luci/modules/luci-mod-admin-full/luasrc/controller/admin
Jo-Philipp Wich 94ab57f48c luci-mod-admin-full: restructure and fix backup, restore and sysuprade (#517)
Do not use standard post security checking for actions that require file upload
since reading the token value will trigger parsing of the http message body
before the file upload handler has been set, which causes LuCI to buffer the
entire request body in memory.

In order to simplify the code and logic flow, split action_flashops() into
separate handlers for reset, backup, restore and sysupgrade.

Let the backup restore and sysupgrade handlers use the new test_post_security()
method in luci.dispatcher to perform token checking *after* setting the upload
handler.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-22 08:48:06 +02:00
..
filebrowser.lua Update my email addresses in the license headers 2015-01-16 23:49:44 +01:00
index.lua luci-mod-admin-full: do not access dispatcher.context.urltoken in logout 2015-10-21 16:43:07 +02:00
network.lua luci-mod-admin-full: protect network post actions with csrf tokens 2015-10-20 22:17:23 +02:00
status.lua luci-mod-admin-full: protect iptables counter reset and restart with token 2015-10-20 22:27:39 +02:00
system.lua luci-mod-admin-full: restructure and fix backup, restore and sysuprade (#517) 2015-10-22 08:48:06 +02:00
uci.lua luci-mod-admin-full: switch to POST actions for UCI changes 2015-10-06 22:29:07 +02:00