* Use post_on() target to require csrf token verification for modifying actions
* Ensure that package and flash operation handlers guard modifying operations
with parameter check
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
* Add a generic helper function to check need for post / csrf token validation
* Remove custom token verification in cbi targets
* Support requiring post security depending on specific submit parameters,
usable through post_on() action
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Sync translations to the current strings.
Changes in luci-app-ddns, luci-app-mjpg-streamer, luci-app-qos,
luci-app-shadowsocks-libev, luci-app-statistics and luci-base
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Changes in 2015g:
http://mm.icann.org/pipermail/tz-announce/2015-October/000034.html
Norfolk moves from +1130 to +1100 on 2015-10-04 at 02:00 local time.
Fiji's 2016 fall-back transition is scheduled for January 17, not 24.
Fort Nelson, British Columbia will not fall back on 2015-11-01. It has
effectively been on MST (-0700) since it advanced its clocks on 2015-03-08.
New zone America/Fort_Nelson.
Note: the Turkey-related one-time rule change is not apparently catched by
the zoneinfo2lua script, so that change is not included in this commit.
(Turkey's 2015 fall-back transition is scheduled for Nov. 8, not Oct. 25.)
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Only process submitted data if the "cbi.submit" parameter is present as the
dispatcher will verify the integrity of the CSRF token in this case.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Add the dispatcher infrastructure to restrict certain routes to POST
requests only in conjunction with verification of CSRF tokens.
This is the first step to get rid of the CSRF token in the url in favor
to tokens embedded in forms.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Due to a lack of a test environment this support only covers thermal graphs
so far. Please send the output of "rrdtool info /tmp/rrd/*/sensors-*/*.rrd"
if your system happens to support voltage, power or fanspeed sensors.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Only attempt to call "dsl_func" if the dsl_control lucistat output could be
successfully evaluated.
Works around https://dev.openwrt.org/ticket/20607
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
If a plugin produces only one instance, e.g. netlink with just one interface
configured, then the controller will register no detail views which would
normally show all graphs but the index pacage of a given plugin will still
display the collapsed view without any possibility to reach the full listing.
Fix the problem by only rendering a linked index view when more than one
instance is present.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Change index.html that is visible for a second when entering Luci:
* Black text on white background (instead of white on black)
* Specify font as Arial/Helvetica
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Remove the freifunk-bno theme as the bno profile itself was removed.
Discussion in https://github.com/openwrt/luci/pull/471
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
