From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: Re: [PATCH 5/7] pakfire.cgi: Implement Post/Redirect/Get pattern Date: Sun, 08 May 2022 13:12:30 +0000 Message-ID: <1c5cef08-ffe6-12d8-9430-1b6c41dc2436@ipfire.org> In-Reply-To: <20220508120952.52-5-hofmann@leo-andres.de> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4414351576293393736==" List-Id: --===============4414351576293393736== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Acked-by: Peter M=C3=BCller > Refreshing the Pakfire page may cause a command to be > executed multiple times and induce odd errors. >=20 > This patch implements a HTTP 303 redirect after form processing, > which causes the browser to discard the POST form data. > Navigating backward or reloading the page now does not trigger > multiple executions anymore. >=20 > Fixes: #12781 >=20 > Signed-off-by: Leo-Andres Hofmann > --- > html/cgi-bin/pakfire.cgi | 56 +++++++++++++++++++++++++++++++++++----- > 1 file changed, 50 insertions(+), 6 deletions(-) >=20 > diff --git a/html/cgi-bin/pakfire.cgi b/html/cgi-bin/pakfire.cgi > index ec3ee2cc6..6fade81bd 100644 > --- a/html/cgi-bin/pakfire.cgi > +++ b/html/cgi-bin/pakfire.cgi > @@ -21,6 +21,7 @@ > =20 > use strict; > use List::Util qw(any); > +use URI; > =20 > # enable only the following on debugging purpose > #use warnings; > @@ -37,12 +38,17 @@ my %color =3D (); > my %pakfiresettings =3D (); > my %mainsettings =3D (); > =20 > +# The page mode is used to explictly switch between user interface functio= ns: > +my $PM_DEFAULT =3D 'default'; # Default user interface with command proces= sing > +my $PM_LOGREAD =3D 'logread'; # Log messages viewer (ignores all commands) > +my $pagemode =3D $PM_DEFAULT; > + > # Load general settings > &General::readhash("${General::swroot}/main/settings", \%mainsettings); > &General::readhash("${General::swroot}/pakfire/settings", \%pakfiresetting= s); > &General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt"= , \%color); > =20 > -# Get CGI request data > +# Get CGI POST request data > $cgiparams{'ACTION'} =3D ''; > $cgiparams{'FORCE'} =3D ''; > =20 > @@ -51,6 +57,17 @@ $cgiparams{'DELPAKS'} =3D ''; > =20 > &Header::getcgihash(\%cgiparams); > =20 > +# Get CGI GET request data (if available) > +if($ENV{'QUERY_STRING'}) { > + my $uri =3D URI->new($ENV{'REQUEST_URI'}); > + my %query =3D $uri->query_form; > + > + my $mode =3D lc($query{'mode'} // ''); > + if(($mode eq $PM_DEFAULT) || ($mode eq $PM_LOGREAD)) { > + $pagemode =3D $mode; # Limit to existing modes > + } > +} > + > ### Process AJAX/JSON request ### > if($cgiparams{'ACTION'} eq 'json-getstatus') { > # Send HTTP headers > @@ -96,19 +113,24 @@ if($cgiparams{'ACTION'} eq 'json-getstatus') { > } > =20 > ### Process Pakfire install/update commands ### > -if($cgiparams{'ACTION'} ne '') { > +if(($cgiparams{'ACTION'} ne '') && ($pagemode eq $PM_DEFAULT)) { > if(&_is_pakfire_busy()) { > $errormessage =3D $Lang::tr{'pakfire already busy'}; > + $pagemode =3D $PM_LOGREAD; # Running Pakfire instance found, switch to l= og viewer mode > } elsif(($cgiparams{'ACTION'} eq 'install') && ($cgiparams{'FORCE'} eq 'o= n')) { > my @pkgs =3D split(/\|/, $cgiparams{'INSPAKS'}); > &General::system_background("/usr/local/bin/pakfire", "install", "--non-= interactive", "--no-colors", @pkgs); > + &_http_pagemode_redirect($PM_LOGREAD, 1); > } elsif(($cgiparams{'ACTION'} eq 'remove') && ($cgiparams{'FORCE'} eq 'on= ')) { > my @pkgs =3D split(/\|/, $cgiparams{'DELPAKS'}); > &General::system_background("/usr/local/bin/pakfire", "remove", "--non-i= nteractive", "--no-colors", @pkgs); > + &_http_pagemode_redirect($PM_LOGREAD, 1); > } elsif($cgiparams{'ACTION'} eq 'update') { > &General::system_background("/usr/local/bin/pakfire", "update", "--force= ", "--no-colors"); > + &_http_pagemode_redirect($PM_LOGREAD, 1); > } elsif($cgiparams{'ACTION'} eq 'upgrade') { > &General::system_background("/usr/local/bin/pakfire", "upgrade", "-y", "= --no-colors"); > + &_http_pagemode_redirect($PM_LOGREAD, 1); > } elsif($cgiparams{'ACTION'} eq $Lang::tr{'save'}) { > $pakfiresettings{"TREE"} =3D $cgiparams{"TREE"}; > =20 > @@ -122,6 +144,7 @@ if($cgiparams{'ACTION'} ne '') { > =20 > # Update lists > &General::system_background("/usr/local/bin/pakfire", "update", "--forc= e", "--no-colors"); > + &_http_pagemode_redirect($PM_LOGREAD, 1); > } > } > } > @@ -221,8 +244,8 @@ if ($errormessage) { > &Header::closebox(); > } > =20 > -# Show log output while Pakfire is running > -if(&_is_pakfire_busy()) { > +# Show only log output while Pakfire is running and stop afterwards > +if(($pagemode eq $PM_LOGREAD) || (&_is_pakfire_busy())) { > &Header::openbox("100%", "center", "Pakfire"); > =20 > print < @@ -253,7 +276,8 @@ END > } > =20 > # Show Pakfire install/remove dependencies and confirm form > -if (($cgiparams{'ACTION'} eq 'install') && (! &_is_pakfire_busy())) { > +# (_is_pakfire_busy status was checked before and can be omitted) > +if (($cgiparams{'ACTION'} eq 'install') && ($pagemode eq $PM_DEFAULT)) { > &Header::openbox("100%", "center", $Lang::tr{'request'}); > =20 > my @pkgs =3D split(/\|/, $cgiparams{'INSPAKS'}); > @@ -291,7 +315,7 @@ END > &Header::closepage(); > exit; > =20 > -} elsif (($cgiparams{'ACTION'} eq 'remove') && (! &_is_pakfire_busy())) { > +} elsif (($cgiparams{'ACTION'} eq 'remove') && ($pagemode eq $PM_DEFAULT))= { > &Header::openbox("100%", "center", $Lang::tr{'request'}); > =20 > my @pkgs =3D split(/\|/, $cgiparams{'DELPAKS'}); > @@ -476,3 +500,23 @@ sub _start_json_output { > print "Content-Type: application/json\n"; > print "\n"; # End of HTTP headers > } > + > +# Send HTTP 303 redirect headers to change page mode > +# GET is always used to display the redirected page, which will remove alr= eady processed POST form data. > +# Note: Custom headers must be sent before the HTML output is started by &= Header::showhttpheaders(). > +# If switch_mode is set to true, the global page mode variable ("$pagemode= ") is also updated immediately. > +sub _http_pagemode_redirect { > + my ($mode, $switch_mode) =3D @_; > + $mode //=3D $PM_DEFAULT; > + $switch_mode //=3D 0; > + > + # Send HTTP redirect with GET parameter > + my $location =3D "https://$ENV{'SERVER_NAME'}:$ENV{'SERVER_PORT'}$ENV{'SC= RIPT_NAME'}?mode=3D${mode}"; > + print "Status: 303 See Other\n"; > + print "Location: $location\n"; > + > + # Change global page mode > + if($switch_mode) { > + $pagemode =3D $mode; > + } > +} --===============4414351576293393736==--