The validity of authentication tokens was determined by the
mtime of respective authentication tokens on filesystem
stored in $sessionpath.
Talking about hardware without RTC or without a prior
connection to a time server, date/time usually around 1970 -
so is the mtime of the authentication token file in
$sessionpath.
When now configuring an internet connection via LuCI, the
system might fetch the current date/time (e.g. via ntp)
which invalidates the token, returns "403 Forbidden" and
kicks the user out of the interface.
This patch changes the authentication system to use time values
based on the uptime of the machine - rather than values based upon
gettimeofday() and {a|m}time values - and save them inside the token.
That way can always determine the difference between login
(last interaction respectively) and the current time, in-
dependant of the system clock jumping backwards/forwards.
Warning: This patch removes the clean() function and respective calls.
This means, invalid tokens will NOT be determined and removed from
filesystem automatically anymore.
Before, every HTTP-call caused a scan for invalid tokens,
which is quite expensive. Instead consider using a cron job
deleting all stalled files periodically.
Contributed by T-Labs, Deutsche Telekom Innovation Laboratories
Signed-off-by: Mirko Vogt <mirko@openwrt.org>
Hi,
The attached patch fixes the JSON generation when dealing with NaN (not
a number), this makes the JSON parsing in the web browser succeed
(before it would get a "nan" which is not a valid JS value)
Chris
The commit adds a recursive parser for datatype expressions which allows nesting of validators,
this allows for complex expressions like "list(or(range(0,65535),'infinite'))" to allow a list of
values which are either integers between 0 and 65535 or the literal string "inifinite".
That change also deprecates combined datatypes like "ipaddr" ["or(ip4addr,ip6addr)"] or
"host" ["or(hostname,ip4addr,ip6addr)"]
For SimpleSection, use the section name (always "1") instead of the
section type in the CBI-like string used to identify the upload. This
allows upload fields to be placed in SimpleSections. The fix changes a
minimal number of lines, but does introduce some unnecessary confusion,
it may or may not be better than a more thorough/invasive fix.
Set the enctype for the form element in the simpleform view to be
multipart/form-data because the default
application/x-www-form-urlencoded does not support input files.
Signed-off-by: Kevin Locke <kevin@kevinlocke.name>
