Can't browse away from Webmin with 19

[swelljoe]

When running 19 of the theme, it's impossible to leave Webmin.

To reproduce:

Type another URL into the URL bar and hit enter. It bounces right back to Webmin and resets the URL in the bar.

[gnadelwartz]

Same for me!

[gnadelwartz]

Additionally the custom link module open an external webpage is no more working: http://www.webmin.com/cgi-bin/search_third.cgi?search=custom+link

2 Problems: no more frame to display external content inside Webmin (minor problem), authentic theme redirect every external URl back to itself.

[gnadelwartz]

#!/usr/bin/perl
# index.cgi
# Redirect to another URL

do '../web-lib.pl';
&init_config();
do '../ui-lib.pl';
$url = $config{'link'};
$host = $ENV{'HTTP_HOST'};
$host =~ s/:.*$//;
$url =~ s/\$REMOTE_USER/$remote_user/g;
$url =~ s/\$HTTP_HOST/$host/g;
if ($config{'window'}) {
        &ui_print_header(undef, $module_info{'desc'}, "", undef, 0, 1);

        print &text('index_desc', "<tt>$url</tt>"),"<p>\n";
        print "<script>\n";
        print "window.open(\"$url\", \"$module_name\", \"$config{'opts'}\");\n";
        print "</script>\n";

        &ui_print_footer("/", $text{'index'});
        }
else {
        &redirect($url);
        }

[swelljoe]

Yeah, a new iframe will have to be added on the fly for the things that are currently being opened in another window, but that's a wholly separate issue from the URI hijacking, I think. (And intentional, for now, since Ilia hasn't come up with a good solution for embedded non-Webmin content, yet.)

[gnadelwartz]

Yaeh, thats why I called it a Minor issue, main issue is that it even it will open in the main Window URI is redirected to webmin again 😞

[iliajie]

@swelljoe It's very interesting and wrong at the same time that it's happening only in Firefox. It should definitely be reported as security flaw to Firefox.

I could hypothetically change the mentioned above behavior and upon reload/request load requested URL. It's just difficult to make, as we also want modules to be opened as they are without any extra added JavaScript functionality. I'll see what I can do.

[gnadelwartz]

I can confirm that its working in Chrome/Vivaldi.

May be it should stay as it is but we can detect if an external URI is enterend, rediected or pasted and open a seperate tab/windows if this happens.

[iliajie]

I'll just try to make reload work as on regular page, loading actual URL.

[iliajie]

Please try latest commit. Chrome works fine, however fire Firefox doesn't set refer and things go broken on miniserv level.

I think we'll have to get back to patching miniserv:
webmin/webmin#632

[iliajie]

It's fix in 19.00-patch4.

It will require this patch webmin/webmin#652 and will work on all browsers.

Please test.