From 731ed77c0bbee7004a6b5645d9a8592a76748a1c Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Thu, 5 Apr 2018 22:37:37 +0200 Subject: [PATCH] treewide: improve handling of page redirections in uci change views Instead of passing the full LuCI request url, pass the relative resolved request path instead and filter the received value through the lookup() dispatcher function to only allow paths to actual internal pages. Signed-off-by: Jo-Philipp Wich --- .../luasrc/controller/admin/uci.lua | 3 +-- .../luasrc/view/admin_uci/changes.htm | 4 ++-- .../luasrc/view/admin_uci/revert.htm | 12 +++++++----- .../luasrc/view/themes/bootstrap/header.htm | 2 +- .../luasrc/view/themes/freifunk-generic/header.htm | 2 +- .../luasrc/view/themes/material/header.htm | 2 +- .../luasrc/view/themes/openwrt.org/header.htm | 2 +- 7 files changed, 14 insertions(+), 13 deletions(-) diff --git a/modules/luci-mod-admin-full/luasrc/controller/admin/uci.lua b/modules/luci-mod-admin-full/luasrc/controller/admin/uci.lua index 9c33d9c18..c3bf66852 100644 --- a/modules/luci-mod-admin-full/luasrc/controller/admin/uci.lua +++ b/modules/luci-mod-admin-full/luasrc/controller/admin/uci.lua @@ -5,8 +5,7 @@ module("luci.controller.admin.uci", package.seeall) function index() - local redir = luci.http.formvalue("redir", true) or - luci.dispatcher.build_url(unpack(luci.dispatcher.context.request)) + local redir = luci.http.formvalue("redir", true) or table.concat(disp.context.request, "/") entry({"admin", "uci"}, nil, _("Configuration")) entry({"admin", "uci", "changes"}, call("action_changes"), _("Changes"), 40).query = {redir=redir} diff --git a/modules/luci-mod-admin-full/luasrc/view/admin_uci/changes.htm b/modules/luci-mod-admin-full/luasrc/view/admin_uci/changes.htm index c3373604f..6e725c888 100644 --- a/modules/luci-mod-admin-full/luasrc/view/admin_uci/changes.htm +++ b/modules/luci-mod-admin-full/luasrc/view/admin_uci/changes.htm @@ -16,9 +16,9 @@ <% end %>
- <% local r = luci.http.formvalue("redir"); if r and #r > 0 then %> + <% local node, url = luci.dispatcher.lookup(luci.http.formvalue("redir")); if url then %>
-
+
diff --git a/modules/luci-mod-admin-full/luasrc/view/admin_uci/revert.htm b/modules/luci-mod-admin-full/luasrc/view/admin_uci/revert.htm index 5da7281a8..20327adff 100644 --- a/modules/luci-mod-admin-full/luasrc/view/admin_uci/revert.htm +++ b/modules/luci-mod-admin-full/luasrc/view/admin_uci/revert.htm @@ -18,10 +18,12 @@

<%:There are no pending changes to revert!%>

<% end %> -
-
"> - -
-
+<% local node, url = luci.dispatcher.lookup(luci.http.formvalue("redir")); if url then %> +
+
+ +
+
+<% end %> <%+footer%> diff --git a/themes/luci-theme-bootstrap/luasrc/view/themes/bootstrap/header.htm b/themes/luci-theme-bootstrap/luasrc/view/themes/bootstrap/header.htm index 78b98e035..0441c9583 100644 --- a/themes/luci-theme-bootstrap/luasrc/view/themes/bootstrap/header.htm +++ b/themes/luci-theme-bootstrap/luasrc/view/themes/bootstrap/header.htm @@ -147,7 +147,7 @@ if ucichanges > 0 then write('%s: %d' %{ url(category, 'uci/changes'), - http.urlencode(http.formvalue('redir') or REQUEST_URI), + http.urlencode(http.formvalue('redir') or table.concat(disp.context.request, "/")), translate('Unsaved Changes'), ucichanges }) diff --git a/themes/luci-theme-freifunk-generic/luasrc/view/themes/freifunk-generic/header.htm b/themes/luci-theme-freifunk-generic/luasrc/view/themes/freifunk-generic/header.htm index 342a9d408..818565528 100644 --- a/themes/luci-theme-freifunk-generic/luasrc/view/themes/freifunk-generic/header.htm +++ b/themes/luci-theme-freifunk-generic/luasrc/view/themes/freifunk-generic/header.htm @@ -205,7 +205,7 @@ if tree.nodes[category] and tree.nodes[category].ucidata then -%> <% end %> diff --git a/themes/luci-theme-material/luasrc/view/themes/material/header.htm b/themes/luci-theme-material/luasrc/view/themes/material/header.htm index d84fd278a..be7b9ffb8 100644 --- a/themes/luci-theme-material/luasrc/view/themes/material/header.htm +++ b/themes/luci-theme-material/luasrc/view/themes/material/header.htm @@ -172,7 +172,7 @@ if ucichanges > 0 then write('%s: %d' %{ url(category, 'uci/changes'), - http.urlencode(http.formvalue('redir') or REQUEST_URI), + http.urlencode(http.formvalue('redir') or table.concat(disp.context.request, "/")), translate('Unsaved Changes'), ucichanges }) diff --git a/themes/luci-theme-openwrt/luasrc/view/themes/openwrt.org/header.htm b/themes/luci-theme-openwrt/luasrc/view/themes/openwrt.org/header.htm index ae348f385..d6db8e885 100644 --- a/themes/luci-theme-openwrt/luasrc/view/themes/openwrt.org/header.htm +++ b/themes/luci-theme-openwrt/luasrc/view/themes/openwrt.org/header.htm @@ -104,7 +104,7 @@ if ucic > 0 then write('%s: %d' %{ url(category, 'uci/changes'), - http.urlencode(http.formvalue('redir') or REQUEST_URI), + http.urlencode(http.formvalue('redir') or table.concat(disp.context.request, "/")), translate('Unsaved Changes'), ucic }) -- 2.25.1