_url should be decoded, to prevent urlencoded characters from being used in an action()
This commit is contained in:
parent
e78314d06b
commit
cc3b363cd1
|
@ -86,10 +86,10 @@ $_GET = parse_url($_SERVER['REQUEST_URI'], PHP_URL_QUERY);
|
|||
parse_str($_GET, $_GET);
|
||||
// handle requests
|
||||
if (preg_match("/^\/ui\/.*/", $uri)) {
|
||||
$_GET['_url'] = substr(parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH), 3);
|
||||
$_GET['_url'] = urldecode(substr(parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH), 3));
|
||||
require_once "{$DEV_WORKDIR}/stubs/index.php";
|
||||
} elseif (preg_match("/^\/api\/.*/", $uri)) {
|
||||
$_GET['_url'] = substr(parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH), 4);
|
||||
$_GET['_url'] = urldecode(substr(parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH), 4));
|
||||
require_once "{$DEV_WORKDIR}/stubs/api.php";
|
||||
} else {
|
||||
header('Location: /ui/');
|
||||
|
|
Loading…
Reference in New Issue