Project

General

Profile

Actions
Copy link

Todo #12431

closed

GUI pages should use ``POST`` for AJAX calls, not ``GET``

Added by Jim Pingle over 3 years ago. Updated about 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Jim Pingle
Category:
Web Interface
Target version:
2.7.0
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
23.09
Release Notes:
Default

Description

The AJAX buttons on the OpenVPN status page submit values using GET when they should use POST. The variables used in the backend portion of the call use $_REQUEST when they should only use $_POST.

Files

Download all files
429.diff (7.51 KB) 429.diff Jim Pingle, 06/06/2023 04:39 PM
429-working.diff (7.34 KB) 429-working.diff Jim Pingle, 06/06/2023 05:40 PM
Actions
Copy link
 #1

Updated by Viktor Gurov over 3 years ago

also:

pkg.php
services_captiveportal_vouchers.php
vendorstatus_graph.php
vpn_ipsec_phase1.php
status_graph.php
widgets/gmirror_status.widget.php
widgets/interface_statistics.widget.php
widgets/openvpn.widget.php

Actions
Copy link
 #2

Updated by Jim Pingle over 3 years ago

  • Subject changed from OpenVPN status page should use ``POST`` for AJAX calls, not ``GET`` to GUI pages should use ``POST`` for AJAX calls, not ``GET``
  • Category changed from OpenVPN to Web Interface

True. May as well fix them all. Updated subject/category.

Actions
Copy link
 #4

Updated by Jim Pingle over 3 years ago

  • Status changed from New to Pull Request Review
  • Assignee set to Viktor Gurov
Actions
Copy link
 #5

Updated by Jim Pingle over 3 years ago

  • Target version changed from 2.6.0 to CE-Next
  • Plus Target Version changed from 22.01 to 22.05

Need more comprehensive testing.

Actions
Copy link
 #6

Updated by Jim Pingle about 3 years ago

  • Plus Target Version changed from 22.05 to 22.09
Actions
Copy link
 #7

Updated by Jim Pingle almost 3 years ago

  • Plus Target Version changed from 22.09 to 22.11
Actions
Copy link
 #8

Updated by Jim Pingle over 2 years ago

  • Plus Target Version changed from 22.11 to 23.01
Actions
Copy link
 #9

Updated by Jim Pingle over 2 years ago

  • Assignee deleted (Viktor Gurov)
  • Target version changed from CE-Next to 2.7.0
  • Plus Target Version changed from 23.01 to 23.05
Actions
Copy link
 #10

Updated by Jim Pingle about 2 years ago

  • Plus Target Version changed from 23.05 to 23.09
Actions
Copy link
 #11

Updated by Jim Pingle about 2 years ago

  • Assignee set to Jim Pingle
Actions
Copy link
 #12

Updated by Jim Pingle about 2 years ago

  • File 429.diff 429.diff added
  • Status changed from Pull Request Review to In Progress

Previous MR had conflicts, but I reworked it so it applies against current code for wider testing. See attached.

Actions
Copy link
 #13

Updated by Jim Pingle about 2 years ago

I tested each of the changes in the diff and found some problems, and also fixed them. Fixed diff attached, passes all my tests at least. Will be committing shortly.

Actions
Copy link
 #14

Updated by Jim Pingle about 2 years ago

  • Status changed from In Progress to Feedback
  • % Done changed from 0 to 100

Implemented these changes in 0de394c9e501fc73154f37e62407ec22304a9658

Actions
Copy link
 #15

Updated by Jim Pingle about 2 years ago

  • Status changed from Feedback to Resolved

These all appear to be working well with POST on current builds.

Actions
Copy link

Also available in: Atom PDF