Due to a huge number of fixes and diverging development histories, I decided
to completely merge the current LuCI master into the 18.06 release branch to
have a common code base for upcoming maintenance releases.
Some LuCI apps have minor style glitches yet but I do not deem them to be
release critical as non-default components need to be opkg-installed anyway
and the package repositories are continuously refreshed, so we do not need
to fix everything for OpenWrt 18.06.0-rc2.
The most important changes introduced by this merge are:
1) New HTTP handling library in C
The new library should vastly reduce the required RAM for processing
large POST bodies while implementing some slightly more strict parsing
logic.
2) Apply/Rollback workflow
The ubus rpcd based apply/rollback handling will automatically revert
config changes if access to the device is lost for a certain period
of time, this is mainly intended for preventing issues with bad
config settings and the like.
The feature is not 100% error-proof yet but it successfully prevents a
large number of issues already. For final, the handling of the firewall
conntrack cache needs to be fixed yet as adding "lockout" firewall rules
is not yet catched due to the open HTTP session allowed by netfilter
conntrack
3) Template markup and theme style modifications
A large number of changes have been made to the markup in the various
templates, mainly to allow for responsive styling of tables.
The only theme currently making full use of that is the non-default
OpenWrt theme which will break table rows into disjunct boxes on
very narrow screens.
The changes have been tested on IE 11, MS Edge, Firefox, Chrome, an
iPhone 5s, iPhone 6 and iPad Air.
4) Initial LuCI support for displaying virtual dynamic network interfaces
Some protocol handlers will spawn purely dynamic sub-interfaces which
are not present in UCI. Such interfaces have been invisible in LuCI so
far which caused confusion especialy wrt. missing IP addresses etc.
LuCI will now display such dynamic interfaces on the interface overview.
5) Initial LuCI support for display interface runtime error information
LuCI will now expose interface error information stored in the ubus
runtime information by protocol handlers.
This is mainly useful to get notified of low level problems like
bad SIM codes are missing APN information.
6) Various XSS and CSRF bypass fixes
A number of code places performing inadequate markup escaping have been
fixed and the dispatcher CSRF token enforcement rules have been reworked
to actually catch all POST security cases.
7) Initial support for running under nginx
Various bugs have been fixed to allow LuCI to function under nginx using
a FastCGI wrapper.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Include cbi.js in the main header template like it is done for xhr.js and
remove the page specific includes.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* backingstore support via ubus does not work, remove it for now
* fix target mapping for linuximages.org
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
Rework the various application view templates to properly render with the
latest responsive design changes.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Turn the dynamic lease status table into responsive table by using the
cbi_update_table() helper in conjunction with title annotation attributes.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Certain types of interface were excluded from bcp38's concept of
upstream wan interface e.g. pppoa-wan
Shamelessly copies the interface list generation from luci-app-sqm which
solved exactly the same problem and gives additional clues by displaying
the firewall zone (typically wan/lan etc)
Run-tested-on: DGN3500
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
"Content-Type: text/plain; charset=UTF-8" was wrote twice in each
of base.po and firewall.po, and one was an incorrect place which
was the cause of the errors.
And, The escape in abbr HTML tag was incorrect, so I fixed it.
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
DDns script call another sh script to check ddns-scripts version. We can use the quicker IPKG.info function instead of execute another slow command.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
When creating a forwarding rule with protocol set to other, a user is
forwarded to the configuration page. The URL for the configuration page
contained a typo - the user was forwarded to
admin/network/firewall/redirect/cfg... and not
admin/network/firewall/forwards/cfg..., leading to a 404.
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
It's currently possible to generate nonsensical firewall rules by inputting
combinations which include:
i) protocols other than UDP/TCP
ii) source and destination ports.
There is some discussion of the issue on the forum here and the issue is
here; #1850.
This patch makes fields like src_port and dest_port depend on protocol being
tcp, udp or "tcp udp" in the input, forwarding and source NAT forms.
Signed-off-by: Tom Hodder <tom@limepepper.co.uk>
[reword commit message, squash commits]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
