billz
|
e4225086e1
|
Moved DisplayOpenVPNConfig() to new file
|
2019-11-12 16:02:05 +00:00 |
|
billz
|
9d38e6a806
|
Update OpenVPN + Tor to bootstrap4. Todo: templatize
|
2019-10-24 23:35:59 +01:00 |
|
billz
|
b29bbf4f11
|
Replace HTML linebreaks in ConvertToSecurity()
|
2019-10-15 21:07:21 +01:00 |
|
billz
|
8be24381a8
|
Processed with phpcbf for PSR-2 coding standard
|
2019-09-07 16:42:31 +01:00 |
|
glaszig
|
5a49768614
|
fix renderTemplate() function to allow data-less rendering
|
2019-08-19 22:35:29 +02:00 |
|
glaszig
|
20d9e919c3
|
generate only one csrf token per session
some pages issue xhr which lead to new
tokens in the session and a future check
is garuanteed to fail.
|
2019-08-19 03:12:37 +01:00 |
|
Bill Zimmerman
|
5858971762
|
Merge pull request #372 from glaszig/ui/xhr-load-cached-wifi-stations
load wifi stations via ajax, cache the scan result
|
2019-08-17 09:53:13 +02:00 |
|
glaszig
|
f5e3b717ff
|
add missing CSRFTokenFieldTag's
|
2019-08-14 02:41:58 +02:00 |
|
glaszig
|
993dc633a9
|
load wifi stations via ajax, cache the scan result
until the "rescan" button is pressed. speeds up
"configure client" page massively.
|
2019-08-08 03:44:28 +02:00 |
|
glaszig
|
8f3489cd4a
|
remove id attribute from csrf token field due to obsolescence
and if there's multiple form's on the page it would lead to
multiple elements with the same id which is illegal in html
|
2019-08-06 20:55:16 +02:00 |
|
glaszig
|
f36b08c10a
|
rename CSRFToken() to the more apt CSRFTokenFieldTag()
|
2019-08-06 20:55:16 +02:00 |
|
glaszig
|
0a255e8b49
|
don't write the csrf token field to the output buffer
but return and echo it
|
2019-08-06 20:55:16 +02:00 |
|
glaszig
|
6f1ae104f3
|
improve CSRFToken() implementation
|
2019-08-06 20:55:16 +02:00 |
|
glaszig
|
2f6dc2cc05
|
remove superfluous semi-colon
|
2019-08-06 20:55:16 +02:00 |
|
glaszig
|
964dc00fab
|
generate a new csrf token for each request
|
2019-08-06 20:55:16 +02:00 |
|
glaszig
|
7898dc24c8
|
mcrypt_create_iv is deprecated, openssl_random_pseudo_bytes
depends on openssl. php7 has the platform-independent
`random_bytes` to generate "cryptographically secure"
random data. use that for csrf token.
|
2019-08-06 20:55:16 +02:00 |
|
glaszig
|
b9e9b7fe39
|
move csrf token initialization into function
|
2019-08-06 20:55:16 +02:00 |
|
glaszig
|
0967a53152
|
validate token value from csrf token header
if supplied and not overridden by post request param
|
2019-08-06 20:55:16 +02:00 |
|
glaszig
|
20bb9fe42f
|
add csrf meta tag (for use with xhr, for example)
|
2019-08-06 20:55:16 +02:00 |
|
glaszig
|
f989b8060b
|
always verify csrf token for resource-modifying requests,
that is post, put, patch, delete
|
2019-08-06 20:55:16 +02:00 |
|
glaszig
|
d18dbd7def
|
add ui to manage static dhcp leases
* add support to parse duplicate options in ParseConfig()
* add logic, html and js to edit dhcp leases
|
2019-08-01 18:15:32 +02:00 |
|
billz
|
3f9b422f5f
|
Update safefilerewrite with PHP_EOL
|
2019-04-30 22:57:12 +00:00 |
|
billz
|
1008f83cc4
|
Update write_php_ini
|
2019-04-30 22:36:35 +00:00 |
|
billz
|
ce93faa277
|
Update write_php_ini
|
2019-04-30 22:18:44 +00:00 |
|
billz
|
c0570b616e
|
Processed with phpcs for PSR-2 coding standard
|
2019-04-10 08:37:35 +00:00 |
|
D9ping
|
54e55775ea
|
Fix incorrect escaping break lines of WPA and WPA2 secured networks.
Signed-off-by: D9ping <D9ping@users.noreply.github.com>
|
2018-10-24 01:42:47 +02:00 |
|
D9ping
|
73f5e4f2da
|
Properly use for attribute for label tags on hostapd page.
Added support for id attribute for SelectorOptions function.
Signed-off-by: D9ping <D9ping@users.noreply.github.com>
|
2018-10-03 22:20:06 +02:00 |
|
D9ping
|
5988dab56e
|
Fixed html option end tag.
Signed-off-by: D9ping <D9ping@users.noreply.github.com>
|
2018-08-16 14:48:47 +02:00 |
|
Bill Zimmerman
|
a02b525fc1
|
Added missing double-quote. Fixes #222. Thanks @seebz
|
2018-08-15 11:30:24 -07:00 |
|
D9ping
|
fb7ba20055
|
Fixed php notices log messages.
Signed-off-by: D9ping <D9ping@users.noreply.github.com>
|
2018-08-06 01:18:11 +02:00 |
|
D9ping
|
2b03fa316d
|
Escape client input, console output etc. before doing any echo.
Signed-off-by: D9ping <D9ping@users.noreply.github.com>
|
2018-08-04 02:05:56 +02:00 |
|
Russ Marshall
|
ff36dbb3b4
|
support for 5GHz channels
|
2018-02-19 08:13:20 -05:00 |
|
Lawrence
|
068c4c519e
|
Merge from Upstream
|
2017-11-04 12:49:48 +08:00 |
|
Lawrence
|
f61cc31b20
|
Created new branch off master to help troubleshoot with #132
|
2017-11-02 22:43:41 +08:00 |
|
Lawrence
|
7749b79e2f
|
Implemented start of web interface to update Static IP addresses or use DHCP.
Currently saves to files in /etc/raspap/networking, still need to build something to generate a working config for dhcpcd
|
2017-10-28 02:40:30 +08:00 |
|
Joe Haig
|
20eb3b0107
|
Merge branch 'master' into dashboard
|
2016-08-16 20:44:22 +01:00 |
|
Joe Haig
|
e953e68556
|
Redo 'Configure client' page
|
2016-08-14 16:40:59 +00:00 |
|
Joe Haig
|
c7ed97dd8b
|
Change method of calculating channel and security
|
2016-08-12 17:29:56 +00:00 |
|
Joe Haig
|
fe3b0e9513
|
Move client wifi configuration into separate file
|
2016-08-12 17:00:43 +00:00 |
|
Joe Haig
|
095e1afa8c
|
Move Dashboard function to separate file
|
2016-08-08 12:48:16 +00:00 |
|
Joe Haig
|
7406a5050c
|
Move system page into separate file
|
2016-08-08 12:31:19 +00:00 |
|
Joe Haig
|
bff9dfbbbc
|
Some validation on POST data
|
2016-08-05 20:38:02 +00:00 |
|
Joe Haig
|
671016e685
|
Add CSRF to hostapd config
And tidy things up a bit
|
2016-08-05 15:50:05 +01:00 |
|
Joe Haig
|
15a4ece433
|
Move function to save HostAPD config too
|
2016-07-27 20:48:27 +00:00 |
|
Joe Haig
|
bfb1332cdf
|
Move HostAPD into separate file
|
2016-07-27 20:43:40 +00:00 |
|
Joseph Haig
|
3b043950de
|
Add CSRF to DHCP form
Also, separate out into separate file and refactor
|
2016-07-09 01:26:13 +01:00 |
|
Joseph Haig
|
d92b01e8f2
|
Fix tabbing
|
2016-06-26 17:25:59 +01:00 |
|
Joe Haig
|
5c2492e785
|
Add CSRF token to password change page
|
2016-06-24 22:39:39 +01:00 |
|
Joe Haig
|
d431c3f767
|
Permit flags in the config
|
2016-06-19 23:23:03 +01:00 |
|
Joe Haig
|
443c75390a
|
Set $status to avoid error
|
2016-06-19 23:01:22 +01:00 |
|