summaryrefslogtreecommitdiffstats
path: root/web/html
diff options
context:
space:
mode:
authorLukas Fleischer <archlinux@cryptocrack.de>2012-11-04 19:13:03 +0100
committerLukas Fleischer <archlinux@cryptocrack.de>2012-11-04 19:19:32 +0100
commit630f1cbae8473fb05e5f5af7244eccc60fe93812 (patch)
tree82eadb7175cc546baf740ef2aec74aafa35965c1 /web/html
parentf190a845775381dfa8f583bd587337ae647629e8 (diff)
downloadaurweb-630f1cbae8473fb05e5f5af7244eccc60fe93812.tar.xz
Avoid use of "$_SERVER['REQUEST_URI']"
Use the routing library to build proper URIs instead of relying on the "REQUEST_URI" server variable which can be manipulated and might return bogus URIs. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web/html')
-rw-r--r--web/html/login.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/web/html/login.php b/web/html/login.php
index d5bb1e7..9b3715b 100644
--- a/web/html/login.php
+++ b/web/html/login.php
@@ -20,7 +20,7 @@ html_header('AUR ' . __("Login"));
<a href="<?php get_uri('/logout/'); ?>">[<?= __("Logout"); ?>]</a>
</p>
<?php elseif (!$DISABLE_HTTP_LOGIN || (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'])): ?>
- <form method="post" action="<?= htmlspecialchars($_SERVER['REQUEST_URI'], ENT_QUOTES) ?>">
+ <form method="post" action="<?= get_uri('/login') ?>">
<fieldset>
<legend><?= __('Enter login credentials') ?></legend>
<?php if (!empty($login_error)): ?>
@@ -47,7 +47,7 @@ html_header('AUR ' . __("Login"));
<?php else: ?>
<p>
<?php printf(__("HTTP login is disabled. Please %sswitch to HTTPs%s if you want to login."),
- '<a href="' . $AUR_LOCATION . htmlspecialchars($_SERVER['REQUEST_URI'], ENT_QUOTES) . '">', '</a>'); ?>
+ '<a href="' . $AUR_LOCATION . get_uri('/login') . '">', '</a>'); ?>
</p>
<?php endif; ?>
</div>