diff options
author | Jo-Philipp Wich <jo@mein.io> | 2018-04-05 22:37:37 +0200 |
---|---|---|
committer | Jo-Philipp Wich <jo@mein.io> | 2018-04-05 23:03:01 +0200 |
commit | 731ed77c0bbee7004a6b5645d9a8592a76748a1c (patch) | |
tree | 682ae002e3459c55d5a66724c11e74507e71ea94 /modules/luci-mod-admin-full | |
parent | 7b04d0bbcf0f34393f20ccad8884a67fea9e2863 (diff) |
treewide: improve handling of page redirections in uci change views
Instead of passing the full LuCI request url, pass the relative resolved
request path instead and filter the received value through the lookup()
dispatcher function to only allow paths to actual internal pages.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Diffstat (limited to 'modules/luci-mod-admin-full')
3 files changed, 10 insertions, 9 deletions
diff --git a/modules/luci-mod-admin-full/luasrc/controller/admin/uci.lua b/modules/luci-mod-admin-full/luasrc/controller/admin/uci.lua index 9c33d9c18..c3bf66852 100644 --- a/modules/luci-mod-admin-full/luasrc/controller/admin/uci.lua +++ b/modules/luci-mod-admin-full/luasrc/controller/admin/uci.lua @@ -5,8 +5,7 @@ module("luci.controller.admin.uci", package.seeall) function index() - local redir = luci.http.formvalue("redir", true) or - luci.dispatcher.build_url(unpack(luci.dispatcher.context.request)) + local redir = luci.http.formvalue("redir", true) or table.concat(disp.context.request, "/") entry({"admin", "uci"}, nil, _("Configuration")) entry({"admin", "uci", "changes"}, call("action_changes"), _("Changes"), 40).query = {redir=redir} diff --git a/modules/luci-mod-admin-full/luasrc/view/admin_uci/changes.htm b/modules/luci-mod-admin-full/luasrc/view/admin_uci/changes.htm index c3373604f..6e725c888 100644 --- a/modules/luci-mod-admin-full/luasrc/view/admin_uci/changes.htm +++ b/modules/luci-mod-admin-full/luasrc/view/admin_uci/changes.htm @@ -16,9 +16,9 @@ <% end %> <div class="cbi-page-actions"> - <% local r = luci.http.formvalue("redir"); if r and #r > 0 then %> + <% local node, url = luci.dispatcher.lookup(luci.http.formvalue("redir")); if url then %> <div style="float:left"> - <form class="inline" method="get" action="<%=luci.util.pcdata(r)%>"> + <form class="inline" method="get" action="<%=luci.util.pcdata(url)%>"> <input class="cbi-button cbi-button-link" style="float:left; margin:0" type="submit" value="<%:Back%>" /> </form> </div> diff --git a/modules/luci-mod-admin-full/luasrc/view/admin_uci/revert.htm b/modules/luci-mod-admin-full/luasrc/view/admin_uci/revert.htm index 5da7281a8..20327adff 100644 --- a/modules/luci-mod-admin-full/luasrc/view/admin_uci/revert.htm +++ b/modules/luci-mod-admin-full/luasrc/view/admin_uci/revert.htm @@ -18,10 +18,12 @@ <p><strong><%:There are no pending changes to revert!%></strong></p> <% end %> -<div class="cbi-page-actions"> - <form class="inline" method="get" action="<%=luci.util.pcdata(luci.http.formvalue("redir"))%>"> - <input class="cbi-button cbi-button-link" style="margin:0" type="submit" value="<%:Back%>" /> - </form> -</div> +<% local node, url = luci.dispatcher.lookup(luci.http.formvalue("redir")); if url then %> + <div class="cbi-page-actions"> + <form class="inline" method="get" action="<%=luci.util.pcdata(url)%>"> + <input class="cbi-button cbi-button-link" style="margin:0" type="submit" value="<%:Back%>" /> + </form> + </div> +<% end %> <%+footer%> |