luci-lua-runtime: dispatcher.lua: re-add test_post_security()

While no LuCI code utilizes this function anymore, some existing legacy
Lua controllers expect the function to exist, so restore it.

Fixes: #6532
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 2fd74a8239c3986bb2e741e907b2a90f2833f073)

diff --git a/modules/luci-lua-runtime/luasrc/dispatcher.lua b/modules/luci-lua-runtime/luasrc/dispatcher.lua
index dfbb225f0e21616aeb059bb8db4208b6ddf00df0..816c9f35e342deeaf285996237144d2bd26183d8 100644 (file)
--- a/modules/luci-lua-runtime/luasrc/dispatcher.lua
+++ b/modules/luci-lua-runtime/luasrc/dispatcher.lua
@@ -360,6 +360,22 @@ function render_lua_template(path)
        tpl.render(path, getfenv(1))
 end
 
+function test_post_security()
+       if http:getenv("REQUEST_METHOD") ~= "POST" then
+               http:status(405, "Method Not Allowed")
+               http:header("Allow", "POST")
+               return false
+       end
+
+       if http:formvalue("token") ~= context.authtoken then
+               http:status(403, "Forbidden")
+               _G.L.include("csrftoken")
+               return false
+       end
+
+       return true
+end
+
 
 function call(name, ...)
        return {