dashboard: this needs absolte redirects, some missed spots

Relative redirect is used almost everywhere, but to be honest it looks safer to make all paths absolute. PR: https://github.com/opnsense/core/issues/1168

dashboard: this needs absolte redirects, some missed spots
Relative redirect is used almost everywhere, but to be honest it looks safer to make all paths absolute. PR: https://github.com/opnsense/core/issues/1168
d7319957 · Franco Fichtner · a85a46b8 · d7319957 · d7319957 · d7319957
Commit d7319957 authored Sep 02, 2016 by Franco Fichtner
6 changed files
--- a/src/www/widgets/widgets/log.widget.php
+++ b/src/www/widgets/widgets/log.widget.php
@@ -125,8 +125,8 @@ if (is_numeric($_POST['filterlogentries'])) {
    }
    write_config("Saved Filter Log Entries via Dashboard");
-    Header("Location: /");
+    header(url_safe('Location: /index.php'));
-    exit(0);
+    exit;
 }
 $nentries = isset($config['widgets']['filterlogentries']) ? $config['widgets']['filterlogentries'] : 5;

--- a/src/www/widgets/widgets/picture.widget.php
+++ b/src/www/widgets/widgets/picture.widget.php
@@ -58,7 +58,7 @@ if ($_POST) {
            $config['widgets']['picturewidget'] = base64_encode($data);
            $config['widgets']['picturewidget_filename'] = $_FILES['pictfile']['name'];
            write_config("Picture widget saved via Dashboard.");
-            header(url_safe('Location: index.php'));
+            header(url_safe('Location: /index.php'));
            exit;
        }
    }

--- a/src/www/widgets/widgets/rss.widget.php
+++ b/src/www/widgets/widgets/rss.widget.php
@@ -44,7 +44,7 @@ if (!empty($_POST['rssfeed'])) {
    $config['widgets']['rsswidgetheight'] = htmlspecialchars($_POST['rsswidgetheight'], ENT_QUOTES | ENT_HTML401);
    $config['widgets']['rsswidgettextlength'] = htmlspecialchars($_POST['rsswidgettextlength'], ENT_QUOTES | ENT_HTML401);
    write_config("Saved RSS Widget feed via Dashboard");
-    header(url_safe('Location: index.php'));
+    header(url_safe('Location: /index.php'));
    exit;
 }

--- a/src/www/widgets/widgets/services_status.widget.php
+++ b/src/www/widgets/widgets/services_status.widget.php
@@ -41,7 +41,7 @@ $services = services_get();
 if (isset($_POST['servicestatusfilter'])) {
    $config['widgets']['servicestatusfilter'] = htmlspecialchars($_POST['servicestatusfilter'], ENT_QUOTES | ENT_HTML401);
    write_config("Saved Service Status Filter via Dashboard");
-    header(url_safe('Location: index.php'));
+    header(url_safe('Location: /index.php'));
    exit;
 }

--- a/src/www/widgets/widgets/system_log.widget.php
+++ b/src/www/widgets/widgets/system_log.widget.php
@@ -40,7 +40,7 @@ if (is_numeric($_POST['logfiltercount'])) {
   $countReceived =  $_POST['logfiltercount'];
   $config['widgets']['systemlogfiltercount'] = $countReceived;
   write_config("Saved Widget System Log Filter Setting");
-   Header("Location: /index.php");
+   header(url_safe('Location: /index.php'));
   exit;
 }

--- a/src/www/widgets/widgets/thermal_sensors.widget.php
+++ b/src/www/widgets/widgets/thermal_sensors.widget.php
@@ -55,7 +55,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
        $config['widgets']['thermal_sensors_widget'][$fieldname] = validate_temp_value($newValue) ? $newValue : $defaultValue;
    }
    write_config("Thermal sensors widget saved via Dashboard.");
-    header(url_safe('Location: index.php'));
+    header(url_safe('Location: /index.php'));
    exit;
 }