From 7311ab964e90e945cae4d0b882e7364ae4c36d36 Mon Sep 17 00:00:00 2001
From: Johannes Meyer <johannes.meyer@netways.de>
Date: Wed, 13 Aug 2014 14:50:21 +0200
Subject: [PATCH] Do not set the full url from the request as action with form
 parameters

Setting an url with parameters named like form elements in a form with
method POST causes Zend to ignore any POST data because GET will be
processed with higher priority.

fixes #6806
---
 library/Icinga/Web/Form.php                               | 8 ++++----
 library/Icinga/Web/Widget/SortBox.php                     | 1 -
 .../library/Monitoring/Web/Widget/TimelineIntervalBox.php | 1 -
 3 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/library/Icinga/Web/Form.php b/library/Icinga/Web/Form.php
index 808ff6ad3..dc8fb4f6c 100644
--- a/library/Icinga/Web/Form.php
+++ b/library/Icinga/Web/Form.php
@@ -7,7 +7,6 @@ namespace Icinga\Web;
 use LogicException;
 use Zend_Form;
 use Zend_View_Interface;
-use Icinga\Application\Icinga;
 use Icinga\Web\Form\Decorator\HelpText;
 use Icinga\Web\Form\Decorator\ElementWrapper;
 use Icinga\Web\Form\Element\CsrfCounterMeasure;
@@ -131,14 +130,15 @@ class Form extends Zend_Form
     public function create(array $formData = array())
     {
         if (false === $this->created) {
+            $this->addElements($this->createElements($formData));
+            $this->addCsrfCounterMeasure()->addSubmitButton();
+
             if ($this->getAction() === '') {
                 // We MUST set an action as JS gets confused otherwise, if
                 // this form is being displayed in an additional column
-                $this->setAction(Icinga::app()->getFrontController()->getRequest()->getRequestUri());
+                $this->setAction(Url::fromRequest()->getUrlWithout(array_keys($this->getElements())));
             }
 
-            $this->addElements($this->createElements($formData));
-            $this->addCsrfCounterMeasure()->addSubmitButton();
             $this->created = true;
         }
 
diff --git a/library/Icinga/Web/Widget/SortBox.php b/library/Icinga/Web/Widget/SortBox.php
index cce268a48..557469966 100644
--- a/library/Icinga/Web/Widget/SortBox.php
+++ b/library/Icinga/Web/Widget/SortBox.php
@@ -132,7 +132,6 @@ class SortBox extends AbstractWidget
         $sort = $form->getElement('sort')->setDecorators(array('ViewHelper'));
         $dir = $form->getElement('dir')->setDecorators(array('ViewHelper'));
         if ($this->request) {
-            $form->setAction($this->request->getRequestUri());
             $form->populate($this->request->getParams());
         }
         return $form;
diff --git a/modules/monitoring/library/Monitoring/Web/Widget/TimelineIntervalBox.php b/modules/monitoring/library/Monitoring/Web/Widget/TimelineIntervalBox.php
index 307fffba8..4cab3517d 100644
--- a/modules/monitoring/library/Monitoring/Web/Widget/TimelineIntervalBox.php
+++ b/modules/monitoring/library/Monitoring/Web/Widget/TimelineIntervalBox.php
@@ -97,7 +97,6 @@ class TimelineIntervalBox extends AbstractWidget
         );
 
         if ($this->request) {
-            $form->setAction($this->request->getRequestUri());
             $form->populate($this->request->getParams());
         }