summaryrefslogtreecommitdiffhomepage
path: root/modules
AgeCommit message (Collapse)Author
2018-05-05luci-base: enable uci session isolationJo-Philipp Wich
Switch to per-session save directories to decouple LuCI configuration changes from system wide ones. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-05luci-mod-rpc: more auth/login fixes, expose further librariesJo-Philipp Wich
The previous attempt to fix authentication broke login functionality so rework the code once again, this time with referencing helper functions directly via the controller scope. Furthermore, properly expose luci.sys.wifi.getiwinfo() and luci.ip. For getiwinfo(), the RPC wrapped function accepts one further optional parameter specifying the operation to invoke on the iwinfo instance. If no operation is specified, a summary object containing all info without country and scan list is returned. Example to obtain iwinfo summary object: curl --cookie sysauth=... \ --data '{"method": "wifi.getiwinfo", "params": ["wlan0"]}' \ "http://192.168.1.1/cgi-bin/luci/rpc/sys" Example to obtain iwinfo scan list: curl --cookie sysauth=... \ --data '{"method": "wifi.getiwinfo", "params": ["wlan0", "scanlist"]}' \ "http://192.168.1.1/cgi-bin/luci/rpc/sys" The exposed luci.ip class uses a similar approach to allow invoking instance methods on cidr objects. The new(), IPv4(), IPv6() and MAC() constructors accept two further optional arguments, with the first specifying the instance method to invoke and the second the value to pass to the instance method. Example to get list of IPv4 neighbours (ARP entries): curl --cookie sysauth=... \ --data '{"method": "neighbors", "params": [{"family": 4}]}' \ "http://192.168.1.1/cgi-bin/luci/rpc/ip" Example to add 100 hosts to a network address: curl --cookie sysauth=... \ --data '{"method": "IPv4", "params": ["192.168.0.1", "255.255.255.0", "add", 1000]}' \ "http://192.168.1.1/cgi-bin/luci/rpc/ip" Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-05luci-base: xhr.js: fix timeout setting with IE 11Jo-Philipp Wich
Internet Explorer 11 requires the timeout to be applied after the open() call, otherwise an invlaid state exception will be raised Fixes aa6c97154 ("luci-base: extend xhr.js") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-05luci-mod-rpc: fix authentication via query string parameterJo-Philipp Wich
Localize the `authenticatior()` and `session_retrieve()` functions into the `index()` function scope so that they're retained when extracting the function into the dispatcher bytecode cache. Also allow access to the global scope since upvalues do not work reliably due to the out-of-context byte code caching of index functions. Fixes https://github.com/openwrt/luci/issues/1300#issuecomment-381352765 Fixes feefc600e ("luci-mod-rpc: rework authentication and session handling") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-03luci-base: support hiding the "Back to Overview" button in cbi mapsJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-03Revert "luci-base: support hiding the "Back to Overview" button in cbi maps"Jo-Philipp Wich
This reverts commit 52cf265c9d12537d5f37043350328d30ca11bab4. I accidentally committed unrelated changes. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-03luci-base: support hiding the "Back to Overview" button in cbi mapsJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-02Fixing small typoRicardo Lamego
indentifies > identifies
2018-05-02Merge pull request #1775 from musashino205/l10n/base-upd-jaHannu Nyman
luci-base: update Japanese translation
2018-05-03luci-base: update Japanese translationINAGAKI Hiroshi
Updated Japanese translations. Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
2018-05-02luci-mod-admin-full: canonicalize configured static lease MACJo-Philipp Wich
When reading the configured mac address of the static lease, filter it through luci.ip.checkmac() to canonicalize and uppercase the value for mapping it against the combo box host hints. Fixes #1772. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-02luci-base: sync translationsINAGAKI Hiroshi
Synchronized translations with sources. Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
2018-05-02Merge pull request #1705 from Mushoz/add-igmp-snoopingJo-Philipp Wich
luci-mod-admin-full: add igmp snooping option
2018-04-28Merge pull request #1767 from SvenRoederer/patch-2Hannu Nyman
luci-mod-freifunk: align spacing
2018-04-26luci-base: extend xhr.jsJo-Philipp Wich
Add timeout options to get() and post() and introduce XHR.stop() to support stopping a poll operation. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-26luci-base: add simple CORS handling to luci.dispatcherJo-Philipp Wich
Support a new boolean property `cors` which - if set to true - causes the dispatcher to positively answer CORS OPTIONS requests after authentication without actually running the dispatching target. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-26luci-base: handle bodies of non-POST requests as wellJo-Philipp Wich
Decode the HTTP message bodies of any request carrying a Content-Length header, not just those in POST requests. This allows handling parameters in other methods, OPTIONS in particular. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-25luci-mod-freifunk: align spacingSven Roederer
remove some tailing tabs and an empty line in OSMLatLon.htm Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
2018-04-26luci-base: update japanese translationINAGAKI Hiroshi
Updated japanese translations. Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
2018-04-24luci-base: additionally return error code strings in luci.util.ubus()Jo-Philipp Wich
Add a 3rd return value to luci.util.ubus() containing the string value of the error return value. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-24luci-base: ensure that file upload values have lengthJo-Philipp Wich
Ensure that the (table) length of a file upload value has nonzero length by initializing the first table index with the file name. This fixes tests in the form x = luci.http.formvalue(...) if x and #x > 0 then ... end Fixes #1763. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-22luci-base: decode plus signs in x-www-form-urlencoded POST dataJo-Philipp Wich
Depends on 5ef51b2ab ("lucihttp: update to latest HEAD"). Fixes #1755. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-21luci-base: ship rpcd uci access ACLJo-Philipp Wich
Ship an ACL definition for granting full read/write access to uci configuration files via ubus rpc. This is a precondition for enabling uci session isolation later on. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-19luci-base: properly handle repeated POST parametersJo-Philipp Wich
Restore the old luci.http behaviour of converting repeated POST params into single tables holding all values instead of letting each repeated parameter overwrite the value of the preceeding one. Fixes, among other things, the handling of CBI dynamic list values. Fixes #1752 Fixes 59dea0230 ("luci-base: switch to lucihttp based POST data processing") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-19luci-base: implement session handling in luci.model.uciJo-Philipp Wich
Introduce luci.model.uci.set_session_id() and luci.model.uci.get_session_id() to set and get the effective session ID respectively. When a session ID is set, it is sent as `ubus_rpc_session` attribute to rpcd, causing it to use per-session change directories, isolating LuCI changes from the global system uci state. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-18luci-base: drop dependency on libuci-luaJo-Philipp Wich
LuCI itself now uses ubus calls to interact with uci configuration while the remaining direct libuci-lua users have been updated to either depend on the binding library or to use luci.model.uci. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-18libs: move http.protocol.{date,mime,conditionals} to luci-lib-httpprotoutilsJo-Philipp Wich
Also adjust the dependencies of components depending on these classes and flatten the namespace from luci.http.protocol.* to luci.http.* Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-18luci-base: fold luci.http.protocol into luci.httpJo-Philipp Wich
With only the decoder routines remaining in luci.http.protocol, it makes no sense to keep the low level protocol class around, so fold the remaining code into the central luci.http class. Also adjust the few direct users of luci.http.protocol accordingly. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-18luci-base: refactor luci.httpJo-Philipp Wich
- Rewrite getcookie() to use liblucihttp header value parsing - Rewrite setfilehandler() to use local variables and have cleaner code - Fix build_querystring() to actually *en*code the given params Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-18luci-base: drop luci.util.dtable()Jo-Philipp Wich
The dtable() function has no user in the entire LuCI repo, so drop it. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-18Revert "luci-base: add urldecode() and urlencode() C implementations"Jo-Philipp Wich
This reverts commit ad7dc4a4928e77ae142d0fe040f9e9e64b530e82. Since we're using liblucihttp now, that library is the appropriate place to add such decoding helper functions. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-18luci-base: switch to lucihttp based POST data processingJo-Philipp Wich
Use the liblucihttp provided multipart and x-www-urlencoded body parsers and drop the old Lua parsing code. The C based data parsers are way faster than their old Lua counterparts while producing less string garbage and more correct results. While refactoring the luci.http.protocol code, also drop unused functions and dead code, heavily reducing the module size. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-18luci-base: switch to lucihttp.urldecode() and lucihttp.urlencode()Jo-Philipp Wich
Drop the Lua implementation in luci.http.protocol and use the optimized C variants of liblucihttp instead. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-18luci-base: zh_CN: update Simplified Chinese translationQian Zheng
Signed-off-by: Zheng Qian <sotux82@gmail.com>
2018-04-10i18n: sync translations, cleanupHannu Nyman
* sync translations * clean-up old strings from adblock Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2018-04-10Merge pull request #1742 from fantom-x/dhcp_cachesize_maxHannu Nyman
luci-mod-admin-full: limit dns cachesize to 10000
2018-04-10luci-base: fix rendering of 404 HTML error templateJo-Philipp Wich
This 404 error template rendering has been broken for a long time due to bad function environment level in luci.template when invoking the rendering from the toplevel dispatcher context. Fix this issue by adding a local function indirection, essentially adding an additional stack frame. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-10luci-base: error404: do not access request env directlyJo-Philipp Wich
Instead of attempting to access the request environment directly (which does not work anyway using the CGI SGI), use the already sanitized dispatcher.context.request property to print out the not found url. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-10luci-base: don't propagate null bytes in path informationJo-Philipp Wich
It is possible to inject unescaped markup using a double encoded null byte via PATH_INFO on certain leaf nodes. Since there is no legitimate reason to handle null bytes in any part of the requested url, simply skip over such bytes when parsing the PATH_INFO value. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-10luci-base: add urldecode() and urlencode() C implementationsJo-Philipp Wich
The C implementations of urlencode and urldecode are considerably faster than their current Lua counterparts. On an AMD Geode system, the C variant is up to ten times faster when decoding strings and up to four times faster when encoding them. The functions are also designed to only allocate new strings when any actual changes are required, otherwise they reuse the existing input strings, reducing the overal memory usage somewhat. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-09luci-mod-admin-full: limit dns cachesize to 10000Marc Benoit
The value of cachesize is hardcoded to 10000 in dnsmasq-2.79/src/option.c to 10000 max case 'c': /* --cache-size */ { int size; if (!atoi_check(arg, &size)) ret_err(gen_err); else { /* zero is OK, and means no caching. */ if (size < 0) size = 0; else if (size > 10000) size = 10000; daemon->cachesize = size; } break; } Tested on Netgear R7800 Signed-off-by: Marc Benoit <marcb62185@gmail.com>
2018-04-09luci-mod-admin-full: allow setting dns cachesizeMarc Benoit
In the case of more powerful routers the default cachesize value == 150 is too small and can easily be extended to 1,000's and 10,000's of entries. It makes sense to make it easy configurable. Tested on Netgear R7800 Signed-off-by: Marc Benoit <marcb62185@gmail.com> Fix whitespace, edit the proposed help text. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2018-04-09luci-base: consider empty parameters as well when testing POST requirementJo-Philipp Wich
The cbi class will react on an empty "cbi.submit" parameter as well so we must intercept GET requests using that too. Fixes 186e690c0 ("luci-base: dispatcher: reject non-POST requests with any cbi.submit value") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-08i18n: sync translationsHannu Nyman
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2018-04-07timezone data: update to 2018dHannu Nyman
Update timezone data to 2018d http://mm.icann.org/pipermail/tz-announce/2018-March/000049.html In 2018, Palestine starts DST on March 24, not March 31. Adjust future predictions accordingly. Casey Station in Antarctica changed from +11 to +08 Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2018-04-07luci-base: fix luci.model.uci.get_first()Jo-Philipp Wich
Properly propagate the config parameter to the foreach iterator in order to fix get_first() lookups. Fixes #1734. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-07luci-base: escape path strings and field parameterJo-Philipp Wich
Prevent various XSS vectors by not interpolating field and path values verbatim into script and html contexts. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-06luci-base: properly initialize cbi.js on SimpleFormsJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-06luci-mod-admin-full: dispatch SimpleForm models using the form() actionJo-Philipp Wich
This fixes issues dicovered by check-controllers.sh Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-06luci-mod-freifunk: dispatch SimpleForm model using the form() actionJo-Philipp Wich
This fixes issues dicovered by check-controllers.sh Signed-off-by: Jo-Philipp Wich <jo@mein.io>