projects
/
project
/
luci.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Refined urltokens and XSRF protection
[project/luci.git]
/
modules
/
rpc
/
luasrc
/
controller
/
rpc.lua
diff --git
a/modules/rpc/luasrc/controller/rpc.lua
b/modules/rpc/luasrc/controller/rpc.lua
index
d83c26d
..
e0aeb3b
100644
(file)
--- a/
modules/rpc/luasrc/controller/rpc.lua
+++ b/
modules/rpc/luasrc/controller/rpc.lua
@@
-25,7
+25,8
@@
function index()
local function authenticator(validator, accs)
local auth = luci.http.formvalue("auth", true)
if auth then
local function authenticator(validator, accs)
local auth = luci.http.formvalue("auth", true)
if auth then
- local user = luci.sauth.read(auth)
+ local sdat = luci.sauth.read(auth)
+ user = loadstring(sdat)().user
if user and luci.util.contains(accs, user) then
return user, auth
end
if user and luci.util.contains(accs, user) then
return user, auth
end