luci-base: switch to POST action for service reload

Switches the service reload calls to CSRF token protected POST action.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

diff --git a/modules/luci-base/luasrc/controller/admin/servicectl.lua b/modules/luci-base/luasrc/controller/admin/servicectl.lua
index 5b855cb24b94b2d4446b3df5f0cccdd2829dec7d..1d73eb4ecce3ddd09d31b1951fa6a5af5b480579 100644 (file)
--- a/modules/luci-base/luasrc/controller/admin/servicectl.lua
+++ b/modules/luci-base/luasrc/controller/admin/servicectl.lua
@@ -6,7 +6,7 @@ module("luci.controller.admin.servicectl", package.seeall)
 function index()
        entry({"servicectl"}, alias("servicectl", "status")).sysauth = "root"
        entry({"servicectl", "status"}, call("action_status")).leaf = true
-       entry({"servicectl", "restart"}, call("action_restart")).leaf = true
+       entry({"servicectl", "restart"}, post("action_restart")).leaf = true
 end
 
 function action_status()

diff --git a/modules/luci-base/luasrc/view/cbi/apply_xhr.htm b/modules/luci-base/luasrc/view/cbi/apply_xhr.htm
index 1814c9393b8cba50bbc0732dae8ed9e636789f10..6f63ba86be80b3e574c881bbb506ff3a3f0e923e 100644 (file)
--- a/modules/luci-base/luasrc/view/cbi/apply_xhr.htm
+++ b/modules/luci-base/luasrc/view/cbi/apply_xhr.htm
@@ -4,7 +4,7 @@
        <script type="text/javascript">//<![CDATA[
                var apply_xhr = new XHR();
 
-               apply_xhr.get('<%=luci.dispatcher.build_url("servicectl", "restart", table.concat(configs, ","))%>', null,
+               apply_xhr.post('<%=luci.dispatcher.build_url("servicectl", "restart", table.concat(configs, ","))%>', { token: '<%=token%>' },
                        function() {
                                var checkfinish = function() {
                                        apply_xhr.get('<%=luci.dispatcher.build_url("servicectl", "status")%>', null,