diff options
| author | Lukas Fleischer <archlinux@cryptocrack.de> | 2012-11-04 19:13:03 +0100 |
|---|---|---|
| committer | Lukas Fleischer <archlinux@cryptocrack.de> | 2012-11-04 19:19:32 +0100 |
| commit | 630f1cbae8473fb05e5f5af7244eccc60fe93812 (patch) | |
| tree | 82eadb7175cc546baf740ef2aec74aafa35965c1 /web/html/login.php | |
| parent | f190a845775381dfa8f583bd587337ae647629e8 (diff) | |
| download | aurweb-630f1cbae8473fb05e5f5af7244eccc60fe93812.tar.xz | |
Avoid use of "$_SERVER['REQUEST_URI']"
Use the routing library to build proper URIs instead of relying on the
"REQUEST_URI" server variable which can be manipulated and might return
bogus URIs.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web/html/login.php')
| -rw-r--r-- | web/html/login.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/web/html/login.php b/web/html/login.php index d5bb1e7..9b3715b 100644 --- a/web/html/login.php +++ b/web/html/login.php @@ -20,7 +20,7 @@ html_header('AUR ' . __("Login")); <a href="<?php get_uri('/logout/'); ?>">[<?= __("Logout"); ?>]</a> </p> <?php elseif (!$DISABLE_HTTP_LOGIN || (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'])): ?> - <form method="post" action="<?= htmlspecialchars($_SERVER['REQUEST_URI'], ENT_QUOTES) ?>"> + <form method="post" action="<?= get_uri('/login') ?>"> <fieldset> <legend><?= __('Enter login credentials') ?></legend> <?php if (!empty($login_error)): ?> @@ -47,7 +47,7 @@ html_header('AUR ' . __("Login")); <?php else: ?> <p> <?php printf(__("HTTP login is disabled. Please %sswitch to HTTPs%s if you want to login."), - '<a href="' . $AUR_LOCATION . htmlspecialchars($_SERVER['REQUEST_URI'], ENT_QUOTES) . '">', '</a>'); ?> + '<a href="' . $AUR_LOCATION . get_uri('/login') . '">', '</a>'); ?> </p> <?php endif; ?> </div> |