opensourcemirror
/
opnsense-ui_devtools
mirror of https://github.com/opnsense/ui_devtools.git
1
0
Fork 0
Code Issues Releases Wiki Activity

_url should be decoded, to prevent urlencoded characters from being used in an action()

This commit is contained in:
Ad Schellevis 2018-06-27 16:26:51 +02:00
parent e78314d06b
commit cc3b363cd1
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
public/.htrouter.php
View File

@ -86,10 +86,10 @@ $_GET = parse_url($_SERVER['REQUEST_URI'], PHP_URL_QUERY);
parse_str($_GET, $_GET);
// handle requests
if (preg_match("/^\/ui\/.*/", $uri)) {
$_GET['_url'] = substr(parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH), 3);
$_GET['_url'] = urldecode(substr(parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH), 3));
require_once "{$DEV_WORKDIR}/stubs/index.php";
} elseif (preg_match("/^\/api\/.*/", $uri)) {
$_GET['_url'] = substr(parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH), 4);
$_GET['_url'] = urldecode(substr(parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH), 4));
require_once "{$DEV_WORKDIR}/stubs/api.php";
} else {
header('Location: /ui/');