| Age | Commit message (Collapse) | Author |
|---|
|
Make sure to escape the user controlled URL passed as part of the error
message into the error404 template in order to avoid XSS.
Reported-by: 40826d <40826d@posteo.de>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
In order to maintain compatibility with the old Lua runtime, ensure to URL
decode the request path segments since they might end up as arguments to
invoked action functions.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Avoid displaying non-fatal "File not found" exceptions when a theme is not
shipping an own sysauth template.
Fixes: #6118
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Fixes: #6111
Fixes: a5d21dadbd ("luci-base: fix rendering ucode templates from `template` target")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
A previous commit inadvertently broke support for rendering ucode templates
from the `template` dispatcher target.
Fixes: #6111
Fixes: fa17c1573f ("luci-base, luci-lua-runtime: adjust Lua template environment")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
To maintain full compatibility with the old Lua runtime, templates
rendered from a menu `template()` action must implicitly inherit the
`luci.dispatcher` namespace as scope while other indirectly included
templates must not.
Fixes: #6105
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Ensure to properly emulate the "dispatched" and "requested" properties
which refer to the executed and initially resolved menu node respectivey.
Also stop exposing a `node` property in Lua context to maintain full
compatibility with the old Lua runtime.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
In case a theme shipped sysauth.htm failed to render/execute, expose the
exception error details in the ui theme fallback indicator.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Ensure to first completely render the action function before flushing HTTP
headers since the invoked action logic might modify the HTTP headers itself.
Fixes: e7afd0d327 ("luci-base: fix luci.http.close()")
Ref: https://github.com/openwrt/luci/commit/e7afd0d327bb35c502ca41a3c5e3ea098898fbd7#commitcomment-88736854
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Ensure that `http.write()` or template rendering operations after a call
to `http.close()` do not produce additional output. This is required for
certain legacy Lua apps which invoke write and close operations in the
middle of a server side cbi rendering process.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Add menu tree annotations for node readonly and dependency satisfied state
in order to ensure that unreachable menu nodes are hidden from view.
Fixes: ded8ccf93e ("luci-base-ucode: add initial ucode based LuCI runtime")
Ref: https://forum.openwrt.org/t/x/141426/10
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Make sure that the uci session ID of the `luci.model.uci` module within
the Lua context is updated once we acquire the login session information.
In case legacy themes are used, the probing of the theme header template
might indirectly load the Lua runtime and the Lua side `luci.dispatcher`
module which in turn will load the `luci.model.uci` and set the session
ID there which is not yet initialized at this point in time.
This results in broken uci change handling within legacy Lua applications
when a legacy theme is loaded.
Fixes: #6060
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
The LuCI uci configuration requires language tags with underscores due
limitations of uci option names but the language catalogs themselves
are designated with dash separated language tags.
Make sure to substitute underscores with dashes when determining the
desired request language in order to fix loading of languages such as
`pt-br` or `zh-cn`.
Ref: https://github.com/openwrt/luci/pull/5976#issuecomment-1290352951
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
The ability to require certain paths to be absent for a menu entry to show
up was lost during the ucode conversion.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Some existing LuCI apps ship menu.d JSON files with `cbi` and `form` typed
dispatch targets, support those as well.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Move classes required for Lua runtime support into a new `luci-lua-runtime`
package. Also replace the `luci.http` and `luci.util` classes in
`luci-lib-base` with stubbed versions interacting with the ucode based
runtime environment.
Finally merge `luci-base-ucode` into the remainders of `luci-base`.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
