treewide: improve handling of page redirections in uci change views

Instead of passing the full LuCI request url, pass the relative resolved
request path instead and filter the received value through the lookup()
dispatcher function to only allow paths to actual internal pages.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

modules/luci-mod-admin-full/luasrc/controller/admin/uci.lua

@@ -5,8 +5,7 @@
 module("luci.controller.admin.uci", package.seeall)
 
 function index()
-	local redir = luci.http.formvalue("redir", true) or
-	  luci.dispatcher.build_url(unpack(luci.dispatcher.context.request))
+	local redir = luci.http.formvalue("redir", true) or table.concat(disp.context.request, "/")
 
 	entry({"admin", "uci"}, nil, _("Configuration"))
 	entry({"admin", "uci", "changes"}, call("action_changes"), _("Changes"), 40).query = {redir=redir}

modules/luci-mod-admin-full/luasrc/view/admin_uci/changes.htm

@@ -16,9 +16,9 @@
 <% end %>
 
 <div class="cbi-page-actions">
-	<% local r = luci.http.formvalue("redir"); if r and #r > 0 then %>
+	<% local node, url = luci.dispatcher.lookup(luci.http.formvalue("redir")); if url then %>
 	<div style="float:left">
-		<form class="inline" method="get" action="<%=luci.util.pcdata(r)%>">
+		<form class="inline" method="get" action="<%=luci.util.pcdata(url)%>">
 			<input class="cbi-button cbi-button-link" style="float:left; margin:0" type="submit" value="<%:Back%>" />
 		</form>
 	</div>

modules/luci-mod-admin-full/luasrc/view/admin_uci/revert.htm

@@ -18,10 +18,12 @@
 	<p><strong><%:There are no pending changes to revert!%></strong></p>
 <% end %>
 
-<div class="cbi-page-actions">
-	<form class="inline" method="get" action="<%=luci.util.pcdata(luci.http.formvalue("redir"))%>">
-		<input class="cbi-button cbi-button-link" style="margin:0" type="submit" value="<%:Back%>" />
-	</form>
-</div>
+<% local node, url = luci.dispatcher.lookup(luci.http.formvalue("redir")); if url then %>
+	<div class="cbi-page-actions">
+		<form class="inline" method="get" action="<%=luci.util.pcdata(url)%>">
+			<input class="cbi-button cbi-button-link" style="margin:0" type="submit" value="<%:Back%>" />
+		</form>
+	</div>
+<% end %>
 
 <%+footer%>

themes/luci-theme-bootstrap/luasrc/view/themes/bootstrap/header.htm

@@ -147,7 +147,7 @@
 			if ucichanges > 0 then
 				write('<a class="label notice" href="%s?redir=%s">%s: %d</a>' %{
 					url(category, 'uci/changes'),
-					http.urlencode(http.formvalue('redir') or REQUEST_URI),
+					http.urlencode(http.formvalue('redir') or table.concat(disp.context.request, "/")),
 					translate('Unsaved Changes'),
 					ucichanges
 				})

themes/luci-theme-freifunk-generic/luasrc/view/themes/freifunk-generic/header.htm

@@ -205,7 +205,7 @@ if tree.nodes[category] and tree.nodes[category].ucidata then
 -%>
 	<div id="savemenu">
 		<% if ucic > 0 then %>
-			<a class="warning" href="<%=controller%>/<%=category%>/uci/changes/?redir=<%=http.urlencode(http.formvalue("redir") or REQUEST_URI)%>"><%:Unsaved Changes%>: <%=ucic%></a>
+			<a class="warning" href="<%=controller%>/<%=category%>/uci/changes/?redir=<%=http.urlencode(http.formvalue('redir') or table.concat(disp.context.request, "/"))%>"><%:Unsaved Changes%>: <%=ucic%></a>
 		<% end -%>
 	</div>
 <% end %>

themes/luci-theme-material/luasrc/view/themes/material/header.htm

@@ -172,7 +172,7 @@
 			if ucichanges > 0 then
 				write('<a class="label notice" href="%s?redir=%s">%s: %d</a>' %{
 					url(category, 'uci/changes'),
-					http.urlencode(http.formvalue('redir') or REQUEST_URI),
+					http.urlencode(http.formvalue('redir') or table.concat(disp.context.request, "/")),
 					translate('Unsaved Changes'),
 					ucichanges
 				})

themes/luci-theme-openwrt/luasrc/view/themes/openwrt.org/header.htm

@@ -104,7 +104,7 @@
 			if ucic > 0 then
 				write('<a class="warning" href="%s?redir=%s">%s: %d</a>' %{
 					url(category, 'uci/changes'),
-					http.urlencode(http.formvalue('redir') or REQUEST_URI),
+					http.urlencode(http.formvalue('redir') or table.concat(disp.context.request, "/")),
 					translate('Unsaved Changes'),
 					ucic
 				})