Commit 35ec2adc authored by Franco Fichtner's avatar Franco Fichtner

src: add portable url_safe() like we have exec_safe(); closes #1068

parent ed4a3335
......@@ -988,6 +988,21 @@ function log_error($error)
syslog(LOG_ERR, "$page: $error");
}
function url_safe($format, $args = array())
{
if (!is_array($args)) {
/* just in case there's only one argument */
$args = array($args);
}
foreach ($args as $id => $arg) {
$args[$id] = urlencode($arg);
}
return vsprintf($format, $args);
}
/****f* util/exec_command
* NAME
* exec_command - Execute a command and return a string of the result.
......
......@@ -173,7 +173,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
unset($a_user[$id]);
write_config();
$savemsg = sprintf(gettext('The user "%s" was successfully removed.'), $userdeleted);
header("Location: system_usermanager.php?savemsg=".$savemsg);
header(url_safe('Location: system_usermanager.php?savemsg=%s', $savemsg));
exit;
}
} elseif ($act == "delcert" && isset($id)) {
......@@ -183,7 +183,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
unset($a_user[$id]['cert'][$pconfig['certid']]);
write_config();
$savemsg = sprintf(gettext('The certificate association "%s" was successfully removed.'), $certdeleted);
header("Location: system_usermanager.php?savemsg=".$savemsg."&act=edit&userid=".$id);
header(url_safe('Location: system_usermanager.php?savemsg=%s&act=edit&userid=%s', array($savemsg, $id)));
exit;
} elseif ($act == "newApiKey" && isset($id)) {
// every action is using the sequence of the user, to keep it understandable, we will use
......@@ -209,7 +209,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$savemsg = gettext('No API key found');
}
// redirect
header("Location: system_usermanager.php?savemsg=".$savemsg."&act=edit&userid=".$id);
header(url_safe('Location: system_usermanager.php?savemsg=%s&act=edit&userid=%s', array($savemsg, $id)));
exit;
} elseif (isset($pconfig['save'])) {
// save user
......@@ -347,17 +347,17 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
if (!empty($pconfig['chkNewCert'])) {
// redirect to cert manager when a new cert is requested for this user
header("Location: system_certmanager.php?act=new&userid=".(count($a_user)-1));
header(url_safe('Location: system_certmanager.php?act=new&userid=%s', count($a_user) - 1));
} else {
header("Location: system_usermanager.php");
header(url_safe('Location: system_usermanager.php'));
exit;
}
}
} elseif (isset($id)) {
header("Location: system_usermanager.php?userid=".$id);
header(url_safe('Location: system_usermanager.php?userid=%s', $id));
exit;
} else {
header("Location: system_usermanager.php");
header(url_safe('Location: system_usermanager.php'));
exit;
}
}
......
......@@ -52,7 +52,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$input_type = "group";
$id = $_GET['groupid'];
} else {
header("Location: system_usermanager.php");
header(url_safe('Location: system_usermanager.php'));
exit;
}
if ($input_type == "group") {
......@@ -80,7 +80,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$retval = write_config();
$savemsg = get_std_save_message();
header("Location: system_usermanager.php?act=edit&userid=".$userid."&savemsg=".$savemsg);
header(url_safe('Location: system_usermanager.php?act=edit&userid=%s&savemsg=%s', array($userid, $savemsg)));
exit;
} elseif ($_POST['input_type'] == 'group' && isset($config['system']['group'][$pconfig['id']]['name'])) {
$groupid = $_POST['id'];
......@@ -101,11 +101,11 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
}
write_config();
header("Location: system_groupmanager.php?act=edit&groupid={$groupid}");
header(url_safe('Location: system_groupmanager.php?act=edit&groupid=%s', $groupid));
exit;
}
}
header("Location: system_usermanager.php");
header(url_safe('Location: system_usermanager.php'));
exit;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment