Difuse/luci
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
LuCI - OpenWrt Configuration Interface
14691 commits 13 branches 13 tags 306 MiB
JavaScript 41.5%
C 26.4%
Lua 14.3%
HTML 6.3%
CSS 3.1%
Other 8.4%
Find a file
Hauke Mehrtens 139edfce8b themes: Call striptags() on hostname to prevent XSS 
This calls striptags() on the hostname to prevent any XSS over the
hostname. This should fix CVE-2021-33425 as far as I understood it.

If someone adds some Javascript into system.@system[0].hostname it would
have been directly added to the page, this prevents the problem.

This can only be exploited by someone being able to modify the uci
configuration, normally a user with such privileges could also just
modify the webpage.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 5cbd79d7e3)
2021-06-09 20:53:15 +02:00
applications treewide: i18n - Backport translations 2021-06-08 20:07:21 +03:00
build treewide: replace which with command -v 2020-08-20 15:54:54 -10:00
collections luci-ssl: switch to WolfSSL 2020-08-31 13:01:55 +03:00
contrib/package lucihttp: update to latest Git HEAD 2019-07-05 08:27:47 +02:00
docs docs: update js api docs 2020-08-06 17:58:47 +02:00
libs rpcd-mod-luci: Fix parsing of DUID-LLT's in duid2ea 2021-03-01 08:55:46 +01:00
modules treewide: i18n - Backport translations 2021-06-08 20:07:21 +03:00
protocols treewide: drop MAC and MTU from interfaces (protocols) 2021-05-28 15:44:44 +02:00
themes themes: Call striptags() on hostname to prevent XSS 2021-06-09 20:53:15 +02:00
.gitignore luci-base: add support for plural translations and contexts in Lua api 2020-01-25 23:21:35 +01:00
CONTRIBUTING.md CONTRIBUTING.md: Fix sign_your_work link. 2020-03-01 14:33:20 -08:00
jsdoc.conf.json docs: various updates 2019-11-07 12:39:24 +01:00
LICENSE * new project: ff-luci - Freifunk Lua Configuration Interface 2008-03-02 21:52:58 +00:00
luci.mk luci.mk: make SUBMENU package define customizable and optional 2021-06-03 08:39:15 -10:00
NOTICE Update my email addresses in the license headers 2015-01-16 23:49:44 +01:00
package.json docs: various updates 2019-11-07 12:39:24 +01:00
README.md docs: various updates 2019-11-07 12:39:24 +01:00

README.md

OpenWrt luci feed

Translation status

Description

This is the OpenWrt "luci"-feed containing LuCI - OpenWrt Configuration Interface.

Usage

This feed is enabled by default. Your feeds.conf.default (or feeds.conf) should contain a line like:

src-git luci https://github.com/openwrt/luci.git

To install all its package definitions, run:

./scripts/feeds update luci
./scripts/feeds install -a -p luci

API Reference

You can browse the generated API documentation directly on Github.

Development

Documentation for developing and extending LuCI can be found in the Wiki

License

See LICENSE file.

Package Guidelines

See CONTRIBUTING.md file.

Translation status

Translation status