luci-lua-runtime: dispatcher.lua: re-add test_post_security()
While no LuCI code utilizes this function anymore, some existing legacy Lua controllers expect the function to exist, so restore it. Fixes: #6532 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This commit is contained in:
Jo-Philipp Wich
parent
a6a428fe60
commit
2fd74a8239
1 changed files with 16 additions and 0 deletions
|
|
@ -360,6 +360,22 @@ function render_lua_template(path)
|
||||||
tpl.render(path, getfenv(1))
|
tpl.render(path, getfenv(1))
|
||||||
end
|
end
|
||||||
|
|
||||||
|
function test_post_security()
|
||||||
|
if http:getenv("REQUEST_METHOD") ~= "POST" then
|
||||||
|
http:status(405, "Method Not Allowed")
|
||||||
|
http:header("Allow", "POST")
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
|
||||||
|
if http:formvalue("token") ~= context.authtoken then
|
||||||
|
http:status(403, "Forbidden")
|
||||||
|
_G.L.include("csrftoken")
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
|
||||||
|
return true
|
||||||
|
end
|
||||||
|
|
||||||
|
|
||||||
function call(name, ...)
|
function call(name, ...)
|
||||||
return {
|
return {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue