Pi-Hole/web
1
0
Fork 0
mirror of https://github.com/pi-hole/web.git synced 2026-04-25 11:19:59 +01:00
Code Issues Packages Projects Releases Wiki Activity

require auth for the customDNS page

Browse Source 
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
This commit is contained in:
Adam Warner
2020-05-20 08:26:21 +01:00
parent 0f9f33cb14
commit 7b2d396295
2 changed files with 22 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
scripts/pi-hole/php/customdns.php
View File

@@ -4,7 +4,18 @@
$customDNSFile = "/etc/pihole/custom.list";
switch ($_REQUEST['action'])
require_once('auth.php');
// Authentication checks
if (isset($_POST['token'])) {
check_cors();
check_csrf($_POST['token']);
} else {
log_and_die('Not allowed (login session invalid or expired, please relogin on the Pi-hole dashboard)!');
}
switch ($_POST['action'])
{
case 'get': echo json_encode(echoCustomDNSEntries()); break;
case 'add': echo json_encode(addCustomDNSEntry()); break;
@@ -12,4 +23,6 @@
default:
die("Wrong action");
}
?>