summaryrefslogtreecommitdiffhomepage
path: root/modules
AgeCommit message (Collapse)Author
2015-10-22luci-mod-admin-full: fix invalid markup in packages.htm (#518)Jo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-22luci-mod-admin-full: restructure and fix backup, restore and sysuprade (#517)Jo-Philipp Wich
Do not use standard post security checking for actions that require file upload since reading the token value will trigger parsing of the http message body before the file upload handler has been set, which causes LuCI to buffer the entire request body in memory. In order to simplify the code and logic flow, split action_flashops() into separate handlers for reset, backup, restore and sysupgrade. Let the backup restore and sysupgrade handlers use the new test_post_security() method in luci.dispatcher to perform token checking *after* setting the upload handler. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-22luci-base: dispatcher expose test_post_security()Jo-Philipp Wich
Allows external code to perform POST and token checking manually. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-21luci-base: ensure that base url is emitted with trailing slashJo-Philipp Wich
Now that we don't have an url token anymore, '/cgi-bin/luci' becomes a valid url while cookies are restricted to only '/cgi-bin/luci/' and below. In order to ensure that the first request after login refers to a path covered by the authentication cookie, change build_url() to always append a trailing slash if we're referring to the base url. This should fix the login problems mentioned in #516. While we're touching the dispatcher, also remove remaining url token code. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-21luci-mod-admin-full: do not access dispatcher.context.urltoken in logoutJo-Philipp Wich
The urltoken table is going to be removed. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-21luci-base: remove security token from urlsJo-Philipp Wich
Now that sensitive urls require post requests and only accept them if a valid security token is sent along the request, we can drop the global random url token to improve LuCI usability. The main improvement is the ability to use multiple tabs with the same login session, but also deep linking to specific urls without the need for another login becomes feasible, e.g. for documentation purposes. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-20luci-mod-admin-full: protect iptables counter reset and restart with tokenJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-20luci-mod-admin-full: protect network post actions with csrf tokensJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-20luci-base: filter invalid opkg status linesJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-20luci-mod-admin-full: protect clock, flash and opkg ops with submit tokenJo-Philipp Wich
* Use post_on() target to require csrf token verification for modifying actions * Ensure that package and flash operation handlers guard modifying operations with parameter check Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-20luci-base: generalize post security token handlingJo-Philipp Wich
* Add a generic helper function to check need for post / csrf token validation * Remove custom token verification in cbi targets * Support requiring post security depending on specific submit parameters, usable through post_on() action Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-13i18n: Sync translationsHannu Nyman
Sync translations to the current strings. Changes in luci-app-ddns, luci-app-mjpg-streamer, luci-app-qos, luci-app-shadowsocks-libev, luci-app-statistics and luci-base Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2015-10-13luci-base: update i18n base templateHannu Nyman
Update i18n base template to match the current strings. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2015-10-12Timezone information: update to 2015gHannu Nyman
Changes in 2015g: http://mm.icann.org/pipermail/tz-announce/2015-October/000034.html Norfolk moves from +1130 to +1100 on 2015-10-04 at 02:00 local time. Fiji's 2016 fall-back transition is scheduled for January 17, not 24. Fort Nelson, British Columbia will not fall back on 2015-11-01. It has effectively been on MST (-0700) since it advanced its clocks on 2015-03-08. New zone America/Fort_Nelson. Note: the Turkey-related one-time rule change is not apparently catched by the zoneinfo2lua script, so that change is not included in this commit. (Turkey's 2015 fall-back transition is scheduled for Nov. 8, not Oct. 25.) Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2015-10-08luci-base: prevent UCI changes in CBI if form is not in submit stateJo-Philipp Wich
Only process submitted data if the "cbi.submit" parameter is present as the dispatcher will verify the integrity of the CSRF token in this case. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-07Globally replace luci.dispatcher.build_url(...) with url(...) invocationsJo-Philipp Wich
Also concat multiple string arguments into one while we're at it. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-07luci-base: expose luci.dispatcher.build_url() as url() in templatesJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-07luci-base: protect simpleforms with CSRF tokensJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-07luci-mod-admin-full: switch to POST action for rebootJo-Philipp Wich
Also rework the reboot tmeplate a little bit. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-06luci-base: switch to POST action for service reloadJo-Philipp Wich
Switches the service reload calls to CSRF token protected POST action. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-06luci-mod-admin-full: switch to POST actions for UCI changesJo-Philipp Wich
Switches UCI apply/revert/save to CSRF token protected POST actions. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-06luci-base: protect CBI forms with CSRF tokensJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-06luci-base: add support for POST-only actions with CSRF token checkJo-Philipp Wich
Add the dispatcher infrastructure to restrict certain routes to POST requests only in conjunction with verification of CSRF tokens. This is the first step to get rid of the CSRF token in the url in favor to tokens embedded in forms. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-06Globally convert headline anchors into name attributes.Jo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-04Merge pull request #488 from hnyman/black-flashHannu Nyman
luci-base: change index.html to be more like current themes
2015-10-03luci-mod-admin-full: status: survive broken DSL status outputJo-Philipp Wich
Only attempt to call "dsl_func" if the dsl_control lucistat output could be successfully evaluated. Works around https://dev.openwrt.org/ticket/20607 Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-09-29resources/icons: Use ZopfliPNG to save 5.4 KBMangix
Signed-off by: Rosen Penev <rosenp@gmail.com>
2015-09-29luci-base: change index.html to be more like current themesHannu Nyman
Change index.html that is visible for a second when entering Luci: * Black text on white background (instead of white on black) * Specify font as Arial/Helvetica Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2015-09-28luci-mod-admin-full: fix dnsmasq no-hosts/addn-hosts optionsOliver Middleton
no-hosts does not disable addn-hosts. Signed-off-by: Oliver Middleton <olliemail27@gmail.com>
2015-09-18luci-base: set default mediaurlbase to bootstrap (current default theme)Hannu Nyman
The mediaurlbase option in the default /etc/config/luci still points to the old openwrt.org theme that is not installed by default. The discrepancy was noted in the commit message for 55ab4e4ce22 After 55ab4e4ce22 the installed theme's uci-defaults script will correct the setting at first boot, but we should not have a deprecated theme as the default value. Set the default value to the default theme 'bootstrap'. Related old discussion at #302 Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2015-09-18luci-mod-admin-full: opkg config / prevent word-wrapHannu Nyman
Prevent word-wrap on the config input areas. Especially the feed definition lines can be long, and automatic word-wrap can decrease clarity. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2015-09-17i18n/polish/base: changing form of the wordCezary Jackiewicz
2015-09-17i18n/polish/base: truncate strings to better fit in viewCezary Jackiewicz
2015-09-17Merge pull request #470 from thesabbir/patch-01Hannu Nyman
merged modules/luci-mod-rpc: fix #466 #427 attempt to index global 'luci' (a nil value)
2015-09-17Merge pull request #473 from ekaitz-zarraga/fix-luci-failsafeHannu Nyman
modules/luci-mod-failsafe: Fix nil file descriptor error
2015-09-16Luci opkg/packages: Show package size in list of available packagesHannu Nyman
Add package *.ipk size information to package listing in Luci, as opkg was today extended to support listing also the size information. Visible fields are now: name, version, size, description That will help users considering installation of a certain package to assess its size impact on flash. Note: Opkg data includes the size of the .ipk file, not the expanded size. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2015-09-15luci-mod-admin-full: restore opkg feed config capabilityHannu Nyman
opkg config was recently changed by https://dev.openwrt.org/changeset/46491/ Existing /etc/opkg.conf was split to three: /etc/opkg.conf -> base opkg configuration /etc/opkg/distfeeds.conf -> default Openwrt package feeds /etc/opkg/customfeeds.conf -> custom package feeds Since then, the actual feed definitions have not been visible/configurable, as only /etc/opkg.conf has been visible in Luci. This patch restores the capability to see and edit package feed definitions. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2015-09-14modules/luci-mod-failsafe: Fix nil file descriptor errorEkaitz Zárraga
Signed-off-by: Ekaitz Zárraga <ekaitz.zarraga@fon.com>
2015-09-12modules/luci-mod-rpc: fix attempt to index global 'luci' (a nil value)Sabbir Ahmed
2015-09-01Luci opkg/packages: Limit version string display to 26 charsHannu Nyman
Many packages currently include a git commit hash in version string. That makes versions string very long and the version column takes much space when listing available/installed packages in Luci. Longest version string is 58 characters (micropython). 85 packages have at least 50 chars and 150 packages at least 40 chars. Adjust Luci to display max. 26 characters (= luci's own version string). Longer version strings are cut to: "first 21c" + ".." + "last 3c" The last 3 chars are used to preserve the possible PKG_REVISION string. E.g. 'opkg' has only hash+PKG_REVISION, so using only start of the string might not be optimal. Examples: 1.3.10-20150302-f2a889564b3a215902622b040a1247af38cb8203-1 1.3.10-20150302-f2a88..3-1 0.1-20150302-654c7d288603f7dae09eb09b57fb67b38c7ac6c3-1 0.1-20150302-654c7d28..3-1 9c97d5ecd795709c8584e972bfdf3aee3a5b846d-7 9c97d5ecd795709c8584e..d-7 Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2015-09-01Fix module lines in several luadoc filesJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-09-01luci.utils.contains: update documentation to match realityKarl Palsson
Signed-off-by: Karl Palsson <karlp@remake.is>
2015-08-18http.protocol: Support filehandlers for unhandled encodingsKarl Palsson
The setfilehandler() functions used for mime and url encoded message bodies all operate with a signature of fh(meta, chunk, eof), but for unhandled encodings, the callback was directly assigned to the sink function, which has a signature of snk(chunk). Insert a wrapper to properly generate the EOF flag, and include a stub "meta" block providing a virtual "name" and also the original client provided Content-Type header, to possibly help with taking alternative actions in the file handler. The sink function created for raw content decoding also used the wrong signature for the sink function. Signed-off-by: Karl Palsson <karlp@remake.is>
2015-08-17Timezone information: update to 2015fHannu Nyman
Changes in 2015e and 2015f: http://mm.icann.org/pipermail/tz-announce/2015-June/000032.html http://mm.icann.org/pipermail/tz-announce/2015-August/000033.html Morocco will suspend DST from 2015-06-14 03:00 through 2015-07-19 02:00, not 06-13 and 07-18 as we had guessed. Assume Cayman Islands will observe DST starting next year, using US rules. Although it isn't guaranteed, it is the most likely. North Korea switches to +0830 on 2015-08-15. The abbreviation remains "KST". Uruguay no longer observes DST. Moldova starts and ends DST at 00:00 UTC, not at 01:00 UTC. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2015-08-04ipkg.lua: compare_versions() Replace Lua Math Library callChristian Schoenebeck
function compare_versions(): replace Lua Math Library call with if clause Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
2015-08-02cbi.lua: Fix Flag.parse() to set "self.section.changed"Christian Schoenebeck
Add to set "self.section.changed" on changes like other values do. Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
2015-07-27ipkg.lua: new function compare_versionChristian Schoenebeck
* minor fix function _list() set to local * new function compare_version() lua version of opkg compare-version Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
2015-07-27Fix: A disabled wireless network may be shown as enabled, when multiple ↵Georgi Valkov
networks are defined on the same radio.
2015-07-27Fix: Status for disabled wireless networks may display the SSID, BSSID and ↵Georgi Valkov
Mode of an active network on the same radio.
2015-07-27When editing an AP wireless network in LuCI, if one or more STA networks are ↵Georgi Valkov
also present on the same radio, then the channel is locked and cannot be changed for the AP. The case when all STA networks are disabled is not considered. This patch fixes the issue. Disabled networks no longer apply a lock on the channel.