X-Git-Url: http://git.archive.openwrt.org/?a=blobdiff_plain;f=modules%2Fluci-base%2Fluasrc%2Fdispatcher.lua;h=2c58b0ab3d9220d76f7b0a1e7196b0da622949f6;hb=7acacf2cf806c5d74fc60f8a2de95628ba52bb7d;hp=91b86679fd739bc5ba67deb47258a9c46c09d0c5;hpb=edd1fab34eaa98be624bbba17f60a8ae63744a98;p=project%2Fluci.git

diff --git a/modules/luci-base/luasrc/dispatcher.lua b/modules/luci-base/luasrc/dispatcher.lua
index 91b86679f..2c58b0ab3 100644
--- a/modules/luci-base/luasrc/dispatcher.lua
+++ b/modules/luci-base/luasrc/dispatcher.lua
@@ -75,11 +75,16 @@ function error404(message)
 	http.status(404, "Not Found")
 	message = message or "Not Found"
 
-	require("luci.template")
-	if not util.copcall(luci.template.render, "error404") then
+	local function render()
+		local template = require "luci.template"
+		template.render("error404")
+	end
+
+	if not util.copcall(render) then
 		http.prepare_content("text/plain")
 		http.write(message)
 	end
+
 	return false
 end
 
@@ -113,7 +118,8 @@ function httpdispatch(request, prefix)
 		end
 	end
 
-	for node in pathinfo:gmatch("[^/]+") do
+	local node
+	for node in pathinfo:gmatch("[^/%z]+") do
 		r[#r+1] = node
 	end
 
@@ -176,6 +182,7 @@ local function session_retrieve(sid, allowed_users)
 	   (not allowed_users or
 	    util.contains(allowed_users, sdat.values.username))
 	then
+		uci:set_session_id(sid)
 		return sid, sdat.values
 	end
 
@@ -351,7 +358,7 @@ function dispatch(request)
 			elseif key == "REQUEST_URI" then
 				return build_url(unpack(ctx.requestpath))
 			elseif key == "FULL_REQUEST_URI" then
-				local url = { http.getenv("SCRIPT_NAME"), http.getenv("PATH_INFO") }
+				local url = { http.getenv("SCRIPT_NAME") or "" , http.getenv("PATH_INFO") }
 				local query = http.getenv("QUERY_STRING")
 				if query and #query > 0 then
 					url[#url+1] = "?"
@@ -422,7 +429,9 @@ function dispatch(request)
 				return
 			end
 
-			http.header("Set-Cookie", 'sysauth=%s; path=%s' %{ sid, build_url() })
+			http.header("Set-Cookie", 'sysauth=%s; path=%s; HttpOnly%s' %{
+				sid, build_url(), http.getenv("HTTPS") == "on" and "; secure" or ""
+			})
 			http.redirect(build_url(unpack(ctx.requestpath)))
 		end
 
@@ -436,6 +445,13 @@ function dispatch(request)
 		ctx.authuser = sdat.username
 	end
 
+	if track.cors and http.getenv("REQUEST_METHOD") == "OPTIONS" then
+		luci.http.status(200, "OK")
+		luci.http.header("Access-Control-Allow-Origin", http.getenv("HTTP_ORIGIN") or "*")
+		luci.http.header("Access-Control-Allow-Methods", "GET, POST, OPTIONS")
+		return
+	end
+
 	if c and require_post_security(c.target) then
 		if not test_post_security(c) then
 			return
@@ -869,6 +885,8 @@ local function _cbi(self, ...)
 	local pageaction = true
 	local parsechain = { }
 
+	local is_rollback, time_remaining = uci:rollback_pending()
+
 	for i, res in ipairs(maps) do
 		if res.apply_needed and res.parsechain then
 			local c
@@ -896,6 +914,7 @@ local function _cbi(self, ...)
 		res:render({
 			firstmap   = (i == 1),
 			applymap   = applymap,
+			confirmmap = (is_rollback and time_remaining or nil),
 			redirect   = redirect,
 			messages   = messages,
 			pageaction = pageaction,