dashboard: only accept post from dashboard

fichtner · fichtner · commit 58197380c678 · 2019-04-09T08:20:44.000+02:00
Login form resubmit would not login but rather post to dashboard which leaves all settings empty. PR: https://forum.opnsense.org/index.php?topic=12328.0 (cherry picked from commit cedd877) (cherry picked from commit 8bc683d)
diff --git a/src/www/index.php b/src/www/index.php
@@ -70,7 +70,7 @@
     usort($widgetCollection, function ($item1, $item2) {
       return strcmp(strtolower($item1['sortKey']), strtolower($item2['sortKey']));
     });
-} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') {
+} elseif ($_SERVER['REQUEST_METHOD'] === 'POST' && !empty($_POST['origin']) && $_POST['origin'] == 'dashboard') {
     if (!empty($_POST['sequence'])) {
         $config['widgets']['sequence'] = $_POST['sequence'];
     } elseif (isset($config['widgets']['sequence'])) {
@@ -322,6 +322,7 @@ function process_widget_data()
 
 <section class="page-content-main">
   <form method="post" id="iform">
+    <input type="hidden" value="dashboard" name="origin" id="origin" />
     <input type="hidden" value="" name="sequence" id="sequence" />
     <input type="hidden" value="<?= $pconfig['column_count'];?>" name="column_count" id="column_count_input" />
   </form>
