1
0
mirror of https://github.com/billz/raspap-webgui.git synced 2023-10-10 13:37:24 +02:00
Commit Graph

657 Commits

Author SHA1 Message Date
glaszig
6f1ae104f3 improve CSRFToken() implementation 2019-08-06 20:55:16 +02:00
glaszig
2f6dc2cc05 remove superfluous semi-colon 2019-08-06 20:55:16 +02:00
glaszig
964dc00fab generate a new csrf token for each request 2019-08-06 20:55:16 +02:00
glaszig
7898dc24c8 mcrypt_create_iv is deprecated, openssl_random_pseudo_bytes
depends on openssl. php7 has the platform-independent
`random_bytes` to generate "cryptographically secure"
random data. use that for csrf token.
2019-08-06 20:55:16 +02:00
glaszig
490cb14acd removing superfluous call to CSRFToken() which
just put the hidden input onto the page for js
to have access to it. this is now handled with
a meta tag.
2019-08-06 20:55:16 +02:00
glaszig
b38dbb82ab do net send csrf tokens individually with post xhr
since we set it in a `beforeSend` callback
2019-08-06 20:55:16 +02:00
glaszig
b9e9b7fe39 move csrf token initialization into function 2019-08-06 20:55:16 +02:00
glaszig
d53517a34a removed useless line of code 2019-08-06 20:55:16 +02:00
glaszig
0967a53152 validate token value from csrf token header
if supplied and not overridden by post request param
2019-08-06 20:55:16 +02:00
glaszig
ce3ec131a6 add csrf token header to all resource-modifying xhr 2019-08-06 20:55:16 +02:00
glaszig
20bb9fe42f add csrf meta tag (for use with xhr, for example) 2019-08-06 20:55:16 +02:00
glaszig
87fe8948b8 remove splattered, duplicated csrf validation code
since we do that always and early, now.
2019-08-06 20:55:16 +02:00
glaszig
f989b8060b always verify csrf token for resource-modifying requests,
that is post, put, patch, delete
2019-08-06 20:55:16 +02:00
Bill Zimmerman
93b458197a
Merge pull request #365 from glaszig/feature/connect-hidden-ssid
enable wifi client to connect to hidden ssid
2019-08-05 16:04:29 +02:00
Bill Zimmerman
9b66c2cd03
Merge pull request #363 from glaszig/fix/hostapd-wmm
properly enable wmm by fixing a typo
2019-08-05 15:46:10 +02:00
billz
c0cfcfa117 Bugfix, resolves #367 2019-08-05 14:26:55 +01:00
Bill Zimmerman
02c3703392
Merge pull request #355 from glaszig/ui/escape-interface-settings
show network interface settings pre block, properly escaped
2019-08-02 18:25:27 +02:00
Bill Zimmerman
ff21343751
Merge branch 'master' into ui/escape-interface-settings 2019-08-02 18:18:19 +02:00
Bill Zimmerman
fe35742519
Merge pull request #361 from glaszig/feature/static-dhcp-hosts
static dhcp leases
2019-08-02 17:49:29 +02:00
glaszig
493269e061
enable wifi client to connect to hidden ssid
according to the docs:
For finding networks using hidden SSID, scan_ssid=1 in the network block can be used with nl80211.

and

scan_ssid:
	0 = do not scan this SSID with specific Probe Request frames (default)
	1 = scan with SSID-specific Probe Request frames (this can be used to
	    find APs that do not accept broadcast SSID or use multiple SSIDs;
	    this will add latency to scanning, so enable this only when needed)

https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf

see billz/raspap-webgui#345
2019-08-02 14:42:15 +02:00
Bill Zimmerman
2ded7be76b
Merge pull request #364 from glaszig/feature/improved-hostapd-hw-mode-select-labeling
improved 802.11 mode dropdown
2019-08-02 07:36:04 +02:00
glaszig
b52f290020 improved 802.11 standard select option labels in hostapd ui 2019-08-01 23:01:31 +02:00
glaszig
ab7f990d13
properly enable wmm by fixing a typo
if `ieee80211n=1`, `wmm_enabled=1` should be configured as well
according to the docs, quote:

# ieee80211n: Whether IEEE 802.11n (HT) is enabled
# 0 = disabled (default)
# 1 = enabled
# Note: You will also need to enable WMM for full HT functionality.
# Note: hw_mode=g (2.4 GHz) and hw_mode=a (5 GHz) is used to specify the band.

https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf
2019-08-01 22:19:46 +02:00
glaszig
afbc50d1ee click the "add" button on the static dhcp lease form
for people that forgot to click that button to add their lease
2019-08-01 18:15:32 +02:00
glaszig
d18dbd7def add ui to manage static dhcp leases
* add support to parse duplicate options in ParseConfig()
* add logic, html and js to edit dhcp leases
2019-08-01 18:15:32 +02:00
glaszig
e02557af3a add pre.unstyled css rule
in bootstrap, pre blocks have background and borders.
this removes them with a special class named `unstyled`
just like `ul.unstyled`.
2019-07-31 04:04:38 +02:00
glaszig
3db99c7d21 * escape html entities in network interface settings
the command `ip address show eth0` returns
special characters like "<" and ">" which, if left
unescaped and shown on the page, will create
arbitrary html elements and hide information.

* show interface settings inside unstyled pre block

interface properties should be parsed and displayed
in a proprietary and pretty manner. until then, give
use the raw output of `ip address show`
2019-07-31 04:04:38 +02:00
Bill Zimmerman
1b32ed53d6
Merge pull request #358 from glaszig/fix/dashboard-ipv6-addresses
fix display of ip addresses in dashboard
2019-07-30 19:03:32 -07:00
Bill Zimmerman
809051165b
Merge pull request #357 from glaszig/security/command-injection
SECURITY ISSUE! fix command injection
2019-07-30 19:01:11 -07:00
glaszig
c2ed6c6e02 fix display of multiple ipv4 addresses, netmasks on dashboard 2019-07-30 23:15:08 +02:00
glaszig
4a5a39c2bc fix display of ipv6 addresses 2019-07-30 22:49:35 +02:00
glaszig
81a67c0121 better filename 2019-07-30 21:21:16 +02:00
glaszig
a6d3336212 fix command injection issue. fixes #354. 2019-07-30 21:21:16 +02:00
Bill Zimmerman
d81d1b0a10
Update README.md 2019-07-29 17:36:54 -07:00
Bill Zimmerman
24a7d0ac95
Merge pull request #348 from ozbotics/fix-issue-347
Changes made using the 'Configure networking' page are not reflected in the actual network configuration Issue #347
2019-07-25 09:14:17 -07:00
Jon van Noort
6e33e4c882 changed call to parse_ini_file() to use INI_SCANNER_RAW, so that ini values are parsed as expected 2019-07-18 04:17:19 +08:00
billz
76d23e33f9 Hotfix 2019-07-10 07:46:58 +01:00
Bill Zimmerman
be635e773c
Update manual install steps 2019-07-09 00:20:18 +02:00
Bill Zimmerman
a280c9df89
Updated to support Buster "stable" release 2019-07-08 21:49:38 +02:00
Bill Zimmerman
40a1b46dfc
Update README.md 2019-06-29 10:14:25 +02:00
Bill Zimmerman
4940255cc6
Minor update to version_msg 2019-06-29 09:54:29 +02:00
Bill Zimmerman
acd58ce557
Minor update to version_msg 2019-06-29 09:51:36 +02:00
Bill Zimmerman
38ac3f904c
Update manual install steps for Buster 2019-06-28 10:12:07 +02:00
Bill Zimmerman
374192ebe1
Update README.md 2019-06-28 10:08:32 +02:00
billz
f9b5a8f126 Updated php version for Raspbian 10.0 (Buster) 2019-06-25 07:40:08 +00:00
billz
913ce3b5c0 Updated php version for Raspbian 10.0 (Buster) 2019-06-25 07:40:02 +00:00
billz
de8bdef908 Updated to detect Raspbian 10.0 (Buster) 2019-06-24 22:14:38 +00:00
billz
13aa0864d0 Updated to detect Raspbian 10.0 (Buster). Resolves #337 2019-06-24 21:57:49 +00:00
billz
cdf1406aba Added prompt to remove installed packages. Resolves #336 2019-06-24 21:42:15 +00:00
Bill Zimmerman
463b1978d0
Update README.md 2019-06-12 21:16:34 +02:00