From 86ad6c48ffc83002c04a7c64fad84e7e7e70e1c8 Mon Sep 17 00:00:00 2001
From: Johannes Meyer <johannes.meyer@netways.de>
Date: Mon, 27 Jul 2015 08:52:33 +0200
Subject: [PATCH] Form: Automatically remove query parameters only for GET
 forms

refs #9421
---
 application/controllers/ConfigController.php  |  1 -
 .../UsergroupbackendController.php            |  1 -
 library/Icinga/Web/Form.php                   | 28 +++++++++++--------
 3 files changed, 17 insertions(+), 13 deletions(-)

diff --git a/application/controllers/ConfigController.php b/application/controllers/ConfigController.php
index e9fbbd7ef..543a84217 100644
--- a/application/controllers/ConfigController.php
+++ b/application/controllers/ConfigController.php
@@ -250,7 +250,6 @@ class ConfigController extends Controller
         $backendName = $this->params->getRequired('backend');
 
         $form = new UserBackendConfigForm();
-        $form->setAction(Url::fromRequest());
         $form->setRedirectUrl('config/userbackend');
         $form->setTitle(sprintf($this->translate('Edit User Backend %s'), $backendName));
         $form->setIniConfig(Config::app('authentication'));
diff --git a/application/controllers/UsergroupbackendController.php b/application/controllers/UsergroupbackendController.php
index 961c72132..4c641586c 100644
--- a/application/controllers/UsergroupbackendController.php
+++ b/application/controllers/UsergroupbackendController.php
@@ -78,7 +78,6 @@ class UsergroupbackendController extends Controller
         $backendName = $this->params->getRequired('backend');
 
         $form = new UserGroupBackendForm();
-        $form->setAction(Url::fromRequest());
         $form->setRedirectUrl('usergroupbackend/list');
         $form->setTitle(sprintf($this->translate('Edit User Group Backend %s'), $backendName));
         $form->setIniConfig(Config::app('groups'));
diff --git a/library/Icinga/Web/Form.php b/library/Icinga/Web/Form.php
index dc3eaf1cc..46c661405 100644
--- a/library/Icinga/Web/Form.php
+++ b/library/Icinga/Web/Form.php
@@ -292,9 +292,11 @@ class Form extends Zend_Form
     public function getRedirectUrl()
     {
         if ($this->redirectUrl === null) {
-            $url = $this->getRequest()->getUrl();
-            // Be sure to remove all form dependent params because we do not want to submit it again
-            $this->redirectUrl = $url->without(array_keys($this->getElements()));
+            $this->redirectUrl = $this->getRequest()->getUrl();
+            if ($this->getMethod() === 'get') {
+                // Be sure to remove all form dependent params because we do not want to submit it again
+                $this->redirectUrl = $this->redirectUrl->without(array_keys($this->getElements()));
+            }
         }
 
         return $this->redirectUrl;
@@ -658,22 +660,26 @@ class Form extends Zend_Form
      */
     public function create(array $formData = array())
     {
-        if (false === $this->created) {
+        if (! $this->created) {
             $this->createElements($formData);
             $this->addFormIdentification()
                 ->addCsrfCounterMeasure()
                 ->addSubmitButton();
 
+            // Use Form::getAttrib() instead of Form::getAction() here because we want to explicitly check against
+            // null. Form::getAction() would return the empty string '' if the action is not set.
+            // For not setting the action attribute use Form::setAction(''). This is required for for the
+            // accessibility's enable/disable auto-refresh mechanic
             if ($this->getAttrib('action') === null) {
-                // Use Form::getAttrib() instead of Form::getAction() here because we want to explicitly check against
-                // null. Form::getAction() would return the empty string '' if the action is not set.
-                // For not setting the action attribute use Form::setAction(''). This is required for for the
-                // accessibility's enable/disable auto-refresh mechanic
+                $action = $this->getRequest()->getUrl();
+                if ($this->getMethod() === 'get') {
+                    $action = $action->without(array_keys($this->getElements()));
+                }
 
                 // TODO(el): Re-evalute this necessity. JavaScript could use the container's URL if there's no action set.
                 // We MUST set an action as JS gets confused otherwise, if
                 // this form is being displayed in an additional column
-                $this->setAction($this->getRequest()->getUrl()->without(array_keys($this->getElements())));
+                $this->setAction($action);
             }
 
             $this->created = true;
@@ -920,7 +926,7 @@ class Form extends Zend_Form
      */
     public function addFormIdentification()
     {
-        if (false === $this->uidDisabled && $this->getElement($this->uidElementName) === null) {
+        if (! $this->uidDisabled && $this->getElement($this->uidElementName) === null) {
             $this->addElement(
                 'hidden',
                 $this->uidElementName,
@@ -942,7 +948,7 @@ class Form extends Zend_Form
      */
     public function addCsrfCounterMeasure()
     {
-        if (false === $this->tokenDisabled && $this->getElement($this->tokenElementName) === null) {
+        if (! $this->tokenDisabled && $this->getElement($this->tokenElementName) === null) {
             $this->addElement(new CsrfCounterMeasure($this->tokenElementName));
         }