Pi-Hole/web
1
0
Fork 0
mirror of https://github.com/pi-hole/web.git synced 2025-12-23 20:28:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add CORS and CSRF checks to ensure unauthorized access to the backend is not possible.

Browse Source 
Signed-off-by: DL6ER <dl6er@dl6er.de>
This commit is contained in:
DL6ER
2019-12-13 17:39:45 +00:00
parent 3b7e50713f
commit aa764ad22d
5 changed files with 63 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
scripts/pi-hole/js/groups-adlists.js
View File

@@ -1,4 +1,6 @@
var table, groups;
var table;
var groups = [];
const token = $("#token").html();
function showAlert(type, message)
{
@@ -23,7 +25,7 @@ function showAlert(type, message)
function get_groups()
{
$.get("scripts/pi-hole/php/groups.php", { 'action': 'get_groups' },
$.post("scripts/pi-hole/php/groups.php", { 'action': 'get_groups', "token":token },
function(data) {
groups = data.data;
}, "json");
@@ -52,7 +54,11 @@ $(document).ready(function() {
});
table = $("#adlistsTable").DataTable( {
"ajax": "scripts/pi-hole/php/groups.php?action=get_adlists",
"ajax": {
"url": "scripts/pi-hole/php/groups.php",
"data": {"action": "get_adlists", "token": token},
"type": "POST"
},
order: [[ 1, 'asc' ]],
columns: [
{ data: "address" },
@@ -135,7 +141,7 @@ function addAdlist()
url: "scripts/pi-hole/php/groups.php",
method: "post",
dataType: 'json',
data: {"action": "add_adlist", "address": address, "comment": comment},
data: {"action": "add_adlist", "address": address, "comment": comment, "token":token},
success: function(response) {
if (response.success) {
showAlert('success');
@@ -166,7 +172,7 @@ function editAdlist()
url: "scripts/pi-hole/php/groups.php",
method: "post",
dataType: 'json',
data: {"action": "edit_adlist", "id": id, "comment": comment, "status": status, "groups": groups},
data: {"action": "edit_adlist", "id": id, "comment": comment, "status": status, "groups": groups, "token":token},
success: function(response) {
if (response.success) {
showAlert('success');
@@ -191,7 +197,7 @@ function deleteAdlist()
url: "scripts/pi-hole/php/groups.php",
method: "post",
dataType: 'json',
data: {"action": "delete_adlist", "id": id},
data: {"action": "delete_adlist", "id": id, "token":token},
success: function(response) {
if (response.success) {
showAlert('success');