From: Jo-Philipp Wich <jo@mein.io>
Date: Mon, 21 Aug 2023 13:35:41 +0000 (+0200)
Subject: luci-lua-runtime: dispatcher.lua: re-add test_post_security()
X-Git-Url: http://git.openwrt.org/%22https:/collectd.org//%22/%22https:/collectd.org/%22?a=commitdiff_plain;h=8888caa83017c11be342e538be8c8849b7fa02d3;p=project%2Fluci.git

luci-lua-runtime: dispatcher.lua: re-add test_post_security()

While no LuCI code utilizes this function anymore, some existing legacy
Lua controllers expect the function to exist, so restore it.

Fixes: #6532
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 2fd74a8239c3986bb2e741e907b2a90f2833f073)
---

diff --git a/modules/luci-lua-runtime/luasrc/dispatcher.lua b/modules/luci-lua-runtime/luasrc/dispatcher.lua
index dfbb225f0e..816c9f35e3 100644
--- a/modules/luci-lua-runtime/luasrc/dispatcher.lua
+++ b/modules/luci-lua-runtime/luasrc/dispatcher.lua
@@ -360,6 +360,22 @@ function render_lua_template(path)
 	tpl.render(path, getfenv(1))
 end
 
+function test_post_security()
+	if http:getenv("REQUEST_METHOD") ~= "POST" then
+		http:status(405, "Method Not Allowed")
+		http:header("Allow", "POST")
+		return false
+	end
+
+	if http:formvalue("token") ~= context.authtoken then
+		http:status(403, "Forbidden")
+		_G.L.include("csrftoken")
+		return false
+	end
+
+	return true
+end
+
 
 function call(name, ...)
 	return {