mirror of
https://github.com/pi-hole/web.git
synced 2026-07-07 23:15:33 +01:00
0e44f7b992
This fixes the fix. I still needed to account for `pi.hole` as a Host value.
26 lines
735 B
PHP
26 lines
735 B
PHP
<?php
|
|
if(!isset($_POST['domain'], $_POST['list'], $_POST['token']))
|
|
die("Missing POST variables");
|
|
|
|
// Check CORS
|
|
if($_SERVER['HTTP_ORIGIN'] != "http://pi.hole" && $_SERVER['HTTP_ORIGIN'] != "http://${_SERVER['SERVER_ADDR']}" &&
|
|
$_SERVER['HTTP_HOST'] != $_SERVER['SERVER_ADDR'] && $_SERVER['HTTP_HOST'] != "pi.hole")
|
|
die("Failed CORS");
|
|
|
|
header("Access-Control-Allow-Origin: ${_SERVER['HTTP_ORIGIN']}");
|
|
|
|
session_start();
|
|
|
|
// Check CSRF token
|
|
if(!hash_equals($_SESSION['token'], $_POST['token']))
|
|
die("Wrong token");
|
|
|
|
switch($_POST['list']) {
|
|
case "white":
|
|
exec("sudo pihole -w -q ${_POST['domain']}");
|
|
break;
|
|
case "black":
|
|
exec("sudo pihole -b -q ${_POST['domain']}");
|
|
break;
|
|
}
|