From 1ee5ba632ab52b5d3af5c88803fee89c8eaf6fe1 Mon Sep 17 00:00:00 2001
From: Steven Barth <steven@midlink.org>
Date: Mon, 15 Dec 2008 10:40:45 +0000
Subject: Refined urltokens and XSRF protection

---
 modules/rpc/luasrc/controller/rpc.lua | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'modules/rpc')

diff --git a/modules/rpc/luasrc/controller/rpc.lua b/modules/rpc/luasrc/controller/rpc.lua
index d83c26d45..e0aeb3bf0 100644
--- a/modules/rpc/luasrc/controller/rpc.lua
+++ b/modules/rpc/luasrc/controller/rpc.lua
@@ -25,7 +25,8 @@ function index()
 	local function authenticator(validator, accs)
 		local auth = luci.http.formvalue("auth", true)
 		if auth then
-			local user = luci.sauth.read(auth)
+			local sdat = luci.sauth.read(auth)
+			user = loadstring(sdat)().user
 			if user and luci.util.contains(accs, user) then
 				return user, auth
 			end
-- 
cgit v1.2.3