From: Jo-Philipp Wich <jow@openwrt.org>
Date: Wed, 21 Oct 2015 14:45:48 +0000 (+0200)
Subject: luci-base: ensure that base url is emitted with trailing slash
X-Git-Url: https://git.archive.openwrt.org/?p=project%2Fluci.git;a=commitdiff_plain;h=79383f5a74bcff528a5270a930c36b58e310010c

luci-base: ensure that base url is emitted with trailing slash

Now that we don't have an url token anymore, '/cgi-bin/luci' becomes a valid
url while cookies are restricted to only '/cgi-bin/luci/' and below.

In order to ensure that the first request after login refers to a path
covered by the authentication cookie, change build_url() to always append
a trailing slash if we're referring to the base url.

This should fix the login problems mentioned in #516.

While we're touching the dispatcher, also remove remaining url token code.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
---

diff --git a/modules/luci-base/luasrc/dispatcher.lua b/modules/luci-base/luasrc/dispatcher.lua
index bb02912f4..6742a0b33 100644
--- a/modules/luci-base/luasrc/dispatcher.lua
+++ b/modules/luci-base/luasrc/dispatcher.lua
@@ -27,14 +27,6 @@ function build_url(...)
 	local path = {...}
 	local url = { http.getenv("SCRIPT_NAME") or "" }
 
-	local k, v
-	for k, v in pairs(context.urltoken) do
-		url[#url+1] = "/;"
-		url[#url+1] = http.urlencode(k)
-		url[#url+1] = "="
-		url[#url+1] = http.urlencode(v)
-	end
-
 	local p
 	for _, p in ipairs(path) do
 		if p:match("^[a-zA-Z0-9_%-%.%%/,;]+$") then
@@ -43,6 +35,10 @@ function build_url(...)
 		end
 	end
 
+	if #path == 0 then
+		url[#url+1] = "/"
+	end
+
 	return table.concat(url, "")
 end
 
@@ -128,7 +124,6 @@ function httpdispatch(request, prefix)
 
 	local r = {}
 	context.request = r
-	context.urltoken = {}
 
 	local pathinfo = http.urldecode(request:getenv("PATH_INFO") or "", true)
 
@@ -210,7 +205,6 @@ function dispatch(request)
 	ctx.args = args
 	ctx.requestargs = ctx.requestargs or args
 	local n
-	local token = ctx.urltoken
 	local preq = {}
 	local freq = {}
 
@@ -361,9 +355,7 @@ function dispatch(request)
 					end
 
 					if sess and token then
-						http.header("Set-Cookie", 'sysauth=%s; path=%s/' %{
-						   sess, build_url()
-						})
+						http.header("Set-Cookie", 'sysauth=%s; path=%s' %{ sess, build_url() })
 
 						ctx.authsession = sess
 						ctx.authtoken = token