Commit Graph

52 Commits

Author SHA1 Message Date
Matthias Schiffer
1837b1e2b3 gluon-web: prohibit cross-origin POST
As gluon-web uses standard multipart/form-data requests, browsers don't
enforce any cross-origin restrictions. To prevent malicious injection of
POST requests into the config mode, match the Origin header against the
Host header of the request.

(cherry picked from commit a83466be6e)
2022-02-03 17:08:07 +01:00
Matthias Schiffer
f4ae80e73b gluon-web: improve error handling of parse_message_body()
Actually raise an error and turn it into an HTTP 400 return code when
something goes wrong, rather than ignoring the error.

We also improve the conditions under which errors are thrown before
pump() is called: We don't need to check for the multipart/form-data
content-type twice, and a POST without this content-type is now always
an error.

(cherry picked from commit f3960eeb47)
2022-02-03 17:08:07 +01:00
Matthias Schiffer
46dce5747b gluon-web: add CRLF to text/plain Internal Server Error output
Having a trailing newline is nice when viewing the returned data in a
terminal.

(cherry picked from commit de43b306d4)
2022-02-03 17:08:07 +01:00
Matthias Schiffer
23fd9cd0f9
gluon-web: import po2lmo tool from luci-base
The code is slightly cleaned up to fix compiler warnings.
2019-11-23 17:28:17 +01:00
bobcanthelpyou
4249d65af7 treewide: fix luacheck warnings 2019-06-16 22:51:53 +02:00
Matthias Schiffer
da45bd5987
treewide: do not use Lua module() 2019-06-16 15:51:43 +02:00
Matthias Schiffer
3ec108aacc
gluon-web: fix Http:getcookie()
None of our code uses cookies, so this issue went unnoticed.
2019-06-16 14:55:23 +02:00
bobcanthelpyou
3b55cbc1f3 gluon-web: fix typos 2019-03-18 21:49:54 +01:00
Matthias Schiffer
a2be178ce8
gluon-web: add view helper for JSON-encoded values
Can be used for inserting Lua values into inline JS code.
2018-09-01 11:28:12 +02:00
Matthias Schiffer
06a9d61523
gluon-web-*: replace nixio with luaposix 2018-07-17 20:08:16 +02:00
Matthias Schiffer
994c94918a
treewide: automatically set SECTION and CATEGORY for Gluon packages 2018-04-14 00:01:04 +02:00
Matthias Schiffer
68a706a948
gluon.mk: remove GLUON_PKG_MAKE option 2018-03-09 10:05:44 +01:00
Matthias Schiffer
60522ee253
treewide: move package Makefile boilerplate to gluon.mk 2018-03-08 19:49:41 +01:00
Matthias Schiffer
934221b86f
treewide: remove redundant definitions from package Makefiles 2018-03-07 21:23:41 +01:00
Matthias Schiffer
b1aa5390a7
gluon-config-mode-core: move gluon-web base path to /lib/gluon/config-mode
- CGI script and index.html are moved from gluon-web to
  gluon-config-mode-core, the script is renamed to 'config'
- gluon-web and gluon-web-model base views and i18n files are symlinked
  into the new path
- gluon-web-theme is renamed to gluon-config-mode-theme and installs
  directly into the new path
- all gluon-web-* models, controllers and views are moved into the new
  path
2018-02-26 00:07:13 +01:00
Matthias Schiffer
9648489a01
gluon-web: reorganize layout handling
Also bring back gluon-web-theme's i18n strings.
2018-02-26 00:07:12 +01:00
Matthias Schiffer
c3e4ceed28
gluon-web: split out model support into a separate package 2018-02-26 00:07:08 +01:00
Matthias Schiffer
83a6847fbd
gluon-web: remove unneeded functions from gluon.web.util
exec() is moved to gluon.util.
2018-02-25 17:13:30 +01:00
Matthias Schiffer
218de7e0ae
gluon-web: pass base path from CGI script 2018-02-25 17:13:30 +01:00
Matthias Schiffer
661e4dee9f
gluon-config-mode-core, gluon-web-*: do not access dispatcher directly 2018-02-25 17:13:30 +01:00
Matthias Schiffer
4a8283b5ab
gluon-web: remove unused files 2018-02-25 17:13:30 +01:00
Matthias Schiffer
37cdea9733
gluon-web-*: consistently use <%| tag 2018-02-23 20:05:07 +01:00
Matthias Schiffer
dd23a805c2
gluon-web: add new <%| tag for escaped expressions 2018-02-23 19:45:28 +01:00
Matthias Schiffer
88789b1536
gluon-web: update i18n strings 2018-02-23 13:39:56 +01:00
Matthias Schiffer
557565e189
gluon-web: add i18n package namespaces 2018-02-23 13:39:56 +01:00
Matthias Schiffer
1a426c3bb9
gluon-web: make pcdata() prototype match lmo_translate() 2018-02-23 02:08:25 +01:00
Matthias Schiffer
93d3393993
gluon-web: make buf_length() argument const 2018-02-23 02:08:11 +01:00
Matthias Schiffer
2681622018
gluon-web: build with -fvisibility=hidden 2018-02-23 01:05:27 +01:00
Matthias Schiffer
43e70f351f
gluon-web: handle translation and escaping in generated Lua code
By emitting Lua code to call translate() and pcdata(), we are more
flexible than when doing this internally in the parser. The performance
penalty should be negligible.
2018-02-23 00:57:03 +01:00
Matthias Schiffer
933cc3d7d9
gluon-web: use ' instead of " for strings in generated Lua code
We need a bit less escaping this way.
2018-02-23 00:34:06 +01:00
Matthias Schiffer
3e292ba06f
gluon-web: close FDs after mmap() 2018-02-23 00:03:57 +01:00
Matthias Schiffer
99b4d2eaf0
gluon-web: clean up LMO code 2018-02-22 22:47:27 +01:00
Matthias Schiffer
3203970969
gluon-web: clean up parser 2018-02-22 21:13:24 +01:00
Matthias Schiffer
5a20f9794c
gluon-web: clean up buffer handling 2018-02-22 21:13:24 +01:00
Matthias Schiffer
624d969c52
gluon-web: compile with -std=c99 -Wall -Wextra
Also fix all warnings.
2018-02-22 21:13:23 +01:00
Matthias Schiffer
56a10e03b3
gluon-web: update copyright 2018-02-22 21:13:23 +01:00
Matthias Schiffer
7e5f0fe1d5
gluon-web: clean up opening files
Open with O_CLOEXEC, use fstat() instead of stat().
2018-02-22 21:13:23 +01:00
Matthias Schiffer
94f22e50e6
gluon-web: clean up malloc() calls 2018-02-22 21:13:23 +01:00
Matthias Schiffer
f957593f26
gluon-web: template_lmo: clean up sfh_hash() 2018-02-22 21:13:23 +01:00
Matthias Schiffer
9e8a6ec2b5
gluon-web: remove lmo_canon_hash()
Our strings can be looked up verbatim.
2018-02-22 13:58:20 +01:00
Matthias Schiffer
b5817f5523
gluon-web: replace custom strfind() function with memmem() 2018-02-22 13:37:57 +01:00
Matthias Schiffer
0ff4761a57
gluon-web: remove unnecessary template_lualib.h 2018-02-22 13:34:32 +01:00
Matthias Schiffer
623faf794a
gluon-web: fix access to undefined in checkvalue()
Fixes: cfe1bba8 "gluon-web: fix radio button view of ListValues"
2018-02-04 18:57:27 +01:00
Matthias Schiffer
9ece0daa76
gluon-web: ListValue: convert keys to strings before adding to key list
Fixes validation of ListValues.

Fixes: ec532b95 "gluon-web: extend ListValue with optional and unset
values"
2018-02-04 18:57:27 +01:00
Matthias Schiffer
ec532b95cf
gluon-web: extend ListValue with optional and unset values
If a value is unset or optional, an empty choice is added to the selection.
This empty choice will be marked as invalid if the value is not optional.

This is properly supported for the 'select' widget only for now, and not
for 'radio'.
2018-01-31 17:08:21 +01:00
Matthias Schiffer
cfe1bba8ae
gluon-web: fix radio button view of ListValues
Pretty much everything about this was broken:
* Fix dependency tracking
* Fix vertical orientation
* Fix paddings
* Add theming
2018-01-31 15:47:45 +01:00
Matthias Schiffer
dbfd22d651
gluon-web: simplify DynamicList data attributes, respect size option 2018-01-30 23:55:08 +01:00
Matthias Schiffer
6cf88c3b03
Replace luci-lib-jsonc with our own lua-jsonc 2018-01-18 16:28:59 +01:00
Matthias Schiffer
12103d9638
gluon-web: remove useless serialize_json alias 2018-01-18 07:49:00 +01:00
Matthias Schiffer
da19961188
gluon-web: javascript: don't use global RegExp.$x matches, fix "this" for parameterized validators
Doing so caused broken validations, as different validators were affecting
each other.
2017-03-10 22:25:00 +01:00