treewide: improve handling of page redirections in uci change views

Instead of passing the full LuCI request url, pass the relative resolved
request path instead and filter the received value through the lookup()
dispatcher function to only allow paths to actual internal pages.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

diff --git a/modules/luci-mod-admin-full/luasrc/controller/admin/uci.lua b/modules/luci-mod-admin-full/luasrc/controller/admin/uci.lua
index 9c33d9c18b89788a4d4bdcd334e5d8fe6d55037e..c3bf668521b3c131c148c1d696e092c2bc71c0bf 100644 (file)
--- a/modules/luci-mod-admin-full/luasrc/controller/admin/uci.lua
+++ b/modules/luci-mod-admin-full/luasrc/controller/admin/uci.lua
@@ -5,8 +5,7 @@
 module("luci.controller.admin.uci", package.seeall)
 
 function index()
-       local redir = luci.http.formvalue("redir", true) or
-         luci.dispatcher.build_url(unpack(luci.dispatcher.context.request))
+       local redir = luci.http.formvalue("redir", true) or table.concat(disp.context.request, "/")
 
        entry({"admin", "uci"}, nil, _("Configuration"))
        entry({"admin", "uci", "changes"}, call("action_changes"), _("Changes"), 40).query = {redir=redir}

diff --git a/modules/luci-mod-admin-full/luasrc/view/admin_uci/changes.htm b/modules/luci-mod-admin-full/luasrc/view/admin_uci/changes.htm
index c3373604f353d7ac47cb922c03e595835d41b177..6e725c88887ffe820a6dbe32927d392cc32a10cb 100644 (file)
--- a/modules/luci-mod-admin-full/luasrc/view/admin_uci/changes.htm
+++ b/modules/luci-mod-admin-full/luasrc/view/admin_uci/changes.htm
@@ -16,9 +16,9 @@
 <% end %>
 
 <div class="cbi-page-actions">
-       <% local r = luci.http.formvalue("redir"); if r and #r > 0 then %>
+       <% local node, url = luci.dispatcher.lookup(luci.http.formvalue("redir")); if url then %>
        <div style="float:left">
-               <form class="inline" method="get" action="<%=luci.util.pcdata(r)%>">
+               <form class="inline" method="get" action="<%=luci.util.pcdata(url)%>">
                        <input class="cbi-button cbi-button-link" style="float:left; margin:0" type="submit" value="<%:Back%>" />
                </form>
        </div>

diff --git a/modules/luci-mod-admin-full/luasrc/view/admin_uci/revert.htm b/modules/luci-mod-admin-full/luasrc/view/admin_uci/revert.htm
index 5da7281a80425cf080f5530051a99bc37c92bc1a..20327adff377e42da281553d6272647bd3a7f414 100644 (file)
--- a/modules/luci-mod-admin-full/luasrc/view/admin_uci/revert.htm
+++ b/modules/luci-mod-admin-full/luasrc/view/admin_uci/revert.htm
@@ -18,10 +18,12 @@
        <p><strong><%:There are no pending changes to revert!%></strong></p>
 <% end %>
 
-<div class="cbi-page-actions">
-       <form class="inline" method="get" action="<%=luci.util.pcdata(luci.http.formvalue("redir"))%>">
-               <input class="cbi-button cbi-button-link" style="margin:0" type="submit" value="<%:Back%>" />
-       </form>
-</div>
+<% local node, url = luci.dispatcher.lookup(luci.http.formvalue("redir")); if url then %>
+       <div class="cbi-page-actions">
+               <form class="inline" method="get" action="<%=luci.util.pcdata(url)%>">
+                       <input class="cbi-button cbi-button-link" style="margin:0" type="submit" value="<%:Back%>" />
+               </form>
+       </div>
+<% end %>
 
 <%+footer%>

diff --git a/themes/luci-theme-bootstrap/luasrc/view/themes/bootstrap/header.htm b/themes/luci-theme-bootstrap/luasrc/view/themes/bootstrap/header.htm
index 78b98e0355ebc53b1d1510855dd4b96b9634cd1e..0441c9583e35558bd3b20de0202c227e7245f09c 100644 (file)
--- a/themes/luci-theme-bootstrap/luasrc/view/themes/bootstrap/header.htm
+++ b/themes/luci-theme-bootstrap/luasrc/view/themes/bootstrap/header.htm
@@ -147,7 +147,7 @@
                        if ucichanges > 0 then
                                write('<a class="label notice" href="%s?redir=%s">%s: %d</a>' %{
                                        url(category, 'uci/changes'),
-                                       http.urlencode(http.formvalue('redir') or REQUEST_URI),
+                                       http.urlencode(http.formvalue('redir') or table.concat(disp.context.request, "/")),
                                        translate('Unsaved Changes'),
                                        ucichanges
                                })

diff --git a/themes/luci-theme-freifunk-generic/luasrc/view/themes/freifunk-generic/header.htm b/themes/luci-theme-freifunk-generic/luasrc/view/themes/freifunk-generic/header.htm
index 342a9d4088a87f51bf093f2392ffd2b2bc6fdb54..81856552858e3108c442222a127bca1a69451dcd 100644 (file)
--- a/themes/luci-theme-freifunk-generic/luasrc/view/themes/freifunk-generic/header.htm
+++ b/themes/luci-theme-freifunk-generic/luasrc/view/themes/freifunk-generic/header.htm
@@ -205,7 +205,7 @@ if tree.nodes[category] and tree.nodes[category].ucidata then
 -%>
        <div id="savemenu">
                <% if ucic > 0 then %>
-                       <a class="warning" href="<%=controller%>/<%=category%>/uci/changes/?redir=<%=http.urlencode(http.formvalue("redir") or REQUEST_URI)%>"><%:Unsaved Changes%>: <%=ucic%></a>
+                       <a class="warning" href="<%=controller%>/<%=category%>/uci/changes/?redir=<%=http.urlencode(http.formvalue('redir') or table.concat(disp.context.request, "/"))%>"><%:Unsaved Changes%>: <%=ucic%></a>
                <% end -%>
        </div>
 <% end %>

diff --git a/themes/luci-theme-material/luasrc/view/themes/material/header.htm b/themes/luci-theme-material/luasrc/view/themes/material/header.htm
index d84fd278a2a922bc20741bda403ec0112530f027..be7b9ffb85e3c45d54bf68ad5c7c45537cb4e8bd 100644 (file)
--- a/themes/luci-theme-material/luasrc/view/themes/material/header.htm
+++ b/themes/luci-theme-material/luasrc/view/themes/material/header.htm
@@ -172,7 +172,7 @@
                        if ucichanges > 0 then
                                write('<a class="label notice" href="%s?redir=%s">%s: %d</a>' %{
                                        url(category, 'uci/changes'),
-                                       http.urlencode(http.formvalue('redir') or REQUEST_URI),
+                                       http.urlencode(http.formvalue('redir') or table.concat(disp.context.request, "/")),
                                        translate('Unsaved Changes'),
                                        ucichanges
                                })

diff --git a/themes/luci-theme-openwrt/luasrc/view/themes/openwrt.org/header.htm b/themes/luci-theme-openwrt/luasrc/view/themes/openwrt.org/header.htm
index ae348f38561e9929582a33d36a0ac411255a3f9c..d6db8e885e717b00bb6282e9ff21787294bb55fb 100644 (file)
--- a/themes/luci-theme-openwrt/luasrc/view/themes/openwrt.org/header.htm
+++ b/themes/luci-theme-openwrt/luasrc/view/themes/openwrt.org/header.htm
@@ -104,7 +104,7 @@
                        if ucic > 0 then
                                write('<a class="warning" href="%s?redir=%s">%s: %d</a>' %{
                                        url(category, 'uci/changes'),
-                                       http.urlencode(http.formvalue('redir') or REQUEST_URI),
+                                       http.urlencode(http.formvalue('redir') or table.concat(disp.context.request, "/")),
                                        translate('Unsaved Changes'),
                                        ucic
                                })