external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Avoid use of "$_SERVER['REQUEST_URI']"

Browse source 
Use the routing library to build proper URIs instead of relying on the
"REQUEST_URI" server variable which can be manipulated and might return
bogus URIs.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
Lukas Fleischer 2012-11-04 19:13:03 +01:00
parent f190a84577
commit 630f1cbae8
2 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

4
web/html/login.php
View file

@ -20,7 +20,7 @@ html_header('AUR ' . __("Login"));
<a href="<?php get_uri('/logout/'); ?>">[<?= __("Logout"); ?>]</a>
</p>
<?php elseif (!$DISABLE_HTTP_LOGIN || (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'])): ?>
<form method="post" action="<?= htmlspecialchars($_SERVER['REQUEST_URI'], ENT_QUOTES) ?>">
<form method="post" action="<?= get_uri('/login') ?>">
<fieldset>
<legend><?= __('Enter login credentials') ?></legend>
<?php if (!empty($login_error)): ?>
@ -47,7 +47,7 @@ html_header('AUR ' . __("Login"));
<?php else: ?>
<p>
<?php printf(__("HTTP login is disabled. Please %sswitch to HTTPs%s if you want to login."),
'<a href="' . $AUR_LOCATION . htmlspecialchars($_SERVER['REQUEST_URI'], ENT_QUOTES) . '">', '</a>'); ?>
'<a href="' . $AUR_LOCATION . get_uri('/login') . '">', '</a>'); ?>
</p>
<?php endif; ?>
</div>