Thermal Sensors Widget (for pfSense v2.1-BETA1 and up). #486

Merged
merged 1 commit into from Mar 21, 2013

Projects

None yet

3 participants

@01101001c

Original post: http://forum.pfsense.org/index.php/topic,59193.0.html
NOTE: I've changed the widget name from "Core Temperatures" to "Thermal Sensors", which I think is more appropriate.

Description:
Thermal Sensors Widget is a stand-alone widget.
No existing/original file changes required.
Displays Thermal Sensors data for anything returned by "sysctl -a | grep temperature" command (in will fall back to "No Thermal Sensors data available" message if no data available).
Configurable thresholds and display appearance.
NOTE: depends on proper cofing in System >> Advanced >> Miscellaneous tab >> Thermal Sensors section.

Designed and tested for:
pfSense 2.1-BETA1 (i386)
Browsers: FF, Chrome and IE9.
Hardware tested on: Intel DH77EB, Core i3 3225

@ermal

Is there any reason why you disable csrf protection?

@cbuechler

disabling CSRF protection is not acceptable.

@cbuechler cbuechler closed this Mar 19, 2013
@01101001c

@ermal: Good question. Have to admit that I just started learning/using PHP less then 2 months ago.
So naturally I was just following the same style as all other widgets (including index.php) by disabling CSRF protection.
Besides, that was the only way I could make "save" widget's settings to work without "CSRF check failed..." msg.
If you have any suggestions/hints on how to implement it properly without disabling CSRF protection, I would definitely try that.

@cbuechler: please see above

Cheers!

@ermal

Normally you should not need to disable csrf it shuold override the javascript that does the calls to post/get or the php would have the cookie by itself.

Can you please open a ticket in redmine.pfsense.org with any error you get about that?

@01101001c

Thank you Ermal,
I did some digging, the "$nocsrf = true;" line can be removed from the widget, but only if it is also removed from dashboard (\www\index.php) page as well. This way it works perfectly.
That was the reason I was getting "CSRF check failed" msg. Cannot have CSRF enabled in widget, but disabled in the hosting page.

Apparently, CSRF was disabled in the dashboard (\www\index.php) page as well as in ALL widgets over 2 years ago by Scott Ullrich.
I'm sure there was a reason for that, but with my limited knowledge of the system as well as PHP I couldn't figure it out.

At this point it is up to you guys, either push this code as is and fix CSRF for all widgets and dashboard later,
or hold this code until all others are fixed. (That is if this widget will be of any use of course).

Cheers!

@ermal ermal reopened this Mar 21, 2013
@ermal ermal merged commit 0e0f9b9 into pfsense:master Mar 21, 2013
@ermal

Merged and removed nocsrf.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment