993dc633a9
load wifi stations via ajax, cache the scan result
until the "rescan" button is pressed. speeds up
"configure client" page massively.
3 years ago
7dd80f6098
Merge pull request #370 from glaszig/fix/csrf
fix csrf verification
3 years ago
56097d5629
send proper csrf header
3 years ago
1fddad190f
fix require paths
3 years ago
b5f875cce7
Updated CSRFTokenFieldTag
3 years ago
f6f85d1c11
Merge pull request #356 from glaszig/security/always-verify-csrf-token
always verify csrf token for resource-modifying requests
3 years ago
e4757a06ae
Minor: use install_log for raspap.service
3 years ago
10e0aaf1ab
Update .gitignore
3 years ago
d4d6dbd79b
Merge pull request #360 from glaszig/installer/cp-instead-of-mv
installation: do not move files out of git tree
3 years ago
47cc1bdc33
cleaner jquery ready callback
3 years ago
752e8ccf66
improve global ajax event handling
3 years ago
c70433585a
move all other favicon-types into dist/icons folder,
point to icons via link and meta tags,
leave favicon.ico in root old browsers,
added custom jekyll layout file to use the icons
for the project website as well.
https://help.github.com/en/articles/customizing-css-and-html-in-your-jekyll-theme
https://github.com/pages-themes/minimal/blob/master/_layouts/default.html
https://stackoverflow.com/a/48969053
3 years ago
2104ccb91a
favicons and sorts can stay in subdirectories
and be pointed to by proper meta tags.
do not copy these around during installation and poison the git tree.
3 years ago
748348f407
during installation copy files from the git working tree
to their destinations instead of moving them and making
git think they got deleted
3 years ago
da69d3d768
send CSRF token in a response header,
update the page's CSRF tokens with the new token
from the response header,
verify csrf token in ajax endpoints,
initialize a session for every endpoint
3 years ago
8f3489cd4a
remove id attribute from csrf token field due to obsolescence
and if there's multiple form's on the page it would lead to
multiple elements with the same id which is illegal in html
3 years ago
f36b08c10a
rename CSRFToken() to the more apt CSRFTokenFieldTag()
3 years ago
0a255e8b49
don't write the csrf token field to the output buffer
but return and echo it
3 years ago
6f1ae104f3
improve CSRFToken() implementation
3 years ago
2f6dc2cc05
remove superfluous semi-colon
3 years ago
964dc00fab
generate a new csrf token for each request
3 years ago
7898dc24c8
mcrypt_create_iv is deprecated, openssl_random_pseudo_bytes
depends on openssl. php7 has the platform-independent
`random_bytes` to generate "cryptographically secure"
random data. use that for csrf token.
3 years ago
490cb14acd
removing superfluous call to CSRFToken() which
just put the hidden input onto the page for js
to have access to it. this is now handled with
a meta tag.
3 years ago
b38dbb82ab
do net send csrf tokens individually with post xhr
since we set it in a `beforeSend` callback
3 years ago
b9e9b7fe39
move csrf token initialization into function
3 years ago
d53517a34a
removed useless line of code
3 years ago
0967a53152
validate token value from csrf token header
if supplied and not overridden by post request param
3 years ago
ce3ec131a6
add csrf token header to all resource-modifying xhr
3 years ago
20bb9fe42f
add csrf meta tag (for use with xhr, for example)
3 years ago
87fe8948b8
remove splattered, duplicated csrf validation code
since we do that always and early, now.
3 years ago
f989b8060b
always verify csrf token for resource-modifying requests,
that is post, put, patch, delete
3 years ago
93b458197a
Merge pull request #365 from glaszig/feature/connect-hidden-ssid
enable wifi client to connect to hidden ssid
3 years ago
9b66c2cd03
Merge pull request #363 from glaszig/fix/hostapd-wmm
properly enable wmm by fixing a typo
3 years ago
c0cfcfa117
Bugfix, resolves #367
3 years ago
02c3703392
Merge pull request #355 from glaszig/ui/escape-interface-settings
show network interface settings pre block, properly escaped
3 years ago
ff21343751
Merge branch 'master' into ui/escape-interface-settings
3 years ago
fe35742519
Merge pull request #361 from glaszig/feature/static-dhcp-hosts
static dhcp leases
3 years ago
493269e061
enable wifi client to connect to hidden ssid
according to the docs:
For finding networks using hidden SSID, scan_ssid=1 in the network block can be used with nl80211.
and
scan_ssid:
0 = do not scan this SSID with specific Probe Request frames (default)
1 = scan with SSID-specific Probe Request frames (this can be used to
find APs that do not accept broadcast SSID or use multiple SSIDs;
this will add latency to scanning, so enable this only when needed)
https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf
see billz/raspap-webgui#345
3 years ago
2ded7be76b
Merge pull request #364 from glaszig/feature/improved-hostapd-hw-mode-select-labeling
improved 802.11 mode dropdown
3 years ago
b52f290020
improved 802.11 standard select option labels in hostapd ui
3 years ago
ab7f990d13
properly enable wmm by fixing a typo
if `ieee80211n=1`, `wmm_enabled=1` should be configured as well
according to the docs, quote:
# ieee80211n: Whether IEEE 802.11n (HT) is enabled
# 0 = disabled (default)
# 1 = enabled
# Note: You will also need to enable WMM for full HT functionality.
# Note: hw_mode=g (2.4 GHz) and hw_mode=a (5 GHz) is used to specify the band.
https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf
3 years ago
afbc50d1ee
click the "add" button on the static dhcp lease form
for people that forgot to click that button to add their lease
3 years ago
d18dbd7def
add ui to manage static dhcp leases
* add support to parse duplicate options in ParseConfig()
* add logic, html and js to edit dhcp leases
3 years ago
e02557af3a
add pre.unstyled css rule
in bootstrap, pre blocks have background and borders.
this removes them with a special class named `unstyled`
just like `ul.unstyled`.
3 years ago
3db99c7d21
* escape html entities in network interface settings
the command `ip address show eth0` returns
special characters like "<" and ">" which, if left
unescaped and shown on the page, will create
arbitrary html elements and hide information.
* show interface settings inside unstyled pre block
interface properties should be parsed and displayed
in a proprietary and pretty manner. until then, give
use the raw output of `ip address show`
3 years ago
1b32ed53d6
Merge pull request #358 from glaszig/fix/dashboard-ipv6-addresses
fix display of ip addresses in dashboard
3 years ago
809051165b
Merge pull request #357 from glaszig/security/command-injection
SECURITY ISSUE! fix command injection
3 years ago
c2ed6c6e02
fix display of multiple ipv4 addresses, netmasks on dashboard
3 years ago
4a5a39c2bc
fix display of ipv6 addresses
3 years ago
81a67c0121
better filename
3 years ago
glaszig
Bill Zimmerman