| Age | Commit message (Collapse) | Author |
|---|
|
This calls striptags() on the hostname to prevent any XSS over the
hostname. This should fix CVE-2021-33425 as far as I understood it.
If someone adds some Javascript into system.@system[0].hostname it would
have been directly added to the page, this prevents the problem.
This can only be exploited by someone being able to modify the uci
configuration, normally a user with such privileges could also just
modify the webpage.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
Remove the reference to setting a password being linked to SSH capability.
(SSH has been initially enabled since year 2015.)
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
|
|
In the Material theme, clicking on the logo takes you to the status page.
This seems logical, and is very helpful. But in Bootstrap, it doesn't
do anything, so just pulling the same href from Material to Bootstrap,
so the link works in Bootstrap as well.
Signed-off-by: Russell Morris <rmorris@rkmorris.us>
[adjust commit subject, squash commits]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Utilize the LuCI.ui.menu class to load, traverse and cache the menu tree
in the local session store.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Fixes: #3722
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Fixes: #3757
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Ref: #3563
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
it even smaller.
- references #2251
Signed-off-by: Ashus <github.com@ashus.net>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Extend the theme headers to include the translation string scripts,
allowing client side code to translate strings without server side
support.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
This is useful to write page specific CSS rules.
Also fix a missing space in the body CSS class name in the bootstrap theme
while we're at it.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Fixes #1410.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Per the discussion in https://github.com/openwrt/luci/issues/869, make
luci-base sufficient to login, logout, and review and apply or revert
uci changes. This allows most luci-app-xxx to work without having
luci-mod-admin-full installed.
It has been tested with some apps and not luci-mod-admin-full, as well
as with luci-mod-admin-full (to make sure the usual case doesn't break).
Instead of creating a new module namespace (e.g. 'Base') we reduce the
opportunities for breakage by having luci-base take over the 'shell' of
the 'Administration' (admin/....) namespace.
Since admin is assumed by all current building LuCI components (including
Freifunk), this doesn't introduce the 'Administration' tab into any
situation where it would not already be present (but includes it where it
was before).
We also add a "Component not installed" page to avoid fatal errors and
backtrace when e.g. luci-mod-admin-full is not installed.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
|
|
- Use native rpcd uci changes format instead of incompletely converting
back and forth between the old and the new format
- Rework uci changelog template to print the equivalent uci commands
for the various changes
- Rework theme headers to properly count the uncomitted changes
- Rework theme CSS to properly style new changelog
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Include cbi.js in the main header template like it is done for xhr.js and
remove the page specific includes.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Add new style classes required for status page changes, also drop old
Internet Explorer compatibility script and vendor prefixed properties.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
The previous commit incorrectly added a new class attribute without
considering existing ones.
Fixes 736d8fee4 ("themes: add common class to uci change indicator")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Add a common CSS class name to the change indicator and modify the openwrt.org
theme to hide it when no changes are present, similar to all other themes.
This is needed for upcoming uci apply handling changes to be able to auto-hide
the indicator without page reload after an apply.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Instead of passing the full LuCI request url, pass the relative resolved
request path instead and filter the received value through the lookup()
dispatcher function to only allow paths to actual internal pages.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>
|
|
Fix 404 error
Signed-off-by: Hsing-Wang Liao <kuoruan@gmail.com>
|
|
Fix links to point into Github repo instead of luci.subsignal.org
- the hint to file a bug in dispatcher
- footers of Bootstrap and Firefunk themes
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
|
|
Also untangle Lua code and markup for better readability, use tabs for
indentation and build_url() to construct paths instead of concatenating
them manually.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
* Rename subdirectories to their repective OpenWrt package names
* Make each LuCI module its own standalone package
* Deploy a shared luci.mk which is used by each module Makefile
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
