1
0
mirror of https://github.com/billz/raspap-webgui.git synced 2023-10-10 13:37:24 +02:00
Commit Graph

108 Commits

Author SHA1 Message Date
glaszig
20d9e919c3 generate only one csrf token per session
some pages issue xhr which lead to new
tokens in the session and a future check
is garuanteed to fail.
2019-08-19 03:12:37 +01:00
Bill Zimmerman
5858971762
Merge pull request #372 from glaszig/ui/xhr-load-cached-wifi-stations
load wifi stations via ajax, cache the scan result
2019-08-17 09:53:13 +02:00
glaszig
f5e3b717ff add missing CSRFTokenFieldTag's 2019-08-14 02:41:58 +02:00
glaszig
993dc633a9 load wifi stations via ajax, cache the scan result
until the "rescan" button is pressed. speeds up
"configure client" page massively.
2019-08-08 03:44:28 +02:00
glaszig
8f3489cd4a remove id attribute from csrf token field due to obsolescence
and if there's multiple form's on the page it would lead to
multiple elements with the same id which is illegal in html
2019-08-06 20:55:16 +02:00
glaszig
f36b08c10a rename CSRFToken() to the more apt CSRFTokenFieldTag() 2019-08-06 20:55:16 +02:00
glaszig
0a255e8b49 don't write the csrf token field to the output buffer
but return and echo it
2019-08-06 20:55:16 +02:00
glaszig
6f1ae104f3 improve CSRFToken() implementation 2019-08-06 20:55:16 +02:00
glaszig
2f6dc2cc05 remove superfluous semi-colon 2019-08-06 20:55:16 +02:00
glaszig
964dc00fab generate a new csrf token for each request 2019-08-06 20:55:16 +02:00
glaszig
7898dc24c8 mcrypt_create_iv is deprecated, openssl_random_pseudo_bytes
depends on openssl. php7 has the platform-independent
`random_bytes` to generate "cryptographically secure"
random data. use that for csrf token.
2019-08-06 20:55:16 +02:00
glaszig
b9e9b7fe39 move csrf token initialization into function 2019-08-06 20:55:16 +02:00
glaszig
0967a53152 validate token value from csrf token header
if supplied and not overridden by post request param
2019-08-06 20:55:16 +02:00
glaszig
20bb9fe42f add csrf meta tag (for use with xhr, for example) 2019-08-06 20:55:16 +02:00
glaszig
f989b8060b always verify csrf token for resource-modifying requests,
that is post, put, patch, delete
2019-08-06 20:55:16 +02:00
glaszig
d18dbd7def add ui to manage static dhcp leases
* add support to parse duplicate options in ParseConfig()
* add logic, html and js to edit dhcp leases
2019-08-01 18:15:32 +02:00
billz
3f9b422f5f Update safefilerewrite with PHP_EOL 2019-04-30 22:57:12 +00:00
billz
1008f83cc4 Update write_php_ini 2019-04-30 22:36:35 +00:00
billz
ce93faa277 Update write_php_ini 2019-04-30 22:18:44 +00:00
billz
c0570b616e Processed with phpcs for PSR-2 coding standard 2019-04-10 08:37:35 +00:00
D9ping
54e55775ea Fix incorrect escaping break lines of WPA and WPA2 secured networks.
Signed-off-by: D9ping <D9ping@users.noreply.github.com>
2018-10-24 01:42:47 +02:00
D9ping
73f5e4f2da Properly use for attribute for label tags on hostapd page.
Added support for id attribute for SelectorOptions function.

Signed-off-by: D9ping <D9ping@users.noreply.github.com>
2018-10-03 22:20:06 +02:00
D9ping
5988dab56e Fixed html option end tag.
Signed-off-by: D9ping <D9ping@users.noreply.github.com>
2018-08-16 14:48:47 +02:00
Bill Zimmerman
a02b525fc1 Added missing double-quote. Fixes #222. Thanks @seebz 2018-08-15 11:30:24 -07:00
D9ping
fb7ba20055 Fixed php notices log messages.
Signed-off-by: D9ping <D9ping@users.noreply.github.com>
2018-08-06 01:18:11 +02:00
D9ping
2b03fa316d Escape client input, console output etc. before doing any echo.
Signed-off-by: D9ping <D9ping@users.noreply.github.com>
2018-08-04 02:05:56 +02:00
Russ Marshall
ff36dbb3b4 support for 5GHz channels 2018-02-19 08:13:20 -05:00
Lawrence
068c4c519e Merge from Upstream 2017-11-04 12:49:48 +08:00
Lawrence
f61cc31b20 Created new branch off master to help troubleshoot with #132 2017-11-02 22:43:41 +08:00
Lawrence
7749b79e2f Implemented start of web interface to update Static IP addresses or use DHCP.
Currently saves to files in /etc/raspap/networking, still need to build something to generate a working config for dhcpcd
2017-10-28 02:40:30 +08:00
Joe Haig
20eb3b0107 Merge branch 'master' into dashboard 2016-08-16 20:44:22 +01:00
Joe Haig
e953e68556 Redo 'Configure client' page 2016-08-14 16:40:59 +00:00
Joe Haig
c7ed97dd8b Change method of calculating channel and security 2016-08-12 17:29:56 +00:00
Joe Haig
fe3b0e9513 Move client wifi configuration into separate file 2016-08-12 17:00:43 +00:00
Joe Haig
095e1afa8c Move Dashboard function to separate file 2016-08-08 12:48:16 +00:00
Joe Haig
7406a5050c Move system page into separate file 2016-08-08 12:31:19 +00:00
Joe Haig
bff9dfbbbc Some validation on POST data 2016-08-05 20:38:02 +00:00
Joe Haig
671016e685 Add CSRF to hostapd config
And tidy things up a bit
2016-08-05 15:50:05 +01:00
Joe Haig
15a4ece433 Move function to save HostAPD config too 2016-07-27 20:48:27 +00:00
Joe Haig
bfb1332cdf Move HostAPD into separate file 2016-07-27 20:43:40 +00:00
Joseph Haig
3b043950de Add CSRF to DHCP form
Also, separate out into separate file and refactor
2016-07-09 01:26:13 +01:00
Joseph Haig
d92b01e8f2 Fix tabbing 2016-06-26 17:25:59 +01:00
Joe Haig
5c2492e785 Add CSRF token to password change page 2016-06-24 22:39:39 +01:00
Joe Haig
d431c3f767 Permit flags in the config 2016-06-19 23:23:03 +01:00
Joe Haig
443c75390a Set $status to avoid error 2016-06-19 23:01:22 +01:00
Joe Haig
2e8c97d421 Correctly find Received Bytes 2016-06-19 22:50:36 +01:00
Joe Haig
098caa1262 Remove spurious ' character 2016-06-19 22:16:32 +01:00
Bill Zimmerman
94a7465395 Updated panel icon 2016-06-14 13:06:19 +02:00
zlolz
638f2e6d3d add cpu load bar, colour mem and cpu bars baased values (ok, warning, danger) 2016-06-12 04:16:59 +00:00
zlolz
de7c0f7d79 Add System Info and System Control (foundation) 2016-06-12 00:17:44 +00:00
zlolz
96e179e501 hostapd & dhcpd -- ensure all interfaces are selectable 2016-06-11 05:17:47 +00:00
Joe Haig
926d7ba13b Add more PHP_EOLs 2016-05-28 21:12:02 +01:00
Joe Haig
98a9822897 Avoid breaking hostapd config file with tabs 2016-05-28 20:19:19 +01:00
Bill Zimmerman
ba9a3355df Replaced short tags for compatibility 2015-11-04 11:52:13 +01:00
Bill Zimmerman
5f8dce6271 Removed debug output 2015-02-28 10:59:43 +01:00
Bill Zimmerman
27bdfcda16 Debug DisplayWPAConfig 2015-02-27 16:11:56 +01:00
Bill Zimmerman
ae11bfe7fc Fixed nav collapse css issue 2015-02-25 15:18:46 +01:00
Bill Zimmerman
d5678d622e Added assets + dependencies 2015-02-25 14:08:14 +01:00