add capability to redirect to requested page after login

[luckman212]

• Redmine Issue: https://redmine.pfsense.org/issues/13286
• Ready for review

Something that has bugged me for a while now is that if you are logged out of pfSense, and request a "deep" page e.g. https://my.pfsense.lan/services_unbound.php, you will be shown the login page, but after successfully logging in, you are placed on the dashboard instead of the originally requested page.

This makes bookmarking specific pages impossible.

Here's a small PR that adds this capability.

Tested on 22.05.r.20220617.0613

[jim-p]

This is done on purpose for security reasons. Until the entire GUI is purged of any page that takes action on GET, the user could be tricked into following a link that takes a harmful action.

[luckman212]

@jim-p Is there a redmine for the remaining conversion from GET to POST/CSRF in the wC? I was going to offer to help move it along.

So far just nosing through the GUI on my system, I found these pages with params on the end...

• System -> Setup Wizard
• System -> sudo
• System -> Update
• Interfaces -> (anything except Assignments)
• Services -> Shellcmd
• Services -> uPnP
• VPN -> AWC VPC VPN Wizard
• Status -> Filter Reload
• Status -> HAProxy Stats
• Diagnostics -> ARPing
• Help -> About This Page

Seems like mostly just packages that add menuitems with params.

[luckman212]

Hello random person on the internet who found this somehow 👋

You may want to check out v2 of this patch.