glaszig 
							
						 
					 
					
						
						
							
						
						da69d3d768 
					 
					
						
						
							
							send CSRF token in a response header,  
						
						... 
						
						
						
						update the page's CSRF tokens with the new token
from the response header,
verify csrf token in ajax endpoints,
initialize a session for every endpoint 
						
						
					 
					
						2019-08-06 21:34:58 +02:00 
						 
				 
			
				
					
						
							
							
								glaszig 
							
						 
					 
					
						
						
							
						
						8f3489cd4a 
					 
					
						
						
							
							remove id attribute from csrf token field due to obsolescence  
						
						... 
						
						
						
						and if there's multiple form's on the page it would lead to
multiple elements with the same id which is illegal in html 
						
						
					 
					
						2019-08-06 20:55:16 +02:00 
						 
				 
			
				
					
						
							
							
								glaszig 
							
						 
					 
					
						
						
							
						
						f36b08c10a 
					 
					
						
						
							
							rename CSRFToken() to the more apt CSRFTokenFieldTag()  
						
						
						
						
					 
					
						2019-08-06 20:55:16 +02:00 
						 
				 
			
				
					
						
							
							
								glaszig 
							
						 
					 
					
						
						
							
						
						0a255e8b49 
					 
					
						
						
							
							don't write the csrf token field to the output buffer  
						
						... 
						
						
						
						but return and echo it 
						
						
					 
					
						2019-08-06 20:55:16 +02:00 
						 
				 
			
				
					
						
							
							
								glaszig 
							
						 
					 
					
						
						
							
						
						6f1ae104f3 
					 
					
						
						
							
							improve CSRFToken() implementation  
						
						
						
						
					 
					
						2019-08-06 20:55:16 +02:00 
						 
				 
			
				
					
						
							
							
								glaszig 
							
						 
					 
					
						
						
							
						
						2f6dc2cc05 
					 
					
						
						
							
							remove superfluous semi-colon  
						
						
						
						
					 
					
						2019-08-06 20:55:16 +02:00 
						 
				 
			
				
					
						
							
							
								glaszig 
							
						 
					 
					
						
						
							
						
						964dc00fab 
					 
					
						
						
							
							generate a new csrf token for each request  
						
						
						
						
					 
					
						2019-08-06 20:55:16 +02:00 
						 
				 
			
				
					
						
							
							
								glaszig 
							
						 
					 
					
						
						
							
						
						7898dc24c8 
					 
					
						
						
							
							mcrypt_create_iv is deprecated, openssl_random_pseudo_bytes  
						
						... 
						
						
						
						depends on openssl. php7 has the platform-independent
`random_bytes` to generate "cryptographically secure"
random data. use that for csrf token. 
						
						
					 
					
						2019-08-06 20:55:16 +02:00 
						 
				 
			
				
					
						
							
							
								glaszig 
							
						 
					 
					
						
						
							
						
						490cb14acd 
					 
					
						
						
							
							removing superfluous call to CSRFToken() which  
						
						... 
						
						
						
						just put the hidden input onto the page for js
to have access to it. this is now handled with
a meta tag. 
						
						
					 
					
						2019-08-06 20:55:16 +02:00 
						 
				 
			
				
					
						
							
							
								glaszig 
							
						 
					 
					
						
						
							
						
						b38dbb82ab 
					 
					
						
						
							
							do net send csrf tokens individually with post xhr  
						
						... 
						
						
						
						since we set it in a `beforeSend` callback 
						
						
					 
					
						2019-08-06 20:55:16 +02:00 
						 
				 
			
				
					
						
							
							
								glaszig 
							
						 
					 
					
						
						
							
						
						b9e9b7fe39 
					 
					
						
						
							
							move csrf token initialization into function  
						
						
						
						
					 
					
						2019-08-06 20:55:16 +02:00 
						 
				 
			
				
					
						
							
							
								glaszig 
							
						 
					 
					
						
						
							
						
						d53517a34a 
					 
					
						
						
							
							removed useless line of code  
						
						
						
						
					 
					
						2019-08-06 20:55:16 +02:00 
						 
				 
			
				
					
						
							
							
								glaszig 
							
						 
					 
					
						
						
							
						
						0967a53152 
					 
					
						
						
							
							validate token value from csrf token header  
						
						... 
						
						
						
						if supplied and not overridden by post request param 
						
						
					 
					
						2019-08-06 20:55:16 +02:00 
						 
				 
			
				
					
						
							
							
								glaszig 
							
						 
					 
					
						
						
							
						
						ce3ec131a6 
					 
					
						
						
							
							add csrf token header to all resource-modifying xhr  
						
						
						
						
					 
					
						2019-08-06 20:55:16 +02:00 
						 
				 
			
				
					
						
							
							
								glaszig 
							
						 
					 
					
						
						
							
						
						20bb9fe42f 
					 
					
						
						
							
							add csrf meta tag (for use with xhr, for example)  
						
						
						
						
					 
					
						2019-08-06 20:55:16 +02:00 
						 
				 
			
				
					
						
							
							
								glaszig 
							
						 
					 
					
						
						
							
						
						87fe8948b8 
					 
					
						
						
							
							remove splattered, duplicated csrf validation code  
						
						... 
						
						
						
						since we do that always and early, now. 
						
						
					 
					
						2019-08-06 20:55:16 +02:00 
						 
				 
			
				
					
						
							
							
								glaszig 
							
						 
					 
					
						
						
							
						
						f989b8060b 
					 
					
						
						
							
							always verify csrf token for resource-modifying requests,  
						
						... 
						
						
						
						that is post, put, patch, delete 
						
						
					 
					
						2019-08-06 20:55:16 +02:00 
						 
				 
			
				
					
						
							
							
								Bill Zimmerman 
							
						 
					 
					
						
						
							
						
						93b458197a 
					 
					
						
						
							
							Merge pull request  #365  from glaszig/feature/connect-hidden-ssid  
						
						... 
						
						
						
						enable wifi client to connect to hidden ssid 
						
						
					 
					
						2019-08-05 16:04:29 +02:00 
						 
				 
			
				
					
						
							
							
								Bill Zimmerman 
							
						 
					 
					
						
						
							
						
						9b66c2cd03 
					 
					
						
						
							
							Merge pull request  #363  from glaszig/fix/hostapd-wmm  
						
						... 
						
						
						
						properly enable wmm by fixing a typo 
						
						
					 
					
						2019-08-05 15:46:10 +02:00 
						 
				 
			
				
					
						
							
							
								billz 
							
						 
					 
					
						
						
							
						
						c0cfcfa117 
					 
					
						
						
							
							Bugfix,  resolves   #367  
						
						
						
						
					 
					
						2019-08-05 14:26:55 +01:00 
						 
				 
			
				
					
						
							
							
								glaszig 
							
						 
					 
					
						
						
							
						
						1152637120 
					 
					
						
						
							
							puts service status as label into panel heading  
						
						
						
						
					 
					
						2019-08-02 23:40:06 +02:00 
						 
				 
			
				
					
						
							
							
								Bill Zimmerman 
							
						 
					 
					
						
						
							
						
						02c3703392 
					 
					
						
						
							
							Merge pull request  #355  from glaszig/ui/escape-interface-settings  
						
						... 
						
						
						
						show network interface settings pre block, properly escaped 
						
						
					 
					
						2019-08-02 18:25:27 +02:00 
						 
				 
			
				
					
						
							
							
								Bill Zimmerman 
							
						 
					 
					
						
						
							
						
						ff21343751 
					 
					
						
						
							
							Merge branch 'master' into ui/escape-interface-settings  
						
						
						
						
					 
					
						2019-08-02 18:18:19 +02:00 
						 
				 
			
				
					
						
							
							
								Bill Zimmerman 
							
						 
					 
					
						
						
							
						
						fe35742519 
					 
					
						
						
							
							Merge pull request  #361  from glaszig/feature/static-dhcp-hosts  
						
						... 
						
						
						
						static dhcp leases 
						
						
					 
					
						2019-08-02 17:49:29 +02:00 
						 
				 
			
				
					
						
							
							
								glaszig 
							
						 
					 
					
						
						
							
						
						493269e061 
					 
					
						
						
							
							enable wifi client to connect to hidden ssid  
						
						... 
						
						
						
						according to the docs:
For finding networks using hidden SSID, scan_ssid=1 in the network block can be used with nl80211.
and
scan_ssid:
	0 = do not scan this SSID with specific Probe Request frames (default)
	1 = scan with SSID-specific Probe Request frames (this can be used to
	    find APs that do not accept broadcast SSID or use multiple SSIDs;
	    this will add latency to scanning, so enable this only when needed)
https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf 
see billz/raspap-webgui#345  
						
						
					 
					
						2019-08-02 14:42:15 +02:00 
						 
				 
			
				
					
						
							
							
								Bill Zimmerman 
							
						 
					 
					
						
						
							
						
						2ded7be76b 
					 
					
						
						
							
							Merge pull request  #364  from glaszig/feature/improved-hostapd-hw-mode-select-labeling  
						
						... 
						
						
						
						improved 802.11 mode dropdown 
						
						
					 
					
						2019-08-02 07:36:04 +02:00 
						 
				 
			
				
					
						
							
							
								glaszig 
							
						 
					 
					
						
						
							
						
						b52f290020 
					 
					
						
						
							
							improved 802.11 standard select option labels in hostapd ui  
						
						
						
						
					 
					
						2019-08-01 23:01:31 +02:00 
						 
				 
			
				
					
						
							
							
								glaszig 
							
						 
					 
					
						
						
							
						
						0e9ed7d833 
					 
					
						
						
							
							make hostapd's max_num_sta configurable  
						
						
						
						
					 
					
						2019-08-01 22:42:52 +02:00 
						 
				 
			
				
					
						
							
							
								glaszig 
							
						 
					 
					
						
						
							
						
						ab7f990d13 
					 
					
						
						
							
							properly enable wmm by fixing a typo  
						
						... 
						
						
						
						if `ieee80211n=1`, `wmm_enabled=1` should be configured as well
according to the docs, quote:
# ieee80211n: Whether IEEE 802.11n (HT) is enabled
# 0 = disabled (default)
# 1 = enabled
# Note: You will also need to enable WMM for full HT functionality.
# Note: hw_mode=g (2.4 GHz) and hw_mode=a (5 GHz) is used to specify the band.
https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf  
						
						
					 
					
						2019-08-01 22:19:46 +02:00 
						 
				 
			
				
					
						
							
							
								glaszig 
							
						 
					 
					
						
						
							
						
						afbc50d1ee 
					 
					
						
						
							
							click the "add" button on the static dhcp lease form  
						
						... 
						
						
						
						for people that forgot to click that button to add their lease 
						
						
					 
					
						2019-08-01 18:15:32 +02:00 
						 
				 
			
				
					
						
							
							
								glaszig 
							
						 
					 
					
						
						
							
						
						d18dbd7def 
					 
					
						
						
							
							add ui to manage static dhcp leases  
						
						... 
						
						
						
						* add support to parse duplicate options in ParseConfig()
* add logic, html and js to edit dhcp leases 
						
						
					 
					
						2019-08-01 18:15:32 +02:00 
						 
				 
			
				
					
						
							
							
								glaszig 
							
						 
					 
					
						
						
							
						
						e02557af3a 
					 
					
						
						
							
							add pre.unstyled css rule  
						
						... 
						
						
						
						in bootstrap, pre blocks have background and borders.
this removes them with a special class named `unstyled`
just like `ul.unstyled`. 
						
						
					 
					
						2019-07-31 04:04:38 +02:00 
						 
				 
			
				
					
						
							
							
								glaszig 
							
						 
					 
					
						
						
							
						
						3db99c7d21 
					 
					
						
						
							
							* escape html entities in network interface settings  
						
						... 
						
						
						
						the command `ip address show eth0` returns
special characters like "<" and ">" which, if left
unescaped and shown on the page, will create
arbitrary html elements and hide information.
* show interface settings inside unstyled pre block
interface properties should be parsed and displayed
in a proprietary and pretty manner. until then, give
use the raw output of `ip address show` 
						
						
					 
					
						2019-07-31 04:04:38 +02:00 
						 
				 
			
				
					
						
							
							
								Bill Zimmerman 
							
						 
					 
					
						
						
							
						
						1b32ed53d6 
					 
					
						
						
							
							Merge pull request  #358  from glaszig/fix/dashboard-ipv6-addresses  
						
						... 
						
						
						
						fix display of ip addresses in dashboard 
						
						
					 
					
						2019-07-30 19:03:32 -07:00 
						 
				 
			
				
					
						
							
							
								Bill Zimmerman 
							
						 
					 
					
						
						
							
						
						809051165b 
					 
					
						
						
							
							Merge pull request  #357  from glaszig/security/command-injection  
						
						... 
						
						
						
						SECURITY ISSUE! fix command injection 
						
						
					 
					
						2019-07-30 19:01:11 -07:00 
						 
				 
			
				
					
						
							
							
								glaszig 
							
						 
					 
					
						
						
							
						
						c2ed6c6e02 
					 
					
						
						
							
							fix display of multiple ipv4 addresses, netmasks on dashboard  
						
						
						
						
					 
					
						2019-07-30 23:15:08 +02:00 
						 
				 
			
				
					
						
							
							
								glaszig 
							
						 
					 
					
						
						
							
						
						4a5a39c2bc 
					 
					
						
						
							
							fix display of ipv6 addresses  
						
						
						
						
					 
					
						2019-07-30 22:49:35 +02:00 
						 
				 
			
				
					
						
							
							
								glaszig 
							
						 
					 
					
						
						
							
						
						81a67c0121 
					 
					
						
						
							
							better filename  
						
						
						
						
					 
					
						2019-07-30 21:21:16 +02:00 
						 
				 
			
				
					
						
							
							
								glaszig 
							
						 
					 
					
						
						
							
						
						a6d3336212 
					 
					
						
						
							
							fix command injection issue.  fixes   #354 .  
						
						
						
						
					 
					
						2019-07-30 21:21:16 +02:00 
						 
				 
			
				
					
						
							
							
								Bill Zimmerman 
							
						 
					 
					
						
						
							
						
						d81d1b0a10 
					 
					
						
						
							
							Update README.md  
						
						
						
						
					 
					
						2019-07-29 17:36:54 -07:00 
						 
				 
			
				
					
						
							
							
								Bill Zimmerman 
							
						 
					 
					
						
						
							
						
						24a7d0ac95 
					 
					
						
						
							
							Merge pull request  #348  from ozbotics/fix-issue-347  
						
						... 
						
						
						
						Changes made using the 'Configure networking' page are not reflected in the actual network configuration Issue #347  
						
						
					 
					
						2019-07-25 09:14:17 -07:00 
						 
				 
			
				
					
						
							
							
								Jon van Noort 
							
						 
					 
					
						
						
							
						
						6e33e4c882 
					 
					
						
						
							
							changed call to parse_ini_file() to use INI_SCANNER_RAW, so that ini values are parsed as expected  
						
						
						
						
					 
					
						2019-07-18 04:17:19 +08:00 
						 
				 
			
				
					
						
							
							
								billz 
							
						 
					 
					
						
						
							
						
						76d23e33f9 
					 
					
						
						
							
							Hotfix  
						
						
						
						
					 
					
						2019-07-10 07:46:58 +01:00 
						 
				 
			
				
					
						
							
							
								Bill Zimmerman 
							
						 
					 
					
						
						
							
						
						be635e773c 
					 
					
						
						
							
							Update manual install steps  
						
						
						
						
					 
					
						2019-07-09 00:20:18 +02:00 
						 
				 
			
				
					
						
							
							
								Bill Zimmerman 
							
						 
					 
					
						
						
							
						
						a280c9df89 
					 
					
						
						
							
							Updated to support Buster "stable" release  
						
						
						
						
					 
					
						2019-07-08 21:49:38 +02:00 
						 
				 
			
				
					
						
							
							
								Bill Zimmerman 
							
						 
					 
					
						
						
							
						
						40a1b46dfc 
					 
					
						
						
							
							Update README.md  
						
						
						
						
					 
					
						2019-06-29 10:14:25 +02:00 
						 
				 
			
				
					
						
							
							
								Bill Zimmerman 
							
						 
					 
					
						
						
							
						
						4940255cc6 
					 
					
						
						
							
							Minor update to version_msg  
						
						
						
						
					 
					
						2019-06-29 09:54:29 +02:00 
						 
				 
			
				
					
						
							
							
								Bill Zimmerman 
							
						 
					 
					
						
						
							
						
						acd58ce557 
					 
					
						
						
							
							Minor update to version_msg  
						
						
						
						
					 
					
						2019-06-29 09:51:36 +02:00 
						 
				 
			
				
					
						
							
							
								Bill Zimmerman 
							
						 
					 
					
						
						
							
						
						38ac3f904c 
					 
					
						
						
							
							Update manual install steps for Buster  
						
						
						
						
					 
					
						2019-06-28 10:12:07 +02:00 
						 
				 
			
				
					
						
							
							
								Bill Zimmerman 
							
						 
					 
					
						
						
							
						
						374192ebe1 
					 
					
						
						
							
							Update README.md  
						
						
						
						
					 
					
						2019-06-28 10:08:32 +02:00