Commit Graph

694 Commits

Author SHA1 Message Date
glaszig
0a255e8b49 don't write the csrf token field to the output buffer
but return and echo it
2019-08-06 20:55:16 +02:00
glaszig
6f1ae104f3 improve CSRFToken() implementation 2019-08-06 20:55:16 +02:00
glaszig
2f6dc2cc05 remove superfluous semi-colon 2019-08-06 20:55:16 +02:00
glaszig
964dc00fab generate a new csrf token for each request 2019-08-06 20:55:16 +02:00
glaszig
7898dc24c8 mcrypt_create_iv is deprecated, openssl_random_pseudo_bytes
depends on openssl. php7 has the platform-independent
`random_bytes` to generate "cryptographically secure"
random data. use that for csrf token.
2019-08-06 20:55:16 +02:00
glaszig
490cb14acd removing superfluous call to CSRFToken() which
just put the hidden input onto the page for js
to have access to it. this is now handled with
a meta tag.
2019-08-06 20:55:16 +02:00
glaszig
b9e9b7fe39 move csrf token initialization into function 2019-08-06 20:55:16 +02:00
glaszig
0967a53152 validate token value from csrf token header
if supplied and not overridden by post request param
2019-08-06 20:55:16 +02:00
glaszig
20bb9fe42f add csrf meta tag (for use with xhr, for example) 2019-08-06 20:55:16 +02:00
glaszig
87fe8948b8 remove splattered, duplicated csrf validation code
since we do that always and early, now.
2019-08-06 20:55:16 +02:00
glaszig
f989b8060b always verify csrf token for resource-modifying requests,
that is post, put, patch, delete
2019-08-06 20:55:16 +02:00
Bill Zimmerman
93b458197a Merge pull request #365 from glaszig/feature/connect-hidden-ssid
enable wifi client to connect to hidden ssid
2019-08-05 16:04:29 +02:00
Bill Zimmerman
9b66c2cd03 Merge pull request #363 from glaszig/fix/hostapd-wmm
properly enable wmm by fixing a typo
2019-08-05 15:46:10 +02:00
billz
c0cfcfa117 Bugfix, resolves #367 2019-08-05 14:26:55 +01:00
glaszig
1152637120 puts service status as label into panel heading 2019-08-02 23:40:06 +02:00
Bill Zimmerman
ff21343751 Merge branch 'master' into ui/escape-interface-settings 2019-08-02 18:18:19 +02:00
Bill Zimmerman
fe35742519 Merge pull request #361 from glaszig/feature/static-dhcp-hosts
static dhcp leases
2019-08-02 17:49:29 +02:00
glaszig
493269e061 enable wifi client to connect to hidden ssid
according to the docs:
For finding networks using hidden SSID, scan_ssid=1 in the network block can be used with nl80211.

and

scan_ssid:
	0 = do not scan this SSID with specific Probe Request frames (default)
	1 = scan with SSID-specific Probe Request frames (this can be used to
	    find APs that do not accept broadcast SSID or use multiple SSIDs;
	    this will add latency to scanning, so enable this only when needed)

https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf

see billz/raspap-webgui#345
2019-08-02 14:42:15 +02:00
glaszig
b52f290020 improved 802.11 standard select option labels in hostapd ui 2019-08-01 23:01:31 +02:00
glaszig
0e9ed7d833 make hostapd's max_num_sta configurable 2019-08-01 22:42:52 +02:00
glaszig
ab7f990d13 properly enable wmm by fixing a typo
if `ieee80211n=1`, `wmm_enabled=1` should be configured as well
according to the docs, quote:

# ieee80211n: Whether IEEE 802.11n (HT) is enabled
# 0 = disabled (default)
# 1 = enabled
# Note: You will also need to enable WMM for full HT functionality.
# Note: hw_mode=g (2.4 GHz) and hw_mode=a (5 GHz) is used to specify the band.

https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf
2019-08-01 22:19:46 +02:00
glaszig
afbc50d1ee click the "add" button on the static dhcp lease form
for people that forgot to click that button to add their lease
2019-08-01 18:15:32 +02:00
glaszig
d18dbd7def add ui to manage static dhcp leases
* add support to parse duplicate options in ParseConfig()
* add logic, html and js to edit dhcp leases
2019-08-01 18:15:32 +02:00
glaszig
3db99c7d21 * escape html entities in network interface settings
the command `ip address show eth0` returns
special characters like "<" and ">" which, if left
unescaped and shown on the page, will create
arbitrary html elements and hide information.

* show interface settings inside unstyled pre block

interface properties should be parsed and displayed
in a proprietary and pretty manner. until then, give
use the raw output of `ip address show`
2019-07-31 04:04:38 +02:00
Bill Zimmerman
1b32ed53d6 Merge pull request #358 from glaszig/fix/dashboard-ipv6-addresses
fix display of ip addresses in dashboard
2019-07-30 19:03:32 -07:00
glaszig
c2ed6c6e02 fix display of multiple ipv4 addresses, netmasks on dashboard 2019-07-30 23:15:08 +02:00
glaszig
4a5a39c2bc fix display of ipv6 addresses 2019-07-30 22:49:35 +02:00
glaszig
81a67c0121 better filename 2019-07-30 21:21:16 +02:00
glaszig
a6d3336212 fix command injection issue. fixes #354. 2019-07-30 21:21:16 +02:00
Bill Zimmerman
f5e3b0dd31 Updated minor version 2019-06-12 21:14:12 +02:00
billz
679051b219 Added locale support for Türkçe. Thanks Cuqer! 2019-06-10 09:27:42 +00:00
billz
6866cfb266 Added locale support for Türkçe. Thanks Cuqer! 2019-06-10 09:27:17 +00:00
billz
445ba5c36c Fix for auth protocols, thanks @furest. Fixed open wifi network form element. Resolves #326 2019-05-05 11:08:47 +00:00
billz
3f9b422f5f Update safefilerewrite with PHP_EOL 2019-04-30 22:57:12 +00:00
billz
1008f83cc4 Update write_php_ini 2019-04-30 22:36:35 +00:00
billz
ce93faa277 Update write_php_ini 2019-04-30 22:18:44 +00:00
billz
1a23316abd Write wifi managed interface to config 2019-04-30 18:29:09 +00:00
billz
c07a41fc61 Connected devices not shown for uap0. Fixes #312 2019-04-13 21:49:48 +00:00
billz
dd63294a37 Updated version number 2019-04-13 15:19:13 +00:00
billz
c0570b616e Processed with phpcs for PSR-2 coding standard 2019-04-10 08:37:35 +00:00
Bill Zimmerman
96717deea1 Merge pull request #297 from billz/wificlient-ap
Wifi client AP mode
2019-04-08 20:22:02 +02:00
Bill Zimmerman
8b4a4842af Merge pull request #302 from BenjiLeblond08/master
Connected Devices list on Dashboard
2019-03-18 16:58:21 +01:00
billz
10be910657 Bugfix: replaced wlan0 with constant 2019-03-17 20:14:08 +00:00
Benjamin LEBLOND
3d561b1925 Change hard "wlan0" to RASPI_WIFI_CLIENT_INTERFACE 2019-03-17 14:19:13 +01:00
Benjamin LEBLOND
24cb51d2b9 connected device list on dashboard
Display a list of connected devices on dashboard, and update some html
2019-03-17 13:38:08 +01:00
Benjamin LEBLOND
2bcee2145f Update table raw html markup 2019-03-17 13:33:24 +01:00
billz
cbb37ff7f5 Initial commit 2019-03-15 12:31:02 +00:00
billz
8267c9b10a Bugfix 2019-03-12 07:32:17 +00:00
billz
b012bae759 bugfix 2019-03-12 00:11:29 +00:00
billz
7d98d12e3b WIP, rewite configs 2019-03-12 00:03:18 +00:00