This commit implements address validation for the broker address in the MQTT configuration page of the CC26XX web demo example. Additionally, the Type ID, Org ID, Auth Token, Command Type and Event Type ID fields have quotes escaped (" -> ") to prevent XSS/broken page issues when displaying user-sourced input in HTML input fields.
This commit implements address validation for the broker address in the
MQTT configuration page. Additionally, the Type ID, Org ID, Auth Token,
Command Type and Event Type ID fields have quotes escaped (" -> ")
to prevent XSS issues when displaying user-sourced input.
When a connection is aborted by the HTTP server while it's still being processed it is possible to hit a null pointer dereference issue by jumping back to a protothread (outputpt) after its httpd_state has been freed. This can be triggered by sending a POST to any form in the CC26xx web demo server using Firefox.
This patch prevents that by zeroing out httpd_state structs before freeing them, thus also clearing the httpd_state->outputpt field.
Tested using Firefox 55.0a1 on a CC2650 LaunchPad.
The current version of the CC26xx web demo publishes over MQTT the default parent's IPv6 address and the last observed RSSI of this link. This is collected by active probing (periodic ping).
This commit brings the probing functionality to the example's main code module. The MQTT client keeps publishing as previously, but we now also export the same information through CoAP resources. Configuration is still possible through the example's web server.
