From 93166171db6e813fe2a5e255092f3f2ad94799e8 Mon Sep 17 00:00:00 2001 From: billz Date: Sat, 16 Sep 2023 10:39:14 +0200 Subject: [PATCH] Update additional ajax posts w/ csrf_token --- app/js/custom.js | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/app/js/custom.js b/app/js/custom.js index 1fd9f0dc..c18ea8ce 100644 --- a/app/js/custom.js +++ b/app/js/custom.js @@ -123,21 +123,24 @@ $(document).on("click", "#gen_wpa_passphrase", function(e) { }); $(document).on("click", "#js-clearhostapd-log", function(e) { - $.post('ajax/logging/clearlog.php?',{'logfile':'/tmp/hostapd.log'},function(data){ + var csrfToken = $('meta[name=csrf_token]').attr('content'); + $.post('ajax/logging/clearlog.php?',{'logfile':'/tmp/hostapd.log', 'csrf_token': csrfToken},function(data){ jsonData = JSON.parse(data); $("#hostapd-log").val(""); }); }); $(document).on("click", "#js-cleardnsmasq-log", function(e) { - $.post('ajax/logging/clearlog.php?',{'logfile':'/var/log/dnsmasq.log'},function(data){ + var csrfToken = $('meta[name=csrf_token]').attr('content'); + $.post('ajax/logging/clearlog.php?',{'logfile':'/var/log/dnsmasq.log', 'csrf_token': csrfToken},function(data){ jsonData = JSON.parse(data); $("#dnsmasq-log").val(""); }); }); $(document).on("click", "#js-clearopenvpn-log", function(e) { - $.post('ajax/logging/clearlog.php?',{'logfile':'/tmp/openvpn.log'},function(data){ + var csrfToken = $('meta[name=csrf_token]').attr('content'); + $.post('ajax/logging/clearlog.php?',{'logfile':'/tmp/openvpn.log', 'csrf_token': csrfToken},function(data){ jsonData = JSON.parse(data); $("#openvpn-log").val(""); }); @@ -287,7 +290,8 @@ $('#configureClientModal').on('shown.bs.modal', function (e) { $('#ovpn-confirm-delete').on('click', '.btn-delete', function (e) { var cfg_id = $(this).data('recordId'); - $.post('ajax/openvpn/del_ovpncfg.php',{'cfg_id':cfg_id},function(data){ + var csrfToken = $('meta[name=csrf_token]').attr('content'); + $.post('ajax/openvpn/del_ovpncfg.php',{'cfg_id':cfg_id, 'csrf_token': csrfToken},function(data){ jsonData = JSON.parse(data); $("#ovpn-confirm-delete").modal('hide'); var row = $(document.getElementById("openvpn-client-row-" + cfg_id)); @@ -304,7 +308,8 @@ $('#ovpn-confirm-delete').on('show.bs.modal', function (e) { $('#ovpn-confirm-activate').on('click', '.btn-activate', function (e) { var cfg_id = $(this).data('record-id'); - $.post('ajax/openvpn/activate_ovpncfg.php',{'cfg_id':cfg_id},function(data){ + var csrfToken = $('meta[name=csrf_token]').attr('content'); + $.post('ajax/openvpn/activate_ovpncfg.php',{'cfg_id':cfg_id, 'csrf_token': csrfToken},function(data){ jsonData = JSON.parse(data); $("#ovpn-confirm-activate").modal('hide'); setTimeout(function(){ @@ -437,10 +442,11 @@ function setHardwareModeTooltip() { */ function updateBlocklist() { var blocklist_id = $('#cbxblocklist').val(); + var csrfToken = $('meta[name=csrf_token]').attr('content'); if (blocklist_id == '') { return; } $('#cbxblocklist-status').find('i').removeClass('fas fa-check').addClass('fas fa-cog fa-spin'); $('#cbxblocklist-status').removeClass('check-hidden').addClass('check-progress'); - $.post('ajax/adblock/update_blocklist.php',{ 'blocklist_id':blocklist_id },function(data){ + $.post('ajax/adblock/update_blocklist.php',{ 'blocklist_id':blocklist_id, 'csrf_token': csrfToken},function(data){ var jsonData = JSON.parse(data); if (jsonData['return'] == '0') { $('#cbxblocklist-status').find('i').removeClass('fas fa-cog fa-spin').addClass('fas fa-check'); @@ -459,7 +465,8 @@ $('.wg-keygen').click(function(){ var entity_pub = $(this).parent('div').prev('input[type="text"]'); var entity_priv = $(this).parent('div').next('input[type="hidden"]'); var updated = entity_pub.attr('name')+"-pubkey-status"; - $.post('ajax/networking/get_wgkey.php',{'entity':entity_pub.attr('name') },function(data){ + var csrfToken = $('meta[name=csrf_token]').attr('content'); + $.post('ajax/networking/get_wgkey.php',{'entity':entity_pub.attr('name'), 'csrf_token': csrfToken},function(data){ var jsonData = JSON.parse(data); entity_pub.val(jsonData.pubkey); $('#' + updated).removeClass('check-hidden').addClass('check-updated').delay(500).animate({ opacity: 1 }, 700);