raspap-webgui

mirror of https://github.com/billz/raspap-webgui.git synced 2025-03-01 10:31:47 +00:00

Author	SHA1	Message	Date
sunnybank101	62c7e99465	arp can take for ever added -n to the arp command to speed it up!	2019-08-07 22:48:59 +02:00
billz	b5f875cce7	Updated CSRFTokenFieldTag	2019-08-07 21:01:05 +01:00
Bill Zimmerman	f6f85d1c11	Merge pull request #356 from glaszig/security/always-verify-csrf-token always verify csrf token for resource-modifying requests	2019-08-07 21:53:39 +02:00
billz	e4757a06ae	Minor: use install_log for raspap.service	2019-08-07 09:28:20 +01:00
billz	10e0aaf1ab	Update .gitignore	2019-08-06 23:01:15 +01:00
Bill Zimmerman	d4d6dbd79b	Merge pull request #360 from glaszig/installer/cp-instead-of-mv installation: do not move files out of git tree	2019-08-06 22:45:01 +02:00
glaszig	47cc1bdc33	cleaner jquery ready callback	2019-08-06 22:42:50 +02:00
glaszig	752e8ccf66	improve global ajax event handling	2019-08-06 22:41:29 +02:00
glaszig	c70433585a	move all other favicon-types into dist/icons folder, point to icons via link and meta tags, leave favicon.ico in root old browsers, added custom jekyll layout file to use the icons for the project website as well. https://help.github.com/en/articles/customizing-css-and-html-in-your-jekyll-theme https://github.com/pages-themes/minimal/blob/master/_layouts/default.html https://stackoverflow.com/a/48969053	2019-08-06 22:24:13 +02:00
glaszig	2104ccb91a	favicons and sorts can stay in subdirectories and be pointed to by proper meta tags. do not copy these around during installation and poison the git tree.	2019-08-06 21:36:52 +02:00
glaszig	748348f407	during installation copy files from the git working tree to their destinations instead of moving them and making git think they got deleted	2019-08-06 21:36:52 +02:00
glaszig	da69d3d768	send CSRF token in a response header, update the page's CSRF tokens with the new token from the response header, verify csrf token in ajax endpoints, initialize a session for every endpoint	2019-08-06 21:34:58 +02:00
glaszig	8f3489cd4a	remove id attribute from csrf token field due to obsolescence and if there's multiple form's on the page it would lead to multiple elements with the same id which is illegal in html	2019-08-06 20:55:16 +02:00
glaszig	f36b08c10a	rename CSRFToken() to the more apt CSRFTokenFieldTag()	2019-08-06 20:55:16 +02:00
glaszig	0a255e8b49	don't write the csrf token field to the output buffer but return and echo it	2019-08-06 20:55:16 +02:00
glaszig	6f1ae104f3	improve CSRFToken() implementation	2019-08-06 20:55:16 +02:00
glaszig	2f6dc2cc05	remove superfluous semi-colon	2019-08-06 20:55:16 +02:00
glaszig	964dc00fab	generate a new csrf token for each request	2019-08-06 20:55:16 +02:00
glaszig	7898dc24c8	mcrypt_create_iv is deprecated, openssl_random_pseudo_bytes depends on openssl. php7 has the platform-independent `random_bytes` to generate "cryptographically secure" random data. use that for csrf token.	2019-08-06 20:55:16 +02:00
glaszig	490cb14acd	removing superfluous call to CSRFToken() which just put the hidden input onto the page for js to have access to it. this is now handled with a meta tag.	2019-08-06 20:55:16 +02:00
glaszig	b38dbb82ab	do net send csrf tokens individually with post xhr since we set it in a `beforeSend` callback	2019-08-06 20:55:16 +02:00
glaszig	b9e9b7fe39	move csrf token initialization into function	2019-08-06 20:55:16 +02:00
glaszig	d53517a34a	removed useless line of code	2019-08-06 20:55:16 +02:00
glaszig	0967a53152	validate token value from csrf token header if supplied and not overridden by post request param	2019-08-06 20:55:16 +02:00
glaszig	ce3ec131a6	add csrf token header to all resource-modifying xhr	2019-08-06 20:55:16 +02:00
glaszig	20bb9fe42f	add csrf meta tag (for use with xhr, for example)	2019-08-06 20:55:16 +02:00
glaszig	87fe8948b8	remove splattered, duplicated csrf validation code since we do that always and early, now.	2019-08-06 20:55:16 +02:00
glaszig	f989b8060b	always verify csrf token for resource-modifying requests, that is post, put, patch, delete	2019-08-06 20:55:16 +02:00
Bill Zimmerman	93b458197a	Merge pull request #365 from glaszig/feature/connect-hidden-ssid enable wifi client to connect to hidden ssid	2019-08-05 16:04:29 +02:00
Bill Zimmerman	9b66c2cd03	Merge pull request #363 from glaszig/fix/hostapd-wmm properly enable wmm by fixing a typo	2019-08-05 15:46:10 +02:00
billz	c0cfcfa117	Bugfix, resolves #367	2019-08-05 14:26:55 +01:00
glaszig	1152637120	puts service status as label into panel heading	2019-08-02 23:40:06 +02:00
Bill Zimmerman	02c3703392	Merge pull request #355 from glaszig/ui/escape-interface-settings show network interface settings pre block, properly escaped	2019-08-02 18:25:27 +02:00
Bill Zimmerman	ff21343751	Merge branch 'master' into ui/escape-interface-settings	2019-08-02 18:18:19 +02:00
Bill Zimmerman	fe35742519	Merge pull request #361 from glaszig/feature/static-dhcp-hosts static dhcp leases	2019-08-02 17:49:29 +02:00
glaszig	493269e061	enable wifi client to connect to hidden ssid according to the docs: For finding networks using hidden SSID, scan_ssid=1 in the network block can be used with nl80211. and scan_ssid: 0 = do not scan this SSID with specific Probe Request frames (default) 1 = scan with SSID-specific Probe Request frames (this can be used to find APs that do not accept broadcast SSID or use multiple SSIDs; this will add latency to scanning, so enable this only when needed) https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf see billz/raspap-webgui#345	2019-08-02 14:42:15 +02:00
Bill Zimmerman	2ded7be76b	Merge pull request #364 from glaszig/feature/improved-hostapd-hw-mode-select-labeling improved 802.11 mode dropdown	2019-08-02 07:36:04 +02:00
glaszig	b52f290020	improved 802.11 standard select option labels in hostapd ui	2019-08-01 23:01:31 +02:00
glaszig	0e9ed7d833	make hostapd's max_num_sta configurable	2019-08-01 22:42:52 +02:00
glaszig	ab7f990d13	properly enable wmm by fixing a typo if `ieee80211n=1`, `wmm_enabled=1` should be configured as well according to the docs, quote: # ieee80211n: Whether IEEE 802.11n (HT) is enabled # 0 = disabled (default) # 1 = enabled # Note: You will also need to enable WMM for full HT functionality. # Note: hw_mode=g (2.4 GHz) and hw_mode=a (5 GHz) is used to specify the band. https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf	2019-08-01 22:19:46 +02:00
glaszig	afbc50d1ee	click the "add" button on the static dhcp lease form for people that forgot to click that button to add their lease	2019-08-01 18:15:32 +02:00
glaszig	d18dbd7def	add ui to manage static dhcp leases * add support to parse duplicate options in ParseConfig() * add logic, html and js to edit dhcp leases	2019-08-01 18:15:32 +02:00
glaszig	e02557af3a	add pre.unstyled css rule in bootstrap, pre blocks have background and borders. this removes them with a special class named `unstyled` just like `ul.unstyled`.	2019-07-31 04:04:38 +02:00
glaszig	3db99c7d21	* escape html entities in network interface settings the command `ip address show eth0` returns special characters like "<" and ">" which, if left unescaped and shown on the page, will create arbitrary html elements and hide information. * show interface settings inside unstyled pre block interface properties should be parsed and displayed in a proprietary and pretty manner. until then, give use the raw output of `ip address show`	2019-07-31 04:04:38 +02:00
Bill Zimmerman	1b32ed53d6	Merge pull request #358 from glaszig/fix/dashboard-ipv6-addresses fix display of ip addresses in dashboard	2019-07-30 19:03:32 -07:00
Bill Zimmerman	809051165b	Merge pull request #357 from glaszig/security/command-injection SECURITY ISSUE! fix command injection	2019-07-30 19:01:11 -07:00
glaszig	c2ed6c6e02	fix display of multiple ipv4 addresses, netmasks on dashboard	2019-07-30 23:15:08 +02:00
glaszig	4a5a39c2bc	fix display of ipv6 addresses	2019-07-30 22:49:35 +02:00
glaszig	81a67c0121	better filename	2019-07-30 21:21:16 +02:00
glaszig	a6d3336212	fix command injection issue. fixes #354 .	2019-07-30 21:21:16 +02:00

... 17 18 19 20 21 ...

1574 Commits