From 57fb95f8a9214d3f60dac0d645e52ee62b66db7b Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Mon, 10 Oct 2016 08:56:16 +0200
Subject: [PATCH] dhcp: url_safe() redirects for #1168

---
 src/www/services_dhcp.php         | 8 ++++----
 src/www/services_dhcp_edit.php    | 8 ++++----
 src/www/services_dhcp_relay.php   | 2 +-
 src/www/services_dhcpv6.php       | 4 ++--
 src/www/services_dhcpv6_edit.php  | 4 ++--
 src/www/services_dhcpv6_relay.php | 2 +-
 6 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/src/www/services_dhcp.php b/src/www/services_dhcp.php
index 92143a7a5..204058dc5 100644
--- a/src/www/services_dhcp.php
+++ b/src/www/services_dhcp.php
@@ -507,13 +507,13 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
                 filter_configure();
             }
             reconfigure_dhcpd();
-            header("Location: services_dhcp.php?if={$if}");
+            header(url_safe('Location: /services_dhcp.php?if=%s', array($if)));
             exit;
         }
     } elseif (isset($_POST['apply'])) {
         // apply changes
         reconfigure_dhcpd();
-        header("Location: services_dhcp.php?if={$if}");
+        header(url_safe('Location: /services_dhcp.php?if=%s', array($if)));
         exit;
     } elseif ($act ==  "del") {
         if (!empty($config['dhcpd'][$if]['staticmap'][$_POST['id']])) {
@@ -528,14 +528,14 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
               }
             }
         }
-        header("Location: services_dhcp.php?if={$if}");
+        header(url_safe('Location: /services_dhcp.php?if=%s', array($if)));
         exit;
     } elseif ($act ==  "delpool") {
         if (!empty($a_pools[$_POST['id']])) {
             unset($a_pools[$_POST['id']]);
             write_config();
         }
-        header("Location: services_dhcp.php?if={$if}");
+        header(url_safe('Location: /services_dhcp.php?if=%s', array($if)));
         exit;
     }
 }
diff --git a/src/www/services_dhcp_edit.php b/src/www/services_dhcp_edit.php
index 2a6b1d0cf..6951f3441 100644
--- a/src/www/services_dhcp_edit.php
+++ b/src/www/services_dhcp_edit.php
@@ -42,7 +42,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
     if (!empty($_GET['if']) && !empty($config['interfaces'][$_GET['if']])) {
         $if = $_GET['if'];
     } else {
-        header("Location: services_dhcp.php");
+        header(url_safe('Location: /services_dhcp.php'));
         exit;
     }
     if (isset($if) && isset($_GET['id']) && !empty($config['dhcpd'][$if]['staticmap'][$_GET['id']])) {
@@ -294,16 +294,16 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
             mark_subsystem_dirty('unbound');
         }
 
-        header("Location: services_dhcp.php?if={$if}");
+        header(url_safe('Location: /services_dhcp.php?if=%s', array($if)));
         exit;
     }
 }
 
-
-
 $service_hook = 'dhcpd';
 legacy_html_escape_form_data($pconfig);
+
 include("head.inc");
+
 ?>
 <body>
 <script type="text/javascript">
diff --git a/src/www/services_dhcp_relay.php b/src/www/services_dhcp_relay.php
index b5c364114..3e36160ea 100644
--- a/src/www/services_dhcp_relay.php
+++ b/src/www/services_dhcp_relay.php
@@ -73,7 +73,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
         write_config();
         // reconfigure
         services_dhcrelay_configure();
-        header("Location: services_dhcp_relay.php");
+        header(url_safe('Location: /services_dhcp_relay.php'));
         exit;
     }
 }
diff --git a/src/www/services_dhcpv6.php b/src/www/services_dhcpv6.php
index f82c5353a..a75796ff2 100644
--- a/src/www/services_dhcpv6.php
+++ b/src/www/services_dhcpv6.php
@@ -317,12 +317,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
                 filter_configure();
             }
 
-            header("Location: services_dhcpv6.php?if={$if}");
+            header(url_safe('Location: /services_dhcpv6.php?if=%s', array($if)));
             exit;
         }
     } elseif (isset($pconfig['apply'])) {
         reconfigure_dhcpd();
-        header("Location: services_dhcpv6.php?if={$if}");
+        header(url_safe('Location: /services_dhcpv6.php?if=%s', array($if)));
         exit;
     } elseif ($act == "del") {
         if (!empty($config['dhcpdv6'][$if]['staticmap'][$_POST['id']])) {
diff --git a/src/www/services_dhcpv6_edit.php b/src/www/services_dhcpv6_edit.php
index aca09c236..0d6985a3d 100644
--- a/src/www/services_dhcpv6_edit.php
+++ b/src/www/services_dhcpv6_edit.php
@@ -42,7 +42,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
     if (!empty($_GET['if']) && !empty($config['interfaces'][$_GET['if']])) {
         $if = $_GET['if'];
     } else {
-        header("Location: services_dhcpv6.php");
+        header(url_safe('Location: /services_dhcpv6.php'));
         exit;
     }
     if (isset($if) && isset($_GET['id']) && !empty($config['dhcpdv6'][$if]['staticmap'][$_GET['id']])) {
@@ -145,7 +145,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
             }
         }
 
-        header("Location: services_dhcpv6.php?if={$if}");
+        header(url_safe('Location: /services_dhcpv6.php?if=%s', array($if)));
         exit;
     }
 }
diff --git a/src/www/services_dhcpv6_relay.php b/src/www/services_dhcpv6_relay.php
index b8149472a..96525b87f 100644
--- a/src/www/services_dhcpv6_relay.php
+++ b/src/www/services_dhcpv6_relay.php
@@ -74,7 +74,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
         write_config();
         // reconfigure
         services_dhcrelay6_configure();
-        header("Location: services_dhcpv6_relay.php");
+        header(url_safe('Location: /services_dhcpv6_relay.php'));
         exit;
     }
 }