Difuse/luci
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
luci/modules/luci-mod-admin-full/luasrc/view/admin_uci/changes.htm
Jo-Philipp Wich 731ed77c0b treewide: improve handling of page redirections in uci change views 
Instead of passing the full LuCI request url, pass the relative resolved
request path instead and filter the received value through the lookup()
dispatcher function to only allow paths to actual internal pages.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-05 23:03:01 +02:00

46 lines
1.8 KiB
HTML
Raw Blame History

<%#
Copyright 2008 Steven Barth <steven@midlink.org>
Copyright 2008-2015 Jo-Philipp Wich <jow@openwrt.org>
Licensed to the public under the Apache License 2.0.
-%>
<%+header%>
<h2 name="content"><%:Configuration%> / <%:Changes%></h2>
<% if changes then %>
<%+admin_uci/changelog%>
<%- uci_changelog(changes) -%>
<% else %>
<p><strong><%:There are no pending changes!%></strong></p>
<% end %>
<div class="cbi-page-actions">
<% local node, url = luci.dispatcher.lookup(luci.http.formvalue("redir")); if url then %>
<div style="float:left">
<form class="inline" method="get" action="<%=luci.util.pcdata(url)%>">
<input class="cbi-button cbi-button-link" style="float:left; margin:0" type="submit" value="<%:Back%>" />
</form>
</div>
<% end %>
<div style="text-align:right">
<form class="inline" method="post" action="<%=controller%>/admin/uci/apply">
<input type="hidden" name="token" value="<%=token%>" />
<input type="hidden" name="redir" value="<%=pcdata(luci.http.formvalue("redir"))%>" />
<input class="cbi-button cbi-button-apply" type="submit" value="<%:Apply%>" />
</form>
<form class="inline" method="post" action="<%=controller%>/admin/uci/saveapply">
<input type="hidden" name="token" value="<%=token%>" />
<input type="hidden" name="redir" value="<%=pcdata(luci.http.formvalue("redir"))%>" />
<input class="cbi-button cbi-button-save" type="submit" value="<%:Save & Apply%>" />
</form>
<form class="inline" method="post" action="<%=controller%>/admin/uci/revert">
<input type="hidden" name="token" value="<%=token%>" />
<input type="hidden" name="redir" value="<%=pcdata(luci.http.formvalue("redir"))%>" />
<input class="cbi-button cbi-button-reset" type="submit" value="<%:Revert%>" />
</form>
</div>
</div>
<%+footer%>
Reference in a new issue View git blame Copy permalink