From 2fd74a8239c3986bb2e741e907b2a90f2833f073 Mon Sep 17 00:00:00 2001
From: Jo-Philipp Wich <jo@mein.io>
Date: Mon, 21 Aug 2023 15:35:41 +0200
Subject: luci-lua-runtime: dispatcher.lua: re-add test_post_security()

While no LuCI code utilizes this function anymore, some existing legacy
Lua controllers expect the function to exist, so restore it.

Fixes: #6532
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
---
 modules/luci-lua-runtime/luasrc/dispatcher.lua | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'modules/luci-lua-runtime/luasrc/dispatcher.lua')

diff --git a/modules/luci-lua-runtime/luasrc/dispatcher.lua b/modules/luci-lua-runtime/luasrc/dispatcher.lua
index dfbb225f0e..816c9f35e3 100644
--- a/modules/luci-lua-runtime/luasrc/dispatcher.lua
+++ b/modules/luci-lua-runtime/luasrc/dispatcher.lua
@@ -360,6 +360,22 @@ function render_lua_template(path)
 	tpl.render(path, getfenv(1))
 end
 
+function test_post_security()
+	if http:getenv("REQUEST_METHOD") ~= "POST" then
+		http:status(405, "Method Not Allowed")
+		http:header("Allow", "POST")
+		return false
+	end
+
+	if http:formvalue("token") ~= context.authtoken then
+		http:status(403, "Forbidden")
+		_G.L.include("csrftoken")
+		return false
+	end
+
+	return true
+end
+
 
 function call(name, ...)
 	return {
-- 
cgit v1.2.3