glaszig
6f1ae104f3
improve CSRFToken() implementation
2019-08-06 20:55:16 +02:00
glaszig
2f6dc2cc05
remove superfluous semi-colon
2019-08-06 20:55:16 +02:00
glaszig
964dc00fab
generate a new csrf token for each request
2019-08-06 20:55:16 +02:00
glaszig
7898dc24c8
mcrypt_create_iv is deprecated, openssl_random_pseudo_bytes
...
depends on openssl. php7 has the platform-independent
`random_bytes` to generate "cryptographically secure"
random data. use that for csrf token.
2019-08-06 20:55:16 +02:00
glaszig
490cb14acd
removing superfluous call to CSRFToken() which
...
just put the hidden input onto the page for js
to have access to it. this is now handled with
a meta tag.
2019-08-06 20:55:16 +02:00
glaszig
b38dbb82ab
do net send csrf tokens individually with post xhr
...
since we set it in a `beforeSend` callback
2019-08-06 20:55:16 +02:00
glaszig
b9e9b7fe39
move csrf token initialization into function
2019-08-06 20:55:16 +02:00
glaszig
d53517a34a
removed useless line of code
2019-08-06 20:55:16 +02:00
glaszig
0967a53152
validate token value from csrf token header
...
if supplied and not overridden by post request param
2019-08-06 20:55:16 +02:00
glaszig
ce3ec131a6
add csrf token header to all resource-modifying xhr
2019-08-06 20:55:16 +02:00
glaszig
20bb9fe42f
add csrf meta tag (for use with xhr, for example)
2019-08-06 20:55:16 +02:00
glaszig
87fe8948b8
remove splattered, duplicated csrf validation code
...
since we do that always and early, now.
2019-08-06 20:55:16 +02:00
glaszig
f989b8060b
always verify csrf token for resource-modifying requests,
...
that is post, put, patch, delete
2019-08-06 20:55:16 +02:00
Bill Zimmerman
93b458197a
Merge pull request #365 from glaszig/feature/connect-hidden-ssid
...
enable wifi client to connect to hidden ssid
2019-08-05 16:04:29 +02:00
Bill Zimmerman
9b66c2cd03
Merge pull request #363 from glaszig/fix/hostapd-wmm
...
properly enable wmm by fixing a typo
2019-08-05 15:46:10 +02:00
billz
c0cfcfa117
Bugfix, resolves #367
2019-08-05 14:26:55 +01:00
Bill Zimmerman
02c3703392
Merge pull request #355 from glaszig/ui/escape-interface-settings
...
show network interface settings pre block, properly escaped
2019-08-02 18:25:27 +02:00
Bill Zimmerman
ff21343751
Merge branch 'master' into ui/escape-interface-settings
2019-08-02 18:18:19 +02:00
Bill Zimmerman
fe35742519
Merge pull request #361 from glaszig/feature/static-dhcp-hosts
...
static dhcp leases
2019-08-02 17:49:29 +02:00
glaszig
493269e061
enable wifi client to connect to hidden ssid
...
according to the docs:
For finding networks using hidden SSID, scan_ssid=1 in the network block can be used with nl80211.
and
scan_ssid:
0 = do not scan this SSID with specific Probe Request frames (default)
1 = scan with SSID-specific Probe Request frames (this can be used to
find APs that do not accept broadcast SSID or use multiple SSIDs;
this will add latency to scanning, so enable this only when needed)
https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf
see billz/raspap-webgui#345
2019-08-02 14:42:15 +02:00
Bill Zimmerman
2ded7be76b
Merge pull request #364 from glaszig/feature/improved-hostapd-hw-mode-select-labeling
...
improved 802.11 mode dropdown
2019-08-02 07:36:04 +02:00
glaszig
b52f290020
improved 802.11 standard select option labels in hostapd ui
2019-08-01 23:01:31 +02:00
glaszig
ab7f990d13
properly enable wmm by fixing a typo
...
if `ieee80211n=1`, `wmm_enabled=1` should be configured as well
according to the docs, quote:
# ieee80211n: Whether IEEE 802.11n (HT) is enabled
# 0 = disabled (default)
# 1 = enabled
# Note: You will also need to enable WMM for full HT functionality.
# Note: hw_mode=g (2.4 GHz) and hw_mode=a (5 GHz) is used to specify the band.
https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf
2019-08-01 22:19:46 +02:00
glaszig
afbc50d1ee
click the "add" button on the static dhcp lease form
...
for people that forgot to click that button to add their lease
2019-08-01 18:15:32 +02:00
glaszig
d18dbd7def
add ui to manage static dhcp leases
...
* add support to parse duplicate options in ParseConfig()
* add logic, html and js to edit dhcp leases
2019-08-01 18:15:32 +02:00
glaszig
e02557af3a
add pre.unstyled css rule
...
in bootstrap, pre blocks have background and borders.
this removes them with a special class named `unstyled`
just like `ul.unstyled`.
2019-07-31 04:04:38 +02:00
glaszig
3db99c7d21
* escape html entities in network interface settings
...
the command `ip address show eth0` returns
special characters like "<" and ">" which, if left
unescaped and shown on the page, will create
arbitrary html elements and hide information.
* show interface settings inside unstyled pre block
interface properties should be parsed and displayed
in a proprietary and pretty manner. until then, give
use the raw output of `ip address show`
2019-07-31 04:04:38 +02:00
Bill Zimmerman
1b32ed53d6
Merge pull request #358 from glaszig/fix/dashboard-ipv6-addresses
...
fix display of ip addresses in dashboard
2019-07-30 19:03:32 -07:00
Bill Zimmerman
809051165b
Merge pull request #357 from glaszig/security/command-injection
...
SECURITY ISSUE! fix command injection
2019-07-30 19:01:11 -07:00
glaszig
c2ed6c6e02
fix display of multiple ipv4 addresses, netmasks on dashboard
2019-07-30 23:15:08 +02:00
glaszig
4a5a39c2bc
fix display of ipv6 addresses
2019-07-30 22:49:35 +02:00
glaszig
81a67c0121
better filename
2019-07-30 21:21:16 +02:00
glaszig
a6d3336212
fix command injection issue. fixes #354 .
2019-07-30 21:21:16 +02:00
Bill Zimmerman
d81d1b0a10
Update README.md
2019-07-29 17:36:54 -07:00
Bill Zimmerman
24a7d0ac95
Merge pull request #348 from ozbotics/fix-issue-347
...
Changes made using the 'Configure networking' page are not reflected in the actual network configuration Issue #347
2019-07-25 09:14:17 -07:00
Jon van Noort
6e33e4c882
changed call to parse_ini_file() to use INI_SCANNER_RAW, so that ini values are parsed as expected
2019-07-18 04:17:19 +08:00
billz
76d23e33f9
Hotfix
2019-07-10 07:46:58 +01:00
Bill Zimmerman
be635e773c
Update manual install steps
2019-07-09 00:20:18 +02:00
Bill Zimmerman
a280c9df89
Updated to support Buster "stable" release
2019-07-08 21:49:38 +02:00
Bill Zimmerman
40a1b46dfc
Update README.md
2019-06-29 10:14:25 +02:00
Bill Zimmerman
4940255cc6
Minor update to version_msg
2019-06-29 09:54:29 +02:00
Bill Zimmerman
acd58ce557
Minor update to version_msg
2019-06-29 09:51:36 +02:00
Bill Zimmerman
38ac3f904c
Update manual install steps for Buster
2019-06-28 10:12:07 +02:00
Bill Zimmerman
374192ebe1
Update README.md
2019-06-28 10:08:32 +02:00
billz
f9b5a8f126
Updated php version for Raspbian 10.0 (Buster)
2019-06-25 07:40:08 +00:00
billz
913ce3b5c0
Updated php version for Raspbian 10.0 (Buster)
2019-06-25 07:40:02 +00:00
billz
de8bdef908
Updated to detect Raspbian 10.0 (Buster)
2019-06-24 22:14:38 +00:00
billz
13aa0864d0
Updated to detect Raspbian 10.0 (Buster). Resolves #337
2019-06-24 21:57:49 +00:00
billz
cdf1406aba
Added prompt to remove installed packages. Resolves #336
2019-06-24 21:42:15 +00:00
Bill Zimmerman
463b1978d0
Update README.md
2019-06-12 21:16:34 +02:00