luci-mod-admin-full: protect clock, flash and opkg ops with submit token

author Jo-Philipp Wich <jow@openwrt.org>

Tue, 20 Oct 2015 19:01:41 +0000 (21:01 +0200)

committer Jo-Philipp Wich <jow@openwrt.org>

Tue, 20 Oct 2015 19:04:46 +0000 (21:04 +0200)
author Jo-Philipp Wich <jow@openwrt.org>
Tue, 20 Oct 2015 19:01:41 +0000 (21:01 +0200)
committer Jo-Philipp Wich <jow@openwrt.org>
Tue, 20 Oct 2015 19:04:46 +0000 (21:04 +0200)
diff --git a/modules/luci-mod-admin-full/luasrc/controller/admin/system.lua b/modules/luci-mod-admin-full/luasrc/controller/admin/system.lua

index 64af555..3340b17 100644 (file)
--- a/modules/luci-mod-admin-full/luasrc/controller/admin/system.lua
+++ b/modules/luci-mod-admin-full/luasrc/controller/admin/system.lua
@@ -9,12 +9,12 @@ function index()
  
         entry({"admin", "system"}, alias("admin", "system", "system"), _("System"), 30).index = true
         entry({"admin", "system", "system"}, cbi("admin_system/system"), _("System"), 1)
  
         entry({"admin", "system"}, alias("admin", "system", "system"), _("System"), 30).index = true
         entry({"admin", "system", "system"}, cbi("admin_system/system"), _("System"), 1)
-       entry({"admin", "system", "clock_status"}, call("action_clock_status"))
+       entry({"admin", "system", "clock_status"}, post_on({ set = true }, "action_clock_status"))
  
         entry({"admin", "system", "admin"}, cbi("admin_system/admin"), _("Administration"), 2)
  
         if fs.access("/bin/opkg") then
  
         entry({"admin", "system", "admin"}, cbi("admin_system/admin"), _("Administration"), 2)
  
         if fs.access("/bin/opkg") then
-               entry({"admin", "system", "packages"}, call("action_packages"), _("Software"), 10)
+               entry({"admin", "system", "packages"}, post_on({ exec = "1" }, "action_packages"), _("Software"), 10)
                 entry({"admin", "system", "packages", "ipkg"}, form("admin_system/ipkg"))
         end
  
                 entry({"admin", "system", "packages", "ipkg"}, form("admin_system/ipkg"))
         end
  
@@ -31,7 +31,7 @@ function index()
                 entry({"admin", "system", "leds"}, cbi("admin_system/leds"), _("<abbr title=\"Light Emitting Diode\">LED</abbr> Configuration"), 60)
         end
  
                 entry({"admin", "system", "leds"}, cbi("admin_system/leds"), _("<abbr title=\"Light Emitting Diode\">LED</abbr> Configuration"), 60)
         end
  
-       entry({"admin", "system", "flashops"}, call("action_flashops"), _("Backup / Flash Firmware"), 70)
+       entry({"admin", "system", "flashops"}, post_on({ exec = "1" }, "action_flashops"), _("Backup / Flash Firmware"), 70)
         entry({"admin", "system", "flashops", "backupfiles"}, form("admin_system/backupfiles"))
  
         entry({"admin", "system", "reboot"}, template("admin_system/reboot"), _("Reboot"), 90)
         entry({"admin", "system", "flashops", "backupfiles"}, form("admin_system/backupfiles"))
  
         entry({"admin", "system", "reboot"}, template("admin_system/reboot"), _("Reboot"), 90)
@@ -56,7 +56,8 @@ end
  function action_packages()
         local fs = require "nixio.fs"
         local ipkg = require "luci.model.ipkg"
  function action_packages()
         local fs = require "nixio.fs"
         local ipkg = require "luci.model.ipkg"
-       local submit = luci.http.formvalue("submit")
+       local submit = (luci.http.formvalue("exec") == "1")
+       local update, upgrade
         local changes = false
         local install = { }
         local remove  = { }
         local changes = false
         local install = { }
         local remove  = { }
@@ -76,59 +77,62 @@ function action_packages()
         query = (query ~= '') and query or nil
  
  
         query = (query ~= '') and query or nil
  
  
-       -- Packets to be installed
-       local ninst = submit and luci.http.formvalue("install")
-       local uinst = nil
+       -- Modifying actions
+       if submit then
+               -- Packets to be installed
+               local ninst = luci.http.formvalue("install")
+               local uinst = nil
  
  
-       -- Install from URL
-       local url = luci.http.formvalue("url")
-       if url and url ~= '' and submit then
-               uinst = url
-       end
-
-       -- Do install
-       if ninst then
-               install[ninst], out, err = ipkg.install(ninst)
-               stdout[#stdout+1] = out
-               stderr[#stderr+1] = err
-               changes = true
-       end
+               -- Install from URL
+               local url = luci.http.formvalue("url")
+               if url and url ~= '' then
+                       uinst = url
+               end
  
  
-       if uinst then
-               local pkg
-               for pkg in luci.util.imatch(uinst) do
-                       install[uinst], out, err = ipkg.install(pkg)
+               -- Do install
+               if ninst then
+                       install[ninst], out, err = ipkg.install(ninst)
                         stdout[#stdout+1] = out
                         stderr[#stderr+1] = err
                         changes = true
                 end
                         stdout[#stdout+1] = out
                         stderr[#stderr+1] = err
                         changes = true
                 end
-       end
  
  
-       -- Remove packets
-       local rem = submit and luci.http.formvalue("remove")
-       if rem then
-               remove[rem], out, err = ipkg.remove(rem)
-               stdout[#stdout+1] = out
-               stderr[#stderr+1] = err
-               changes = true
-       end
+               if uinst then
+                       local pkg
+                       for pkg in luci.util.imatch(uinst) do
+                               install[uinst], out, err = ipkg.install(pkg)
+                               stdout[#stdout+1] = out
+                               stderr[#stderr+1] = err
+                               changes = true
+                       end
+               end
  
  
+               -- Remove packets
+               local rem = luci.http.formvalue("remove")
+               if rem then
+                       remove[rem], out, err = ipkg.remove(rem)
+                       stdout[#stdout+1] = out
+                       stderr[#stderr+1] = err
+                       changes = true
+               end
  
  
-       -- Update all packets
-       local update = luci.http.formvalue("update")
-       if update then
-               update, out, err = ipkg.update()
-               stdout[#stdout+1] = out
-               stderr[#stderr+1] = err
-       end
+
+               -- Update all packets
+               update = luci.http.formvalue("update")
+               if update then
+                       update, out, err = ipkg.update()
+                       stdout[#stdout+1] = out
+                       stderr[#stderr+1] = err
+               end
  
  
  
  
-       -- Upgrade all packets
-       local upgrade = luci.http.formvalue("upgrade")
-       if upgrade then
-               upgrade, out, err = ipkg.upgrade()
-               stdout[#stdout+1] = out
-               stderr[#stderr+1] = err
+               -- Upgrade all packets
+               upgrade = luci.http.formvalue("upgrade")
+               if upgrade then
+                       upgrade, out, err = ipkg.upgrade()
+                       stdout[#stdout+1] = out
+                       stderr[#stderr+1] = err
+               end
         end
  
  
         end
  
  
@@ -168,8 +172,11 @@ function action_packages()
  end
  
  function action_flashops()
  end
  
  function action_flashops()
-       local sys = require "luci.sys"
-       local fs  = require "nixio.fs"
+       local http = require "luci.http"
+       local sys  = require "luci.sys"
+       local fs   = require "nixio.fs"
+
+       local submit = (http.formvalue("exec") == "1")
  
         local upgrade_avail = fs.access("/lib/upgrade/platform.sh")
         local reset_avail   = os.execute([[grep '"rootfs_data"' /proc/mtd >/dev/null 2>&1]]) == 0
  
         local upgrade_avail = fs.access("/lib/upgrade/platform.sh")
         local reset_avail   = os.execute([[grep '"rootfs_data"' /proc/mtd >/dev/null 2>&1]]) == 0
@@ -208,96 +215,108 @@ function action_flashops()
                 return size
         end
  
                 return size
         end
  
-
-       local fp
-       luci.http.setfilehandler(
-               function(meta, chunk, eof)
-                       if not fp then
-                               if meta and meta.name == "image" then
-                                       fp = io.open(image_tmp, "w")
-                               else
-                                       fp = io.popen(restore_cmd, "w")
+       --
+       -- Handle modifying actions
+       --
+       if submit then
+
+               local fp
+               http.setfilehandler(
+                       function(meta, chunk, eof)
+                               if not fp then
+                                       if meta and meta.name == "image" then
+                                               fp = io.open(image_tmp, "w")
+                                       else
+                                               fp = io.popen(restore_cmd, "w")
+                                       end
+                               end
+                               if chunk then
+                                       fp:write(chunk)
+                               end
+                               if eof then
+                                       fp:close()
                                 end
                         end
                                 end
                         end
-                       if chunk then
-                               fp:write(chunk)
-                       end
-                       if eof then
-                               fp:close()
+               )
+
+               if http.formvalue("backup") then
+                       --
+                       -- Assemble file list, generate backup
+                       --
+                       local reader = ltn12_popen(backup_cmd)
+                       http.header('Content-Disposition', 'attachment; filename="backup-%s-%s.tar.gz"' % {
+                               luci.sys.hostname(), os.date("%Y-%m-%d")})
+                       http.prepare_content("application/x-targz")
+                       luci.ltn12.pump.all(reader, http.write)
+                       return
+
+               elseif http.formvalue("restore") then
+                       --
+                       -- Unpack received .tar.gz
+                       --
+                       local upload = http.formvalue("archive")
+                       if upload and #upload > 0 then
+                               luci.template.render("admin_system/applyreboot")
+                               luci.sys.reboot()
+                               return
                         end
                         end
-               end
-       )
-
-       if luci.http.formvalue("backup") then
-               --
-               -- Assemble file list, generate backup
-               --
-               local reader = ltn12_popen(backup_cmd)
-               luci.http.header('Content-Disposition', 'attachment; filename="backup-%s-%s.tar.gz"' % {
-                       luci.sys.hostname(), os.date("%Y-%m-%d")})
-               luci.http.prepare_content("application/x-targz")
-               luci.ltn12.pump.all(reader, luci.http.write)
-       elseif luci.http.formvalue("restore") then
-               --
-               -- Unpack received .tar.gz
-               --
-               local upload = luci.http.formvalue("archive")
-               if upload and #upload > 0 then
-                       luci.template.render("admin_system/applyreboot")
-                       luci.sys.reboot()
-               end
-       elseif luci.http.formvalue("image") or luci.http.formvalue("step") then
-               --
-               -- Initiate firmware flash
-               --
-               local step = tonumber(luci.http.formvalue("step") or 1)
-               if step == 1 then
-                       if image_supported() then
-                               luci.template.render("admin_system/upgrade", {
-                                       checksum = image_checksum(),
-                                       storage  = storage_size(),
-                                       size     = (fs.stat(image_tmp, "size") or 0),
-                                       keep     = (not not luci.http.formvalue("keep"))
-                               })
-                       else
-                               fs.unlink(image_tmp)
-                               luci.template.render("admin_system/flashops", {
-                                       reset_avail   = reset_avail,
-                                       upgrade_avail = upgrade_avail,
-                                       image_invalid = true
+
+               elseif http.formvalue("image") or http.formvalue("step") then
+                       --
+                       -- Initiate firmware flash
+                       --
+                       local step = tonumber(http.formvalue("step") or 1)
+                       if step == 1 then
+                               if image_supported() then
+                                       luci.template.render("admin_system/upgrade", {
+                                               checksum = image_checksum(),
+                                               storage  = storage_size(),
+                                               size     = (fs.stat(image_tmp, "size") or 0),
+                                               keep     = (not not http.formvalue("keep"))
+                                       })
+                               else
+                                       fs.unlink(image_tmp)
+                                       luci.template.render("admin_system/flashops", {
+                                               reset_avail   = reset_avail,
+                                               upgrade_avail = upgrade_avail,
+                                               image_invalid = true
+                                       })
+                               end
+                               return
+                       --
+                       -- Start sysupgrade flash
+                       --
+                       elseif step == 2 then
+                               local keep = (http.formvalue("keep") == "1") and "" or "-n"
+                               luci.template.render("admin_system/applyreboot", {
+                                       title = luci.i18n.translate("Flashing..."),
+                                       msg   = luci.i18n.translate("The system is flashing now.<br /> DO NOT POWER OFF THE DEVICE!<br /> Wait a few minutes before you try to reconnect. It might be necessary to renew the address of your computer to reach the device again, depending on your settings."),
+                                       addr  = (#keep > 0) and "192.168.1.1" or nil
                                 })
                                 })
+                               fork_exec("killall dropbear uhttpd; sleep 1; /sbin/sysupgrade %s %q" %{ keep, image_tmp })
+                               return
                         end
                         end
-               --
-               -- Start sysupgrade flash
-               --
-               elseif step == 2 then
-                       local keep = (luci.http.formvalue("keep") == "1") and "" or "-n"
+               elseif reset_avail and http.formvalue("reset") then
+                       --
+                       -- Reset system
+                       --
                         luci.template.render("admin_system/applyreboot", {
                         luci.template.render("admin_system/applyreboot", {
-                               title = luci.i18n.translate("Flashing..."),
-                               msg   = luci.i18n.translate("The system is flashing now.<br /> DO NOT POWER OFF THE DEVICE!<br /> Wait a few minutes before you try to reconnect. It might be necessary to renew the address of your computer to reach the device again, depending on your settings."),
-                               addr  = (#keep > 0) and "192.168.1.1" or nil
+                               title = luci.i18n.translate("Erasing..."),
+                               msg   = luci.i18n.translate("The system is erasing the configuration partition now and will reboot itself when finished."),
+                               addr  = "192.168.1.1"
                         })
                         })
-                       fork_exec("killall dropbear uhttpd; sleep 1; /sbin/sysupgrade %s %q" %{ keep, image_tmp })
+                       fork_exec("killall dropbear uhttpd; sleep 1; mtd -r erase rootfs_data")
+                       return
                 end
                 end
-       elseif reset_avail and luci.http.formvalue("reset") then
-               --
-               -- Reset system
-               --
-               luci.template.render("admin_system/applyreboot", {
-                       title = luci.i18n.translate("Erasing..."),
-                       msg   = luci.i18n.translate("The system is erasing the configuration partition now and will reboot itself when finished."),
-                       addr  = "192.168.1.1"
-               })
-               fork_exec("killall dropbear uhttpd; sleep 1; mtd -r erase rootfs_data")
-       else
-               --
-               -- Overview
-               --
-               luci.template.render("admin_system/flashops", {
-                       reset_avail   = reset_avail,
-                       upgrade_avail = upgrade_avail
-               })
         end
         end
+
+       --
+       -- Overview
+       --
+       luci.template.render("admin_system/flashops", {
+               reset_avail   = reset_avail,
+               upgrade_avail = upgrade_avail
+       })
  end
  
  function action_passwd()
  end
  
  function action_passwd()
diff --git a/modules/luci-mod-admin-full/luasrc/view/admin_system/clock_status.htm b/modules/luci-mod-admin-full/luasrc/view/admin_system/clock_status.htm

index 19be072..37d8ae0 100644 (file)
--- a/modules/luci-mod-admin-full/luasrc/view/admin_system/clock_status.htm
+++ b/modules/luci-mod-admin-full/luasrc/view/admin_system/clock_status.htm
@@ -17,8 +17,8 @@
                 btn.disabled = true;
                 btn.value    = '<%:Synchronizing...%>';
  
                 btn.disabled = true;
                 btn.value    = '<%:Synchronizing...%>';
  
-               XHR.get('<%=url('admin/system/clock_status')%>',
-                       { set: Math.floor((new Date()).getTime() / 1000) },
+               (new XHR()).post('<%=url('admin/system/clock_status')%>',
+                       { token: '<%=token%>', set: Math.floor((new Date()).getTime() / 1000) },
                         function()
                         {
                                 btn.disabled = false;
                         function()
                         {
                                 btn.disabled = false;
diff --git a/modules/luci-mod-admin-full/luasrc/view/admin_system/flashops.htm b/modules/luci-mod-admin-full/luasrc/view/admin_system/flashops.htm

index bc8bcf4..8bf1992 100644 (file)
--- a/modules/luci-mod-admin-full/luasrc/view/admin_system/flashops.htm
+++ b/modules/luci-mod-admin-full/luasrc/view/admin_system/flashops.htm
@@ -1,6 +1,6 @@
  <%#
   Copyright 2008 Steven Barth <steven@midlink.org>
  <%#
   Copyright 2008 Steven Barth <steven@midlink.org>
- Copyright 2008 Jo-Philipp Wich <jow@openwrt.org>
+ Copyright 2008-2015 Jo-Philipp Wich <jow@openwrt.org>
   Licensed to the public under the Apache License 2.0.
  -%>
  
   Licensed to the public under the Apache License 2.0.
  -%>
  
@@ -17,7 +17,9 @@
  
         <fieldset class="cbi-section">
                 <legend><%:Backup / Restore%></legend>
  
         <fieldset class="cbi-section">
                 <legend><%:Backup / Restore%></legend>
-               <form method="post" action="<%=REQUEST_URI%>" enctype="multipart/form-data">
+               <form method="post" action="<%=url('admin/system/flashops')%>" enctype="multipart/form-data">
+                       <input type="hidden" name="exec" value="1" />
+                       <input type="hidden" name="token" value="<%=token%>" />
                         <div class="cbi-section-descr"><%:Click "Generate archive" to download a tar archive of the current configuration files. To reset the firmware to its initial state, click "Perform reset" (only possible with squashfs images).%></div>
                         <div class="cbi-section-node">
                                 <div class="cbi-value<% if not reset_avail then %> cbi-value-last<% end %>">
                         <div class="cbi-section-descr"><%:Click "Generate archive" to download a tar archive of the current configuration files. To reset the firmware to its initial state, click "Perform reset" (only possible with squashfs images).%></div>
                         <div class="cbi-section-node">
                                 <div class="cbi-value<% if not reset_avail then %> cbi-value-last<% end %>">
@@ -54,7 +56,9 @@
         <fieldset class="cbi-section">
                 <legend><%:Flash new firmware image%></legend>
                 <% if upgrade_avail then %>
         <fieldset class="cbi-section">
                 <legend><%:Flash new firmware image%></legend>
                 <% if upgrade_avail then %>
-                       <form method="post" action="<%=REQUEST_URI%>" enctype="multipart/form-data">
+                       <form method="post" action="<%=url('admin/system/flashops')%>" enctype="multipart/form-data">
+                               <input type="hidden" name="exec" value="1" />
+                               <input type="hidden" name="token" value="<%=token%>" />
                                 <div class="cbi-section-descr"><%:Upload a sysupgrade-compatible image here to replace the running firmware. Check "Keep settings" to retain the current configuration (requires an OpenWrt compatible firmware image).%></div>
                                 <div class="cbi-section-node">
                                         <div class="cbi-value">
                                 <div class="cbi-section-descr"><%:Upload a sysupgrade-compatible image here to replace the running firmware. Check "Keep settings" to retain the current configuration (requires an OpenWrt compatible firmware image).%></div>
                                 <div class="cbi-section-node">
                                         <div class="cbi-value">
diff --git a/modules/luci-mod-admin-full/luasrc/view/admin_system/packages.htm b/modules/luci-mod-admin-full/luasrc/view/admin_system/packages.htm

index ef95919..fbb8235 100644 (file)
--- a/modules/luci-mod-admin-full/luasrc/view/admin_system/packages.htm
+++ b/modules/luci-mod-admin-full/luasrc/view/admin_system/packages.htm
@@ -46,17 +46,18 @@ end
  
  <h2 name="content"><%:Software%></h2>
  
  
  <h2 name="content"><%:Software%></h2>
  
-<form method="post" action="<%=REQUEST_URI%>">
-       <div class="cbi-map">
+<div class="cbi-map">
  
  
-               <ul class="cbi-tabmenu">
-                       <li class="cbi-tab"><a href="#"><%:Actions%></a></li>
-                       <li class="cbi-tab-disabled"><a href="<%=REQUEST_URI%>/ipkg"><%:Configuration%></a></li>
-               </ul>
-
-               <fieldset class="cbi-section">
+       <ul class="cbi-tabmenu">
+               <li class="cbi-tab"><a href="#"><%:Actions%></a></li>
+               <li class="cbi-tab-disabled"><a href="<%=REQUEST_URI%>/ipkg"><%:Configuration%></a></li>
+       </ul>
  
  
+       <form method="post" action="<%=REQUEST_URI%>">
+               <input type="hidden" name="exec" value="1" />
+               <input type="hidden" name="token" value="<%=token%>" />
  
  
+               <fieldset class="cbi-section">
                         <fieldset class="cbi-section-node">
                                 <% if (install and next(install)) or (remove and next(remove)) or update or upgrade then %>
                                 <div class="cbi-value">
                         <fieldset class="cbi-section-node">
                                 <% if (install and next(install)) or (remove and next(remove)) or update or upgrade then %>
                                 <div class="cbi-value">
@@ -80,7 +81,7 @@ end
                                         <% else %>
                                                 <%:No package lists available%>
                                         <% end %>
                                         <% else %>
                                                 <%:No package lists available%>
                                         <% end %>
-                                       <input type="button" onclick="location.href='?update=1'" href="#" class="cbi-button cbi-button-apply" style="margin-left:3em" value="<%:Update lists%>" />
+                                       <input type="submit" name="update" href="#" class="cbi-button cbi-button-apply" style="margin-left:3em" value="<%:Update lists%>" />
                                 </div>
                                 <% end %>
  
                                 </div>
                                 <% end %>
  
@@ -101,7 +102,7 @@ end
                                         <label class="cbi-value-title"><%:Download and install package%>:</label>
                                         <div class="cbi-value-field">
                                                 <input type="text" name="url" size="30" value="" />
                                         <label class="cbi-value-title"><%:Download and install package%>:</label>
                                         <div class="cbi-value-field">
                                                 <input type="text" name="url" size="30" value="" />
-                                               <input class="cbi-button cbi-input-save" type="submit" name="submit" value="<%:OK%>" />
+                                               <input class="cbi-button cbi-input-save" type="submit" name="exec" value="<%:OK%>" />
                                         </div>
                                 </div>
  
                                         </div>
                                 </div>
  
@@ -114,83 +115,98 @@ end
                                 </div>
                         </fieldset>
                 </fieldset>
                                 </div>
                         </fieldset>
                 </fieldset>
-               <br />
-
-               <h3><%:Status%></h3>
-
-
-               <ul class="cbi-tabmenu">
-                       <li class="cbi-tab<% if display ~= "installed" then %>-disabled<% end %>"><a href="?display=installed&amp;query=<%=pcdata(query)%>"><%:Installed packages%><% if query then %> (<%=pcdata(query)%>)<% end %></a></li>
-                       <li class="cbi-tab<% if display ~= "available" then %>-disabled<% end %>"><a href="?display=available&amp;query=<%=pcdata(query)%>"><%:Available packages%><% if query then %> (<%=pcdata(query)%>)<% end %></a></li>
-               </ul>
-
-               <% if display ~= "available" then %>
-                       <fieldset class="cbi-section">
-                               <table class="cbi-section-table" style="width:100%">
-                                       <tr class="cbi-section-table-titles">
-                                               <th class="cbi-section-table-cell" style="text-align:left">&#160;</th>
-                                               <th class="cbi-section-table-cell" style="text-align:left"><%:Package name%></th>
-                                               <th class="cbi-section-table-cell" style="text-align:left"><%:Version%></th>
-                                       </tr>
-                                       <% local empty = true; luci.model.ipkg.list_installed(querypat, function(n, v, s, d) empty = false; filter[n] = true %>
-                                       <tr class="cbi-section-table-row cbi-rowstyle-<%=rowstyle()%>">
-                                               <td style="text-align:left; width:10%"><a onclick="return window.confirm('<%:Remove%> &quot;<%=luci.util.pcdata(n)%>&quot; ?')" href="<%=REQUEST_URI%>?submit=1&amp;remove=<%=luci.util.pcdata(n)%>"><%:Remove%></a></td>
-                                               <td style="text-align:left"><%=luci.util.pcdata(n)%></td>
-                                               <td style="text-align:left"><%=luci.util.pcdata(v)%></td>
-                                       </tr>
-                                       <% end) %>
-                                       <% if empty then %>
-                                       <tr class="cbi-section-table-row">
-                                               <td style="text-align:left">&#160;</td>
-                                               <td style="text-align:left"><em><%:none%></em></td>
-                                               <td style="text-align:left"><em><%:none%></em></td>
-                                       </tr>
-                                       <% end %>
-                               </table>
-                       </fieldset>
-               <% else %>
-                       <fieldset class="cbi-section">
-                       <% if not querypat then %>
-                               <ul class="cbi-tabmenu">
-                                       <% local i; for i = 65, 90 do %>
-                                       <li class="cbi-tab<% if letter ~= i then %>-disabled<% end %>"><a href="?display=available&amp;letter=<%=string.char(i)%>"><%=string.char(i)%></a></li>
-                                       <% end %>
-                                       <li class="cbi-tab<% if letter ~= 35 then %>-disabled<% end %>"><a href="?display=available&amp;letter=%23">#</a></li>
-                               </ul>
-                               <div class="cbi-section-node">
-                       <% end %>
-                               <table class="cbi-section-table" style="width:100%">
-                                       <tr class="cbi-section-table-titles">
-                                               <th class="cbi-section-table-cell" style="text-align:left">&#160;</th>
-                                               <th class="cbi-section-table-cell" style="text-align:left"><%:Package name%></th>
-                                               <th class="cbi-section-table-cell" style="text-align:left"><%:Version%></th>
-                                               <th class="cbi-section-table-cell" style="text-align:right"><%:Size (.ipk)%></th>
-                                               <th class="cbi-section-table-cell" style="text-align:left"><%:Description%></th>
-                                       </tr>
-                                       <% local empty = true; opkg_list(querypat or letterpat, function(n, v, s, d) if filter[n] then return end; empty = false %>
-                                       <tr class="cbi-section-table-row cbi-rowstyle-<%=rowstyle()%>">
-                                               <td style="text-align:left; width:10%"><a onclick="return window.confirm('<%:Install%> &quot;<%=luci.util.pcdata(n)%>&quot; ?')" href="<%=REQUEST_URI%>?submit=1&amp;install=<%=luci.util.pcdata(n)%>"><%:Install%></a></td>
-                                               <td style="text-align:left"><%=luci.util.pcdata(n)%></td>
-                                               <td style="text-align:left"><%=luci.util.pcdata(v)%></td>
-                                               <td style="text-align:right"><%=luci.util.pcdata(s)%></td>
-                                               <td style="text-align:left"><%=luci.util.pcdata(d)%></td>
-                                       </tr>
-                                       <% end) %>
-                                       <% if empty then %>
-                                       <tr class="cbi-section-table-row">
-                                               <td style="text-align:left">&#160;</td>
-                                               <td style="text-align:left"><em><%:none%></em></td>
-                                               <td style="text-align:left"><em><%:none%></em></td>
-                                               <td style="text-align:right"><em><%:none%></em></td>
-                                               <td style="text-align:left"><em><%:none%></em></td>
-                                       </tr>
-                                       <% end %>
-                               </table>
-                       <% if not querypat then %>
-                               </div>
-                       <% end %>
-                       </fieldset>
+       </form>
+
+
+       <h3><%:Status%></h3>
+
+
+       <ul class="cbi-tabmenu">
+               <li class="cbi-tab<% if display ~= "installed" then %>-disabled<% end %>"><a href="?display=installed&amp;query=<%=pcdata(query)%>"><%:Installed packages%><% if query then %> (<%=pcdata(query)%>)<% end %></a></li>
+               <li class="cbi-tab<% if display ~= "available" then %>-disabled<% end %>"><a href="?display=available&amp;query=<%=pcdata(query)%>"><%:Available packages%><% if query then %> (<%=pcdata(query)%>)<% end %></a></li>
+       </ul>
+
+       <% if display ~= "available" then %>
+               <fieldset class="cbi-section">
+                       <table class="cbi-section-table" style="width:100%">
+                               <tr class="cbi-section-table-titles">
+                                       <th class="cbi-section-table-cell" style="text-align:left">&#160;</th>
+                                       <th class="cbi-section-table-cell" style="text-align:left"><%:Package name%></th>
+                                       <th class="cbi-section-table-cell" style="text-align:left"><%:Version%></th>
+                               </tr>
+                               <% local empty = true; luci.model.ipkg.list_installed(querypat, function(n, v, s, d) empty = false; filter[n] = true %>
+                               <tr class="cbi-section-table-row cbi-rowstyle-<%=rowstyle()%>">
+                                       <td style="text-align:left; width:10%">
+                                               <form method="post" class="inline" action="<%=REQUEST_URI%>">
+                                                       <input type="hidden" name="exec" value="1" />
+                                                       <input type="hidden" name="token" value="<%=token%>" />
+                                                       <input type="hidden" name="remove" value="<%=pcdata(n)%>" />
+                                                       <a onclick="window.confirm('<%:Remove%> &quot;<%=luci.util.pcdata(n)%>&quot; ?') && this.parentNode.submit(); return false" href="#"><%:Remove%></a>
+                                               </form>
+                                       </td>
+                                       <td style="text-align:left"><%=luci.util.pcdata(n)%></td>
+                                       <td style="text-align:left"><%=luci.util.pcdata(v)%></td>
+                               </tr>
+                               <% end) %>
+                               <% if empty then %>
+                               <tr class="cbi-section-table-row">
+                                       <td style="text-align:left">&#160;</td>
+                                       <td style="text-align:left"><em><%:none%></em></td>
+                                       <td style="text-align:left"><em><%:none%></em></td>
+                               </tr>
+                               <% end %>
+                       </table>
+               </fieldset>
+       <% else %>
+               <fieldset class="cbi-section">
+               <% if not querypat then %>
+                       <ul class="cbi-tabmenu">
+                               <% local i; for i = 65, 90 do %>
+                               <li class="cbi-tab<% if letter ~= i then %>-disabled<% end %>"><a href="?display=available&amp;letter=<%=string.char(i)%>"><%=string.char(i)%></a></li>
+                               <% end %>
+                               <li class="cbi-tab<% if letter ~= 35 then %>-disabled<% end %>"><a href="?display=available&amp;letter=%23">#</a></li>
+                       </ul>
+                       <div class="cbi-section-node">
+               <% end %>
+                       <table class="cbi-section-table" style="width:100%">
+                               <tr class="cbi-section-table-titles">
+                                       <th class="cbi-section-table-cell" style="text-align:left">&#160;</th>
+                                       <th class="cbi-section-table-cell" style="text-align:left"><%:Package name%></th>
+                                       <th class="cbi-section-table-cell" style="text-align:left"><%:Version%></th>
+                                       <th class="cbi-section-table-cell" style="text-align:right"><%:Size (.ipk)%></th>
+                                       <th class="cbi-section-table-cell" style="text-align:left"><%:Description%></th>
+                               </tr>
+                               <% local empty = true; opkg_list(querypat or letterpat, function(n, v, s, d) if filter[n] then return end; empty = false %>
+                               <tr class="cbi-section-table-row cbi-rowstyle-<%=rowstyle()%>">
+                                       <td style="text-align:left; width:10%">
+                                               <form method="post" class="inline" action="<%=REQUEST_URI%>">
+                                                       <input type="hidden" name="exec" value="1" />
+                                                       <input type="hidden" name="token" value="<%=token%>" />
+                                                       <input type="hidden" name="install" value="<%=pcdata(n)%>" />
+                                                       <a onclick="window.confirm('<%:Install%> &quot;<%=luci.util.pcdata(n)%>&quot; ?') && this.parentNode.submit(); return false" href="#"><%:Install%></a>
+                                               </form>
+                                       </td>
+                                       <td style="text-align:left"><%=luci.util.pcdata(n)%></td>
+                                       <td style="text-align:left"><%=luci.util.pcdata(v)%></td>
+                                       <td style="text-align:right"><%=luci.util.pcdata(s)%></td>
+                                       <td style="text-align:left"><%=luci.util.pcdata(d)%></td>
+                               </tr>
+                               <% end) %>
+                               <% if empty then %>
+                               <tr class="cbi-section-table-row">
+                                       <td style="text-align:left">&#160;</td>
+                                       <td style="text-align:left"><em><%:none%></em></td>
+                                       <td style="text-align:left"><em><%:none%></em></td>
+                                       <td style="text-align:right"><em><%:none%></em></td>
+                                       <td style="text-align:left"><em><%:none%></em></td>
+                               </tr>
+                               <% end %>
+                       </table>
+               <% if not querypat then %>
+                       </div>
                 <% end %>
                 <% end %>
-       </div>
-</form>
+               </fieldset>
+       <% end %>
+</div>
+
  <%+footer%>
  <%+footer%>
author	Jo-Philipp Wich <jow@openwrt.org>
	Tue, 20 Oct 2015 19:01:41 +0000 (21:01 +0200)
committer	Jo-Philipp Wich <jow@openwrt.org>
	Tue, 20 Oct 2015 19:04:46 +0000 (21:04 +0200)
modules/luci-mod-admin-full/luasrc/controller/admin/system.lua		patch \| blob \| history
modules/luci-mod-admin-full/luasrc/view/admin_system/clock_status.htm		patch \| blob \| history
modules/luci-mod-admin-full/luasrc/view/admin_system/flashops.htm		patch \| blob \| history
modules/luci-mod-admin-full/luasrc/view/admin_system/packages.htm		patch \| blob \| history