OpenWRT
/
luci
mirror of https://github.com/openwrt/luci.git
1
0
Fork 0
Code Issues Releases Wiki Activity

luci-base: dispatcher expose test_post_security() 

Allows external code to perform POST and token checking manually.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
pull/494/head
Jo-Philipp Wich 2015-10-22 08:30:29 +02:00
parent 79383f5a74
commit d32c685039
1 changed files with 17 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
modules/luci-base/luasrc/dispatcher.lua
View File

@ -172,6 +172,22 @@ local function require_post_security(target)
return false
end
function test_post_security()
if http.getenv("REQUEST_METHOD") ~= "POST" then
http.status(405, "Method Not Allowed")
http.header("Allow", "POST")
return false
end
if http.formvalue("token") ~= context.authtoken then
http.status(403, "Forbidden")
luci.template.render("csrftoken")
return false
end
return true
end
function dispatch(request)
--context._disable_memtrace = require "luci.debug".trap_memtrace("l")
local ctx = context
@ -376,15 +392,7 @@ function dispatch(request)
end
if c and require_post_security(c.target) then
if http.getenv("REQUEST_METHOD") ~= "POST" then
http.status(405, "Method Not Allowed")
http.header("Allow", "POST")
return
end
if http.formvalue("token") ~= ctx.authtoken then
http.status(403, "Forbidden")
luci.template.render("csrftoken")
if not test_post_security(c) then
return
end
end