Make sure to escape the user controlled URL passed as part of the error
message into the error404 template in order to avoid XSS.
Reported-by: 40826d <40826d@posteo.de>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commit cd8bea94e61fa72a0a2ba7bc54d7b2d7b7572519)
Make sure to escape the key contents in the delete confirmation dialog.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 0186d7eae0e123a409e9919a83fdfecc7945c984)
If more than one named section is added to the page, it is currently the
case, that the first button is always switched on or off during input
validation of the uci section name. This is because the usage of the
'document.querySelector' function is to imprecise. Changing the search
start to the element to be created, fixes this.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 440a2e79a762b4152ccb7e41c90a2826d9fb3538)
Update timezone data to 2022g.
* https://mm.icann.org/pipermail/tz-announce/2022-November/000076.html
- In the Mexican state of Chihuahua, the border strip near the US
will change to agree with nearby US locations on 2022-11-30.
The strip's western part, represented by Ciudad Juárez, switches
from -06 all year to -07/-06 with US DST rules, like El Paso, TX.
The eastern part, represented by Ojinaga, will observe US DST next
year, like Presidio, TX.
- A new Zone America/Ciudad_Juarez splits from America/Ojinaga.
- Much of Greenland, represented by America/Nuuk, stops observing
winter time after March 2023, so its daylight saving time becomes
standard time.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
[adapt the commit in master, lua instead of ucode]
(cherry picked from commit 7e42425e7bd56d13a38cd5c7a500166faf6548bf)
Update timezone data to 2022f.
* http://mm.icann.org/pipermail/tz-announce/2022-October/000075.html
- Mexico will no longer observe DST after 2022, except for areas
near the US border that continue to observe US DST rules.
On 2022-10-30 at 02:00 the Mexican state of Chihuahua moves
from -07 (-06 with DST) to year-round -06.
- Fiji will not observe DST in 2022/3.
For now, assume DST is suspended indefinitely.
- Simplify four Ontario zones.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
[adapt the commit in master, lua instead of ucode]
(cherry picked from commit ec905e6e9744d68106978907db48ac75a5966db4)
this let browser automatically fill according to HTML spec for input elements.
luci-theme-bootstrap and luci-base are affected.
Signed-off-by: Viktor Tsvetkov <zwetvik@gmail.com>
[indentation fix]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 3e9d9a9dbb045c24eb93643838f8e8e3b9074e4b)
Ensure to not display public key comments verbatim in order to prevent
injection of markup.
Reported-by: Eric McDonald <ericmcdonald@protonmail.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 944b55738e7f9685865d5298248b7fbd7380749e)
OpenWrt commit 2984a0420 (cb650143 for 21.02) changed the default 802.11r
Fast Transition method to be ft-over-air instead of ft-over-ds.
Offer ft-over-air as the first item in the drop-down list, so that
it gets selected by default when 802.11r option is enabled.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 2c3c7f5c50efd71bf87c068359cb0110a513186f)
For network devices declared in uci but not yet created by netifd, the
runtime status information will be unavailable, causing methods such as
`getType()` to assume plain ethernet interfaces and `getParent()` to fail
resolving parent devices.
Fall back to infer the information from uci configuration settings in such
cases to give accurate type hints to callers.
In particular, this prevents LuCI from turning wireless target networks
containing a to-be-created bridge device into bridges themselves.
Fixes: https://github.com/openwrt/packages/issues/18768
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 8effea58d7281fd4f2b6c31d534195dba27a850b)
UCI option `interface` for sysntpd server was introduced in
OpenWrt commit 4da60500ebd2. NTP server binds to the specified interface,
or if unspecified, to all.
This patch adds selection widget to LuCI.
Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
(cherry picked from commit 24ac5a2bf6d713c6878cf7be7d4e4516965c2884)
Flow offloaded conntrack entries carry no timeout value and trip up the
record parsing routine. Adjust the code to properly deal with such entries.
Ref: https://forum.openwrt.org/t/offloading-breaks-connections-list/126423
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 531c0ecff2ca57c4bc0aacee66a0746814fefc78)
Added code to display fcdn-name in DHCPv4 lease table.
(based on code in DHCPv6 lease table)
Signed-off-by: Max S Kash <asukms@ya.ru>
Indentation adjused and wrapped commit message
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Update timezone data to 2022a.
http://mm.icann.org/pipermail/tz-announce/2022-March/000070.html
* Palestine will spring forward on 2022-03-27, not 2022-03-26.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 15bbe6979bade530171420721ee8d99b3a1eacd9)
Under some circumstances, ubus RPC requests may be initiated while LuCI is
still resolving the `rpcBaseURL` value. In this situation, the `target`
argument of the `request()` call will be a pending promise object which
results in an invalid URL when serialized by `expandURL()`, leading to an
`Failed to execute 'open' on 'XMLHttpRequest': Invalid URL` exception.
This commonly occured on the index status page which immediately initiates
ubus RPC calls on load to discover existing status page partials.
Solve the issue by filtering the given `target` argument through
`Promise.resolve()` before expanding the URL and initiating the actual
request.
Fixes: #3747
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 5663fd596b567d53587fcc4052df3095520c08a7)
revealed under:
ubus call system board
board.release.target
Useful reminder for what to download
Signed-off-by: Paul Dee <systemcrash@users.noreply.github.com>
(cherry picked from commit 2890d1842a8538e093de3b1814ef26f308385c07)
The `timeout` is defined in milliseconds, not seconds.
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 292e19888448599f5169cc158b00071e020e9c27)
Turn white body, black link into black body, white link if the Browser/OS
indicates dark mode preference.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 50af81193c3ae78b23a4573f3fb69136462a883b)
Use the new `firewall.getZoneColorStyle()` helper to apply background
zone color styles to the interface boxes.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 849772df96784a0d5480ddf6305e30e7d442740f)
Use the new `firewall.getZoneColorStyle()` helper to apply background
color styles.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit a812b26cb8cde56c8083349f665d762ae6a1826a)
The getZoneColorStyle() function will produce CSS style properties that
describe the color value of the zone. The color declaration is divided
into a CSS variable called `--zone-color-rgb` which holds the RGB value
of the color and a `background-color` property assigning these values
as background property.
This allows themes to override the color with derived values, e.g. by
applying an alpha channel.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit d775279dbd0da284af7f74b31b5d3b0eddcf80bc)
