dashboard: only accept post from dashboard

Login form resubmit would not login but rather post to dashboard which leaves all settings empty. PR: https://forum.opnsense.org/index.php?topic=12328.0 (cherry picked from commit cedd877) (cherry picked from commit 8bc683d)
opnsense · Apr 9, 2019 · 5819738 · 5819738
1 parent a2ba4f6
commit 5819738
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/src/www/index.php b/src/www/index.php
@@ -70,7 +70,7 @@
     usort($widgetCollection, function ($item1, $item2) {
       return strcmp(strtolower($item1['sortKey']), strtolower($item2['sortKey']));
     });
-} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') {
+} elseif ($_SERVER['REQUEST_METHOD'] === 'POST' && !empty($_POST['origin']) && $_POST['origin'] == 'dashboard') {
     if (!empty($_POST['sequence'])) {
         $config['widgets']['sequence'] = $_POST['sequence'];
     } elseif (isset($config['widgets']['sequence'])) {
@@ -322,6 +322,7 @@ function process_widget_data()
 
 <section class="page-content-main">
   <form method="post" id="iform">
+    <input type="hidden" value="dashboard" name="origin" id="origin" />
     <input type="hidden" value="" name="sequence" id="sequence" />
     <input type="hidden" value="<?= $pconfig['column_count'];?>" name="column_count" id="column_count_input" />
   </form>