From c5ab052b67a28edeee6d4bc7c5c122bc81660167 Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Tue, 11 Oct 2016 08:11:12 +0200 Subject: [PATCH] system: url_safe() for #1168 --- src/www/system_advanced_notifications.php | 2 +- src/www/system_advanced_sysctl.php | 6 +++--- src/www/system_authservers.php | 11 +++++------ src/www/system_camanager.php | 14 ++++++------- src/www/system_certmanager.php | 12 ++++++------ src/www/system_crlmanager.php | 14 ++++++------- src/www/system_gateway_groups.php | 4 ++-- src/www/system_gateway_groups_edit.php | 2 +- src/www/system_gateways.php | 13 ++++++------ src/www/system_gateways_edit.php | 2 +- src/www/system_groupmanager.php | 6 +++--- src/www/system_hasync.php | 4 ++-- src/www/system_routes.php | 24 +++++++++++------------ src/www/system_routes_edit.php | 2 +- 14 files changed, 56 insertions(+), 60 deletions(-) diff --git a/src/www/system_advanced_notifications.php b/src/www/system_advanced_notifications.php index 87f1fa114..9a19d0f30 100644 --- a/src/www/system_advanced_notifications.php +++ b/src/www/system_advanced_notifications.php @@ -96,7 +96,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { } write_config(); - header("Location: system_advanced_notifications.php"); + header(url_safe('Location: /system_advanced_notifications.php')); return; } elseif (isset($pconfig['test_growl']) && $pconfig['test_growl'] == gettext("Test Growl")) { diff --git a/src/www/system_advanced_sysctl.php b/src/www/system_advanced_sysctl.php index 07c570d83..06aa4ca58 100644 --- a/src/www/system_advanced_sysctl.php +++ b/src/www/system_advanced_sysctl.php @@ -71,12 +71,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { unset($a_tunable[$id]); write_config(); mark_subsystem_dirty('sysctl'); - header("Location: system_advanced_sysctl.php"); + header(url_safe('Location: /system_advanced_sysctl.php')); exit; } else if (!empty($pconfig['apply'])) { system_setup_sysctl(); clear_subsystem_dirty('sysctl'); - header("Location: system_advanced_sysctl.php"); + header(url_safe('Location: /system_advanced_sysctl.php')); exit; } elseif (!empty($pconfig['Submit'])) { $tunableent = array(); @@ -92,7 +92,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { mark_subsystem_dirty('sysctl'); write_config(); - header("Location: system_advanced_sysctl.php"); + header(url_safe('Location: /system_advanced_sysctl.php')); exit; } diff --git a/src/www/system_authservers.php b/src/www/system_authservers.php index 3570eadc9..75c4c7243 100644 --- a/src/www/system_authservers.php +++ b/src/www/system_authservers.php @@ -265,7 +265,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { } write_config(); - header("Location: system_authservers.php"); + header(url_safe('Location: /system_authservers.php')); + exit; } else { $act = "edit"; } @@ -277,12 +278,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { unset($config['system']['authserver'][$k]); } } - $savemsg = gettext("Authentication Server")." {$serverdeleted} ". - gettext("deleted")."
"; - write_config($savemsg); - header("Location: system_authservers.php"); + write_config(sprintf('Authentication server "%s" deleted.', $serverdeleted)); + header(url_safe('Location: /system_authservers.php')); + exit; } - } // list of all possible fields for auth item (used for form init) diff --git a/src/www/system_camanager.php b/src/www/system_camanager.php index edadea88b..2f8b97516 100644 --- a/src/www/system_camanager.php +++ b/src/www/system_camanager.php @@ -172,7 +172,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { if ($act == "edit") { if (!isset($id)) { - header("Location: system_camanager.php"); + header(url_safe('Location: /system_camanager.php')); exit; } $pconfig['descr'] = $a_ca[$id]['descr']; @@ -193,7 +193,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { $pconfig['dn_commonname'] = "internal-ca"; } elseif ($act == "exp") { if (!isset($id)) { - header("Location: system_camanager.php"); + header(url_safe('Location: /system_camanager.php')); exit; } @@ -208,7 +208,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { exit; } elseif ($act == "expkey") { if (!isset($id)) { - header("Location: system_camanager.php"); + header(url_safe('Location: /system_camanager.php')); exit; } @@ -234,7 +234,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { if ($act == "del") { if (!isset($id)) { - header("Location: system_camanager.php"); + header(url_safe('Location: /system_camanager.php')); exit; } $a_cert =& $config['cert']; @@ -255,7 +255,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { unset($a_ca[$id]); write_config(); - header("Location: system_camanager.php"); + header(url_safe('Location: /system_camanager.php')); exit; } else { $input_errors = array(); @@ -402,10 +402,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { if (count($input_errors) == 0) { write_config(); - header("Location: system_camanager.php"); + header(url_safe('Location: /system_camanager.php')); } } - } } @@ -416,7 +415,6 @@ $main_buttons = array( array('label' => gettext('Add or import CA'), 'href' => 'system_camanager.php?act=new'), ); - ?> diff --git a/src/www/system_certmanager.php b/src/www/system_certmanager.php index d807796df..c96f95397 100644 --- a/src/www/system_certmanager.php +++ b/src/www/system_certmanager.php @@ -203,7 +203,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { exit; } elseif ($act == "csr") { if (!isset($id)) { - header("Location: system_certmanager.php"); + header(url_safe('Location: /system_certmanager.php')); exit; } $pconfig['descr'] = $a_cert[$id]['descr']; @@ -244,13 +244,13 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { unset($a_cert[$id]); write_config(); } - header("Location: system_certmanager.php"); + header(url_safe('Location: /system_certmanager.php')); exit; } elseif ($act == "csr") { $input_errors = array(); $pconfig = $_POST; if (!isset($id)) { - header("Location: system_certmanager.php"); + header(url_safe('Location: /system_certmanager.php')); exit; } @@ -279,7 +279,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { write_config(); - header("Location: system_certmanager.php"); + header(url_safe('Location: /system_certmanager.php')); exit; } } elseif (!empty($_POST['save'])) { @@ -495,9 +495,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { if (count($input_errors) == 0) { write_config(); if (isset($userid)) { - header("Location: system_usermanager.php?act=edit&userid=".$userid); + header(url_safe('Location: /system_usermanager.php?act=edit&userid=%s', array($userid))); } else { - header("Location: system_certmanager.php"); + header(url_safe('Location: /system_certmanager.php')); } exit; } diff --git a/src/www/system_crlmanager.php b/src/www/system_crlmanager.php index 39c65415c..960cd939b 100644 --- a/src/www/system_crlmanager.php +++ b/src/www/system_crlmanager.php @@ -159,12 +159,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { } } write_config(sprintf('Deleted CRL %s', $name)); - header("Location: system_crlmanager.php"); + header(url_safe('Location: /system_crlmanager.php')); exit; } } elseif ($act == "delcert" && isset($id)) { if (!isset($thiscrl['cert']) || !is_array($thiscrl['cert'])) { - header("Location: system_crlmanager.php"); + header(url_safe('Location: /system_crlmanager.php')); exit; } $found = false; @@ -175,14 +175,14 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { } } if (!$found) { - header("Location: system_crlmanager.php"); + header(url_safe('Location: /system_crlmanager.php')); exit; } $name = $thiscert['descr']; if (cert_unrevoke($thiscert, $thiscrl)) { openvpn_refresh_crls(); write_config(sprintf('Deleted certificate %s from CRL %s', $name, $thiscrl['descr'])); - header("Location: system_crlmanager.php"); + header(url_safe('Location: /system_crlmanager.php')); exit; } else { $savemsg = sprintf(gettext("Failed to delete certificate %s from CRL %s"), $name, $thiscrl['descr']) . "
"; @@ -191,7 +191,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { } elseif ($act == "addcert") { $input_errors = array(); if (!isset($id)) { - header("Location: system_crlmanager.php"); + header(url_safe('Location: /system_crlmanager.php')); exit; } @@ -215,7 +215,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { cert_revoke($cert, $crl, $reason); openvpn_refresh_crls(); write_config(sprintf('Revoked certificate %s in CRL %s', $cert['descr'], $crl['descr'])); - header("Location: system_crlmanager.php"); + header(url_safe('Location: /system_crlmanager.php')); exit; } } else { @@ -271,7 +271,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { write_config(sprintf('Saved CRL %s', $crl['descr'])); openvpn_refresh_crls(); - header("Location: system_crlmanager.php"); + header(url_safe('Location: /system_crlmanager.php')); exit; } } diff --git a/src/www/system_gateway_groups.php b/src/www/system_gateway_groups.php index 1914f34e9..3f61c3d63 100644 --- a/src/www/system_gateway_groups.php +++ b/src/www/system_gateway_groups.php @@ -80,7 +80,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { unset($a_gateway_groups[$_POST['id']]); write_config(); mark_subsystem_dirty('staticroutes'); - header("Location: system_gateway_groups.php"); + header(url_safe('Location: /system_gateway_groups.php')); exit; } } elseif (isset($_POST['apply'])) { @@ -105,7 +105,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { clear_subsystem_dirty($gw_subsystem); } } - header("Location: system_gateway_groups.php"); + header(url_safe('Location: /system_gateway_groups.php')); exit; } } diff --git a/src/www/system_gateway_groups_edit.php b/src/www/system_gateway_groups_edit.php index 519000c2d..7d258b4b5 100644 --- a/src/www/system_gateway_groups_edit.php +++ b/src/www/system_gateway_groups_edit.php @@ -136,7 +136,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { write_config(); - header("Location: system_gateway_groups.php"); + header(url_safe('Location: /system_gateway_groups.php')); exit; } } diff --git a/src/www/system_gateways.php b/src/www/system_gateways.php index 0a406b48a..ea1f73326 100644 --- a/src/www/system_gateways.php +++ b/src/www/system_gateways.php @@ -134,7 +134,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { if ($retval == 0) { clear_subsystem_dirty('staticroutes'); } - header("Location: system_gateways.php?displaysave=true"); + header(url_safe('Location: /system_gateways.php?displaysave=true')); exit; } elseif (isset($id) && isset($pconfig['act']) && $pconfig['act'] == "del") { // delete single entry @@ -144,7 +144,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { delete_gateway_item($id, $a_gateways); write_config("Gateways: removed gateway {$realid}"); mark_subsystem_dirty('staticroutes'); - header("Location: system_gateways.php"); + header(url_safe('Location: /system_gateways.php')); exit; } } elseif (isset($id) && isset($pconfig['act']) && $pconfig['act'] == "toggle") { @@ -164,11 +164,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { $a_gateway_item[$realid]['disabled'] = true; } - if (write_config("Gateways: enable/disable")) { - mark_subsystem_dirty('staticroutes'); - } + write_config('Gateways: toggled gateway'); + mark_subsystem_dirty('staticroutes'); - header("Location: system_gateways.php"); + header(url_safe('Location: /system_gateways.php')); exit; } elseif (!empty($pconfig['rule']) && isset($pconfig['act']) && $pconfig['act'] == "del_x") { // delete selected items @@ -190,7 +189,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { write_config("Gateways: removed gateways {$items_deleted}"); mark_subsystem_dirty('staticroutes'); } - header("Location: system_gateways.php"); + header(url_safe('Location: /system_gateways.php')); exit; } } diff --git a/src/www/system_gateways_edit.php b/src/www/system_gateways_edit.php index dd30db26f..818a3e798 100644 --- a/src/www/system_gateways_edit.php +++ b/src/www/system_gateways_edit.php @@ -433,7 +433,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { configd_run("interface reconfigure {$reloadif}"); } - header("Location: system_gateways.php"); + header(url_safe('Location: /system_gateways.php')); exit; } else { if (!empty($_REQUEST['isAjax'])) { diff --git a/src/www/system_groupmanager.php b/src/www/system_groupmanager.php index 16b52a459..68d16e6a5 100644 --- a/src/www/system_groupmanager.php +++ b/src/www/system_groupmanager.php @@ -76,7 +76,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { unset($a_group[$id]); write_config(); // reload page - header("Location: system_groupmanager.php"); + header(url_safe('Location: /system_groupmanager.php')); exit; } elseif (isset($pconfig['save'])) { $input_errors = array(); @@ -144,7 +144,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { } } write_config(); - header("Location: system_groupmanager.php"); + header(url_safe('Location: /system_groupmanager.php')); exit; } else { // input errors, load page in edit mode @@ -152,7 +152,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { } } else { // POST without a valid action, redirect to overview - header("Location: system_groupmanager.php"); + header(url_safe('Location: /system_groupmanager.php')); exit; } } diff --git a/src/www/system_hasync.php b/src/www/system_hasync.php index 468a6d597..b7d6431bd 100644 --- a/src/www/system_hasync.php +++ b/src/www/system_hasync.php @@ -76,8 +76,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { $a_hasync['password'] = $pconfig['password']; write_config("Updated High Availability configuration"); interfaces_carp_setup(); - header("Location: system_hasync.php"); - exit(); + header(url_safe('Location: /system_hasync.php')); + exit; } legacy_html_escape_form_data($pconfig); diff --git a/src/www/system_routes.php b/src/www/system_routes.php index d171b9586..5df856b45 100644 --- a/src/www/system_routes.php +++ b/src/www/system_routes.php @@ -120,18 +120,18 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { write_config(); mark_subsystem_dirty('staticroutes'); - } elseif ( $act == 'move' && isset($pconfig['route']) && count($pconfig['route']) > 0) { - // move selected rules - if (!isset($id)) { - // if rule not set/found, move to end - $id = count($a_routes); - } - $a_routes = legacy_move_config_list_items($a_routes, $id, $pconfig['route']); - if (write_config()) { - mark_subsystem_dirty('staticroutes'); - } - } - header("Location: system_routes.php"); + } elseif ( $act == 'move' && isset($pconfig['route']) && count($pconfig['route']) > 0) { + // move selected rules + if (!isset($id)) { + // if rule not set/found, move to end + $id = count($a_routes); + } + $a_routes = legacy_move_config_list_items($a_routes, $id, $pconfig['route']); + if (write_config()) { + mark_subsystem_dirty('staticroutes'); + } + } + header(url_safe('Location: /system_routes.php')); exit; } diff --git a/src/www/system_routes_edit.php b/src/www/system_routes_edit.php index 41aaa1ec1..8ebf1d44e 100644 --- a/src/www/system_routes_edit.php +++ b/src/www/system_routes_edit.php @@ -213,7 +213,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { mark_subsystem_dirty('staticroutes'); write_config(); - header("Location: system_routes.php"); + header(url_safe('Location: /system_routes.php')); exit; } }