2018-January/000048.html
Briefly:
Sao Tome and PrÃncipe switched from +00 to +01.
Brazil's DST will now start on November's first Sunday.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Fall back to using a phy-wide iwinfo handle if the vif query yields no result.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
The _wifi_sid_by_ifname() function depends on _wifi_state_by_ifname()
so reorder the private helper functions accordingly to avoid nil value
call attempts.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
- fix mapping of ubus wireless state to uci declared vifs
- fix leaking foreign vif info into per-phy iwinfo stats
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Update timezone data to 2017c
http://mm.icann.org/pipermail/tz-announce/2017-October/000047.html
Briefly:
Northern Cyprus switches from +03 to +02/+03 on 2017-10-29.
Fiji ends DST 2018-01-14, not 2018-01-21.
Namibia switches from +01/+02 to +02 on 2018-04-01.
Sudan switches from +03 to +02 on 2017-11-01.
Tonga likely switches from +13/+14 to +13 on 2017-11-05.
Turks & Caicos switches from -04 to -05/-04 on 2018-11-04.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
|
|
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Fixes #1343.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
- Rewrite ipmask to use these subtypes
- Add ip{4,6}prefix validators to cbi.js
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
|
Properly deal with client accept languages containing a culture identifier
such as "zh-CN" or "pt-BR".
Fixes #1226.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
The previous implementation of the function only returned ethernet
interfaces because it relied on the AF_PACKET family entries returned
by getifaddrs().
Change the function to simply collect all interface names it sees in
order to avoid missing tunnel interfaces.
Fixes FS#917.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Some controller actions like the ones in "servicectl" require authentication
but are not meant to provide an authenticator because they're only invoked
by scripts.
Rework the dispatcher logic to handle this situation and only bail out if
an authenticator name other than "htmlauth" is set.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Drop the individual calls to nixio.getnameinfo() in luci.sys.net and rely
on the "network.rrdns.lookup" ubus call instead to fetch domain information
within a guaranteed timeout.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Drop a number of redundant functions from luci.sys to shrink the code a bit:
* luci.sys.net.arptable() - replaced by luci.ip.neighbors()
* luci.sys.net.routes() - replaced by luci.ip.routes()
* luci.sys.net.routes6() - replaced by luci.ip.routes6()
* luci.sys.net.deviceinfo() - replaced by nixio.getaddrinfo()
* luci.sys.net.pingtest() - no known user
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Drop the custom credentials checking in favor to perform proper session
logins via rpcd. This is needed to properly setup ACLs when spawning
rpcd sessions in order to support direct client side ubus access in the
future.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Add support for 'ip6ifaceid' option for proto_static in LuCI.
Information about the option:
The option is optional and defaults to '::1'.
Allowed values: 'eui64', 'random', fixed value like '::1' or '::1:2'
When IPv6 prefix (like 'a:b:c:d::') is received from a delegating
server, the ip6ifaceid suffix (like '::1') is used to form
the IPv6 address ('a:b:c:d::1') for the interface.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
|
|
Add Etc/GMT timezones like GMT+5
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
|
|
In some cases it is useful to be able to override the template used for the
sysauth login dialog.
Add a new property "sysauth_template" which allows overriding the template
name from controller files.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Update timezone data to 2017b.
http://mm.icann.org/pipermail/tz-announce/2017-February/000045.html
http://mm.icann.org/pipermail/tz-announce/2017-March/000046.html
Key changes in 2017a-2017b:
* Mongolia no longer observes DST.
* Chile's Region of Magallanes moves from -04/-03 to -03 year-round.
* Switch to numeric time zone abbreviations for South America, as
part of the ongoing project of removing invented abbreviations.
* Haiti resumed observance of DST in 2017.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
|
|
Remove the code related to the deprecated madwifi driver.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
|
|
Adds support for the fwmark option.
FwMark is a 32-bit fwmark for outgoing packets.
If set to 0 or "off", this option is disabled.
Signed-off-by: Dan Luedtke <mail@danrl.com>
|
|
Signed-off-by: Dan Luedtke <mail@danrl.com>
|
|
Add datatype 'hexstring' for input validaiton datatypes.
It will accept any hexadecimal string.
(no length validation, as rangelength can be used for that.)
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
|
|
base: status: For odhpcd leases display MAC formatted with colons
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
The Overview page and Network>Interfaces page currently do not give much information about IPv6, particularly with Prefix Delegated setups. In these setups, ISP will delegate a prefix to the router. Currently LuCI doesn't display this Prefix Delegation from the ISP anywhere. A number of changes was added to this commit:
1) self:_ubus("ipv6-prefix") was extracted and put into protocol.ip6prefix.
2) Network>Interfaces page, if a .ip6prefix is present, show it under Status. (IPv6-PD).
3) On the Overview page, "Type" and "Prefix Delegated" has been added to the IPv6 Network Overview Status:
- Type will display the .proto, similar to the IPv4 case. If a .ip6prefix is present, it'll display a "-pd" at the end of the Type: i.e. dhcpv6-pd vs. dhcpv6.
- If no .ip6prefix is present, it'll do what it does currently, and just show Address, or :: if no address is present.
- If .ip6prefix is present, it'll show the "Prefix Delegated", it'll also hide "Address" if no address is present, else it'll show ifc6.ip6addr as well.
Signed-off-by: Cody R. Brown <dev@codybrown.ca>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
The missing parens lead to a wrong expression precedence, causing a runtime
error when attempting to compare nil with a number.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
These validators accept IP address specifications in the form
- address
- address/bits
- address/netmask
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|