projects / project / luci.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
luci-app-ddns: protect start/stop actions with csrf token
[project/luci.git] / applications / luci-app-ddns / luasrc / view / ddns / overview_status.htm
diff --git a/applications/luci-app-ddns/luasrc/view/ddns/overview_status.htm b/applications/luci-app-ddns/luasrc/view/ddns/overview_status.htm
index 5464812..b6d4ebb 100644 (file)
--- a/applications/luci-app-ddns/luasrc/view/ddns/overview_status.htm
+++ b/applications/luci-app-ddns/luasrc/view/ddns/overview_status.htm
@@ -136,7 +136,7 @@
 
                // do start/stop
                var btnXHR = new XHR();
-               btnXHR.get('<%=url('admin/services/ddns/startstop')%>/' + section + '/' + cbx.checked, null,
+               btnXHR.post('<%=url('admin/services/ddns/startstop')%>/' + section + '/' + cbx.checked, { token: '<%=token%>' },
                        function(x, data) {
                                if (x.responseText == "_uncommitted_") {
                                        // we need a trick to display Ampersand "&" in stead of "&#38;" or "&amp;"
Lua Configuration Interface (mirror)