glaszig
20d9e919c3
generate only one csrf token per session
...
some pages issue xhr which lead to new
tokens in the session and a future check
is garuanteed to fail.
2019-08-19 03:12:37 +01:00
Bill Zimmerman
df81ce2a07
Deprecated in favor of new issue template workflow
2019-08-17 17:01:06 +02:00
Bill Zimmerman
3ea96f716d
Update issue templates
2019-08-17 16:59:20 +02:00
Bill Zimmerman
9531b09335
Update ISSUE_TEMPLATE.md
2019-08-17 16:50:59 +02:00
billz
f634617dcb
Minor: fixed indents
2019-08-17 14:53:14 +01:00
billz
82d5b45cdd
Added min-height to .js-wifi-stations, fixed indents
2019-08-17 14:52:52 +01:00
Bill Zimmerman
5858971762
Merge pull request #372 from glaszig/ui/xhr-load-cached-wifi-stations
...
load wifi stations via ajax, cache the scan result
2019-08-17 09:53:13 +02:00
Bill Zimmerman
1746d5b034
Merge pull request #376 from glaszig/fix/csrf-token-field-tags
...
fix csrf token field tags
2019-08-17 00:57:36 +02:00
glaszig
d2bb1b02b5
move CSRFTokenFieldTag up to the opening form tag
...
for style and discoverability
2019-08-14 02:44:13 +02:00
glaszig
f5e3b717ff
add missing CSRFTokenFieldTag's
2019-08-14 02:41:58 +02:00
billz
99b0c04ef2
Bugfix in sudoers. Resolves #373
2019-08-13 00:11:10 +01:00
billz
9cb564a15f
Processed with phpcs for PSR-2 coding standard
2019-08-12 11:02:40 +01:00
Bill Zimmerman
5b041e6899
Merge pull request #375 from glaszig/fix/network-config-display
...
network config: properly check radio buttons
2019-08-12 11:25:15 +02:00
Bill Zimmerman
d124e68275
Processed with phpcs for PSR-2
2019-08-12 11:22:06 +02:00
Bill Zimmerman
6d347f9a52
Merge pull request #374 from glaszig/feature/rpi4b
...
add RPI 4
2019-08-12 11:12:26 +02:00
glaszig
63c3fc57f0
parse interface config ini the same as in 6e33e4c
( #348 )
...
when showing network config. this makes the proper
radio button be checked.
2019-08-10 12:38:44 +02:00
Bill Zimmerman
e2f07044b4
Merge pull request #362 from glaszig/feature/ap-client-limit
...
make hostapd's max_num_sta configurable
2019-08-10 12:13:30 +02:00
sunnybank101
f3e3beb0ce
add RPI 4
2019-08-10 12:09:04 +02:00
glaszig
3f9d176793
show current nax_num_sta as input value,
...
make field description translatable
2019-08-10 11:57:10 +02:00
Bill Zimmerman
6286595898
Merge pull request #369 from glaszig/fix/arp-speed
...
speed up dashboard
2019-08-09 18:02:54 +02:00
Bill Zimmerman
b878e87cae
Merge pull request #371 from glaszig/ui/layout-fixes
...
layout improvements
2019-08-09 16:34:14 +02:00
glaszig
916072f7fd
bootstrap panel-footer goes directly after panel-body
...
https://getbootstrap.com/docs/3.3/components/#panels-footer
2019-08-09 16:21:58 +02:00
billz
165b9865cf
Apply service-status to theme
2019-08-08 22:14:21 +01:00
billz
97efe3a516
Update unstyled elements
2019-08-08 22:07:05 +01:00
Bill Zimmerman
a00f1be009
Merge pull request #366 from glaszig/feature/improved-service-status-indicator
...
improved service status display
2019-08-08 20:55:04 +02:00
glaszig
993dc633a9
load wifi stations via ajax, cache the scan result
...
until the "rescan" button is pressed. speeds up
"configure client" page massively.
2019-08-08 03:44:28 +02:00
Bill Zimmerman
7dd80f6098
Merge pull request #370 from glaszig/fix/csrf
...
fix csrf verification
2019-08-08 00:23:58 +02:00
glaszig
56097d5629
send proper csrf header
2019-08-08 00:14:12 +02:00
glaszig
1fddad190f
fix require paths
2019-08-07 23:51:22 +02:00
glaszig
c1da509053
remove superfluous, overly nested html (mainly bootstrap panels)
2019-08-07 23:16:56 +02:00
sunnybank101
62c7e99465
arp can take for ever
...
added -n to the arp command to speed it up!
2019-08-07 22:48:59 +02:00
billz
b5f875cce7
Updated CSRFTokenFieldTag
2019-08-07 21:01:05 +01:00
Bill Zimmerman
f6f85d1c11
Merge pull request #356 from glaszig/security/always-verify-csrf-token
...
always verify csrf token for resource-modifying requests
2019-08-07 21:53:39 +02:00
billz
e4757a06ae
Minor: use install_log for raspap.service
2019-08-07 09:28:20 +01:00
billz
10e0aaf1ab
Update .gitignore
2019-08-06 23:01:15 +01:00
Bill Zimmerman
d4d6dbd79b
Merge pull request #360 from glaszig/installer/cp-instead-of-mv
...
installation: do not move files out of git tree
2019-08-06 22:45:01 +02:00
glaszig
47cc1bdc33
cleaner jquery ready callback
2019-08-06 22:42:50 +02:00
glaszig
752e8ccf66
improve global ajax event handling
2019-08-06 22:41:29 +02:00
glaszig
c70433585a
move all other favicon-types into dist/icons folder,
...
point to icons via link and meta tags,
leave favicon.ico in root old browsers,
added custom jekyll layout file to use the icons
for the project website as well.
https://help.github.com/en/articles/customizing-css-and-html-in-your-jekyll-theme
https://github.com/pages-themes/minimal/blob/master/_layouts/default.html
https://stackoverflow.com/a/48969053
2019-08-06 22:24:13 +02:00
glaszig
2104ccb91a
favicons and sorts can stay in subdirectories
...
and be pointed to by proper meta tags.
do not copy these around during installation and poison the git tree.
2019-08-06 21:36:52 +02:00
glaszig
748348f407
during installation copy files from the git working tree
...
to their destinations instead of moving them and making
git think they got deleted
2019-08-06 21:36:52 +02:00
glaszig
da69d3d768
send CSRF token in a response header,
...
update the page's CSRF tokens with the new token
from the response header,
verify csrf token in ajax endpoints,
initialize a session for every endpoint
2019-08-06 21:34:58 +02:00
glaszig
8f3489cd4a
remove id attribute from csrf token field due to obsolescence
...
and if there's multiple form's on the page it would lead to
multiple elements with the same id which is illegal in html
2019-08-06 20:55:16 +02:00
glaszig
f36b08c10a
rename CSRFToken() to the more apt CSRFTokenFieldTag()
2019-08-06 20:55:16 +02:00
glaszig
0a255e8b49
don't write the csrf token field to the output buffer
...
but return and echo it
2019-08-06 20:55:16 +02:00
glaszig
6f1ae104f3
improve CSRFToken() implementation
2019-08-06 20:55:16 +02:00
glaszig
2f6dc2cc05
remove superfluous semi-colon
2019-08-06 20:55:16 +02:00
glaszig
964dc00fab
generate a new csrf token for each request
2019-08-06 20:55:16 +02:00
glaszig
7898dc24c8
mcrypt_create_iv is deprecated, openssl_random_pseudo_bytes
...
depends on openssl. php7 has the platform-independent
`random_bytes` to generate "cryptographically secure"
random data. use that for csrf token.
2019-08-06 20:55:16 +02:00
glaszig
490cb14acd
removing superfluous call to CSRFToken() which
...
just put the hidden input onto the page for js
to have access to it. this is now handled with
a meta tag.
2019-08-06 20:55:16 +02:00