diff options
author | Lukas Fleischer <archlinux@cryptocrack.de> | 2012-11-04 19:13:03 +0100 |
---|---|---|
committer | Lukas Fleischer <archlinux@cryptocrack.de> | 2012-11-04 19:19:32 +0100 |
commit | 630f1cbae8473fb05e5f5af7244eccc60fe93812 (patch) | |
tree | 82eadb7175cc546baf740ef2aec74aafa35965c1 /web/template/pkg_comment_form.php | |
parent | f190a845775381dfa8f583bd587337ae647629e8 (diff) | |
download | aurweb-630f1cbae8473fb05e5f5af7244eccc60fe93812.tar.xz |
Avoid use of "$_SERVER['REQUEST_URI']"
Use the routing library to build proper URIs instead of relying on the
"REQUEST_URI" server variable which can be manipulated and might return
bogus URIs.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web/template/pkg_comment_form.php')
-rw-r--r-- | web/template/pkg_comment_form.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/web/template/pkg_comment_form.php b/web/template/pkg_comment_form.php index da871ec..8e74fe6 100644 --- a/web/template/pkg_comment_form.php +++ b/web/template/pkg_comment_form.php @@ -1,6 +1,6 @@ <div id="generic-form" class="box"> <h2><?= __("Add Comment"); ?></h2> - <form action="<?= $_SERVER['REQUEST_URI'] ?>" method="post"> + <form action="<?= get_pkg_uri($row['Name']) ?>" method="post"> <fieldset> <?php if (isset($_REQUEST['comment']) && check_token()) { |