diff options
author | Jo-Philipp Wich <jo@mein.io> | 2018-04-05 22:37:37 +0200 |
---|---|---|
committer | Jo-Philipp Wich <jo@mein.io> | 2018-04-05 23:03:01 +0200 |
commit | 731ed77c0bbee7004a6b5645d9a8592a76748a1c (patch) | |
tree | 682ae002e3459c55d5a66724c11e74507e71ea94 /modules/luci-mod-admin-full/luasrc | |
parent | 7b04d0bbcf0f34393f20ccad8884a67fea9e2863 (diff) |
treewide: improve handling of page redirections in uci change views
Instead of passing the full LuCI request url, pass the relative resolved
request path instead and filter the received value through the lookup()
dispatcher function to only allow paths to actual internal pages.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Diffstat (limited to 'modules/luci-mod-admin-full/luasrc')
3 files changed, 10 insertions, 9 deletions
diff --git a/modules/luci-mod-admin-full/luasrc/controller/admin/uci.lua b/modules/luci-mod-admin-full/luasrc/controller/admin/uci.lua index 9c33d9c18b..c3bf668521 100644 --- a/modules/luci-mod-admin-full/luasrc/controller/admin/uci.lua +++ b/modules/luci-mod-admin-full/luasrc/controller/admin/uci.lua @@ -5,8 +5,7 @@ module("luci.controller.admin.uci", package.seeall) function index() - local redir = luci.http.formvalue("redir", true) or - luci.dispatcher.build_url(unpack(luci.dispatcher.context.request)) + local redir = luci.http.formvalue("redir", true) or table.concat(disp.context.request, "/") entry({"admin", "uci"}, nil, _("Configuration")) entry({"admin", "uci", "changes"}, call("action_changes"), _("Changes"), 40).query = {redir=redir} diff --git a/modules/luci-mod-admin-full/luasrc/view/admin_uci/changes.htm b/modules/luci-mod-admin-full/luasrc/view/admin_uci/changes.htm index c3373604f3..6e725c8888 100644 --- a/modules/luci-mod-admin-full/luasrc/view/admin_uci/changes.htm +++ b/modules/luci-mod-admin-full/luasrc/view/admin_uci/changes.htm @@ -16,9 +16,9 @@ <% end %> <div class="cbi-page-actions"> - <% local r = luci.http.formvalue("redir"); if r and #r > 0 then %> + <% local node, url = luci.dispatcher.lookup(luci.http.formvalue("redir")); if url then %> <div style="float:left"> - <form class="inline" method="get" action="<%=luci.util.pcdata(r)%>"> + <form class="inline" method="get" action="<%=luci.util.pcdata(url)%>"> <input class="cbi-button cbi-button-link" style="float:left; margin:0" type="submit" value="<%:Back%>" /> </form> </div> diff --git a/modules/luci-mod-admin-full/luasrc/view/admin_uci/revert.htm b/modules/luci-mod-admin-full/luasrc/view/admin_uci/revert.htm index 5da7281a80..20327adff3 100644 --- a/modules/luci-mod-admin-full/luasrc/view/admin_uci/revert.htm +++ b/modules/luci-mod-admin-full/luasrc/view/admin_uci/revert.htm @@ -18,10 +18,12 @@ <p><strong><%:There are no pending changes to revert!%></strong></p> <% end %> -<div class="cbi-page-actions"> - <form class="inline" method="get" action="<%=luci.util.pcdata(luci.http.formvalue("redir"))%>"> - <input class="cbi-button cbi-button-link" style="margin:0" type="submit" value="<%:Back%>" /> - </form> -</div> +<% local node, url = luci.dispatcher.lookup(luci.http.formvalue("redir")); if url then %> + <div class="cbi-page-actions"> + <form class="inline" method="get" action="<%=luci.util.pcdata(url)%>"> + <input class="cbi-button cbi-button-link" style="margin:0" type="submit" value="<%:Back%>" /> + </form> + </div> +<% end %> <%+footer%> |