www: url_safe() for status pages #1168

6aaba834 · Franco Fichtner · c378d413 · 6aaba834 · 6aaba834 · 6aaba834
Commit 6aaba834 authored Sep 25, 2016 by Franco Fichtner
6 changed files
--- a/src/www/status_filter_reload.php
+++ b/src/www/status_filter_reload.php
@@ -43,18 +43,18 @@ if ($_POST['reloadfilter']) {
        // only try to sync when hasync is configured
        configd_run("filter sync reload");
    }
-    header("Location: status_filter_reload.php");
+    header(url_safe('Location: /status_filter_reload.php'));
    exit;
 }
 if ($_POST['syncfilter']) {
    configd_run("filter sync");
-    header("Location: status_filter_reload.php");
+    header(url_safe('Location: /status_filter_reload.php'));
    exit;
 }
 include("head.inc");
-?>
+?>
 <body>
  <script type="text/javascript">
  $( document ).ready(function() {

--- a/src/www/status_graph.php
+++ b/src/www/status_graph.php
@@ -93,14 +93,15 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
        exit;
    }
 } elseif ($_SERVER['REQUEST_METHOD'] === 'POST') {
-    header("Location: status_graph.php");
+    header(url_safe('Location: /status_graph.php'));
    exit;
 }
 legacy_html_escape_form_data($pconfig);
 include("head.inc");
-?>
+?>
 <body>
 <?php include("fbegin.inc"); ?>

--- a/src/www/status_interfaces.php
+++ b/src/www/status_interfaces.php
@@ -44,7 +44,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
        } else {
            interface_configure($interface);
        }
-        header("Location: status_interfaces.php");
+        header(url_safe('Location: /status_interfaces.php'));
        exit;
    }
 }

--- a/src/www/status_lb_pool.php
+++ b/src/www/status_lb_pool.php
@@ -48,7 +48,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
        relayd_configure();
        filter_configure();
        clear_subsystem_dirty('loadbalancer');
-        header("Location: status_lb_pool.php");
+        header(url_safe('Location: /status_lb_pool.php'));
        exit;
    } else {
        // change pool configuration (enabled/disabled servers)
@@ -68,7 +68,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
            mark_subsystem_dirty('loadbalancer');
            write_config("Updated load balancer pools via status screen.");
        }
-        header("Location: status_lb_pool.php");
+        header(url_safe('Location: /status_lb_pool.php'));
        exit;
    }
 }

--- a/src/www/status_lb_vs.php
+++ b/src/www/status_lb_vs.php
@@ -48,7 +48,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
        relayd_configure();
        filter_configure();
        clear_subsystem_dirty('loadbalancer');
-        header("Location: status_lb_vs.php");
+        header(url_safe('Location: /status_lb_vs.php'));
        exit;
    }
 }

--- a/src/www/status_upnp.php
+++ b/src/www/status_upnp.php
@@ -35,7 +35,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    if (!empty($_POST['clear'])) {
        upnp_stop();
        upnp_start();
-        header("Location: status_upnp.php");
+        header(url_safe('Location: /status_upnp.php'));
        exit;
    }
 }