summaryrefslogtreecommitdiffstats
path: root/web/template
diff options
context:
space:
mode:
authorLukas Fleischer <archlinux@cryptocrack.de>2012-11-04 19:13:03 +0100
committerLukas Fleischer <archlinux@cryptocrack.de>2012-11-04 19:19:32 +0100
commit630f1cbae8473fb05e5f5af7244eccc60fe93812 (patch)
tree82eadb7175cc546baf740ef2aec74aafa35965c1 /web/template
parentf190a845775381dfa8f583bd587337ae647629e8 (diff)
downloadaur-630f1cbae8473fb05e5f5af7244eccc60fe93812.tar.gz
aur-630f1cbae8473fb05e5f5af7244eccc60fe93812.tar.xz
Avoid use of "$_SERVER['REQUEST_URI']"
Use the routing library to build proper URIs instead of relying on the "REQUEST_URI" server variable which can be manipulated and might return bogus URIs. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web/template')
-rw-r--r--web/template/pkg_comment_form.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/web/template/pkg_comment_form.php b/web/template/pkg_comment_form.php
index da871ece..8e74fe64 100644
--- a/web/template/pkg_comment_form.php
+++ b/web/template/pkg_comment_form.php
@@ -1,6 +1,6 @@
<div id="generic-form" class="box">
<h2><?= __("Add Comment"); ?></h2>
- <form action="<?= $_SERVER['REQUEST_URI'] ?>" method="post">
+ <form action="<?= get_pkg_uri($row['Name']) ?>" method="post">
<fieldset>
<?php
if (isset($_REQUEST['comment']) && check_token()) {