From 731ed77c0bbee7004a6b5645d9a8592a76748a1c Mon Sep 17 00:00:00 2001
From: Jo-Philipp Wich <jo@mein.io>
Date: Thu, 5 Apr 2018 22:37:37 +0200
Subject: treewide: improve handling of page redirections in uci change views

Instead of passing the full LuCI request url, pass the relative resolved
request path instead and filter the received value through the lookup()
dispatcher function to only allow paths to actual internal pages.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
---
 themes/luci-theme-bootstrap/luasrc/view/themes/bootstrap/header.htm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'themes/luci-theme-bootstrap')

diff --git a/themes/luci-theme-bootstrap/luasrc/view/themes/bootstrap/header.htm b/themes/luci-theme-bootstrap/luasrc/view/themes/bootstrap/header.htm
index 78b98e035..0441c9583 100644
--- a/themes/luci-theme-bootstrap/luasrc/view/themes/bootstrap/header.htm
+++ b/themes/luci-theme-bootstrap/luasrc/view/themes/bootstrap/header.htm
@@ -147,7 +147,7 @@
 			if ucichanges > 0 then
 				write('<a class="label notice" href="%s?redir=%s">%s: %d</a>' %{
 					url(category, 'uci/changes'),
-					http.urlencode(http.formvalue('redir') or REQUEST_URI),
+					http.urlencode(http.formvalue('redir') or table.concat(disp.context.request, "/")),
 					translate('Unsaved Changes'),
 					ucichanges
 				})
-- 
cgit v1.2.3