From d4666757b746fe88c517a605a6f3b9dbcaa0ff93 Mon Sep 17 00:00:00 2001
From: Jo-Philipp Wich <jow@openwrt.org>
Date: Tue, 20 Oct 2015 22:27:39 +0200
Subject: luci-mod-admin-full: protect iptables counter reset and restart with
 token

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
---
 .../luasrc/controller/admin/status.lua             | 23 ++++++++++------------
 1 file changed, 10 insertions(+), 13 deletions(-)

(limited to 'modules/luci-mod-admin-full/luasrc/controller')

diff --git a/modules/luci-mod-admin-full/luasrc/controller/admin/status.lua b/modules/luci-mod-admin-full/luasrc/controller/admin/status.lua
index 1ceb24d16a..24db1e4ff5 100644
--- a/modules/luci-mod-admin-full/luasrc/controller/admin/status.lua
+++ b/modules/luci-mod-admin-full/luasrc/controller/admin/status.lua
@@ -7,7 +7,10 @@ module("luci.controller.admin.status", package.seeall)
 function index()
 	entry({"admin", "status"}, alias("admin", "status", "overview"), _("Status"), 20).index = true
 	entry({"admin", "status", "overview"}, template("admin_status/index"), _("Overview"), 1)
-	entry({"admin", "status", "iptables"}, call("action_iptables"), _("Firewall"), 2).leaf = true
+
+	entry({"admin", "status", "iptables"}, template("admin_status/iptables"), _("Firewall"), 2).leaf = true
+	entry({"admin", "status", "iptables_action"}, post("action_iptables")).leaf = true
+
 	entry({"admin", "status", "routes"}, template("admin_status/routes"), _("Routes"), 3)
 	entry({"admin", "status", "syslog"}, call("action_syslog"), _("System Log"), 4)
 	entry({"admin", "status", "dmesg"}, call("action_dmesg"), _("Kernel Log"), 5)
@@ -42,22 +45,16 @@ end
 
 function action_iptables()
 	if luci.http.formvalue("zero") then
-		if luci.http.formvalue("zero") == "6" then
-			luci.util.exec("ip6tables -Z")
+		if luci.http.formvalue("family") == "6" then
+			luci.util.exec("/usr/sbin/ip6tables -Z")
 		else
-			luci.util.exec("iptables -Z")
+			luci.util.exec("/usr/sbin/iptables -Z")
 		end
-		luci.http.redirect(
-			luci.dispatcher.build_url("admin", "status", "iptables")
-		)
-	elseif luci.http.formvalue("restart") == "1" then
+	elseif luci.http.formvalue("restart") then
 		luci.util.exec("/etc/init.d/firewall restart")
-		luci.http.redirect(
-			luci.dispatcher.build_url("admin", "status", "iptables")
-		)
-	else
-		luci.template.render("admin_status/iptables")
 	end
+
+	luci.http.redirect(luci.dispatcher.build_url("admin/status/iptables"))
 end
 
 function action_bandwidth(iface)
-- 
cgit v1.2.3