Commit c5ab052b authored by Franco Fichtner's avatar Franco Fichtner

system: url_safe() for #1168

parent 717c2cbe
......@@ -96,7 +96,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
}
write_config();
header("Location: system_advanced_notifications.php");
header(url_safe('Location: /system_advanced_notifications.php'));
return;
} elseif (isset($pconfig['test_growl']) && $pconfig['test_growl'] == gettext("Test Growl")) {
......
......@@ -71,12 +71,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
unset($a_tunable[$id]);
write_config();
mark_subsystem_dirty('sysctl');
header("Location: system_advanced_sysctl.php");
header(url_safe('Location: /system_advanced_sysctl.php'));
exit;
} else if (!empty($pconfig['apply'])) {
system_setup_sysctl();
clear_subsystem_dirty('sysctl');
header("Location: system_advanced_sysctl.php");
header(url_safe('Location: /system_advanced_sysctl.php'));
exit;
} elseif (!empty($pconfig['Submit'])) {
$tunableent = array();
......@@ -92,7 +92,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
mark_subsystem_dirty('sysctl');
write_config();
header("Location: system_advanced_sysctl.php");
header(url_safe('Location: /system_advanced_sysctl.php'));
exit;
}
......
......@@ -265,7 +265,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
}
write_config();
header("Location: system_authservers.php");
header(url_safe('Location: /system_authservers.php'));
exit;
} else {
$act = "edit";
}
......@@ -277,12 +278,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
unset($config['system']['authserver'][$k]);
}
}
$savemsg = gettext("Authentication Server")." {$serverdeleted} ".
gettext("deleted")."<br />";
write_config($savemsg);
header("Location: system_authservers.php");
write_config(sprintf('Authentication server "%s" deleted.', $serverdeleted));
header(url_safe('Location: /system_authservers.php'));
exit;
}
}
// list of all possible fields for auth item (used for form init)
......
......@@ -172,7 +172,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
if ($act == "edit") {
if (!isset($id)) {
header("Location: system_camanager.php");
header(url_safe('Location: /system_camanager.php'));
exit;
}
$pconfig['descr'] = $a_ca[$id]['descr'];
......@@ -193,7 +193,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$pconfig['dn_commonname'] = "internal-ca";
} elseif ($act == "exp") {
if (!isset($id)) {
header("Location: system_camanager.php");
header(url_safe('Location: /system_camanager.php'));
exit;
}
......@@ -208,7 +208,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
exit;
} elseif ($act == "expkey") {
if (!isset($id)) {
header("Location: system_camanager.php");
header(url_safe('Location: /system_camanager.php'));
exit;
}
......@@ -234,7 +234,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
if ($act == "del") {
if (!isset($id)) {
header("Location: system_camanager.php");
header(url_safe('Location: /system_camanager.php'));
exit;
}
$a_cert =& $config['cert'];
......@@ -255,7 +255,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
unset($a_ca[$id]);
write_config();
header("Location: system_camanager.php");
header(url_safe('Location: /system_camanager.php'));
exit;
} else {
$input_errors = array();
......@@ -402,10 +402,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
if (count($input_errors) == 0) {
write_config();
header("Location: system_camanager.php");
header(url_safe('Location: /system_camanager.php'));
}
}
}
}
......@@ -416,7 +415,6 @@ $main_buttons = array(
array('label' => gettext('Add or import CA'), 'href' => 'system_camanager.php?act=new'),
);
?>
<body>
......
......@@ -203,7 +203,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
exit;
} elseif ($act == "csr") {
if (!isset($id)) {
header("Location: system_certmanager.php");
header(url_safe('Location: /system_certmanager.php'));
exit;
}
$pconfig['descr'] = $a_cert[$id]['descr'];
......@@ -244,13 +244,13 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
unset($a_cert[$id]);
write_config();
}
header("Location: system_certmanager.php");
header(url_safe('Location: /system_certmanager.php'));
exit;
} elseif ($act == "csr") {
$input_errors = array();
$pconfig = $_POST;
if (!isset($id)) {
header("Location: system_certmanager.php");
header(url_safe('Location: /system_certmanager.php'));
exit;
}
......@@ -279,7 +279,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
write_config();
header("Location: system_certmanager.php");
header(url_safe('Location: /system_certmanager.php'));
exit;
}
} elseif (!empty($_POST['save'])) {
......@@ -495,9 +495,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
if (count($input_errors) == 0) {
write_config();
if (isset($userid)) {
header("Location: system_usermanager.php?act=edit&userid=".$userid);
header(url_safe('Location: /system_usermanager.php?act=edit&userid=%s', array($userid)));
} else {
header("Location: system_certmanager.php");
header(url_safe('Location: /system_certmanager.php'));
}
exit;
}
......
......@@ -159,12 +159,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
}
}
write_config(sprintf('Deleted CRL %s', $name));
header("Location: system_crlmanager.php");
header(url_safe('Location: /system_crlmanager.php'));
exit;
}
} elseif ($act == "delcert" && isset($id)) {
if (!isset($thiscrl['cert']) || !is_array($thiscrl['cert'])) {
header("Location: system_crlmanager.php");
header(url_safe('Location: /system_crlmanager.php'));
exit;
}
$found = false;
......@@ -175,14 +175,14 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
}
}
if (!$found) {
header("Location: system_crlmanager.php");
header(url_safe('Location: /system_crlmanager.php'));
exit;
}
$name = $thiscert['descr'];
if (cert_unrevoke($thiscert, $thiscrl)) {
openvpn_refresh_crls();
write_config(sprintf('Deleted certificate %s from CRL %s', $name, $thiscrl['descr']));
header("Location: system_crlmanager.php");
header(url_safe('Location: /system_crlmanager.php'));
exit;
} else {
$savemsg = sprintf(gettext("Failed to delete certificate %s from CRL %s"), $name, $thiscrl['descr']) . "<br />";
......@@ -191,7 +191,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
} elseif ($act == "addcert") {
$input_errors = array();
if (!isset($id)) {
header("Location: system_crlmanager.php");
header(url_safe('Location: /system_crlmanager.php'));
exit;
}
......@@ -215,7 +215,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
cert_revoke($cert, $crl, $reason);
openvpn_refresh_crls();
write_config(sprintf('Revoked certificate %s in CRL %s', $cert['descr'], $crl['descr']));
header("Location: system_crlmanager.php");
header(url_safe('Location: /system_crlmanager.php'));
exit;
}
} else {
......@@ -271,7 +271,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
write_config(sprintf('Saved CRL %s', $crl['descr']));
openvpn_refresh_crls();
header("Location: system_crlmanager.php");
header(url_safe('Location: /system_crlmanager.php'));
exit;
}
}
......
......@@ -80,7 +80,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
unset($a_gateway_groups[$_POST['id']]);
write_config();
mark_subsystem_dirty('staticroutes');
header("Location: system_gateway_groups.php");
header(url_safe('Location: /system_gateway_groups.php'));
exit;
}
} elseif (isset($_POST['apply'])) {
......@@ -105,7 +105,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
clear_subsystem_dirty($gw_subsystem);
}
}
header("Location: system_gateway_groups.php");
header(url_safe('Location: /system_gateway_groups.php'));
exit;
}
}
......
......@@ -136,7 +136,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
write_config();
header("Location: system_gateway_groups.php");
header(url_safe('Location: /system_gateway_groups.php'));
exit;
}
}
......
......@@ -134,7 +134,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if ($retval == 0) {
clear_subsystem_dirty('staticroutes');
}
header("Location: system_gateways.php?displaysave=true");
header(url_safe('Location: /system_gateways.php?displaysave=true'));
exit;
} elseif (isset($id) && isset($pconfig['act']) && $pconfig['act'] == "del") {
// delete single entry
......@@ -144,7 +144,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
delete_gateway_item($id, $a_gateways);
write_config("Gateways: removed gateway {$realid}");
mark_subsystem_dirty('staticroutes');
header("Location: system_gateways.php");
header(url_safe('Location: /system_gateways.php'));
exit;
}
} elseif (isset($id) && isset($pconfig['act']) && $pconfig['act'] == "toggle") {
......@@ -164,11 +164,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$a_gateway_item[$realid]['disabled'] = true;
}
if (write_config("Gateways: enable/disable")) {
write_config('Gateways: toggled gateway');
mark_subsystem_dirty('staticroutes');
}
header("Location: system_gateways.php");
header(url_safe('Location: /system_gateways.php'));
exit;
} elseif (!empty($pconfig['rule']) && isset($pconfig['act']) && $pconfig['act'] == "del_x") {
// delete selected items
......@@ -190,7 +189,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
write_config("Gateways: removed gateways {$items_deleted}");
mark_subsystem_dirty('staticroutes');
}
header("Location: system_gateways.php");
header(url_safe('Location: /system_gateways.php'));
exit;
}
}
......
......@@ -433,7 +433,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
configd_run("interface reconfigure {$reloadif}");
}
header("Location: system_gateways.php");
header(url_safe('Location: /system_gateways.php'));
exit;
} else {
if (!empty($_REQUEST['isAjax'])) {
......
......@@ -76,7 +76,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
unset($a_group[$id]);
write_config();
// reload page
header("Location: system_groupmanager.php");
header(url_safe('Location: /system_groupmanager.php'));
exit;
} elseif (isset($pconfig['save'])) {
$input_errors = array();
......@@ -144,7 +144,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
}
}
write_config();
header("Location: system_groupmanager.php");
header(url_safe('Location: /system_groupmanager.php'));
exit;
} else {
// input errors, load page in edit mode
......@@ -152,7 +152,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
}
} else {
// POST without a valid action, redirect to overview
header("Location: system_groupmanager.php");
header(url_safe('Location: /system_groupmanager.php'));
exit;
}
}
......
......@@ -76,8 +76,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$a_hasync['password'] = $pconfig['password'];
write_config("Updated High Availability configuration");
interfaces_carp_setup();
header("Location: system_hasync.php");
exit();
header(url_safe('Location: /system_hasync.php'));
exit;
}
legacy_html_escape_form_data($pconfig);
......
......@@ -131,7 +131,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
mark_subsystem_dirty('staticroutes');
}
}
header("Location: system_routes.php");
header(url_safe('Location: /system_routes.php'));
exit;
}
......
......@@ -213,7 +213,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
mark_subsystem_dirty('staticroutes');
write_config();
header("Location: system_routes.php");
header(url_safe('Location: /system_routes.php'));
exit;
}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment