projects
/
project
/
luci.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
luci-mod-admin-full: protect network post actions with csrf tokens
[project/luci.git]
/
modules
/
luci-mod-admin-full
/
luasrc
/
view
/
admin_network
/
diagnostics.htm
diff --git
a/modules/luci-mod-admin-full/luasrc/view/admin_network/diagnostics.htm
b/modules/luci-mod-admin-full/luasrc/view/admin_network/diagnostics.htm
index
e06a88d
..
685082a
100644
(file)
--- a/
modules/luci-mod-admin-full/luasrc/view/admin_network/diagnostics.htm
+++ b/
modules/luci-mod-admin-full/luasrc/view/admin_network/diagnostics.htm
@@
-34,7
+34,7
@@
local has_traceroute6 = fs.access("/usr/bin/traceroute6")
legend.parentNode.style.display = 'block';
legend.style.display = 'inline';
legend.parentNode.style.display = 'block';
legend.style.display = 'inline';
- stxhr.
get('<%=url('admin/network')%>/diag_' + tool + protocol + '/' + addr, null
,
+ stxhr.
post('<%=url('admin/network')%>/diag_' + tool + protocol + '/' + addr, { token: '<%=token%>' }
,
function(x)
{
if (x.responseText)
function(x)
{
if (x.responseText)
@@
-53,7
+53,7
@@
local has_traceroute6 = fs.access("/usr/bin/traceroute6")
}
//]]></script>
}
//]]></script>
-<form method="post" action="<%=
pcdata(luci.http.getenv("REQUEST_URI")
)%>">
+<form method="post" action="<%=
url('admin/network/diagnostics'
)%>">
<div class="cbi-map">
<h2 name="content"><%:Diagnostics%></h2>
<div class="cbi-map">
<h2 name="content"><%:Diagnostics%></h2>