Difuse/luci
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

luci-app-radicale: protect start/stop actions with csrf token

Browse source 
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
This commit is contained in:
Jo-Philipp Wich 2015-10-21 00:03:56 +02:00
parent ae9fb03e74
commit ac34dfa0bc
2 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
applications/luci-app-radicale/luasrc/controller/radicale.lua
View file

@ -15,7 +15,7 @@ function index()
entry( {"admin", "services", "radicale"}, alias("admin", "services", "radicale", "edit"), _("CalDAV/CardDAV"), 58) entry( {"admin", "services", "radicale"}, alias("admin", "services", "radicale", "edit"), _("CalDAV/CardDAV"), 58)
entry( {"admin", "services", "radicale", "edit"}, cbi("radicale") ).leaf = true entry( {"admin", "services", "radicale", "edit"}, cbi("radicale") ).leaf = true
entry( {"admin", "services", "radicale", "logview"}, call("_logread") ).leaf = true entry( {"admin", "services", "radicale", "logview"}, call("_logread") ).leaf = true
entry( {"admin", "services", "radicale", "startstop"}, call("_startstop") ).leaf = true entry( {"admin", "services", "radicale", "startstop"}, post("_startstop") ).leaf = true
entry( {"admin", "services", "radicale", "status"}, call("_status") ).leaf = true entry( {"admin", "services", "radicale", "status"}, call("_status") ).leaf = true
end end

2
applications/luci-app-radicale/luasrc/view/radicale/btn_startstop.htm
View file

@ -21,7 +21,7 @@
function onclick_startstop(id) { function onclick_startstop(id) {
// do start/stop // do start/stop
var btnXHR = new XHR(); var btnXHR = new XHR();
btnXHR.get('<%=url('admin/services/radicale/startstop')%>', null, btnXHR.post('<%=url('admin/services/radicale/startstop')%>', { token: '<%=token%>' },
function(x) { _data2elements(x); } function(x) { _data2elements(x); }
); );
} }