1
0
mirror of https://github.com/billz/raspap-webgui.git synced 2023-10-10 13:37:24 +02:00
Commit Graph

297 Commits

Author SHA1 Message Date
glaszig
da69d3d768 send CSRF token in a response header,
update the page's CSRF tokens with the new token
from the response header,
verify csrf token in ajax endpoints,
initialize a session for every endpoint
2019-08-06 21:34:58 +02:00
glaszig
8f3489cd4a remove id attribute from csrf token field due to obsolescence
and if there's multiple form's on the page it would lead to
multiple elements with the same id which is illegal in html
2019-08-06 20:55:16 +02:00
glaszig
f36b08c10a rename CSRFToken() to the more apt CSRFTokenFieldTag() 2019-08-06 20:55:16 +02:00
glaszig
0a255e8b49 don't write the csrf token field to the output buffer
but return and echo it
2019-08-06 20:55:16 +02:00
glaszig
6f1ae104f3 improve CSRFToken() implementation 2019-08-06 20:55:16 +02:00
glaszig
2f6dc2cc05 remove superfluous semi-colon 2019-08-06 20:55:16 +02:00
glaszig
964dc00fab generate a new csrf token for each request 2019-08-06 20:55:16 +02:00
glaszig
7898dc24c8 mcrypt_create_iv is deprecated, openssl_random_pseudo_bytes
depends on openssl. php7 has the platform-independent
`random_bytes` to generate "cryptographically secure"
random data. use that for csrf token.
2019-08-06 20:55:16 +02:00
glaszig
490cb14acd removing superfluous call to CSRFToken() which
just put the hidden input onto the page for js
to have access to it. this is now handled with
a meta tag.
2019-08-06 20:55:16 +02:00
glaszig
b9e9b7fe39 move csrf token initialization into function 2019-08-06 20:55:16 +02:00
glaszig
0967a53152 validate token value from csrf token header
if supplied and not overridden by post request param
2019-08-06 20:55:16 +02:00
glaszig
20bb9fe42f add csrf meta tag (for use with xhr, for example) 2019-08-06 20:55:16 +02:00
glaszig
87fe8948b8 remove splattered, duplicated csrf validation code
since we do that always and early, now.
2019-08-06 20:55:16 +02:00
glaszig
f989b8060b always verify csrf token for resource-modifying requests,
that is post, put, patch, delete
2019-08-06 20:55:16 +02:00
Bill Zimmerman
93b458197a
Merge pull request #365 from glaszig/feature/connect-hidden-ssid
enable wifi client to connect to hidden ssid
2019-08-05 16:04:29 +02:00
Bill Zimmerman
9b66c2cd03
Merge pull request #363 from glaszig/fix/hostapd-wmm
properly enable wmm by fixing a typo
2019-08-05 15:46:10 +02:00
billz
c0cfcfa117 Bugfix, resolves #367 2019-08-05 14:26:55 +01:00
glaszig
1152637120 puts service status as label into panel heading 2019-08-02 23:40:06 +02:00
Bill Zimmerman
ff21343751
Merge branch 'master' into ui/escape-interface-settings 2019-08-02 18:18:19 +02:00
Bill Zimmerman
fe35742519
Merge pull request #361 from glaszig/feature/static-dhcp-hosts
static dhcp leases
2019-08-02 17:49:29 +02:00
glaszig
493269e061
enable wifi client to connect to hidden ssid
according to the docs:
For finding networks using hidden SSID, scan_ssid=1 in the network block can be used with nl80211.

and

scan_ssid:
	0 = do not scan this SSID with specific Probe Request frames (default)
	1 = scan with SSID-specific Probe Request frames (this can be used to
	    find APs that do not accept broadcast SSID or use multiple SSIDs;
	    this will add latency to scanning, so enable this only when needed)

https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf

see billz/raspap-webgui#345
2019-08-02 14:42:15 +02:00
glaszig
b52f290020 improved 802.11 standard select option labels in hostapd ui 2019-08-01 23:01:31 +02:00
glaszig
0e9ed7d833 make hostapd's max_num_sta configurable 2019-08-01 22:42:52 +02:00
glaszig
ab7f990d13
properly enable wmm by fixing a typo
if `ieee80211n=1`, `wmm_enabled=1` should be configured as well
according to the docs, quote:

# ieee80211n: Whether IEEE 802.11n (HT) is enabled
# 0 = disabled (default)
# 1 = enabled
# Note: You will also need to enable WMM for full HT functionality.
# Note: hw_mode=g (2.4 GHz) and hw_mode=a (5 GHz) is used to specify the band.

https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf
2019-08-01 22:19:46 +02:00
glaszig
afbc50d1ee click the "add" button on the static dhcp lease form
for people that forgot to click that button to add their lease
2019-08-01 18:15:32 +02:00
glaszig
d18dbd7def add ui to manage static dhcp leases
* add support to parse duplicate options in ParseConfig()
* add logic, html and js to edit dhcp leases
2019-08-01 18:15:32 +02:00
glaszig
3db99c7d21 * escape html entities in network interface settings
the command `ip address show eth0` returns
special characters like "<" and ">" which, if left
unescaped and shown on the page, will create
arbitrary html elements and hide information.

* show interface settings inside unstyled pre block

interface properties should be parsed and displayed
in a proprietary and pretty manner. until then, give
use the raw output of `ip address show`
2019-07-31 04:04:38 +02:00
Bill Zimmerman
1b32ed53d6
Merge pull request #358 from glaszig/fix/dashboard-ipv6-addresses
fix display of ip addresses in dashboard
2019-07-30 19:03:32 -07:00
glaszig
c2ed6c6e02 fix display of multiple ipv4 addresses, netmasks on dashboard 2019-07-30 23:15:08 +02:00
glaszig
4a5a39c2bc fix display of ipv6 addresses 2019-07-30 22:49:35 +02:00
glaszig
81a67c0121 better filename 2019-07-30 21:21:16 +02:00
glaszig
a6d3336212 fix command injection issue. fixes #354. 2019-07-30 21:21:16 +02:00
Bill Zimmerman
f5e3b0dd31 Updated minor version 2019-06-12 21:14:12 +02:00
billz
679051b219 Added locale support for Türkçe. Thanks Cuqer! 2019-06-10 09:27:42 +00:00
billz
6866cfb266 Added locale support for Türkçe. Thanks Cuqer! 2019-06-10 09:27:17 +00:00
billz
445ba5c36c Fix for auth protocols, thanks @furest. Fixed open wifi network form element. Resolves #326 2019-05-05 11:08:47 +00:00
billz
3f9b422f5f Update safefilerewrite with PHP_EOL 2019-04-30 22:57:12 +00:00
billz
1008f83cc4 Update write_php_ini 2019-04-30 22:36:35 +00:00
billz
ce93faa277 Update write_php_ini 2019-04-30 22:18:44 +00:00
billz
1a23316abd Write wifi managed interface to config 2019-04-30 18:29:09 +00:00
billz
c07a41fc61 Connected devices not shown for uap0. Fixes #312 2019-04-13 21:49:48 +00:00
billz
dd63294a37 Updated version number 2019-04-13 15:19:13 +00:00
billz
c0570b616e Processed with phpcs for PSR-2 coding standard 2019-04-10 08:37:35 +00:00
Bill Zimmerman
96717deea1
Merge pull request #297 from billz/wificlient-ap
Wifi client AP mode
2019-04-08 20:22:02 +02:00
Bill Zimmerman
8b4a4842af
Merge pull request #302 from BenjiLeblond08/master
Connected Devices list on Dashboard
2019-03-18 16:58:21 +01:00
billz
10be910657 Bugfix: replaced wlan0 with constant 2019-03-17 20:14:08 +00:00
Benjamin LEBLOND
3d561b1925
Change hard "wlan0" to RASPI_WIFI_CLIENT_INTERFACE 2019-03-17 14:19:13 +01:00
Benjamin LEBLOND
24cb51d2b9
connected device list on dashboard
Display a list of connected devices on dashboard, and update some html
2019-03-17 13:38:08 +01:00
Benjamin LEBLOND
2bcee2145f
Update table raw html markup 2019-03-17 13:33:24 +01:00
billz
cbb37ff7f5 Initial commit 2019-03-15 12:31:02 +00:00
billz
8267c9b10a Bugfix 2019-03-12 07:32:17 +00:00
billz
b012bae759 bugfix 2019-03-12 00:11:29 +00:00
billz
7d98d12e3b WIP, rewite configs 2019-03-12 00:03:18 +00:00
billz
113f3bfcb8 WIP, config rewriting 2019-03-11 23:47:09 +00:00
billz
96ffbf8374 Added constant for dhcpcd.conf 2019-03-11 23:44:18 +00:00
billz
9abf79b23c Merge branch 'master' into wificlient-ap 2019-03-09 21:11:54 +00:00
billz
6cf96fd65d Increased sleep value 2019-03-07 22:12:38 +00:00
Bill Zimmerman
61d2aa534f
Merge pull request #293 from BenjiLeblond08/data-usage-hourly
Data Usage : Hourly
2019-03-07 19:20:56 +01:00
billz
192a849cd5 Update default dnsmasq settings 2019-03-07 18:11:58 +00:00
billz
1df86a78a9 Updated with paramaterized servicestart 2019-03-07 10:13:40 +00:00
billz
8a41731513 Added todo for restarting hostapd 2019-03-06 20:07:54 +00:00
billz
b9ed8c472e Service renamed 2019-03-06 19:12:32 +00:00
billz
9e95863cce Persist WifiAPEnable to ini, enable uap0 interface in dnsmasq.conf 2019-03-06 18:42:13 +00:00
billz
d6bd7d2c4a WIP: WifiAPEnable handling 2019-03-06 13:24:51 +00:00
billz
0dbfa71a96 WIP: Advanced options 2019-03-06 10:44:43 +00:00
billz
b758ac161d Added support for Finnish & Sinhala locales 2019-03-04 23:12:01 +00:00
billz
b0c4e54aec Added support for Finnish & Sinhala locales 2019-03-04 23:11:31 +00:00
billz
36da039a01 Update minor version number 2019-03-01 10:44:34 +00:00
billz
6a01eed166 (re)fix of #188. Resolves #290 2019-03-01 09:49:15 +00:00
Benjamin Leblond
a295cf87c0 new feature data usage hourly 2019-02-27 20:42:36 +01:00
Matheus Dal Mago
d9306443f3 Updating revision code list 2019-02-04 15:08:14 -02:00
billz
b00b71e2e3 Added constant to toggle availability of wifi client config. Resolves #279 2019-01-27 20:22:49 +00:00
billz
5f9ed542f8 Added support for Español, thanks @lafm1990 2019-01-13 08:53:16 +00:00
billz
7b604a99a7 Added support for Español, thanks @lafm1990 2019-01-13 08:52:29 +00:00
billz
1b1aa4b6d9 Added support for Russian, thanks Betep 2018-11-19 16:44:44 +00:00
billz
d512219fb0 Added support for Russian, thanks Betep 2018-11-19 16:44:15 +00:00
billz
6a9ffa36a6 Minor corrections to messages 2018-11-15 22:21:55 +00:00
billz
d2fc5e4213 Several enhancements, thanks @PRO2XY & @njkeng. Resolves #168, Resolves #261 2018-11-13 22:32:41 +00:00
billz
211208e7a7 Mode change for consistency 2018-11-13 11:20:03 +00:00
Bill Zimmerman
940194107c
Merge pull request #254 from D9ping/dashboard-fixes
Dashboard use of ip & iw instead of ifconfig & iwconfig.
2018-11-05 14:56:39 +05:30
billz
4a7f3cc7cd Added locale support for Czech, thanks @rvallo 2018-11-04 08:59:01 +00:00
billz
8e22f8857d Added messages for Czech, thanks @rvallo 2018-11-04 08:58:25 +00:00
Bill Zimmerman
b8db06e4f5 Updated RASPI_VERSION to latest release 2018-11-02 13:19:43 +01:00
D9ping
54e55775ea Fix incorrect escaping break lines of WPA and WPA2 secured networks.
Signed-off-by: D9ping <D9ping@users.noreply.github.com>
2018-10-24 01:42:47 +02:00
D9ping
6b05989498 Showing multiple IPv4/IPv6 addresses.
Signed-off-by: D9ping <D9ping@users.noreply.github.com>
2018-10-23 11:57:55 +02:00
D9ping
f81bae5f35 Don't use ifconfig for checking interface state.
Made several strings translatable in dashboard.

Signed-off-by: D9ping <D9ping@users.noreply.github.com>
2018-10-20 14:41:58 +02:00
D9ping
25f362dc19 Use ip and iw instead of ipconfig and iwconfig. #152 #249
Signed-off-by: D9ping <D9ping@users.noreply.github.com>
2018-10-20 00:15:16 +02:00
billz
fca391b7c5 Added locale support for Chinese simplified, thanks @BANKA2017 2018-10-17 15:51:59 +00:00
billz
5e374f3b84 Added locale support for Chinese simplified, thanks @BANKA2017 2018-10-17 15:51:27 +00:00
D9ping
9f5cf8a069 Allow empty passphrase to be entered on no security. #208
Signed-off-by: D9ping <D9ping@users.noreply.github.com>
2018-10-14 03:22:54 +02:00
D9ping
2104f620bc Allow creating not secured wi-fi. Fixes #208
Signed-off-by: D9ping <D9ping@users.noreply.github.com>
2018-10-12 13:05:15 +02:00
D9ping
ee41ed7e0f Added support for hidding SSID. Implement idea from #247.
Signed-off-by: D9ping <D9ping@users.noreply.github.com>
2018-10-10 20:11:10 +02:00
D9ping
28f0c18c5a Merge branch 'master' into 802.11N 2018-10-04 18:07:07 +02:00
D9ping
73f5e4f2da Properly use for attribute for label tags on hostapd page.
Added support for id attribute for SelectorOptions function.

Signed-off-by: D9ping <D9ping@users.noreply.github.com>
2018-10-03 22:20:06 +02:00
D9ping
b10b538896 Allow channel 14 for Japan in 802.11b mode.
Signed-off-by: D9ping <D9ping@users.noreply.github.com>
2018-10-03 16:40:45 +02:00
D9ping
bf638dc2f2 Added support for selecting to use 802.11N
Limit channel selection for north america.

Signed-off-by: D9ping <D9ping@users.noreply.github.com>
2018-10-03 14:40:55 +02:00
Tom
ec1f8022fe
Fix xss in interface parameter. 2018-10-02 12:58:50 +02:00
D9ping
f925a01807 Properly selected ininite lease if ininite is selected.
Made time units translatable.

Signed-off-by: D9ping <D9ping@users.noreply.github.com>
2018-09-25 21:49:54 +02:00
D9ping
b9a1692d61 Merge branch 'master' into Branch_D9ping 2018-09-25 21:33:50 +02:00
D9ping
b292ee218c Fix for #240
Signed-off-by: D9ping <D9ping@users.noreply.github.com>
2018-09-25 21:32:31 +02:00