From: Jo-Philipp Wich <jow@openwrt.org>
Date: Thu, 22 Oct 2015 06:30:29 +0000 (+0200)
Subject: luci-base: dispatcher expose test_post_security()
X-Git-Url: http://git.archive.openwrt.org/?a=commitdiff_plain;h=d32c68503994d46aa71473a647118b431119ae2a;p=project%2Fluci.git

luci-base: dispatcher expose test_post_security()

Allows external code to perform POST and token checking manually.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
---

diff --git a/modules/luci-base/luasrc/dispatcher.lua b/modules/luci-base/luasrc/dispatcher.lua
index 6742a0b33..cd5d77a12 100644
--- a/modules/luci-base/luasrc/dispatcher.lua
+++ b/modules/luci-base/luasrc/dispatcher.lua
@@ -172,6 +172,22 @@ local function require_post_security(target)
 	return false
 end
 
+function test_post_security()
+	if http.getenv("REQUEST_METHOD") ~= "POST" then
+		http.status(405, "Method Not Allowed")
+		http.header("Allow", "POST")
+		return false
+	end
+
+	if http.formvalue("token") ~= context.authtoken then
+		http.status(403, "Forbidden")
+		luci.template.render("csrftoken")
+		return false
+	end
+
+	return true
+end
+
 function dispatch(request)
 	--context._disable_memtrace = require "luci.debug".trap_memtrace("l")
 	local ctx = context
@@ -376,15 +392,7 @@ function dispatch(request)
 	end
 
 	if c and require_post_security(c.target) then
-		if http.getenv("REQUEST_METHOD") ~= "POST" then
-			http.status(405, "Method Not Allowed")
-			http.header("Allow", "POST")
-			return
-		end
-
-		if http.formvalue("token") ~= ctx.authtoken then
-			http.status(403, "Forbidden")
-			luci.template.render("csrftoken")
+		if not test_post_security(c) then
 			return
 		end
 	end