- Use cbi_update_table() helper to refresh user list
- Cleanup markup and remove uneeded CSS classes
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit f4ba55532f)
Due to a huge number of fixes and diverging development histories, I decided
to completely merge the current LuCI master into the 18.06 release branch to
have a common code base for upcoming maintenance releases.
Some LuCI apps have minor style glitches yet but I do not deem them to be
release critical as non-default components need to be opkg-installed anyway
and the package repositories are continuously refreshed, so we do not need
to fix everything for OpenWrt 18.06.0-rc2.
The most important changes introduced by this merge are:
1) New HTTP handling library in C
The new library should vastly reduce the required RAM for processing
large POST bodies while implementing some slightly more strict parsing
logic.
2) Apply/Rollback workflow
The ubus rpcd based apply/rollback handling will automatically revert
config changes if access to the device is lost for a certain period
of time, this is mainly intended for preventing issues with bad
config settings and the like.
The feature is not 100% error-proof yet but it successfully prevents a
large number of issues already. For final, the handling of the firewall
conntrack cache needs to be fixed yet as adding "lockout" firewall rules
is not yet catched due to the open HTTP session allowed by netfilter
conntrack
3) Template markup and theme style modifications
A large number of changes have been made to the markup in the various
templates, mainly to allow for responsive styling of tables.
The only theme currently making full use of that is the non-default
OpenWrt theme which will break table rows into disjunct boxes on
very narrow screens.
The changes have been tested on IE 11, MS Edge, Firefox, Chrome, an
iPhone 5s, iPhone 6 and iPad Air.
4) Initial LuCI support for displaying virtual dynamic network interfaces
Some protocol handlers will spawn purely dynamic sub-interfaces which
are not present in UCI. Such interfaces have been invisible in LuCI so
far which caused confusion especialy wrt. missing IP addresses etc.
LuCI will now display such dynamic interfaces on the interface overview.
5) Initial LuCI support for display interface runtime error information
LuCI will now expose interface error information stored in the ubus
runtime information by protocol handlers.
This is mainly useful to get notified of low level problems like
bad SIM codes are missing APN information.
6) Various XSS and CSRF bypass fixes
A number of code places performing inadequate markup escaping have been
fixed and the dispatcher CSRF token enforcement rules have been reworked
to actually catch all POST security cases.
7) Initial support for running under nginx
Various bugs have been fixed to allow LuCI to function under nginx using
a FastCGI wrapper.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Include cbi.js in the main header template like it is done for xhr.js and
remove the page specific includes.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* backingstore support via ubus does not work, remove it for now
* fix target mapping for linuximages.org
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
Rework the various application view templates to properly render with the
latest responsive design changes.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Turn the dynamic lease status table into responsive table by using the
cbi_update_table() helper in conjunction with title annotation attributes.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Certain types of interface were excluded from bcp38's concept of
upstream wan interface e.g. pppoa-wan
Shamelessly copies the interface list generation from luci-app-sqm which
solved exactly the same problem and gives additional clues by displaying
the firewall zone (typically wan/lan etc)
Run-tested-on: DGN3500
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
"Content-Type: text/plain; charset=UTF-8" was wrote twice in each
of base.po and firewall.po, and one was an incorrect place which
was the cause of the errors.
And, The escape in abbr HTML tag was incorrect, so I fixed it.
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
DDns script call another sh script to check ddns-scripts version. We can use the quicker IPKG.info function instead of execute another slow command.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
When creating a forwarding rule with protocol set to other, a user is
forwarded to the configuration page. The URL for the configuration page
contained a typo - the user was forwarded to
admin/network/firewall/redirect/cfg... and not
admin/network/firewall/forwards/cfg..., leading to a 404.
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
It's currently possible to generate nonsensical firewall rules by inputting
combinations which include:
i) protocols other than UDP/TCP
ii) source and destination ports.
There is some discussion of the issue on the forum here and the issue is
here; #1850.
This patch makes fields like src_port and dest_port depend on protocol being
tcp, udp or "tcp udp" in the input, forwarding and source NAT forms.
Signed-off-by: Tom Hodder <tom@limepepper.co.uk>
[reword commit message, squash commits]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Along with 74be6f397
("treewide: switch firewall zone, network and iface lists to dropdown code"),
this change allows luci-app-firewall to recognize OUTPUT rules.
Fixes#1457.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Also switch one usage of raw '<%_ ... %>' interpolation to '<%: ... %>' in
order to avoid issues with translations using apostrophes.
Globally resnyc translations after the fix.
Fixes#1866.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Also switch the weekday and monthday lists in the firewall rule details to
cbi dropdowns, vastly uncluttering the form.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Currently these params should be optional but in the current script then are required for any configuration to save. We add an "optional" boolean value to the validate function so that we can make this pram optional as it should be. Also adds me as maintainer
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
* wait/lock "create" button until the real end of container creation,
this includes download time plus tar/gz processing time
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
Every request directed to the ddns app call ddns tools module.
Ddns tools module have lots of global variable that call slow os.execute function. This adds 10 second to every ddns request even if the function that is requested doesn't need that global variable. This commit introduce env_info function that execute os.execute command by executing what is actually requested and not process all the variables. Also remove 2 unecessary module that are not used. More researh find that major slowdown was caused by the calling of ddns script for the version check. Now we check if opkg is present and use it to check ddns-scripts version.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
* migrate JS generated HTML tables to divs
* remove (most of) the inline styles
* various markup cleanups
That's the final part ... hopefully it's now in a more usable &
maintainable state.
Signed-off-by: Dirk Brenken <dev@brenken.org>
Mostly convert HTML tables to div based markup to allow for easier styling
in the future. Also change JS accessor code accordingly.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The issue existed since the first revision of the rewrite and was
exposed by commit 4024d4f (luci-base: switch to ubus uci operations)
A quick scan of the current repo indicates that these are the only sites
of wrong call pattern
Fixesopenwrt/packages#6113
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
The issue existed since the first revision of the rewrite and was
exposed by commit 4024d4f (luci-base: switch to ubus uci operations)
A quick scan of the current repo indicates that these are the only sites
of wrong call pattern
Fixesopenwrt/packages#6113
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
I've tried to get the lxc app in a more usable state. Tested with mips
and amd64 targets.
* check /etc/config/lxc in controller, not in cbi
* more controller cleanups
* remove unused 'fork_exec' function
* check path before container creation
* check space requirements before container creation
* support new uci options 'min_space' and 'min_temp',
default for both is 100000 KB
* both options are configurable via LuCI CBI template
* write messages to log in case of an error
* validate the container name during creation,
automatically remove invalid chars
* inform the user that only a stopped container can be destroyed
* add experimental ssl support (untested, disabled by default)
Signed-off-by: Dirk Brenken <dev@brenken.org>
Expose options related to routing/NAT flow offloading
feature in firewall3. Offloading is available in kernel 4.14+
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 177224c14a)
Updated Japanese translations.
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
(cherry picked from commit d3c1951cbb
adapted for small difference betwenn master and 18.06)
Expose options related to routing/NAT flow offloading
feature in firewall3. Offloading is available in kernel 4.14+
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
I've tried to get the lxc app in a more usable state. Tested with mips
and amd64 targets.
* fix missing tar/xz dependency,
only if LXC_BUSYBOX_OPTIONS is not selected
* mute needless gpg validation warning
* tidy up controller a little bit
* fix multiple possible dispatcher errors
* fix compatibility with XHTML standard theme (looks still horrible ;-)
* inform the user about custom kernel prerequisites
* inform the user about the template download
* inform the user if no template was found
Signed-off-by: Dirk Brenken <dev@brenken.org>
Change default leasefile hint from /var/log/upnp.leases to
/var/run/miniupnpd.leases
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
If the physical device is not set in the diag_command then the ping will
always use the route with the lowest metric from the default routing
table.
To fix this add the physical device of the logical interface to the ping
command.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
If a logical interface setup and adds in the protocol handler a dynamic
interface then the gateway is configured in the dynamic interface and the
setting up logical interface does not have a gateway specified.
To fix this check first if a dynamic interface is present and use this
gateway ip if found and if no dynamich interface is set then check for a
gateway in the logical interface.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* Remove SimpleForm stuff from Interface Wizard
* adapt Travelmate to support new cbi apply workflow
* fix station re-odering
* tested successfully with old & new workflow
Signed-off-by: Dirk Brenken <dev@brenken.org>
Some of the options in the tabs were not placed in
optimal groups. Add tabs for DHCP and start triggers.
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
This fixes an inconsistency because on the interface configuration if
you press Save&Apply it will go back to overview page. It is also the
case with "Firewall - Traffic Rules" details. On firewall zone it only
goes back to firewall zone-detail. Same behaviour on all pages is a good
user experience.
Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
