summaryrefslogtreecommitdiffhomepage
path: root/modules/luci-base/luasrc
AgeCommit message (Collapse)Author
2018-06-08treewide: switch firewall zone, network and iface lists to dropdown codeJo-Philipp Wich
Also switch the weekday and monthday lists in the firewall rule details to cbi dropdowns, vastly uncluttering the form. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-06-08luci-base: add markup, JS and CSS for new dropdownJo-Philipp Wich
This commit introduces the required code for a new, markup based dropdown widget which can be used as a styleable alternative to select boxes or radio/checkbox button groups. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-06-08luci-base: support option aliases in luci.cbiJo-Philipp Wich
AbstractValue descendants may now specify a new optional property `alias` which refers to a uci option to read/write/remove that differs from the option name itself. This is mainly useful for widgets that are toggled based on dependencies, e.g. for alternating between SingleValue and MultiValue, but which are intented to write into the same uci option. Such a setup was previously possible already by overriding the .cfgvalue(), .write() and .remove() callbacks with custom implementations, but that required a lot of boiler plate code and was rather fragile. With the `alias` property, CBI now takes care of the details and tracks aliased fields within a section accordingly. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-06-06luci-base: fix some minor luci.model.uci issuesJo-Philipp Wich
- Properly serialize option delete changelogs - Do not perform a section create if a nil value is passed to set() Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-06-03luci-base: cbi: atomically reorder uci sectionsJo-Philipp Wich
Since the switch to ubus uci operations we do not have a local application- side cursor cache anymore, instead uci operations happen synchronously in the rpcd backend server. This may cause cbi section reorder operations involving multiple elements to fail, because anonymous section hashes may change due to rehashing between consecutive ubus uci reorder calls. In order to avoid that problem, use the ubus uci batch reorder extension, which allows to pass a complete (or partial) list of section ids in the desired order in one call, bypassing the volatile section id problem. Fixes #1844. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-31luci-base: use common alert message markupJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-31luci-base: update coxpcall() implementation, fix runtime error reportingJo-Philipp Wich
Sync our coxpcall() implementation to the newest upstream version in order to get access to the inner backtrace information and propagate these traces to the browser in luci.dispatcher.dispatch(). This should make tracking down runtime errors much easier. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-31luci-base: add full page overlay during applyJo-Philipp Wich
After applying uci configuration, a full map reload is required in many cases as the anonymous section identifiers might have been rehashed, causing the rendered map to go out of sync. To avoid that, add both a full page overlay preventing further page interaction and let the apply widget forcibly reload the current view once the operation is complete. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-28treewide: convert HTML tables to divJo-Philipp Wich
Mostly convert HTML tables to div based markup to allow for easier styling in the future. Also change JS accessor code accordingly. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-23luci-base: fix dispacher failAnsuel Smith
http.getenv("SCRIPT_NAME") fail if it's not provided. This can happen in the login screen when we don't have any script to load. Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2018-05-19luci-base: handle potential crash in luci.model.network.interface.get_i18n()Jo-Philipp Wich
Should prevent the crash mentioned in #1779. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-19luci-base: break circular luci.config <> luci.model.uci dependencyJo-Philipp Wich
On certain environments, mainly with the embedded uhttpd interpreter, the luci.config class cannot be loaded due to a circular dependency with the luci.model.uci class. Break up the dependency by deferring the loading of luci.config in luci.model.uci until it is actually needed. Fixes #1803, FS#1553. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-18Merge pull request #1769 from jow-/masterJo-Philipp Wich
UCI apply/rollback workflow
2018-05-18luci-base: raise maximum POST value size to 100KBJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-18Merge pull request #1748 from hnyman/wifidataHannu Nyman
luci-base: show wifi chip identification on overview
2018-05-13luci-base: harden cookie sysauth=Yousong Zhou
A simple scan of the code indicates that currently no code in the repo is accessing the sysauth= cookie Closes openwrt/luci#1555 Signed-off-by: Florian Eckert <fe@dev.tdt.de> Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-05-05treewide: rework uci apply workflowJo-Philipp Wich
Switch to rpcd based uci apply/rollback workflow which helps to avoid soft- bricking devices by requiring an explicit confirmation call after config apply. When a user now clicks "Save & Apply", LuCI first issues a call to uci apply which commits and reloads configuration, then goes into a polling countdown mode where it repeatedly attempts to call uci confirm. If the committed configuration is sane, the confirm call will go through and cancel rpcd's pending rollback timer. If the configuration change leads to a loss of connectivity (e.g. due to bad firewall rules or similar), the rollback mechanism will kick in after the timeout and revert configuration files and pending changes to the pre-apply state. In order to cover such rare cases where a lost of connectivity is expected and desired, the user is offered an "unchecked" apply option after timing out, which allows committing and applying the changes anyway, without the extra safety checks. As a consequence of this change, the luci-reload mechanism is now completely unsused since rpcd uses ubus config reload signals to reload affected services, which means that only procd-enabled services will receive proper reload treatment with the new workflow. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-05luci-base: enable uci session isolationJo-Philipp Wich
Switch to per-session save directories to decouple LuCI configuration changes from system wide ones. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-05luci-base: show wifi chip identification on overviewHannu Nyman
Show the correct wifi chip identification in case iwinfo recognises the chip. So far the wifidev.get_i18n function has practically always returned just "Generic", but use iwinfo.hardware_name to fetch the name. In case iwinfo returns the default "Generic MAC80211", there is a double 80211 in the final string, which is a cosmetic bug. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2018-05-03luci-base: support hiding the "Back to Overview" button in cbi mapsJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-03Revert "luci-base: support hiding the "Back to Overview" button in cbi maps"Jo-Philipp Wich
This reverts commit 52cf265c9d12537d5f37043350328d30ca11bab4. I accidentally committed unrelated changes. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-03luci-base: support hiding the "Back to Overview" button in cbi mapsJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-26luci-base: add simple CORS handling to luci.dispatcherJo-Philipp Wich
Support a new boolean property `cors` which - if set to true - causes the dispatcher to positively answer CORS OPTIONS requests after authentication without actually running the dispatching target. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-26luci-base: handle bodies of non-POST requests as wellJo-Philipp Wich
Decode the HTTP message bodies of any request carrying a Content-Length header, not just those in POST requests. This allows handling parameters in other methods, OPTIONS in particular. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-24luci-base: additionally return error code strings in luci.util.ubus()Jo-Philipp Wich
Add a 3rd return value to luci.util.ubus() containing the string value of the error return value. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-24luci-base: ensure that file upload values have lengthJo-Philipp Wich
Ensure that the (table) length of a file upload value has nonzero length by initializing the first table index with the file name. This fixes tests in the form x = luci.http.formvalue(...) if x and #x > 0 then ... end Fixes #1763. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-22luci-base: decode plus signs in x-www-form-urlencoded POST dataJo-Philipp Wich
Depends on 5ef51b2ab ("lucihttp: update to latest HEAD"). Fixes #1755. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-19luci-base: properly handle repeated POST parametersJo-Philipp Wich
Restore the old luci.http behaviour of converting repeated POST params into single tables holding all values instead of letting each repeated parameter overwrite the value of the preceeding one. Fixes, among other things, the handling of CBI dynamic list values. Fixes #1752 Fixes 59dea0230 ("luci-base: switch to lucihttp based POST data processing") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-19luci-base: implement session handling in luci.model.uciJo-Philipp Wich
Introduce luci.model.uci.set_session_id() and luci.model.uci.get_session_id() to set and get the effective session ID respectively. When a session ID is set, it is sent as `ubus_rpc_session` attribute to rpcd, causing it to use per-session change directories, isolating LuCI changes from the global system uci state. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-18libs: move http.protocol.{date,mime,conditionals} to luci-lib-httpprotoutilsJo-Philipp Wich
Also adjust the dependencies of components depending on these classes and flatten the namespace from luci.http.protocol.* to luci.http.* Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-18luci-base: fold luci.http.protocol into luci.httpJo-Philipp Wich
With only the decoder routines remaining in luci.http.protocol, it makes no sense to keep the low level protocol class around, so fold the remaining code into the central luci.http class. Also adjust the few direct users of luci.http.protocol accordingly. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-18luci-base: refactor luci.httpJo-Philipp Wich
- Rewrite getcookie() to use liblucihttp header value parsing - Rewrite setfilehandler() to use local variables and have cleaner code - Fix build_querystring() to actually *en*code the given params Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-18luci-base: drop luci.util.dtable()Jo-Philipp Wich
The dtable() function has no user in the entire LuCI repo, so drop it. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-18luci-base: switch to lucihttp based POST data processingJo-Philipp Wich
Use the liblucihttp provided multipart and x-www-urlencoded body parsers and drop the old Lua parsing code. The C based data parsers are way faster than their old Lua counterparts while producing less string garbage and more correct results. While refactoring the luci.http.protocol code, also drop unused functions and dead code, heavily reducing the module size. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-18luci-base: switch to lucihttp.urldecode() and lucihttp.urlencode()Jo-Philipp Wich
Drop the Lua implementation in luci.http.protocol and use the optimized C variants of liblucihttp instead. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-10luci-base: fix rendering of 404 HTML error templateJo-Philipp Wich
This 404 error template rendering has been broken for a long time due to bad function environment level in luci.template when invoking the rendering from the toplevel dispatcher context. Fix this issue by adding a local function indirection, essentially adding an additional stack frame. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-10luci-base: error404: do not access request env directlyJo-Philipp Wich
Instead of attempting to access the request environment directly (which does not work anyway using the CGI SGI), use the already sanitized dispatcher.context.request property to print out the not found url. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-10luci-base: don't propagate null bytes in path informationJo-Philipp Wich
It is possible to inject unescaped markup using a double encoded null byte via PATH_INFO on certain leaf nodes. Since there is no legitimate reason to handle null bytes in any part of the requested url, simply skip over such bytes when parsing the PATH_INFO value. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-09luci-base: consider empty parameters as well when testing POST requirementJo-Philipp Wich
The cbi class will react on an empty "cbi.submit" parameter as well so we must intercept GET requests using that too. Fixes 186e690c0 ("luci-base: dispatcher: reject non-POST requests with any cbi.submit value") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-07timezone data: update to 2018dHannu Nyman
Update timezone data to 2018d http://mm.icann.org/pipermail/tz-announce/2018-March/000049.html In 2018, Palestine starts DST on March 24, not March 31. Adjust future predictions accordingly. Casey Station in Antarctica changed from +11 to +08 Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2018-04-07luci-base: fix luci.model.uci.get_first()Jo-Philipp Wich
Properly propagate the config parameter to the foreach iterator in order to fix get_first() lookups. Fixes #1734. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-07luci-base: escape path strings and field parameterJo-Philipp Wich
Prevent various XSS vectors by not interpolating field and path values verbatim into script and html contexts. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-06luci-base: properly initialize cbi.js on SimpleFormsJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-06luci-base: emit a warning if cbi() delegates a SimpleForm instanceJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-06luci-base: implement luci.model.uci.get_state()Jo-Philipp Wich
Introduce a get_state() function which can be used to access legacy uci state variables. This is usually not needed anymore but some packages (mainly mwan3) still rely on this. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-05luci-base: introduce luci.dispatcher.lookup()Jo-Philipp Wich
The lookup function takes multiple, possibly malformed path fragments, splits them on slashes, constructs a temporary path and looks up the result in the dispatch tree. If a matching node has been found, the function will return both the node reference and the canonical url to it. If no corresponding node is found, the function returns nil. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-05Merge pull request #1709 from dibdot/get_interface-fixJo-Philipp Wich
luci-base/network.lua: fix get_interface function
2018-04-05treewide: filter shell arguments through shellquote() where applicableJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-05luci-base: introduce luci.util.shellquote()Jo-Philipp Wich
Introduce a new function luci.util.shellquote() which encloses the given string argument in single quotes and escapes any embedded single quote characters. This function is intended to be used when interpolating untrusted input into shell commands. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-05luci-base: fix possible shell injection in luci.tools.status.switch_status()Jo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>