glaszig
20d9e919c3
generate only one csrf token per session
...
some pages issue xhr which lead to new
tokens in the session and a future check
is garuanteed to fail.
2019-08-19 03:12:37 +01:00
Bill Zimmerman
5858971762
Merge pull request #372 from glaszig/ui/xhr-load-cached-wifi-stations
...
load wifi stations via ajax, cache the scan result
2019-08-17 09:53:13 +02:00
glaszig
d2bb1b02b5
move CSRFTokenFieldTag up to the opening form tag
...
for style and discoverability
2019-08-14 02:44:13 +02:00
glaszig
f5e3b717ff
add missing CSRFTokenFieldTag's
2019-08-14 02:41:58 +02:00
Bill Zimmerman
d124e68275
Processed with phpcs for PSR-2
2019-08-12 11:22:06 +02:00
Bill Zimmerman
6d347f9a52
Merge pull request #374 from glaszig/feature/rpi4b
...
add RPI 4
2019-08-12 11:12:26 +02:00
Bill Zimmerman
e2f07044b4
Merge pull request #362 from glaszig/feature/ap-client-limit
...
make hostapd's max_num_sta configurable
2019-08-10 12:13:30 +02:00
sunnybank101
f3e3beb0ce
add RPI 4
2019-08-10 12:09:04 +02:00
glaszig
3f9d176793
show current nax_num_sta as input value,
...
make field description translatable
2019-08-10 11:57:10 +02:00
Bill Zimmerman
6286595898
Merge pull request #369 from glaszig/fix/arp-speed
...
speed up dashboard
2019-08-09 18:02:54 +02:00
Bill Zimmerman
b878e87cae
Merge pull request #371 from glaszig/ui/layout-fixes
...
layout improvements
2019-08-09 16:34:14 +02:00
glaszig
916072f7fd
bootstrap panel-footer goes directly after panel-body
...
https://getbootstrap.com/docs/3.3/components/#panels-footer
2019-08-09 16:21:58 +02:00
Bill Zimmerman
a00f1be009
Merge pull request #366 from glaszig/feature/improved-service-status-indicator
...
improved service status display
2019-08-08 20:55:04 +02:00
glaszig
993dc633a9
load wifi stations via ajax, cache the scan result
...
until the "rescan" button is pressed. speeds up
"configure client" page massively.
2019-08-08 03:44:28 +02:00
glaszig
56097d5629
send proper csrf header
2019-08-08 00:14:12 +02:00
glaszig
1fddad190f
fix require paths
2019-08-07 23:51:22 +02:00
glaszig
c1da509053
remove superfluous, overly nested html (mainly bootstrap panels)
2019-08-07 23:16:56 +02:00
sunnybank101
62c7e99465
arp can take for ever
...
added -n to the arp command to speed it up!
2019-08-07 22:48:59 +02:00
billz
b5f875cce7
Updated CSRFTokenFieldTag
2019-08-07 21:01:05 +01:00
glaszig
da69d3d768
send CSRF token in a response header,
...
update the page's CSRF tokens with the new token
from the response header,
verify csrf token in ajax endpoints,
initialize a session for every endpoint
2019-08-06 21:34:58 +02:00
glaszig
8f3489cd4a
remove id attribute from csrf token field due to obsolescence
...
and if there's multiple form's on the page it would lead to
multiple elements with the same id which is illegal in html
2019-08-06 20:55:16 +02:00
glaszig
f36b08c10a
rename CSRFToken() to the more apt CSRFTokenFieldTag()
2019-08-06 20:55:16 +02:00
glaszig
0a255e8b49
don't write the csrf token field to the output buffer
...
but return and echo it
2019-08-06 20:55:16 +02:00
glaszig
6f1ae104f3
improve CSRFToken() implementation
2019-08-06 20:55:16 +02:00
glaszig
2f6dc2cc05
remove superfluous semi-colon
2019-08-06 20:55:16 +02:00
glaszig
964dc00fab
generate a new csrf token for each request
2019-08-06 20:55:16 +02:00
glaszig
7898dc24c8
mcrypt_create_iv is deprecated, openssl_random_pseudo_bytes
...
depends on openssl. php7 has the platform-independent
`random_bytes` to generate "cryptographically secure"
random data. use that for csrf token.
2019-08-06 20:55:16 +02:00
glaszig
490cb14acd
removing superfluous call to CSRFToken() which
...
just put the hidden input onto the page for js
to have access to it. this is now handled with
a meta tag.
2019-08-06 20:55:16 +02:00
glaszig
b9e9b7fe39
move csrf token initialization into function
2019-08-06 20:55:16 +02:00
glaszig
0967a53152
validate token value from csrf token header
...
if supplied and not overridden by post request param
2019-08-06 20:55:16 +02:00
glaszig
20bb9fe42f
add csrf meta tag (for use with xhr, for example)
2019-08-06 20:55:16 +02:00
glaszig
87fe8948b8
remove splattered, duplicated csrf validation code
...
since we do that always and early, now.
2019-08-06 20:55:16 +02:00
glaszig
f989b8060b
always verify csrf token for resource-modifying requests,
...
that is post, put, patch, delete
2019-08-06 20:55:16 +02:00
Bill Zimmerman
93b458197a
Merge pull request #365 from glaszig/feature/connect-hidden-ssid
...
enable wifi client to connect to hidden ssid
2019-08-05 16:04:29 +02:00
Bill Zimmerman
9b66c2cd03
Merge pull request #363 from glaszig/fix/hostapd-wmm
...
properly enable wmm by fixing a typo
2019-08-05 15:46:10 +02:00
billz
c0cfcfa117
Bugfix, resolves #367
2019-08-05 14:26:55 +01:00
glaszig
1152637120
puts service status as label into panel heading
2019-08-02 23:40:06 +02:00
Bill Zimmerman
ff21343751
Merge branch 'master' into ui/escape-interface-settings
2019-08-02 18:18:19 +02:00
Bill Zimmerman
fe35742519
Merge pull request #361 from glaszig/feature/static-dhcp-hosts
...
static dhcp leases
2019-08-02 17:49:29 +02:00
glaszig
493269e061
enable wifi client to connect to hidden ssid
...
according to the docs:
For finding networks using hidden SSID, scan_ssid=1 in the network block can be used with nl80211.
and
scan_ssid:
0 = do not scan this SSID with specific Probe Request frames (default)
1 = scan with SSID-specific Probe Request frames (this can be used to
find APs that do not accept broadcast SSID or use multiple SSIDs;
this will add latency to scanning, so enable this only when needed)
https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf
see billz/raspap-webgui#345
2019-08-02 14:42:15 +02:00
glaszig
b52f290020
improved 802.11 standard select option labels in hostapd ui
2019-08-01 23:01:31 +02:00
glaszig
0e9ed7d833
make hostapd's max_num_sta configurable
2019-08-01 22:42:52 +02:00
glaszig
ab7f990d13
properly enable wmm by fixing a typo
...
if `ieee80211n=1`, `wmm_enabled=1` should be configured as well
according to the docs, quote:
# ieee80211n: Whether IEEE 802.11n (HT) is enabled
# 0 = disabled (default)
# 1 = enabled
# Note: You will also need to enable WMM for full HT functionality.
# Note: hw_mode=g (2.4 GHz) and hw_mode=a (5 GHz) is used to specify the band.
https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf
2019-08-01 22:19:46 +02:00
glaszig
afbc50d1ee
click the "add" button on the static dhcp lease form
...
for people that forgot to click that button to add their lease
2019-08-01 18:15:32 +02:00
glaszig
d18dbd7def
add ui to manage static dhcp leases
...
* add support to parse duplicate options in ParseConfig()
* add logic, html and js to edit dhcp leases
2019-08-01 18:15:32 +02:00
glaszig
3db99c7d21
* escape html entities in network interface settings
...
the command `ip address show eth0` returns
special characters like "<" and ">" which, if left
unescaped and shown on the page, will create
arbitrary html elements and hide information.
* show interface settings inside unstyled pre block
interface properties should be parsed and displayed
in a proprietary and pretty manner. until then, give
use the raw output of `ip address show`
2019-07-31 04:04:38 +02:00
Bill Zimmerman
1b32ed53d6
Merge pull request #358 from glaszig/fix/dashboard-ipv6-addresses
...
fix display of ip addresses in dashboard
2019-07-30 19:03:32 -07:00
glaszig
c2ed6c6e02
fix display of multiple ipv4 addresses, netmasks on dashboard
2019-07-30 23:15:08 +02:00
glaszig
4a5a39c2bc
fix display of ipv6 addresses
2019-07-30 22:49:35 +02:00
glaszig
81a67c0121
better filename
2019-07-30 21:21:16 +02:00