Update timezone data to 2016a.
http://mm.icann.org/pipermail/tz-announce/2016-January/000035.html
Changes affecting future time stamps
America/Cayman will not observe daylight saving this year after all.
Revert our guess that it would. (Thanks to Matt Johnson.)
Asia/Chita switches from +0800 to +0900 on 2016-03-27 at 02:00.
(Thanks to Alexander Krivenyshev.)
Asia/Tehran now has DST predictions for the year 2038 and later,
to be March 21 00:00 to September 21 00:00. This is likely better
than predicting no DST, albeit off by a day every now and then.
Changes affecting past and future time stamps
America/Metlakatla switched from PST all year to AKST/AKDT on
2015-11-01 at 02:00. (Thanks to Steffen Thorsen.)
America/Santa_Isabel has been removed, and replaced with a
backward compatibility link to America/Tijuana. Its contents were
apparently based on a misreading of Mexican legislation.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Fix links to point into Github repo instead of luci.subsignal.org
- the hint to file a bug in dispatcher
- footers of Bootstrap and Firefunk themes
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Map DUIDs to their corresponding MAC addresses in order to correlate them with
IPv4 information. This is useful to e.g. identify IPv6 hosts which do not send
a name.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
* add more WPA-EAP phase2 authentication methods.
* client cert, client key and key password are only relevant for
WPA EAP-TLS, change dependency accordingly.
* add support for certificates and key for EAP-TLS phase2 auth.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
When fields got removed and readded due to unsatisfied dependencies, they
got inserted in reverse order into the dom.
Fix this issue by properly passing the element index.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Instead of relying on the connect-before-setuid hack, ship a proper
acl definition file whitelisting the procedures that LuCI requires
on its non-root pages.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Copy the changes made by f8d0ba00b2
also to the interface details pages in order to clarify display of
multiple addresses.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Some applications only support ipv4 so add ipv4only option
to host and hostport datatypes so that for thos applications
that when an IP address is specified only and ipv4 ip address
gets accepted.
The previous versiono of ipaddrport validator only worked for ipv4
due to disallowing colons (:) in ip address which obvious fails for
ipv6. We now instead allow either ipv4 address or an ipv6 address of
the form [<ipv6address>]:port
Some files and pointers to files are not safe to remove without a replacement
file and config pointing to the file. For instance for uhttpd application in
the works, removing the certificate or key config or files without having the
replacements in places renders the WeUI inaccessible.
The only other place where FileUpload is currently used is for wifi certificates
for which the 'safe' handling is also preferred. Therefore make the default for
the FileUpload widget the safe handling and add a property self.unsafeupload that
allows for the old unsafe handling should it prove useful in some case.
Also allow to specify a file already on router instead of uploading a file.
Signed-off By: Daniel Dickinson <openwrt@daniel.thecshore.com>
The call to http.formvalue in order to read the csrf token causes
_parse_input to be triggered *before* controllers and cbi maps have
been built. This results in the failure of file uploads because
the file handler is not yet in place when _parse_input gets called,
and it is in _parse_input that POST data is parsed (including files).
To fix this we add the ability to write file fields to temporary
files (using mkstemp and unlink in nixio.file) and use this to
store file data until the filehandler is registered, with a
fallback to reading the file data into memory.
Once the filehandler callback gets registered we iterate
though all previously parsed (saved) files and copy the
data to the file handler, and then close the temporary
file (which finally removes because we unlinked after
creating the file, but didn't close the file so unlink
was deferred).
Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>
Some applications only support ipv4 so add ipv4only option
to host and hostport datatypes so that for thos applications
that when an IP address is specified only and ipv4 ip address
gets accepted.
The previous versiono of ipaddrport validator only worked for ipv4
due to disallowing colons (:) in ip address which obvious fails for
ipv6. We now instead allow either ipv4 address or an ipv6 address of
the form [<ipv6address>]:port
Some files and pointers to files are not safe to remove without a replacement
file and config pointing to the file. For instance for uhttpd application in
the works, removing the certificate or key config or files without having the
replacements in places renders the WeUI inaccessible.
The only other place where FileUpload is currently used is for wifi certificates
for which the 'safe' handling is also preferred. Therefore make the default for
the FileUpload widget the safe handling and add a property self.unsafeupload that
allows for the old unsafe handling should it prove useful in some case.
Also allow to specify a file already on router instead of uploading a file.
Signed-off By: Daniel Dickinson <openwrt@daniel.thecshore.com>
/lib/uci/upload is a rather odd place for configuration files
Also the files were not saved across sysupgrade, which is somewhat
counter-productive for configuration files.
Signed-off By: Daniel Dickinson <openwrt@daniel.thecshore.com>
The new function is twice as fast as the old implementation and properly
summarizes outgoing and incoming byte and packet counters.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
For better view of 'Interface Overview' IPv4/IPv6 addresses for
interfaces should be displayed as lists, but not as comma separated
strings.
Signed-off-by: Alexander Logger <intagger@gmail.com>
Add two new types 'hostport' and 'ipaddrport' to validate strings in the form
'sub.example.org:1234' and '0.0.0.0:80'. The 'hostport' accepts hostnames or
IP addresses followed by a colon and a port number while the 'ipaddrport' type
accepts numeric IP addresses only, followed by a colon and a port.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
When using os.execute or luci.sys.call the shell is called with the
command line which means that standard shell interpretation of strings
occurs. To allow to use these commands more easily we add functions
for properly escaping single-quoted strings used on the command line
Previously the global configuration options were missing the the LuCI configuration,
however these options are useful, so make them available to the UI.
Limit the name of a new interface to 15 characters.
Add a note about the maximum length and the automatic protocol/bridge
prefixes (br-, 6in4-, pppoe- etc.).
Reference to:
https://dev.openwrt.org/ticket/20380https://github.com/openwrt/luci/issues/507
There is a 15 character limit to the "real" interface name,
enforced both in the firewall and dnsmasq. The real interface name
includes the possible prefix "br-", "6in4-" etc. Example of an error:
interface name `br-lan_protected' must be shorter than IFNAMSIZ (15)
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* Prevents an empty Location header
* Useful in environments where build_url() could return an empty string (such as http server rewrites requests to /cgi-bin/luci)
Signed-off-by: Joel Pedraza <github@saik0.net>
Two new arguments url, defpath were added to cbi_dynlist_init() for
initializing the brower button.
An example of usage
identity = section:taboption("general", DynamicList, "identity",
translate("List of SSH key files for auth"))
identity.datatype = "file"
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
As per http://tools.ietf.org/html/rfc3986#section-2.3
Characters that are allowed in a URI but do not have a reserved
purpose are called unreserved. These include uppercase and lowercase
letters, decimal digits, hyphen, period, underscore, and tilde.
unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~"
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
cbi.lua
- Implement Flag.validate function to be overwritable
- rewritten if clause for easier reading ;-)
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
Rewrite `luci.sys.wifi.getiwinfo()` to use the ubus wireless state instead of
depreacated uci state vars in order to map abstract network notation to
wireless ifnames.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Do not use standard post security checking for actions that require file upload
since reading the token value will trigger parsing of the http message body
before the file upload handler has been set, which causes LuCI to buffer the
entire request body in memory.
In order to simplify the code and logic flow, split action_flashops() into
separate handlers for reset, backup, restore and sysupgrade.
Let the backup restore and sysupgrade handlers use the new test_post_security()
method in luci.dispatcher to perform token checking *after* setting the upload
handler.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Now that we don't have an url token anymore, '/cgi-bin/luci' becomes a valid
url while cookies are restricted to only '/cgi-bin/luci/' and below.
In order to ensure that the first request after login refers to a path
covered by the authentication cookie, change build_url() to always append
a trailing slash if we're referring to the base url.
This should fix the login problems mentioned in #516.
While we're touching the dispatcher, also remove remaining url token code.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Now that sensitive urls require post requests and only accept them if a valid
security token is sent along the request, we can drop the global random url
token to improve LuCI usability.
The main improvement is the ability to use multiple tabs with the same login
session, but also deep linking to specific urls without the need for another
login becomes feasible, e.g. for documentation purposes.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
* Use post_on() target to require csrf token verification for modifying actions
* Ensure that package and flash operation handlers guard modifying operations
with parameter check
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
* Add a generic helper function to check need for post / csrf token validation
* Remove custom token verification in cbi targets
* Support requiring post security depending on specific submit parameters,
usable through post_on() action
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Sync translations to the current strings.
Changes in luci-app-ddns, luci-app-mjpg-streamer, luci-app-qos,
luci-app-shadowsocks-libev, luci-app-statistics and luci-base
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Changes in 2015g:
http://mm.icann.org/pipermail/tz-announce/2015-October/000034.html
Norfolk moves from +1130 to +1100 on 2015-10-04 at 02:00 local time.
Fiji's 2016 fall-back transition is scheduled for January 17, not 24.
Fort Nelson, British Columbia will not fall back on 2015-11-01. It has
effectively been on MST (-0700) since it advanced its clocks on 2015-03-08.
New zone America/Fort_Nelson.
Note: the Turkey-related one-time rule change is not apparently catched by
the zoneinfo2lua script, so that change is not included in this commit.
(Turkey's 2015 fall-back transition is scheduled for Nov. 8, not Oct. 25.)
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Only process submitted data if the "cbi.submit" parameter is present as the
dispatcher will verify the integrity of the CSRF token in this case.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Add the dispatcher infrastructure to restrict certain routes to POST
requests only in conjunction with verification of CSRF tokens.
This is the first step to get rid of the CSRF token in the url in favor
to tokens embedded in forms.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Only attempt to call "dsl_func" if the dsl_control lucistat output could be
successfully evaluated.
Works around https://dev.openwrt.org/ticket/20607
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Change index.html that is visible for a second when entering Luci:
* Black text on white background (instead of white on black)
* Specify font as Arial/Helvetica
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
The mediaurlbase option in the default /etc/config/luci still points
to the old openwrt.org theme that is not installed by default.
The discrepancy was noted in the commit message for 55ab4e4ce2
After 55ab4e4ce2 the installed theme's uci-defaults script will correct
the setting at first boot, but we should not have a deprecated theme as
the default value. Set the default value to the default theme 'bootstrap'.
Related old discussion at #302
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Prevent word-wrap on the config input areas. Especially the feed
definition lines can be long, and automatic word-wrap can decrease
clarity.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Add package *.ipk size information to package listing in Luci,
as opkg was today extended to support listing also the size information.
Visible fields are now: name, version, size, description
That will help users considering installation of a certain package
to assess its size impact on flash.
Note: Opkg data includes the size of the .ipk file, not the expanded size.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
opkg config was recently changed by https://dev.openwrt.org/changeset/46491/
Existing /etc/opkg.conf was split to three:
/etc/opkg.conf -> base opkg configuration
/etc/opkg/distfeeds.conf -> default Openwrt package feeds
/etc/opkg/customfeeds.conf -> custom package feeds
Since then, the actual feed definitions have not been visible/configurable,
as only /etc/opkg.conf has been visible in Luci.
This patch restores the capability to see and edit package feed definitions.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Previously, get_list("fake", "non-existent", "notreal") would still
return a table, just empty. This is nice, as you can always iterate the
returned table, without having to check it first.
However, if you happened to pass a nil for any of the parameters, you
would actually get a nil in return. This was inconsistent.
The documentation is updated to clarify the behaviour of this function.
Signed-off-by: Karl Palsson <karlp@remake.is>
Allows lists fetched with get_list to be modified and simply passed back
to set_list. Explicitly calling set_list() with an empty list is clearly
requesting that there be zero list items, ie, deletion of the option
altogether.
Signed-off-by: Karl Palsson <karlp@remake.is>
Many packages currently include a git commit hash in version string.
That makes versions string very long and the version column takes much space
when listing available/installed packages in Luci.
Longest version string is 58 characters (micropython).
85 packages have at least 50 chars and 150 packages at least 40 chars.
Adjust Luci to display max. 26 characters (= luci's own version string).
Longer version strings are cut to: "first 21c" + ".." + "last 3c"
The last 3 chars are used to preserve the possible PKG_REVISION string.
E.g. 'opkg' has only hash+PKG_REVISION, so using only start of the string
might not be optimal.
Examples:
1.3.10-20150302-f2a889564b3a215902622b040a1247af38cb8203-1
1.3.10-20150302-f2a88..3-1
0.1-20150302-654c7d288603f7dae09eb09b57fb67b38c7ac6c3-1
0.1-20150302-654c7d28..3-1
9c97d5ecd795709c8584e972bfdf3aee3a5b846d-7
9c97d5ecd795709c8584e..d-7
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
The setfilehandler() functions used for mime and url encoded message
bodies all operate with a signature of fh(meta, chunk, eof), but for
unhandled encodings, the callback was directly assigned to the sink
function, which has a signature of snk(chunk). Insert a wrapper to
properly generate the EOF flag, and include a stub "meta" block
providing a virtual "name" and also the original client provided
Content-Type header, to possibly help with taking alternative actions in
the file handler.
The sink function created for raw content decoding also used the wrong
signature for the sink function.
Signed-off-by: Karl Palsson <karlp@remake.is>
Changes in 2015e and 2015f:
http://mm.icann.org/pipermail/tz-announce/2015-June/000032.htmlhttp://mm.icann.org/pipermail/tz-announce/2015-August/000033.html
Morocco will suspend DST from 2015-06-14 03:00 through 2015-07-19 02:00,
not 06-13 and 07-18 as we had guessed.
Assume Cayman Islands will observe DST starting next year, using US rules.
Although it isn't guaranteed, it is the most likely.
North Korea switches to +0830 on 2015-08-15.
The abbreviation remains "KST".
Uruguay no longer observes DST.
Moldova starts and ends DST at 00:00 UTC, not at 01:00 UTC.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* minor fix function _list() set to local
* new function compare_version() lua version of opkg compare-version
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
