Project

General

Profile

Actions

Todo #12431

closed

GUI pages should use ``POST`` for AJAX calls, not ``GET``

Added by Jim Pingle about 3 years ago. Updated over 1 year ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Web Interface
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
23.09
Release Notes:
Default

Description

The AJAX buttons on the OpenVPN status page submit values using GET when they should use POST. The variables used in the backend portion of the call use $_REQUEST when they should only use $_POST.


Files

429.diff (7.51 KB) 429.diff Jim Pingle, 06/06/2023 04:39 PM
429-working.diff (7.34 KB) 429-working.diff Jim Pingle, 06/06/2023 05:40 PM
Actions #1

Updated by Viktor Gurov about 3 years ago

also:

pkg.php
services_captiveportal_vouchers.php
vendorstatus_graph.php
vpn_ipsec_phase1.php
status_graph.php
widgets/gmirror_status.widget.php
widgets/interface_statistics.widget.php
widgets/openvpn.widget.php

Actions #2

Updated by Jim Pingle about 3 years ago

  • Subject changed from OpenVPN status page should use ``POST`` for AJAX calls, not ``GET`` to GUI pages should use ``POST`` for AJAX calls, not ``GET``
  • Category changed from OpenVPN to Web Interface

True. May as well fix them all. Updated subject/category.

Actions #4

Updated by Jim Pingle almost 3 years ago

  • Status changed from New to Pull Request Review
  • Assignee set to Viktor Gurov
Actions #5

Updated by Jim Pingle almost 3 years ago

  • Target version changed from 2.6.0 to CE-Next
  • Plus Target Version changed from 22.01 to 22.05

Need more comprehensive testing.

Actions #6

Updated by Jim Pingle over 2 years ago

  • Plus Target Version changed from 22.05 to 22.09
Actions #7

Updated by Jim Pingle over 2 years ago

  • Plus Target Version changed from 22.09 to 22.11
Actions #8

Updated by Jim Pingle almost 2 years ago

  • Plus Target Version changed from 22.11 to 23.01
Actions #9

Updated by Jim Pingle almost 2 years ago

  • Assignee deleted (Viktor Gurov)
  • Target version changed from CE-Next to 2.7.0
  • Plus Target Version changed from 23.01 to 23.05
Actions #10

Updated by Jim Pingle over 1 year ago

  • Plus Target Version changed from 23.05 to 23.09
Actions #11

Updated by Jim Pingle over 1 year ago

  • Assignee set to Jim Pingle
Actions #12

Updated by Jim Pingle over 1 year ago

  • File 429.diff 429.diff added
  • Status changed from Pull Request Review to In Progress

Previous MR had conflicts, but I reworked it so it applies against current code for wider testing. See attached.

Actions #13

Updated by Jim Pingle over 1 year ago

I tested each of the changes in the diff and found some problems, and also fixed them. Fixed diff attached, passes all my tests at least. Will be committing shortly.

Actions #14

Updated by Jim Pingle over 1 year ago

  • Status changed from In Progress to Feedback
  • % Done changed from 0 to 100

Implemented these changes in 0de394c9e501fc73154f37e62407ec22304a9658

Actions #15

Updated by Jim Pingle over 1 year ago

  • Status changed from Feedback to Resolved

These all appear to be working well with POST on current builds.

Actions

Also available in: Atom PDF