From ae9fb03e74d54c5e11d6925e3ddc1bb5991cd733 Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Wed, 21 Oct 2015 00:03:03 +0200 Subject: [PATCH 1/1] luci-app-privoxy: protect start/stop actions with csrf token Signed-off-by: Jo-Philipp Wich --- applications/luci-app-privoxy/luasrc/controller/privoxy.lua | 2 +- applications/luci-app-privoxy/luasrc/view/privoxy/detail_startstop.htm | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/applications/luci-app-privoxy/luasrc/controller/privoxy.lua b/applications/luci-app-privoxy/luasrc/controller/privoxy.lua index 58ba80724..0cedab48a 100644 --- a/applications/luci-app-privoxy/luasrc/controller/privoxy.lua +++ b/applications/luci-app-privoxy/luasrc/controller/privoxy.lua @@ -15,7 +15,7 @@ PRIVOXY_MIN = "3.0.22-0" -- minimum version of service required function index() entry( {"admin", "services", "privoxy"}, cbi("privoxy"), _("Privoxy WEB proxy"), 59) entry( {"admin", "services", "privoxy", "logview"}, call("logread") ).leaf = true - entry( {"admin", "services", "privoxy", "startstop"}, call("startstop") ).leaf = true + entry( {"admin", "services", "privoxy", "startstop"}, post("startstop") ).leaf = true entry( {"admin", "services", "privoxy", "status"}, call("get_pid") ).leaf = true end diff --git a/applications/luci-app-privoxy/luasrc/view/privoxy/detail_startstop.htm b/applications/luci-app-privoxy/luasrc/view/privoxy/detail_startstop.htm index 8c97daeee..85975ac7d 100644 --- a/applications/luci-app-privoxy/luasrc/view/privoxy/detail_startstop.htm +++ b/applications/luci-app-privoxy/luasrc/view/privoxy/detail_startstop.htm @@ -21,7 +21,7 @@ function onclick_startstop(id) { // do start/stop var btnXHR = new XHR(); - btnXHR.get('<%=url('admin/services/privoxy/startstop')%>', null, + btnXHR.post('<%=url('admin/services/privoxy/startstop')%>', { token: '<%=token%>' }, function(x) { _data2elements(x); } ); } -- 2.11.0