projects / project / luci.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Refined urltokens and XSRF protection
[project/luci.git] / modules / rpc / luasrc / controller / rpc.lua
diff --git a/modules/rpc/luasrc/controller/rpc.lua b/modules/rpc/luasrc/controller/rpc.lua
index d83c26d..e0aeb3b 100644 (file)
--- a/modules/rpc/luasrc/controller/rpc.lua
+++ b/modules/rpc/luasrc/controller/rpc.lua
@@ -25,7 +25,8 @@ function index()
        local function authenticator(validator, accs)
                local auth = luci.http.formvalue("auth", true)
                if auth then
        local function authenticator(validator, accs)
                local auth = luci.http.formvalue("auth", true)
                if auth then
-                       local user = luci.sauth.read(auth)
+                       local sdat = luci.sauth.read(auth)
+                       user = loadstring(sdat)().user
                        if user and luci.util.contains(accs, user) then
                                return user, auth
                        end
                        if user and luci.util.contains(accs, user) then
                                return user, auth
                        end
Lua Configuration Interface (mirror)