UI input validation

[guru_meditation]

Hi,
first of all, thanks for your great work!

I encountered an exception when logging in with an URL from a previous session:

https://192.168.x.y:zzzz/system_usermanager.php?savemsg=The+user+%22USERNAME1%22+was+successfully+removed.


Fatal error: Uncaught ValueError: The arguments array must contain 2 items, 0 given in /usr/local/etc/inc/util.inc:935 Stack trace: #0 /usr/local/etc/inc/util.inc(935): vsprintf('Location: /syst...', Array) #1 /usr/local/etc/inc/authgui.inc(202): url_safe('Location: /syst...') #2 /usr/local/etc/inc/authgui.inc(263): session_auth() #3 /usr/local/www/guiconfig.inc(92): require_once('/usr/local/etc/...') #4 /usr/local/www/system_usermanager.php(32): require_once('/usr/local/www/...') #5 {main} thrown in /usr/local/etc/inc/util.inc on line 935

This may be an edge case. On the other hand, exceptions should always be handled.

Should I submit a bug ticket?
And, if yes, where?

[Fright]

Hi
looks like % 22USERNAME1%22 is the reason.
it might be reasonable to limit the location header by the url without params in authgui.inc(202) ?

And, if yes, where?

https://github.com/opnsense/core/issues/new?assignees=&labels=&projects=&template=bug_report.md&title=

This may be an edge case.

definitely )