Now that we don't have an url token anymore, '/cgi-bin/luci' becomes a valid
url while cookies are restricted to only '/cgi-bin/luci/' and below.
In order to ensure that the first request after login refers to a path
covered by the authentication cookie, change build_url() to always append
a trailing slash if we're referring to the base url.
This should fix the login problems mentioned in #516.
While we're touching the dispatcher, also remove remaining url token code.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
local path = {...}
local url = { http.getenv("SCRIPT_NAME") or "" }
local path = {...}
local url = { http.getenv("SCRIPT_NAME") or "" }
- local k, v
- for k, v in pairs(context.urltoken) do
- url[#url+1] = "/;"
- url[#url+1] = http.urlencode(k)
- url[#url+1] = "="
- url[#url+1] = http.urlencode(v)
- end
-
local p
for _, p in ipairs(path) do
if p:match("^[a-zA-Z0-9_%-%.%%/,;]+$") then
local p
for _, p in ipairs(path) do
if p:match("^[a-zA-Z0-9_%-%.%%/,;]+$") then
+ if #path == 0 then
+ url[#url+1] = "/"
+ end
+
return table.concat(url, "")
end
return table.concat(url, "")
end
local r = {}
context.request = r
local r = {}
context.request = r
local pathinfo = http.urldecode(request:getenv("PATH_INFO") or "", true)
local pathinfo = http.urldecode(request:getenv("PATH_INFO") or "", true)
ctx.args = args
ctx.requestargs = ctx.requestargs or args
local n
ctx.args = args
ctx.requestargs = ctx.requestargs or args
local n
- local token = ctx.urltoken
local preq = {}
local freq = {}
local preq = {}
local freq = {}
end
if sess and token then
end
if sess and token then
- http.header("Set-Cookie", 'sysauth=%s; path=%s/' %{
- sess, build_url()
- })
+ http.header("Set-Cookie", 'sysauth=%s; path=%s' %{ sess, build_url() })
ctx.authsession = sess
ctx.authtoken = token
ctx.authsession = sess
ctx.authtoken = token