glaszig
|
20d9e919c3
|
generate only one csrf token per session
some pages issue xhr which lead to new
tokens in the session and a future check
is garuanteed to fail.
|
2019-08-19 03:12:37 +01:00 |
|
Bill Zimmerman
|
5858971762
|
Merge pull request #372 from glaszig/ui/xhr-load-cached-wifi-stations
load wifi stations via ajax, cache the scan result
|
2019-08-17 09:53:13 +02:00 |
|
glaszig
|
f5e3b717ff
|
add missing CSRFTokenFieldTag's
|
2019-08-14 02:41:58 +02:00 |
|
glaszig
|
993dc633a9
|
load wifi stations via ajax, cache the scan result
until the "rescan" button is pressed. speeds up
"configure client" page massively.
|
2019-08-08 03:44:28 +02:00 |
|
glaszig
|
8f3489cd4a
|
remove id attribute from csrf token field due to obsolescence
and if there's multiple form's on the page it would lead to
multiple elements with the same id which is illegal in html
|
2019-08-06 20:55:16 +02:00 |
|
glaszig
|
f36b08c10a
|
rename CSRFToken() to the more apt CSRFTokenFieldTag()
|
2019-08-06 20:55:16 +02:00 |
|
glaszig
|
0a255e8b49
|
don't write the csrf token field to the output buffer
but return and echo it
|
2019-08-06 20:55:16 +02:00 |
|
glaszig
|
6f1ae104f3
|
improve CSRFToken() implementation
|
2019-08-06 20:55:16 +02:00 |
|
glaszig
|
2f6dc2cc05
|
remove superfluous semi-colon
|
2019-08-06 20:55:16 +02:00 |
|
glaszig
|
964dc00fab
|
generate a new csrf token for each request
|
2019-08-06 20:55:16 +02:00 |
|
glaszig
|
7898dc24c8
|
mcrypt_create_iv is deprecated, openssl_random_pseudo_bytes
depends on openssl. php7 has the platform-independent
`random_bytes` to generate "cryptographically secure"
random data. use that for csrf token.
|
2019-08-06 20:55:16 +02:00 |
|
glaszig
|
b9e9b7fe39
|
move csrf token initialization into function
|
2019-08-06 20:55:16 +02:00 |
|
glaszig
|
0967a53152
|
validate token value from csrf token header
if supplied and not overridden by post request param
|
2019-08-06 20:55:16 +02:00 |
|
glaszig
|
20bb9fe42f
|
add csrf meta tag (for use with xhr, for example)
|
2019-08-06 20:55:16 +02:00 |
|
glaszig
|
f989b8060b
|
always verify csrf token for resource-modifying requests,
that is post, put, patch, delete
|
2019-08-06 20:55:16 +02:00 |
|
glaszig
|
d18dbd7def
|
add ui to manage static dhcp leases
* add support to parse duplicate options in ParseConfig()
* add logic, html and js to edit dhcp leases
|
2019-08-01 18:15:32 +02:00 |
|
billz
|
3f9b422f5f
|
Update safefilerewrite with PHP_EOL
|
2019-04-30 22:57:12 +00:00 |
|
billz
|
1008f83cc4
|
Update write_php_ini
|
2019-04-30 22:36:35 +00:00 |
|
billz
|
ce93faa277
|
Update write_php_ini
|
2019-04-30 22:18:44 +00:00 |
|
billz
|
c0570b616e
|
Processed with phpcs for PSR-2 coding standard
|
2019-04-10 08:37:35 +00:00 |
|
D9ping
|
54e55775ea
|
Fix incorrect escaping break lines of WPA and WPA2 secured networks.
Signed-off-by: D9ping <D9ping@users.noreply.github.com>
|
2018-10-24 01:42:47 +02:00 |
|
D9ping
|
73f5e4f2da
|
Properly use for attribute for label tags on hostapd page.
Added support for id attribute for SelectorOptions function.
Signed-off-by: D9ping <D9ping@users.noreply.github.com>
|
2018-10-03 22:20:06 +02:00 |
|
D9ping
|
5988dab56e
|
Fixed html option end tag.
Signed-off-by: D9ping <D9ping@users.noreply.github.com>
|
2018-08-16 14:48:47 +02:00 |
|
Bill Zimmerman
|
a02b525fc1
|
Added missing double-quote. Fixes #222. Thanks @seebz
|
2018-08-15 11:30:24 -07:00 |
|
D9ping
|
fb7ba20055
|
Fixed php notices log messages.
Signed-off-by: D9ping <D9ping@users.noreply.github.com>
|
2018-08-06 01:18:11 +02:00 |
|
D9ping
|
2b03fa316d
|
Escape client input, console output etc. before doing any echo.
Signed-off-by: D9ping <D9ping@users.noreply.github.com>
|
2018-08-04 02:05:56 +02:00 |
|
Russ Marshall
|
ff36dbb3b4
|
support for 5GHz channels
|
2018-02-19 08:13:20 -05:00 |
|
Lawrence
|
068c4c519e
|
Merge from Upstream
|
2017-11-04 12:49:48 +08:00 |
|
Lawrence
|
f61cc31b20
|
Created new branch off master to help troubleshoot with #132
|
2017-11-02 22:43:41 +08:00 |
|
Lawrence
|
7749b79e2f
|
Implemented start of web interface to update Static IP addresses or use DHCP.
Currently saves to files in /etc/raspap/networking, still need to build something to generate a working config for dhcpcd
|
2017-10-28 02:40:30 +08:00 |
|
Joe Haig
|
20eb3b0107
|
Merge branch 'master' into dashboard
|
2016-08-16 20:44:22 +01:00 |
|
Joe Haig
|
e953e68556
|
Redo 'Configure client' page
|
2016-08-14 16:40:59 +00:00 |
|
Joe Haig
|
c7ed97dd8b
|
Change method of calculating channel and security
|
2016-08-12 17:29:56 +00:00 |
|
Joe Haig
|
fe3b0e9513
|
Move client wifi configuration into separate file
|
2016-08-12 17:00:43 +00:00 |
|
Joe Haig
|
095e1afa8c
|
Move Dashboard function to separate file
|
2016-08-08 12:48:16 +00:00 |
|
Joe Haig
|
7406a5050c
|
Move system page into separate file
|
2016-08-08 12:31:19 +00:00 |
|
Joe Haig
|
bff9dfbbbc
|
Some validation on POST data
|
2016-08-05 20:38:02 +00:00 |
|
Joe Haig
|
671016e685
|
Add CSRF to hostapd config
And tidy things up a bit
|
2016-08-05 15:50:05 +01:00 |
|
Joe Haig
|
15a4ece433
|
Move function to save HostAPD config too
|
2016-07-27 20:48:27 +00:00 |
|
Joe Haig
|
bfb1332cdf
|
Move HostAPD into separate file
|
2016-07-27 20:43:40 +00:00 |
|
Joseph Haig
|
3b043950de
|
Add CSRF to DHCP form
Also, separate out into separate file and refactor
|
2016-07-09 01:26:13 +01:00 |
|
Joseph Haig
|
d92b01e8f2
|
Fix tabbing
|
2016-06-26 17:25:59 +01:00 |
|
Joe Haig
|
5c2492e785
|
Add CSRF token to password change page
|
2016-06-24 22:39:39 +01:00 |
|
Joe Haig
|
d431c3f767
|
Permit flags in the config
|
2016-06-19 23:23:03 +01:00 |
|
Joe Haig
|
443c75390a
|
Set $status to avoid error
|
2016-06-19 23:01:22 +01:00 |
|
Joe Haig
|
2e8c97d421
|
Correctly find Received Bytes
|
2016-06-19 22:50:36 +01:00 |
|
Joe Haig
|
098caa1262
|
Remove spurious ' character
|
2016-06-19 22:16:32 +01:00 |
|
Bill Zimmerman
|
94a7465395
|
Updated panel icon
|
2016-06-14 13:06:19 +02:00 |
|
zlolz
|
638f2e6d3d
|
add cpu load bar, colour mem and cpu bars baased values (ok, warning, danger)
|
2016-06-12 04:16:59 +00:00 |
|
zlolz
|
de7c0f7d79
|
Add System Info and System Control (foundation)
|
2016-06-12 00:17:44 +00:00 |
|
zlolz
|
96e179e501
|
hostapd & dhcpd -- ensure all interfaces are selectable
|
2016-06-11 05:17:47 +00:00 |
|
Joe Haig
|
926d7ba13b
|
Add more PHP_EOLs
|
2016-05-28 21:12:02 +01:00 |
|
Joe Haig
|
98a9822897
|
Avoid breaking hostapd config file with tabs
|
2016-05-28 20:19:19 +01:00 |
|
Bill Zimmerman
|
ba9a3355df
|
Replaced short tags for compatibility
|
2015-11-04 11:52:13 +01:00 |
|
Bill Zimmerman
|
5f8dce6271
|
Removed debug output
|
2015-02-28 10:59:43 +01:00 |
|
Bill Zimmerman
|
27bdfcda16
|
Debug DisplayWPAConfig
|
2015-02-27 16:11:56 +01:00 |
|
Bill Zimmerman
|
ae11bfe7fc
|
Fixed nav collapse css issue
|
2015-02-25 15:18:46 +01:00 |
|
Bill Zimmerman
|
d5678d622e
|
Added assets + dependencies
|
2015-02-25 14:08:14 +01:00 |
|