This calls striptags() on the hostname to prevent any XSS over the
hostname. This should fix CVE-2021-33425 as far as I understood it.
If someone adds some Javascript into system.@system[0].hostname it would
have been directly added to the page, this prevents the problem.
This can only be exploited by someone being able to modify the uci
configuration, normally a user with such privileges could also just
modify the webpage.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 5cbd79d7e3)
Before fixed, if we have two nodes: 'services/ddns' and 'services/ddnsto',
click any one of they, will show they all actived.
Signed-off-by: Liangbin Lian <jjm2473@gmail.com>
(cherry picked from commit 97d50d2c6b)
After moving section title from `legend`, which was translated to `span`
with style `panel-title`, to `h3`, update also CSS style to match first
`h3` in `cbi-section`.
Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
Remove the reference to setting a password being linked to SSH capability.
(SSH has been initially enabled since year 2015.)
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
If we build multi-themes into firmware, each of them set itself
to be the default theme, what theme should it be?
To make it clear, we only set mediaurlbase if the theme is the
first time to be installed/built-in.
This resolve the issue that theme always change to somewhat default
after upgrading the firmware even with a config-keep-upgrade
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
Add some CSS band aids to fix styling and positioning of hidden tab panes,
cbi maps in modal dialogs and nested cbi sections.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Fixed a overview page style issue with interface boxes for
bootstrap, material and rosy themes.
The issue only appears in the Chrome browser and lies in the
fact that the block with the device name and MAC address gets
out of the interface block.
Signed-off-by: Anton Kikin <a.kikin@tano-systems.com>
* Remove excess font dependency
* Retain two glyphs as svg
* Store svg icons externally
* Add logout icon
* Replace spaces with tabs in script
* Various minor fixes
Signed-off-by: Shun Jou <shunjou@gmail.com>
After opening an external hyperlink in a new browser tab, LuCI hangs in the
load screen. This commit will fix this issue.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
If you change the color of the submenues then the colors of the toplevel
should also be changed into the same color.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* Restore theme to near original style
* Properly declare variable fallbacks
* More consistent table and border styling
* Improve responsive design scaling
* Add static ripple effect to sidebar menu
* Style command output as terminal
* Comb coding style and widespread cleanup
* Various other improvements and fixes
Signed-off-by: Shun Jou <shunjou@gmail.com>
Add the missing error css class definitions.
Highlights the wrong inputs detected by the cbi validation function.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Extend the theme headers to include the translation string scripts,
allowing client side code to translate strings without server side
support.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
