luci-base: ensure that base url is emitted with trailing slash
authorJo-Philipp Wich <jow@openwrt.org>
Wed, 21 Oct 2015 14:45:48 +0000 (16:45 +0200)
committerJo-Philipp Wich <jow@openwrt.org>
Wed, 21 Oct 2015 14:48:25 +0000 (16:48 +0200)
Now that we don't have an url token anymore, '/cgi-bin/luci' becomes a valid
url while cookies are restricted to only '/cgi-bin/luci/' and below.

In order to ensure that the first request after login refers to a path
covered by the authentication cookie, change build_url() to always append
a trailing slash if we're referring to the base url.

This should fix the login problems mentioned in #516.

While we're touching the dispatcher, also remove remaining url token code.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
modules/luci-base/luasrc/dispatcher.lua

index bb02912f4b21543cec6524e49f030457b267683b..6742a0b33dc65f21ce8abb1507de4fc9088468d4 100644 (file)
@@ -27,14 +27,6 @@ function build_url(...)
        local path = {...}
        local url = { http.getenv("SCRIPT_NAME") or "" }
 
-       local k, v
-       for k, v in pairs(context.urltoken) do
-               url[#url+1] = "/;"
-               url[#url+1] = http.urlencode(k)
-               url[#url+1] = "="
-               url[#url+1] = http.urlencode(v)
-       end
-
        local p
        for _, p in ipairs(path) do
                if p:match("^[a-zA-Z0-9_%-%.%%/,;]+$") then
@@ -43,6 +35,10 @@ function build_url(...)
                end
        end
 
+       if #path == 0 then
+               url[#url+1] = "/"
+       end
+
        return table.concat(url, "")
 end
 
@@ -128,7 +124,6 @@ function httpdispatch(request, prefix)
 
        local r = {}
        context.request = r
-       context.urltoken = {}
 
        local pathinfo = http.urldecode(request:getenv("PATH_INFO") or "", true)
 
@@ -210,7 +205,6 @@ function dispatch(request)
        ctx.args = args
        ctx.requestargs = ctx.requestargs or args
        local n
-       local token = ctx.urltoken
        local preq = {}
        local freq = {}
 
@@ -361,9 +355,7 @@ function dispatch(request)
                                        end
 
                                        if sess and token then
-                                               http.header("Set-Cookie", 'sysauth=%s; path=%s/' %{
-                                                  sess, build_url()
-                                               })
+                                               http.header("Set-Cookie", 'sysauth=%s; path=%s' %{ sess, build_url() })
 
                                                ctx.authsession = sess
                                                ctx.authtoken = token