Difuse/luci
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

luci-app-ocserv: protect disconnect action with csrf token

Browse source 
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
This commit is contained in:
Jo-Philipp Wich 2015-10-21 00:00:55 +02:00
parent b9ed03c5a9
commit 0f1f5140e3
2 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
applications/luci-app-ocserv/luasrc/controller/ocserv.lua
View file

@ -28,7 +28,7 @@ function index()
call("ocserv_status")).leaf = true call("ocserv_status")).leaf = true
entry({"admin", "services", "ocserv", "disconnect"}, entry({"admin", "services", "ocserv", "disconnect"},
call("ocserv_disconnect")).leaf = true post("ocserv_disconnect")).leaf = true
end end

2
applications/luci-app-ocserv/luasrc/view/ocserv_status.htm
View file

@ -1,7 +1,7 @@
<script type="text/javascript">//<![CDATA[ <script type="text/javascript">//<![CDATA[
function ocserv_disconnect(idx) { function ocserv_disconnect(idx) {
XHR.get('<%=url('admin/services/ocserv/disconnect')%>/' + idx, null, (new XHR()).post('<%=url('admin/services/ocserv/disconnect')%>/' + idx, { token: '<%=token%>' },
function(x) function(x)
{ {
var tb = document.getElementById('ocserv_status_table'); var tb = document.getElementById('ocserv_status_table');