Commit c5ab052b authored by Franco Fichtner's avatar Franco Fichtner

system: url_safe() for #1168

parent 717c2cbe
...@@ -96,7 +96,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -96,7 +96,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
} }
write_config(); write_config();
header("Location: system_advanced_notifications.php"); header(url_safe('Location: /system_advanced_notifications.php'));
return; return;
} elseif (isset($pconfig['test_growl']) && $pconfig['test_growl'] == gettext("Test Growl")) { } elseif (isset($pconfig['test_growl']) && $pconfig['test_growl'] == gettext("Test Growl")) {
......
...@@ -71,12 +71,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -71,12 +71,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
unset($a_tunable[$id]); unset($a_tunable[$id]);
write_config(); write_config();
mark_subsystem_dirty('sysctl'); mark_subsystem_dirty('sysctl');
header("Location: system_advanced_sysctl.php"); header(url_safe('Location: /system_advanced_sysctl.php'));
exit; exit;
} else if (!empty($pconfig['apply'])) { } else if (!empty($pconfig['apply'])) {
system_setup_sysctl(); system_setup_sysctl();
clear_subsystem_dirty('sysctl'); clear_subsystem_dirty('sysctl');
header("Location: system_advanced_sysctl.php"); header(url_safe('Location: /system_advanced_sysctl.php'));
exit; exit;
} elseif (!empty($pconfig['Submit'])) { } elseif (!empty($pconfig['Submit'])) {
$tunableent = array(); $tunableent = array();
...@@ -92,7 +92,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -92,7 +92,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
mark_subsystem_dirty('sysctl'); mark_subsystem_dirty('sysctl');
write_config(); write_config();
header("Location: system_advanced_sysctl.php"); header(url_safe('Location: /system_advanced_sysctl.php'));
exit; exit;
} }
......
...@@ -265,7 +265,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -265,7 +265,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
} }
write_config(); write_config();
header("Location: system_authservers.php"); header(url_safe('Location: /system_authservers.php'));
exit;
} else { } else {
$act = "edit"; $act = "edit";
} }
...@@ -277,12 +278,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -277,12 +278,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
unset($config['system']['authserver'][$k]); unset($config['system']['authserver'][$k]);
} }
} }
$savemsg = gettext("Authentication Server")." {$serverdeleted} ". write_config(sprintf('Authentication server "%s" deleted.', $serverdeleted));
gettext("deleted")."<br />"; header(url_safe('Location: /system_authservers.php'));
write_config($savemsg); exit;
header("Location: system_authservers.php");
} }
} }
// list of all possible fields for auth item (used for form init) // list of all possible fields for auth item (used for form init)
......
...@@ -172,7 +172,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -172,7 +172,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
if ($act == "edit") { if ($act == "edit") {
if (!isset($id)) { if (!isset($id)) {
header("Location: system_camanager.php"); header(url_safe('Location: /system_camanager.php'));
exit; exit;
} }
$pconfig['descr'] = $a_ca[$id]['descr']; $pconfig['descr'] = $a_ca[$id]['descr'];
...@@ -193,7 +193,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -193,7 +193,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$pconfig['dn_commonname'] = "internal-ca"; $pconfig['dn_commonname'] = "internal-ca";
} elseif ($act == "exp") { } elseif ($act == "exp") {
if (!isset($id)) { if (!isset($id)) {
header("Location: system_camanager.php"); header(url_safe('Location: /system_camanager.php'));
exit; exit;
} }
...@@ -208,7 +208,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -208,7 +208,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
exit; exit;
} elseif ($act == "expkey") { } elseif ($act == "expkey") {
if (!isset($id)) { if (!isset($id)) {
header("Location: system_camanager.php"); header(url_safe('Location: /system_camanager.php'));
exit; exit;
} }
...@@ -234,7 +234,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -234,7 +234,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
if ($act == "del") { if ($act == "del") {
if (!isset($id)) { if (!isset($id)) {
header("Location: system_camanager.php"); header(url_safe('Location: /system_camanager.php'));
exit; exit;
} }
$a_cert =& $config['cert']; $a_cert =& $config['cert'];
...@@ -255,7 +255,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -255,7 +255,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
unset($a_ca[$id]); unset($a_ca[$id]);
write_config(); write_config();
header("Location: system_camanager.php"); header(url_safe('Location: /system_camanager.php'));
exit; exit;
} else { } else {
$input_errors = array(); $input_errors = array();
...@@ -402,10 +402,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -402,10 +402,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
if (count($input_errors) == 0) { if (count($input_errors) == 0) {
write_config(); write_config();
header("Location: system_camanager.php"); header(url_safe('Location: /system_camanager.php'));
} }
} }
} }
} }
...@@ -416,7 +415,6 @@ $main_buttons = array( ...@@ -416,7 +415,6 @@ $main_buttons = array(
array('label' => gettext('Add or import CA'), 'href' => 'system_camanager.php?act=new'), array('label' => gettext('Add or import CA'), 'href' => 'system_camanager.php?act=new'),
); );
?> ?>
<body> <body>
......
...@@ -203,7 +203,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -203,7 +203,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
exit; exit;
} elseif ($act == "csr") { } elseif ($act == "csr") {
if (!isset($id)) { if (!isset($id)) {
header("Location: system_certmanager.php"); header(url_safe('Location: /system_certmanager.php'));
exit; exit;
} }
$pconfig['descr'] = $a_cert[$id]['descr']; $pconfig['descr'] = $a_cert[$id]['descr'];
...@@ -244,13 +244,13 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -244,13 +244,13 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
unset($a_cert[$id]); unset($a_cert[$id]);
write_config(); write_config();
} }
header("Location: system_certmanager.php"); header(url_safe('Location: /system_certmanager.php'));
exit; exit;
} elseif ($act == "csr") { } elseif ($act == "csr") {
$input_errors = array(); $input_errors = array();
$pconfig = $_POST; $pconfig = $_POST;
if (!isset($id)) { if (!isset($id)) {
header("Location: system_certmanager.php"); header(url_safe('Location: /system_certmanager.php'));
exit; exit;
} }
...@@ -279,7 +279,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -279,7 +279,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
write_config(); write_config();
header("Location: system_certmanager.php"); header(url_safe('Location: /system_certmanager.php'));
exit; exit;
} }
} elseif (!empty($_POST['save'])) { } elseif (!empty($_POST['save'])) {
...@@ -495,9 +495,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -495,9 +495,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
if (count($input_errors) == 0) { if (count($input_errors) == 0) {
write_config(); write_config();
if (isset($userid)) { if (isset($userid)) {
header("Location: system_usermanager.php?act=edit&userid=".$userid); header(url_safe('Location: /system_usermanager.php?act=edit&userid=%s', array($userid)));
} else { } else {
header("Location: system_certmanager.php"); header(url_safe('Location: /system_certmanager.php'));
} }
exit; exit;
} }
......
...@@ -159,12 +159,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -159,12 +159,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
} }
} }
write_config(sprintf('Deleted CRL %s', $name)); write_config(sprintf('Deleted CRL %s', $name));
header("Location: system_crlmanager.php"); header(url_safe('Location: /system_crlmanager.php'));
exit; exit;
} }
} elseif ($act == "delcert" && isset($id)) { } elseif ($act == "delcert" && isset($id)) {
if (!isset($thiscrl['cert']) || !is_array($thiscrl['cert'])) { if (!isset($thiscrl['cert']) || !is_array($thiscrl['cert'])) {
header("Location: system_crlmanager.php"); header(url_safe('Location: /system_crlmanager.php'));
exit; exit;
} }
$found = false; $found = false;
...@@ -175,14 +175,14 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -175,14 +175,14 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
} }
} }
if (!$found) { if (!$found) {
header("Location: system_crlmanager.php"); header(url_safe('Location: /system_crlmanager.php'));
exit; exit;
} }
$name = $thiscert['descr']; $name = $thiscert['descr'];
if (cert_unrevoke($thiscert, $thiscrl)) { if (cert_unrevoke($thiscert, $thiscrl)) {
openvpn_refresh_crls(); openvpn_refresh_crls();
write_config(sprintf('Deleted certificate %s from CRL %s', $name, $thiscrl['descr'])); write_config(sprintf('Deleted certificate %s from CRL %s', $name, $thiscrl['descr']));
header("Location: system_crlmanager.php"); header(url_safe('Location: /system_crlmanager.php'));
exit; exit;
} else { } else {
$savemsg = sprintf(gettext("Failed to delete certificate %s from CRL %s"), $name, $thiscrl['descr']) . "<br />"; $savemsg = sprintf(gettext("Failed to delete certificate %s from CRL %s"), $name, $thiscrl['descr']) . "<br />";
...@@ -191,7 +191,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -191,7 +191,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
} elseif ($act == "addcert") { } elseif ($act == "addcert") {
$input_errors = array(); $input_errors = array();
if (!isset($id)) { if (!isset($id)) {
header("Location: system_crlmanager.php"); header(url_safe('Location: /system_crlmanager.php'));
exit; exit;
} }
...@@ -215,7 +215,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -215,7 +215,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
cert_revoke($cert, $crl, $reason); cert_revoke($cert, $crl, $reason);
openvpn_refresh_crls(); openvpn_refresh_crls();
write_config(sprintf('Revoked certificate %s in CRL %s', $cert['descr'], $crl['descr'])); write_config(sprintf('Revoked certificate %s in CRL %s', $cert['descr'], $crl['descr']));
header("Location: system_crlmanager.php"); header(url_safe('Location: /system_crlmanager.php'));
exit; exit;
} }
} else { } else {
...@@ -271,7 +271,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -271,7 +271,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
write_config(sprintf('Saved CRL %s', $crl['descr'])); write_config(sprintf('Saved CRL %s', $crl['descr']));
openvpn_refresh_crls(); openvpn_refresh_crls();
header("Location: system_crlmanager.php"); header(url_safe('Location: /system_crlmanager.php'));
exit; exit;
} }
} }
......
...@@ -80,7 +80,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { ...@@ -80,7 +80,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
unset($a_gateway_groups[$_POST['id']]); unset($a_gateway_groups[$_POST['id']]);
write_config(); write_config();
mark_subsystem_dirty('staticroutes'); mark_subsystem_dirty('staticroutes');
header("Location: system_gateway_groups.php"); header(url_safe('Location: /system_gateway_groups.php'));
exit; exit;
} }
} elseif (isset($_POST['apply'])) { } elseif (isset($_POST['apply'])) {
...@@ -105,7 +105,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { ...@@ -105,7 +105,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
clear_subsystem_dirty($gw_subsystem); clear_subsystem_dirty($gw_subsystem);
} }
} }
header("Location: system_gateway_groups.php"); header(url_safe('Location: /system_gateway_groups.php'));
exit; exit;
} }
} }
......
...@@ -136,7 +136,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -136,7 +136,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
write_config(); write_config();
header("Location: system_gateway_groups.php"); header(url_safe('Location: /system_gateway_groups.php'));
exit; exit;
} }
} }
......
...@@ -134,7 +134,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { ...@@ -134,7 +134,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if ($retval == 0) { if ($retval == 0) {
clear_subsystem_dirty('staticroutes'); clear_subsystem_dirty('staticroutes');
} }
header("Location: system_gateways.php?displaysave=true"); header(url_safe('Location: /system_gateways.php?displaysave=true'));
exit; exit;
} elseif (isset($id) && isset($pconfig['act']) && $pconfig['act'] == "del") { } elseif (isset($id) && isset($pconfig['act']) && $pconfig['act'] == "del") {
// delete single entry // delete single entry
...@@ -144,7 +144,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { ...@@ -144,7 +144,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
delete_gateway_item($id, $a_gateways); delete_gateway_item($id, $a_gateways);
write_config("Gateways: removed gateway {$realid}"); write_config("Gateways: removed gateway {$realid}");
mark_subsystem_dirty('staticroutes'); mark_subsystem_dirty('staticroutes');
header("Location: system_gateways.php"); header(url_safe('Location: /system_gateways.php'));
exit; exit;
} }
} elseif (isset($id) && isset($pconfig['act']) && $pconfig['act'] == "toggle") { } elseif (isset($id) && isset($pconfig['act']) && $pconfig['act'] == "toggle") {
...@@ -164,11 +164,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { ...@@ -164,11 +164,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$a_gateway_item[$realid]['disabled'] = true; $a_gateway_item[$realid]['disabled'] = true;
} }
if (write_config("Gateways: enable/disable")) { write_config('Gateways: toggled gateway');
mark_subsystem_dirty('staticroutes'); mark_subsystem_dirty('staticroutes');
}
header("Location: system_gateways.php"); header(url_safe('Location: /system_gateways.php'));
exit; exit;
} elseif (!empty($pconfig['rule']) && isset($pconfig['act']) && $pconfig['act'] == "del_x") { } elseif (!empty($pconfig['rule']) && isset($pconfig['act']) && $pconfig['act'] == "del_x") {
// delete selected items // delete selected items
...@@ -190,7 +189,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { ...@@ -190,7 +189,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
write_config("Gateways: removed gateways {$items_deleted}"); write_config("Gateways: removed gateways {$items_deleted}");
mark_subsystem_dirty('staticroutes'); mark_subsystem_dirty('staticroutes');
} }
header("Location: system_gateways.php"); header(url_safe('Location: /system_gateways.php'));
exit; exit;
} }
} }
......
...@@ -433,7 +433,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { ...@@ -433,7 +433,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
configd_run("interface reconfigure {$reloadif}"); configd_run("interface reconfigure {$reloadif}");
} }
header("Location: system_gateways.php"); header(url_safe('Location: /system_gateways.php'));
exit; exit;
} else { } else {
if (!empty($_REQUEST['isAjax'])) { if (!empty($_REQUEST['isAjax'])) {
......
...@@ -76,7 +76,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -76,7 +76,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
unset($a_group[$id]); unset($a_group[$id]);
write_config(); write_config();
// reload page // reload page
header("Location: system_groupmanager.php"); header(url_safe('Location: /system_groupmanager.php'));
exit; exit;
} elseif (isset($pconfig['save'])) { } elseif (isset($pconfig['save'])) {
$input_errors = array(); $input_errors = array();
...@@ -144,7 +144,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -144,7 +144,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
} }
} }
write_config(); write_config();
header("Location: system_groupmanager.php"); header(url_safe('Location: /system_groupmanager.php'));
exit; exit;
} else { } else {
// input errors, load page in edit mode // input errors, load page in edit mode
...@@ -152,7 +152,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -152,7 +152,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
} }
} else { } else {
// POST without a valid action, redirect to overview // POST without a valid action, redirect to overview
header("Location: system_groupmanager.php"); header(url_safe('Location: /system_groupmanager.php'));
exit; exit;
} }
} }
......
...@@ -76,8 +76,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -76,8 +76,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$a_hasync['password'] = $pconfig['password']; $a_hasync['password'] = $pconfig['password'];
write_config("Updated High Availability configuration"); write_config("Updated High Availability configuration");
interfaces_carp_setup(); interfaces_carp_setup();
header("Location: system_hasync.php"); header(url_safe('Location: /system_hasync.php'));
exit(); exit;
} }
legacy_html_escape_form_data($pconfig); legacy_html_escape_form_data($pconfig);
......
...@@ -120,18 +120,18 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { ...@@ -120,18 +120,18 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
write_config(); write_config();
mark_subsystem_dirty('staticroutes'); mark_subsystem_dirty('staticroutes');
} elseif ( $act == 'move' && isset($pconfig['route']) && count($pconfig['route']) > 0) { } elseif ( $act == 'move' && isset($pconfig['route']) && count($pconfig['route']) > 0) {
// move selected rules // move selected rules
if (!isset($id)) { if (!isset($id)) {
// if rule not set/found, move to end // if rule not set/found, move to end
$id = count($a_routes); $id = count($a_routes);
} }
$a_routes = legacy_move_config_list_items($a_routes, $id, $pconfig['route']); $a_routes = legacy_move_config_list_items($a_routes, $id, $pconfig['route']);
if (write_config()) { if (write_config()) {
mark_subsystem_dirty('staticroutes'); mark_subsystem_dirty('staticroutes');
} }
} }
header("Location: system_routes.php"); header(url_safe('Location: /system_routes.php'));
exit; exit;
} }
......
...@@ -213,7 +213,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -213,7 +213,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
mark_subsystem_dirty('staticroutes'); mark_subsystem_dirty('staticroutes');
write_config(); write_config();
header("Location: system_routes.php"); header(url_safe('Location: /system_routes.php'));
exit; exit;
} }
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment