Age | Commit message (Collapse) | Author |
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Introduce a new function luci.util.shellquote() which encloses the given
string argument in single quotes and escapes any embedded single quote
characters.
This function is intended to be used when interpolating untrusted input
into shell commands.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Due to the fact that luci.model.cbi reacts on any "cbi.submit" value while
the dispatcher only required POST for cbi.submit == 1, the CSRF token
protection could be bypassed.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Switch from using the REQUEST_URI CGI variable directly to the canonicalized
FULL_REQUEST_URI property.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Introduce a new template property FULL_REQUEST_URI which returns the full
canonicalized request URL built from SCRIPT_NAME, PATH_INFO and QUERY_STRING.
This new property is safer to use compared to using the raw REQUEST_URI CGI
environment variable directly as this value is essentially untrusted user
input which may contain embedded escaped slashes, double forward slashes and
other oddities allowing XSS exploitation or request redirection.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Some applications, e.g. dnsmasq, do not allow hostnames starting with an
underscore, therefor extend the existing hostname datatype validator with
a `strict` which disallows a leading underscore.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Switch luci.model.uci to use ubus uci calls instead of driving libuci-lua
directly.
This prepares support for more advanced features such as per-session change
isolation and configuration rollback on errors.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Qian Zheng <sotux82@gmail.com>
|
|
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
|
|
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
|
* enhance the checklib function in util.lua to check the 'fullpathexe'
as well, e.g. this fixes runtime errors on the dhcp/dns template in
environments without dnsmasq
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
|
luci-app-firewall/luci-base/luci-mod-admin-full: some fixes and improvements
|
|
Use the new luci.ip MAC address facilities to parse and verify MAC addresses
in a common way, instead of relying on various ad-hoc solutions.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
The /etc/ethers file may contain any number of white space characters
between the mac address and the IP/hostname field, so extend the pattern
to allow for that.
Man ethers(5) also states that the IP field may be a symbolic hostname,
so test whether the name is an IP address or hostname before adding it
to the hints structure.
Fixes #1674.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
luci-base/firewall_zonelist: fix visual interface/background alignment
|
|
* fix for #1667, tested with all standard themes
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
|
If IPv6 prefix assignment is disabled, the "local-address" structure
might exist, but be empty which causes the adress formatting in the
network model class to bail out.
Verify the completeness of the "local-address" structure before using
it in order to avoid runtime errors.
Fixes #1657.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Keep the ifname and bridge state backup variables in /etc/config/luci to not
pollute /etc/config/network.
Fixes #1655.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Add a hint to backup restore that files could remain on the system.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
|
If cbi_init() is not called first browser gif will not be found.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
|
OpenWrt/LEDE introduced the "local-address" field a while back to expose the
effective local host address of the delegated prefix, so use that information
instead of assuming `[prefix]:1`.
Fixes #1484.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
A valid host ID as accepted by netifd must meet the following criteria:
- Is either one of the two special "random" or "eui64" strings
- Or is a valid IPv6 address according to inet_pton(AF_INET6)
- Has the first 64 bit set to zero
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
i18n-ru: fixed russian translation
|
|
Signed-off-by: Vladimir <picfun@ya.ru>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Update timezone data to 2018c
http://mm.icann.org/pipermail/tz-announce/2018-January/000048.html
Briefly:
Sao Tome and PrÃncipe switched from +00 to +01.
Brazil's DST will now start on November's first Sunday.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
|
|
Signed-off-by: Vladimir <picfun@ya.ru>
|
|
Signed-off-by: Vladimir <picfun@ya.ru>
|
|
Signed-off-by: Vladimir <picfun@ya.ru>
|
|
Signed-off-by: Vladimir <picfun@ya.ru>
refine
refine
|
|
Signed-off-by: Vladimir <picfun@ya.ru>
|
|
Signed-off-by: Vladimir <picfun@ya.ru>
|
|
Signed-off-by: Vladimir <picfun@ya.ru>
|
|
Based on #1568
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Vladimir <picfun@ya.ru>
|
|
Signed-off-by: Qian Zheng <sotux82@gmail.com>
|
|
Signed-off-by: Vladimir <picfun@ya.ru>
|
|
If no DSL SNR offset is set for the dsl line the first entry from the
dropdown list is pre-selected by default, which would apply a -10 db
offset by default.
Pre-select the 0 db option if nothing else is specified in the uci config
files.
Signed-off-by: Mathias Kresin <dev@kresin.me>
|
|
Signed-off-by: Vladimir <picfun@ya.ru>
|
|
Signed-off-by: Vladimir <picfun@ya.ru>
|
|
Signed-off-by: Vladimir <picfun@ya.ru>
|
|
Signed-off-by: Vladimir <picfun@ya.ru>
|
|
Signed-off-by: Vladimir <picfun@ya.ru>
|