diff --git a/src/www/system_advanced_notifications.php b/src/www/system_advanced_notifications.php
index 87f1fa114..9a19d0f30 100644
--- a/src/www/system_advanced_notifications.php
+++ b/src/www/system_advanced_notifications.php
@@ -96,7 +96,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
}
write_config();
- header("Location: system_advanced_notifications.php");
+ header(url_safe('Location: /system_advanced_notifications.php'));
return;
} elseif (isset($pconfig['test_growl']) && $pconfig['test_growl'] == gettext("Test Growl")) {
diff --git a/src/www/system_advanced_sysctl.php b/src/www/system_advanced_sysctl.php
index 07c570d83..06aa4ca58 100644
--- a/src/www/system_advanced_sysctl.php
+++ b/src/www/system_advanced_sysctl.php
@@ -71,12 +71,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
unset($a_tunable[$id]);
write_config();
mark_subsystem_dirty('sysctl');
- header("Location: system_advanced_sysctl.php");
+ header(url_safe('Location: /system_advanced_sysctl.php'));
exit;
} else if (!empty($pconfig['apply'])) {
system_setup_sysctl();
clear_subsystem_dirty('sysctl');
- header("Location: system_advanced_sysctl.php");
+ header(url_safe('Location: /system_advanced_sysctl.php'));
exit;
} elseif (!empty($pconfig['Submit'])) {
$tunableent = array();
@@ -92,7 +92,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
mark_subsystem_dirty('sysctl');
write_config();
- header("Location: system_advanced_sysctl.php");
+ header(url_safe('Location: /system_advanced_sysctl.php'));
exit;
}
diff --git a/src/www/system_authservers.php b/src/www/system_authservers.php
index 3570eadc9..75c4c7243 100644
--- a/src/www/system_authservers.php
+++ b/src/www/system_authservers.php
@@ -265,7 +265,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
}
write_config();
- header("Location: system_authservers.php");
+ header(url_safe('Location: /system_authservers.php'));
+ exit;
} else {
$act = "edit";
}
@@ -277,12 +278,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
unset($config['system']['authserver'][$k]);
}
}
- $savemsg = gettext("Authentication Server")." {$serverdeleted} ".
- gettext("deleted")."
";
- write_config($savemsg);
- header("Location: system_authservers.php");
+ write_config(sprintf('Authentication server "%s" deleted.', $serverdeleted));
+ header(url_safe('Location: /system_authservers.php'));
+ exit;
}
-
}
// list of all possible fields for auth item (used for form init)
diff --git a/src/www/system_camanager.php b/src/www/system_camanager.php
index edadea88b..2f8b97516 100644
--- a/src/www/system_camanager.php
+++ b/src/www/system_camanager.php
@@ -172,7 +172,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
if ($act == "edit") {
if (!isset($id)) {
- header("Location: system_camanager.php");
+ header(url_safe('Location: /system_camanager.php'));
exit;
}
$pconfig['descr'] = $a_ca[$id]['descr'];
@@ -193,7 +193,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$pconfig['dn_commonname'] = "internal-ca";
} elseif ($act == "exp") {
if (!isset($id)) {
- header("Location: system_camanager.php");
+ header(url_safe('Location: /system_camanager.php'));
exit;
}
@@ -208,7 +208,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
exit;
} elseif ($act == "expkey") {
if (!isset($id)) {
- header("Location: system_camanager.php");
+ header(url_safe('Location: /system_camanager.php'));
exit;
}
@@ -234,7 +234,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
if ($act == "del") {
if (!isset($id)) {
- header("Location: system_camanager.php");
+ header(url_safe('Location: /system_camanager.php'));
exit;
}
$a_cert =& $config['cert'];
@@ -255,7 +255,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
unset($a_ca[$id]);
write_config();
- header("Location: system_camanager.php");
+ header(url_safe('Location: /system_camanager.php'));
exit;
} else {
$input_errors = array();
@@ -402,10 +402,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
if (count($input_errors) == 0) {
write_config();
- header("Location: system_camanager.php");
+ header(url_safe('Location: /system_camanager.php'));
}
}
-
}
}
@@ -416,7 +415,6 @@ $main_buttons = array(
array('label' => gettext('Add or import CA'), 'href' => 'system_camanager.php?act=new'),
);
-
?>
diff --git a/src/www/system_certmanager.php b/src/www/system_certmanager.php
index d807796df..c96f95397 100644
--- a/src/www/system_certmanager.php
+++ b/src/www/system_certmanager.php
@@ -203,7 +203,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
exit;
} elseif ($act == "csr") {
if (!isset($id)) {
- header("Location: system_certmanager.php");
+ header(url_safe('Location: /system_certmanager.php'));
exit;
}
$pconfig['descr'] = $a_cert[$id]['descr'];
@@ -244,13 +244,13 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
unset($a_cert[$id]);
write_config();
}
- header("Location: system_certmanager.php");
+ header(url_safe('Location: /system_certmanager.php'));
exit;
} elseif ($act == "csr") {
$input_errors = array();
$pconfig = $_POST;
if (!isset($id)) {
- header("Location: system_certmanager.php");
+ header(url_safe('Location: /system_certmanager.php'));
exit;
}
@@ -279,7 +279,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
write_config();
- header("Location: system_certmanager.php");
+ header(url_safe('Location: /system_certmanager.php'));
exit;
}
} elseif (!empty($_POST['save'])) {
@@ -495,9 +495,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
if (count($input_errors) == 0) {
write_config();
if (isset($userid)) {
- header("Location: system_usermanager.php?act=edit&userid=".$userid);
+ header(url_safe('Location: /system_usermanager.php?act=edit&userid=%s', array($userid)));
} else {
- header("Location: system_certmanager.php");
+ header(url_safe('Location: /system_certmanager.php'));
}
exit;
}
diff --git a/src/www/system_crlmanager.php b/src/www/system_crlmanager.php
index 39c65415c..960cd939b 100644
--- a/src/www/system_crlmanager.php
+++ b/src/www/system_crlmanager.php
@@ -159,12 +159,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
}
}
write_config(sprintf('Deleted CRL %s', $name));
- header("Location: system_crlmanager.php");
+ header(url_safe('Location: /system_crlmanager.php'));
exit;
}
} elseif ($act == "delcert" && isset($id)) {
if (!isset($thiscrl['cert']) || !is_array($thiscrl['cert'])) {
- header("Location: system_crlmanager.php");
+ header(url_safe('Location: /system_crlmanager.php'));
exit;
}
$found = false;
@@ -175,14 +175,14 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
}
}
if (!$found) {
- header("Location: system_crlmanager.php");
+ header(url_safe('Location: /system_crlmanager.php'));
exit;
}
$name = $thiscert['descr'];
if (cert_unrevoke($thiscert, $thiscrl)) {
openvpn_refresh_crls();
write_config(sprintf('Deleted certificate %s from CRL %s', $name, $thiscrl['descr']));
- header("Location: system_crlmanager.php");
+ header(url_safe('Location: /system_crlmanager.php'));
exit;
} else {
$savemsg = sprintf(gettext("Failed to delete certificate %s from CRL %s"), $name, $thiscrl['descr']) . "
";
@@ -191,7 +191,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
} elseif ($act == "addcert") {
$input_errors = array();
if (!isset($id)) {
- header("Location: system_crlmanager.php");
+ header(url_safe('Location: /system_crlmanager.php'));
exit;
}
@@ -215,7 +215,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
cert_revoke($cert, $crl, $reason);
openvpn_refresh_crls();
write_config(sprintf('Revoked certificate %s in CRL %s', $cert['descr'], $crl['descr']));
- header("Location: system_crlmanager.php");
+ header(url_safe('Location: /system_crlmanager.php'));
exit;
}
} else {
@@ -271,7 +271,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
write_config(sprintf('Saved CRL %s', $crl['descr']));
openvpn_refresh_crls();
- header("Location: system_crlmanager.php");
+ header(url_safe('Location: /system_crlmanager.php'));
exit;
}
}
diff --git a/src/www/system_gateway_groups.php b/src/www/system_gateway_groups.php
index 1914f34e9..3f61c3d63 100644
--- a/src/www/system_gateway_groups.php
+++ b/src/www/system_gateway_groups.php
@@ -80,7 +80,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
unset($a_gateway_groups[$_POST['id']]);
write_config();
mark_subsystem_dirty('staticroutes');
- header("Location: system_gateway_groups.php");
+ header(url_safe('Location: /system_gateway_groups.php'));
exit;
}
} elseif (isset($_POST['apply'])) {
@@ -105,7 +105,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
clear_subsystem_dirty($gw_subsystem);
}
}
- header("Location: system_gateway_groups.php");
+ header(url_safe('Location: /system_gateway_groups.php'));
exit;
}
}
diff --git a/src/www/system_gateway_groups_edit.php b/src/www/system_gateway_groups_edit.php
index 519000c2d..7d258b4b5 100644
--- a/src/www/system_gateway_groups_edit.php
+++ b/src/www/system_gateway_groups_edit.php
@@ -136,7 +136,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
write_config();
- header("Location: system_gateway_groups.php");
+ header(url_safe('Location: /system_gateway_groups.php'));
exit;
}
}
diff --git a/src/www/system_gateways.php b/src/www/system_gateways.php
index 0a406b48a..ea1f73326 100644
--- a/src/www/system_gateways.php
+++ b/src/www/system_gateways.php
@@ -134,7 +134,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if ($retval == 0) {
clear_subsystem_dirty('staticroutes');
}
- header("Location: system_gateways.php?displaysave=true");
+ header(url_safe('Location: /system_gateways.php?displaysave=true'));
exit;
} elseif (isset($id) && isset($pconfig['act']) && $pconfig['act'] == "del") {
// delete single entry
@@ -144,7 +144,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
delete_gateway_item($id, $a_gateways);
write_config("Gateways: removed gateway {$realid}");
mark_subsystem_dirty('staticroutes');
- header("Location: system_gateways.php");
+ header(url_safe('Location: /system_gateways.php'));
exit;
}
} elseif (isset($id) && isset($pconfig['act']) && $pconfig['act'] == "toggle") {
@@ -164,11 +164,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$a_gateway_item[$realid]['disabled'] = true;
}
- if (write_config("Gateways: enable/disable")) {
- mark_subsystem_dirty('staticroutes');
- }
+ write_config('Gateways: toggled gateway');
+ mark_subsystem_dirty('staticroutes');
- header("Location: system_gateways.php");
+ header(url_safe('Location: /system_gateways.php'));
exit;
} elseif (!empty($pconfig['rule']) && isset($pconfig['act']) && $pconfig['act'] == "del_x") {
// delete selected items
@@ -190,7 +189,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
write_config("Gateways: removed gateways {$items_deleted}");
mark_subsystem_dirty('staticroutes');
}
- header("Location: system_gateways.php");
+ header(url_safe('Location: /system_gateways.php'));
exit;
}
}
diff --git a/src/www/system_gateways_edit.php b/src/www/system_gateways_edit.php
index dd30db26f..818a3e798 100644
--- a/src/www/system_gateways_edit.php
+++ b/src/www/system_gateways_edit.php
@@ -433,7 +433,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
configd_run("interface reconfigure {$reloadif}");
}
- header("Location: system_gateways.php");
+ header(url_safe('Location: /system_gateways.php'));
exit;
} else {
if (!empty($_REQUEST['isAjax'])) {
diff --git a/src/www/system_groupmanager.php b/src/www/system_groupmanager.php
index 16b52a459..68d16e6a5 100644
--- a/src/www/system_groupmanager.php
+++ b/src/www/system_groupmanager.php
@@ -76,7 +76,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
unset($a_group[$id]);
write_config();
// reload page
- header("Location: system_groupmanager.php");
+ header(url_safe('Location: /system_groupmanager.php'));
exit;
} elseif (isset($pconfig['save'])) {
$input_errors = array();
@@ -144,7 +144,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
}
}
write_config();
- header("Location: system_groupmanager.php");
+ header(url_safe('Location: /system_groupmanager.php'));
exit;
} else {
// input errors, load page in edit mode
@@ -152,7 +152,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
}
} else {
// POST without a valid action, redirect to overview
- header("Location: system_groupmanager.php");
+ header(url_safe('Location: /system_groupmanager.php'));
exit;
}
}
diff --git a/src/www/system_hasync.php b/src/www/system_hasync.php
index 468a6d597..b7d6431bd 100644
--- a/src/www/system_hasync.php
+++ b/src/www/system_hasync.php
@@ -76,8 +76,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$a_hasync['password'] = $pconfig['password'];
write_config("Updated High Availability configuration");
interfaces_carp_setup();
- header("Location: system_hasync.php");
- exit();
+ header(url_safe('Location: /system_hasync.php'));
+ exit;
}
legacy_html_escape_form_data($pconfig);
diff --git a/src/www/system_routes.php b/src/www/system_routes.php
index d171b9586..5df856b45 100644
--- a/src/www/system_routes.php
+++ b/src/www/system_routes.php
@@ -120,18 +120,18 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
write_config();
mark_subsystem_dirty('staticroutes');
- } elseif ( $act == 'move' && isset($pconfig['route']) && count($pconfig['route']) > 0) {
- // move selected rules
- if (!isset($id)) {
- // if rule not set/found, move to end
- $id = count($a_routes);
- }
- $a_routes = legacy_move_config_list_items($a_routes, $id, $pconfig['route']);
- if (write_config()) {
- mark_subsystem_dirty('staticroutes');
- }
- }
- header("Location: system_routes.php");
+ } elseif ( $act == 'move' && isset($pconfig['route']) && count($pconfig['route']) > 0) {
+ // move selected rules
+ if (!isset($id)) {
+ // if rule not set/found, move to end
+ $id = count($a_routes);
+ }
+ $a_routes = legacy_move_config_list_items($a_routes, $id, $pconfig['route']);
+ if (write_config()) {
+ mark_subsystem_dirty('staticroutes');
+ }
+ }
+ header(url_safe('Location: /system_routes.php'));
exit;
}
diff --git a/src/www/system_routes_edit.php b/src/www/system_routes_edit.php
index 41aaa1ec1..8ebf1d44e 100644
--- a/src/www/system_routes_edit.php
+++ b/src/www/system_routes_edit.php
@@ -213,7 +213,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
mark_subsystem_dirty('staticroutes');
write_config();
- header("Location: system_routes.php");
+ header(url_safe('Location: /system_routes.php'));
exit;
}
}