summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorJo-Philipp Wich <jow@openwrt.org>2015-10-21 16:45:48 +0200
committerJo-Philipp Wich <jow@openwrt.org>2015-10-21 16:48:25 +0200
commit79383f5a74bcff528a5270a930c36b58e310010c (patch)
tree75b5f0a4f80bf4015ffcdb201f70f340f39bd48c
parentb4d62d3fd7c7093828c84b5f408cfb0ff6d84939 (diff)
luci-base: ensure that base url is emitted with trailing slash
Now that we don't have an url token anymore, '/cgi-bin/luci' becomes a valid url while cookies are restricted to only '/cgi-bin/luci/' and below. In order to ensure that the first request after login refers to a path covered by the authentication cookie, change build_url() to always append a trailing slash if we're referring to the base url. This should fix the login problems mentioned in #516. While we're touching the dispatcher, also remove remaining url token code. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
-rw-r--r--modules/luci-base/luasrc/dispatcher.lua18
1 files changed, 5 insertions, 13 deletions
diff --git a/modules/luci-base/luasrc/dispatcher.lua b/modules/luci-base/luasrc/dispatcher.lua
index bb02912f4b..6742a0b33d 100644
--- a/modules/luci-base/luasrc/dispatcher.lua
+++ b/modules/luci-base/luasrc/dispatcher.lua
@@ -27,14 +27,6 @@ function build_url(...)
local path = {...}
local url = { http.getenv("SCRIPT_NAME") or "" }
- local k, v
- for k, v in pairs(context.urltoken) do
- url[#url+1] = "/;"
- url[#url+1] = http.urlencode(k)
- url[#url+1] = "="
- url[#url+1] = http.urlencode(v)
- end
-
local p
for _, p in ipairs(path) do
if p:match("^[a-zA-Z0-9_%-%.%%/,;]+$") then
@@ -43,6 +35,10 @@ function build_url(...)
end
end
+ if #path == 0 then
+ url[#url+1] = "/"
+ end
+
return table.concat(url, "")
end
@@ -128,7 +124,6 @@ function httpdispatch(request, prefix)
local r = {}
context.request = r
- context.urltoken = {}
local pathinfo = http.urldecode(request:getenv("PATH_INFO") or "", true)
@@ -210,7 +205,6 @@ function dispatch(request)
ctx.args = args
ctx.requestargs = ctx.requestargs or args
local n
- local token = ctx.urltoken
local preq = {}
local freq = {}
@@ -361,9 +355,7 @@ function dispatch(request)
end
if sess and token then
- http.header("Set-Cookie", 'sysauth=%s; path=%s/' %{
- sess, build_url()
- })
+ http.header("Set-Cookie", 'sysauth=%s; path=%s' %{ sess, build_url() })
ctx.authsession = sess
ctx.authtoken = token