OpenWRT
/
luci
mirror of https://github.com/openwrt/luci.git
1
0
Fork 0
Code Issues Releases Wiki Activity

luci-app-splash: protect admin status call with csrf token 

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
pull/494/head
Jo-Philipp Wich 2015-10-21 00:09:55 +02:00
parent ac34dfa0bc
commit c1278f967e
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
applications/luci-app-splash/luasrc/controller/splash/splash.lua
View File

@ -16,7 +16,7 @@ function index()
node("splash", "splash").target = template("splash_splash/splash") node("splash", "splash").target = template("splash_splash/splash")
node("splash", "blocked").target = template("splash/blocked") node("splash", "blocked").target = template("splash/blocked")
entry({"admin", "status", "splash"}, call("action_status_admin"), _("Client-Splash")) entry({"admin", "status", "splash"}, post("action_status_admin"), _("Client-Splash"))
local page = node("splash", "publicstatus") local page = node("splash", "publicstatus")
page.target = call("action_status_public") page.target = call("action_status_public")

2
applications/luci-app-splash/luasrc/view/admin_status/splash.htm
View File

@ -214,7 +214,7 @@ end
<fieldset id="cbi-table-table" class="cbi-section"> <fieldset id="cbi-table-table" class="cbi-section">
<legend><%:Active Clients%></legend> <legend><%:Active Clients%></legend>
<div class="cbi-section-node"> <div class="cbi-section-node">
<% if is_admin then %><form action="<%=REQUEST_URI%>" method="post"><% end %> <% if is_admin then %><form action="<%=REQUEST_URI%>" method="post"><input type="hidden" name="token" value="<%=token%>" /><% end %>
<table class="cbi-section-table"> <table class="cbi-section-table">
<thead> <thead>
<tr class="cbi-section-table-titles"> <tr class="cbi-section-table-titles">