summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
7b04d0b)
Instead of passing the full LuCI request url, pass the relative resolved
request path instead and filter the received value through the lookup()
dispatcher function to only allow paths to actual internal pages.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
module("luci.controller.admin.uci", package.seeall)
function index()
module("luci.controller.admin.uci", package.seeall)
function index()
- local redir = luci.http.formvalue("redir", true) or
- luci.dispatcher.build_url(unpack(luci.dispatcher.context.request))
+ local redir = luci.http.formvalue("redir", true) or table.concat(disp.context.request, "/")
entry({"admin", "uci"}, nil, _("Configuration"))
entry({"admin", "uci", "changes"}, call("action_changes"), _("Changes"), 40).query = {redir=redir}
entry({"admin", "uci"}, nil, _("Configuration"))
entry({"admin", "uci", "changes"}, call("action_changes"), _("Changes"), 40).query = {redir=redir}
<% end %>
<div class="cbi-page-actions">
<% end %>
<div class="cbi-page-actions">
- <% local r = luci.http.formvalue("redir"); if r and #r > 0 then %>
+ <% local node, url = luci.dispatcher.lookup(luci.http.formvalue("redir")); if url then %>
- <form class="inline" method="get" action="<%=luci.util.pcdata(r)%>">
+ <form class="inline" method="get" action="<%=luci.util.pcdata(url)%>">
<input class="cbi-button cbi-button-link" style="float:left; margin:0" type="submit" value="<%:Back%>" />
</form>
</div>
<input class="cbi-button cbi-button-link" style="float:left; margin:0" type="submit" value="<%:Back%>" />
</form>
</div>
<p><strong><%:There are no pending changes to revert!%></strong></p>
<% end %>
<p><strong><%:There are no pending changes to revert!%></strong></p>
<% end %>
-<div class="cbi-page-actions">
- <form class="inline" method="get" action="<%=luci.util.pcdata(luci.http.formvalue("redir"))%>">
- <input class="cbi-button cbi-button-link" style="margin:0" type="submit" value="<%:Back%>" />
- </form>
-</div>
+<% local node, url = luci.dispatcher.lookup(luci.http.formvalue("redir")); if url then %>
+ <div class="cbi-page-actions">
+ <form class="inline" method="get" action="<%=luci.util.pcdata(url)%>">
+ <input class="cbi-button cbi-button-link" style="margin:0" type="submit" value="<%:Back%>" />
+ </form>
+ </div>
+<% end %>
if ucichanges > 0 then
write('<a class="label notice" href="%s?redir=%s">%s: %d</a>' %{
url(category, 'uci/changes'),
if ucichanges > 0 then
write('<a class="label notice" href="%s?redir=%s">%s: %d</a>' %{
url(category, 'uci/changes'),
- http.urlencode(http.formvalue('redir') or REQUEST_URI),
+ http.urlencode(http.formvalue('redir') or table.concat(disp.context.request, "/")),
translate('Unsaved Changes'),
ucichanges
})
translate('Unsaved Changes'),
ucichanges
})
-%>
<div id="savemenu">
<% if ucic > 0 then %>
-%>
<div id="savemenu">
<% if ucic > 0 then %>
- <a class="warning" href="<%=controller%>/<%=category%>/uci/changes/?redir=<%=http.urlencode(http.formvalue("redir") or REQUEST_URI)%>"><%:Unsaved Changes%>: <%=ucic%></a>
+ <a class="warning" href="<%=controller%>/<%=category%>/uci/changes/?redir=<%=http.urlencode(http.formvalue('redir') or table.concat(disp.context.request, "/"))%>"><%:Unsaved Changes%>: <%=ucic%></a>
<% end -%>
</div>
<% end %>
<% end -%>
</div>
<% end %>
if ucichanges > 0 then
write('<a class="label notice" href="%s?redir=%s">%s: %d</a>' %{
url(category, 'uci/changes'),
if ucichanges > 0 then
write('<a class="label notice" href="%s?redir=%s">%s: %d</a>' %{
url(category, 'uci/changes'),
- http.urlencode(http.formvalue('redir') or REQUEST_URI),
+ http.urlencode(http.formvalue('redir') or table.concat(disp.context.request, "/")),
translate('Unsaved Changes'),
ucichanges
})
translate('Unsaved Changes'),
ucichanges
})
if ucic > 0 then
write('<a class="warning" href="%s?redir=%s">%s: %d</a>' %{
url(category, 'uci/changes'),
if ucic > 0 then
write('<a class="warning" href="%s?redir=%s">%s: %d</a>' %{
url(category, 'uci/changes'),
- http.urlencode(http.formvalue('redir') or REQUEST_URI),
+ http.urlencode(http.formvalue('redir') or table.concat(disp.context.request, "/")),
translate('Unsaved Changes'),
ucic
})
translate('Unsaved Changes'),
ucic
})