Avoid use of "$_SERVER['REQUEST_URI']"

Use the routing library to build proper URIs instead of relying on the "REQUEST_URI" server variable which can be manipulated and might return bogus URIs. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2025-02-03 10:43:03 +01:00 · 2012-11-04 19:13:03 +01:00 · 2012-11-04 19:13:03 +01:00 · 630f1cbae8
commit 630f1cbae8
parent f190a84577
2 changed files with 3 additions and 3 deletions
--- a/web/template/pkg_comment_form.php
+++ b/web/template/pkg_comment_form.php
@ -1,6 +1,6 @@
 <div id="generic-form" class="box">
 	<h2><?= __("Add Comment"); ?></h2>
-	<form action="<?= $_SERVER['REQUEST_URI'] ?>" method="post">
+	<form action="<?= get_pkg_uri($row['Name']) ?>" method="post">
 		<fieldset>
 <?php
 if (isset($_REQUEST['comment']) && check_token()) {