Age | Commit message (Collapse) | Author |
|
cbi.lua: Implement "readonly" property for "Value"
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
|
|
template cbi/value.htm: add "readonly" property
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
|
|
cbi.lua
- Implement Flag.validate function to be overwritable
- rewritten if clause for easier reading ;-)
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
|
|
resources/icons: Use gifsicle to save a few bytes.
|
|
Rewrite `luci.sys.wifi.getiwinfo()` to use the ubus wireless state instead of
depreacated uci state vars in order to map abstract network notation to
wireless ifnames.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Do not use standard post security checking for actions that require file upload
since reading the token value will trigger parsing of the http message body
before the file upload handler has been set, which causes LuCI to buffer the
entire request body in memory.
In order to simplify the code and logic flow, split action_flashops() into
separate handlers for reset, backup, restore and sysupgrade.
Let the backup restore and sysupgrade handlers use the new test_post_security()
method in luci.dispatcher to perform token checking *after* setting the upload
handler.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Allows external code to perform POST and token checking manually.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Now that we don't have an url token anymore, '/cgi-bin/luci' becomes a valid
url while cookies are restricted to only '/cgi-bin/luci/' and below.
In order to ensure that the first request after login refers to a path
covered by the authentication cookie, change build_url() to always append
a trailing slash if we're referring to the base url.
This should fix the login problems mentioned in #516.
While we're touching the dispatcher, also remove remaining url token code.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
The urltoken table is going to be removed.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Now that sensitive urls require post requests and only accept them if a valid
security token is sent along the request, we can drop the global random url
token to improve LuCI usability.
The main improvement is the ability to use multiple tabs with the same login
session, but also deep linking to specific urls without the need for another
login becomes feasible, e.g. for documentation purposes.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
* Use post_on() target to require csrf token verification for modifying actions
* Ensure that package and flash operation handlers guard modifying operations
with parameter check
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
* Add a generic helper function to check need for post / csrf token validation
* Remove custom token verification in cbi targets
* Support requiring post security depending on specific submit parameters,
usable through post_on() action
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Sync translations to the current strings.
Changes in luci-app-ddns, luci-app-mjpg-streamer, luci-app-qos,
luci-app-shadowsocks-libev, luci-app-statistics and luci-base
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
|
|
Update i18n base template to match the current strings.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
|
|
Changes in 2015g:
http://mm.icann.org/pipermail/tz-announce/2015-October/000034.html
Norfolk moves from +1130 to +1100 on 2015-10-04 at 02:00 local time.
Fiji's 2016 fall-back transition is scheduled for January 17, not 24.
Fort Nelson, British Columbia will not fall back on 2015-11-01. It has
effectively been on MST (-0700) since it advanced its clocks on 2015-03-08.
New zone America/Fort_Nelson.
Note: the Turkey-related one-time rule change is not apparently catched by
the zoneinfo2lua script, so that change is not included in this commit.
(Turkey's 2015 fall-back transition is scheduled for Nov. 8, not Oct. 25.)
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
|
|
Signed-off by: Rosen Penev <rosenp@gmail.com>
|
|
Only process submitted data if the "cbi.submit" parameter is present as the
dispatcher will verify the integrity of the CSRF token in this case.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Also concat multiple string arguments into one while we're at it.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Also rework the reboot tmeplate a little bit.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Switches the service reload calls to CSRF token protected POST action.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Switches UCI apply/revert/save to CSRF token protected POST actions.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Add the dispatcher infrastructure to restrict certain routes to POST
requests only in conjunction with verification of CSRF tokens.
This is the first step to get rid of the CSRF token in the url in favor
to tokens embedded in forms.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
luci-base: change index.html to be more like current themes
|
|
Only attempt to call "dsl_func" if the dsl_control lucistat output could be
successfully evaluated.
Works around https://dev.openwrt.org/ticket/20607
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off by: Rosen Penev <rosenp@gmail.com>
|
|
Change index.html that is visible for a second when entering Luci:
* Black text on white background (instead of white on black)
* Specify font as Arial/Helvetica
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
|
|
no-hosts does not disable addn-hosts.
Signed-off-by: Oliver Middleton <olliemail27@gmail.com>
|
|
The mediaurlbase option in the default /etc/config/luci still points
to the old openwrt.org theme that is not installed by default.
The discrepancy was noted in the commit message for 55ab4e4ce22
After 55ab4e4ce22 the installed theme's uci-defaults script will correct
the setting at first boot, but we should not have a deprecated theme as
the default value. Set the default value to the default theme 'bootstrap'.
Related old discussion at #302
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
|
|
Prevent word-wrap on the config input areas. Especially the feed
definition lines can be long, and automatic word-wrap can decrease
clarity.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
|
|
|
|
|
|
merged
modules/luci-mod-rpc: fix #466 #427 attempt to index global 'luci' (a nil value)
|
|
modules/luci-mod-failsafe: Fix nil file descriptor error
|
|
Add package *.ipk size information to package listing in Luci,
as opkg was today extended to support listing also the size information.
Visible fields are now: name, version, size, description
That will help users considering installation of a certain package
to assess its size impact on flash.
Note: Opkg data includes the size of the .ipk file, not the expanded size.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
|
|
opkg config was recently changed by https://dev.openwrt.org/changeset/46491/
Existing /etc/opkg.conf was split to three:
/etc/opkg.conf -> base opkg configuration
/etc/opkg/distfeeds.conf -> default Openwrt package feeds
/etc/opkg/customfeeds.conf -> custom package feeds
Since then, the actual feed definitions have not been visible/configurable,
as only /etc/opkg.conf has been visible in Luci.
This patch restores the capability to see and edit package feed definitions.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
|
|
Signed-off-by: Ekaitz Zárraga <ekaitz.zarraga@fon.com>
|
|
|
|
Many packages currently include a git commit hash in version string.
That makes versions string very long and the version column takes much space
when listing available/installed packages in Luci.
Longest version string is 58 characters (micropython).
85 packages have at least 50 chars and 150 packages at least 40 chars.
Adjust Luci to display max. 26 characters (= luci's own version string).
Longer version strings are cut to: "first 21c" + ".." + "last 3c"
The last 3 chars are used to preserve the possible PKG_REVISION string.
E.g. 'opkg' has only hash+PKG_REVISION, so using only start of the string
might not be optimal.
Examples:
1.3.10-20150302-f2a889564b3a215902622b040a1247af38cb8203-1
1.3.10-20150302-f2a88..3-1
0.1-20150302-654c7d288603f7dae09eb09b57fb67b38c7ac6c3-1
0.1-20150302-654c7d28..3-1
9c97d5ecd795709c8584e972bfdf3aee3a5b846d-7
9c97d5ecd795709c8584e..d-7
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: Karl Palsson <karlp@remake.is>
|
|
The setfilehandler() functions used for mime and url encoded message
bodies all operate with a signature of fh(meta, chunk, eof), but for
unhandled encodings, the callback was directly assigned to the sink
function, which has a signature of snk(chunk). Insert a wrapper to
properly generate the EOF flag, and include a stub "meta" block
providing a virtual "name" and also the original client provided
Content-Type header, to possibly help with taking alternative actions in
the file handler.
The sink function created for raw content decoding also used the wrong
signature for the sink function.
Signed-off-by: Karl Palsson <karlp@remake.is>
|