mirror of
https://github.com/pi-hole/web.git
synced 2026-02-26 20:53:18 +00:00
26 lines
741 B
PHP
26 lines
741 B
PHP
<?php
|
|
if(!isset($_POST['domain'], $_POST['list'], $_POST['token']))
|
|
die("Missing POST variables");
|
|
|
|
// Check CORS
|
|
if($_SERVER['HTTP_ORIGIN'] != "http://pi.hole" && $_SERVER['HTTP_ORIGIN'] != "http://${_SERVER['SERVER_ADDR']}" &&
|
|
$_SERVER['HTTP_HOST'] != $_SERVER['SERVER_ADDR'] && $_SERVER['HTTP_HOST'] != "pi.hole")
|
|
die("Failed CORS");
|
|
|
|
header("Access-Control-Allow-Origin: ${_SERVER['HTTP_ORIGIN']}");
|
|
|
|
session_start();
|
|
|
|
// Check CSRF token
|
|
if(!hash_equals($_SESSION['token'], $_POST['token']))
|
|
die("Wrong token");
|
|
|
|
switch($_POST['list']) {
|
|
case "white":
|
|
exec("sudo pihole -w -q -d ${_POST['domain']}");
|
|
break;
|
|
case "black":
|
|
exec("sudo pihole -b -q -d ${_POST['domain']}");
|
|
break;
|
|
}
|