From b9ed03c5a9a52c17b30f3fb61b81ce1c2ee0ea6e Mon Sep 17 00:00:00 2001
From: Jo-Philipp Wich <jow@openwrt.org>
Date: Tue, 20 Oct 2015 23:58:01 +0200
Subject: luci-app-ddns: protect start/stop actions with csrf token

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
---
 applications/luci-app-ddns/luasrc/view/ddns/overview_status.htm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'applications/luci-app-ddns/luasrc/view/ddns/overview_status.htm')

diff --git a/applications/luci-app-ddns/luasrc/view/ddns/overview_status.htm b/applications/luci-app-ddns/luasrc/view/ddns/overview_status.htm
index 5464812223..b6d4ebb9fd 100644
--- a/applications/luci-app-ddns/luasrc/view/ddns/overview_status.htm
+++ b/applications/luci-app-ddns/luasrc/view/ddns/overview_status.htm
@@ -136,7 +136,7 @@
 
 		// do start/stop
 		var btnXHR = new XHR();
-		btnXHR.get('<%=url('admin/services/ddns/startstop')%>/' + section + '/' + cbx.checked, null,
+		btnXHR.post('<%=url('admin/services/ddns/startstop')%>/' + section + '/' + cbx.checked, { token: '<%=token%>' },
 			function(x, data) {
 				if (x.responseText == "_uncommitted_") {
 					// we need a trick to display Ampersand "&" in stead of "&#38;" or "&amp;"
-- 
cgit v1.2.3