diff options
| author | Simon Rettberg | 2025-05-09 14:23:01 +0200 |
|---|---|---|
| committer | Simon Rettberg | 2025-05-09 14:23:01 +0200 |
| commit | 9fd020a12aefc0154aac15ab0b952fd69f3dd663 (patch) | |
| tree | d28ce4eb39d94b32fe046977b859fe66e5f589ba | |
| parent | Change non-modifying AJAX requests from POST to GET (diff) | |
| download | slx-admin-9fd020a12aefc0154aac15ab0b952fd69f3dd663.tar.gz slx-admin-9fd020a12aefc0154aac15ab0b952fd69f3dd663.tar.xz slx-admin-9fd020a12aefc0154aac15ab0b952fd69f3dd663.zip | |
[rebootcontrol] POST -> GET for fetching client status via AJAX
| -rw-r--r-- | modules-available/rebootcontrol/clientscript.js | 4 | ||||
| -rw-r--r-- | modules-available/rebootcontrol/page.inc.php | 27 |
2 files changed, 18 insertions, 13 deletions
diff --git a/modules-available/rebootcontrol/clientscript.js b/modules-available/rebootcontrol/clientscript.js index 447072a0..51fac040 100644 --- a/modules-available/rebootcontrol/clientscript.js +++ b/modules-available/rebootcontrol/clientscript.js @@ -10,9 +10,9 @@ document.addEventListener('DOMContentLoaded', function() { setTimeout(updateClientStatus, Math.max(1, 30 - stillActive) * 1000); $.ajax({ url: "?do=rebootcontrol", - method: "POST", + method: "GET", dataType: 'json', - data: { token: TOKEN, action: "clientstatus", clients: clients } + data: { action: "clientstatus", clients: clients } }).done(function(data) { console.log(data); if (!data) diff --git a/modules-available/rebootcontrol/page.inc.php b/modules-available/rebootcontrol/page.inc.php index 80eff842..eda37495 100644 --- a/modules-available/rebootcontrol/page.inc.php +++ b/modules-available/rebootcontrol/page.inc.php @@ -131,17 +131,21 @@ class Page_RebootControl extends Page protected function doAjax() { - $action = Request::post('action', false, 'string'); - if ($action === 'generateNewKeypair') { - User::assertPermission("newkeypair"); - Property::set("rebootcontrol-private-key", false); - echo SSHKey::getPublicKey(); - } elseif ($action === 'clientstatus') { - $clients = Request::post('clients'); - if (is_array($clients)) { + $action = Request::any('action', false, 'string'); + if (Request::isPost()) { + if ($action === 'generateNewKeypair') { + User::assertPermission("newkeypair"); + Property::set("rebootcontrol-private-key", false); + echo SSHKey::getPublicKey(); + return; + } + } + if ($action === 'clientstatus') { + $clients = Request::any('clients'); + $ret = []; + if (is_array($clients) && !empty($clients)) { // XXX No permission check here, should we consider this as leaking sensitive information? $machines = RebootUtils::getMachinesByUuid(array_values($clients), false, ['machineuuid', 'state']); - $ret = []; foreach ($machines as $machine) { switch ($machine['state']) { case 'OFFLINE': $val = 'glyphicon-off'; break; @@ -152,10 +156,11 @@ class Page_RebootControl extends Page } $ret[$machine['machineuuid']] = $val; } - Header('Content-Type: application/json; charset=utf-8'); - echo json_encode($ret); } + Header('Content-Type: application/json; charset=utf-8'); + echo json_encode($ret); } else { + http_response_code(400); echo 'Invalid action.'; } } |