diff options
author | Jo-Philipp Wich <jow@openwrt.org> | 2015-10-21 16:45:48 +0200 |
---|---|---|
committer | Jo-Philipp Wich <jow@openwrt.org> | 2015-10-21 16:48:25 +0200 |
commit | 79383f5a74bcff528a5270a930c36b58e310010c (patch) | |
tree | 75b5f0a4f80bf4015ffcdb201f70f340f39bd48c | |
parent | b4d62d3fd7c7093828c84b5f408cfb0ff6d84939 (diff) |
luci-base: ensure that base url is emitted with trailing slash
Now that we don't have an url token anymore, '/cgi-bin/luci' becomes a valid
url while cookies are restricted to only '/cgi-bin/luci/' and below.
In order to ensure that the first request after login refers to a path
covered by the authentication cookie, change build_url() to always append
a trailing slash if we're referring to the base url.
This should fix the login problems mentioned in #516.
While we're touching the dispatcher, also remove remaining url token code.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
-rw-r--r-- | modules/luci-base/luasrc/dispatcher.lua | 18 |
1 files changed, 5 insertions, 13 deletions
diff --git a/modules/luci-base/luasrc/dispatcher.lua b/modules/luci-base/luasrc/dispatcher.lua index bb02912f4b..6742a0b33d 100644 --- a/modules/luci-base/luasrc/dispatcher.lua +++ b/modules/luci-base/luasrc/dispatcher.lua @@ -27,14 +27,6 @@ function build_url(...) local path = {...} local url = { http.getenv("SCRIPT_NAME") or "" } - local k, v - for k, v in pairs(context.urltoken) do - url[#url+1] = "/;" - url[#url+1] = http.urlencode(k) - url[#url+1] = "=" - url[#url+1] = http.urlencode(v) - end - local p for _, p in ipairs(path) do if p:match("^[a-zA-Z0-9_%-%.%%/,;]+$") then @@ -43,6 +35,10 @@ function build_url(...) end end + if #path == 0 then + url[#url+1] = "/" + end + return table.concat(url, "") end @@ -128,7 +124,6 @@ function httpdispatch(request, prefix) local r = {} context.request = r - context.urltoken = {} local pathinfo = http.urldecode(request:getenv("PATH_INFO") or "", true) @@ -210,7 +205,6 @@ function dispatch(request) ctx.args = args ctx.requestargs = ctx.requestargs or args local n - local token = ctx.urltoken local preq = {} local freq = {} @@ -361,9 +355,7 @@ function dispatch(request) end if sess and token then - http.header("Set-Cookie", 'sysauth=%s; path=%s/' %{ - sess, build_url() - }) + http.header("Set-Cookie", 'sysauth=%s; path=%s' %{ sess, build_url() }) ctx.authsession = sess ctx.authtoken = token |