amorfo77/mailcow-dockerized
1
0
Fork 0
mirror of https://github.com/mailcow/mailcow-dockerized.git synced 2026-03-30 18:32:44 +00:00
Code Issues Projects Releases Wiki Activity

Improve template URI escaping and parameter handling

Browse Source
This commit is contained in:
FreddleSpl0it
2026-03-19 12:48:43 +01:00
parent 95bf46c1e4
commit 8c039f694f
3 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
data/web/inc/header.inc.php
View File

@@ -89,7 +89,7 @@ $globalVariables = [
'app_links' => $app_links,
'app_links_processed' => $app_links_processed,
'is_root_uri' => (parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH) == '/'),
'uri' => $_SERVER['REQUEST_URI'],
'uri' => parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH) ?: '/',
];
foreach ($globalVariables as $globalVariableName => $globalVariableValue) {

4
data/web/inc/twig.inc.php
View File

@@ -13,7 +13,9 @@ $twig = new Environment($loader, [
// functions
$twig->addFunction(new TwigFunction('query_string', function (array $params = []) {
return http_build_query(array_merge($_GET, $params));
$allowed = ['lang', 'mobileconfig'];
$filtered = array_intersect_key($_GET, array_flip($allowed));
return http_build_query(array_merge($filtered, $params));
}));
$twig->addFunction(new TwigFunction('is_uri', function (string $uri, string $where = null) {

2
data/web/templates/base.twig
View File

@@ -193,7 +193,7 @@ $(window).scroll(function() {
});
// Select language and reopen active URL without POST
function setLang(sel) {
$.post( '{{ uri }}', {lang: sel} );
$.post( '{{ uri|escape("js") }}', {lang: sel} );
window.location.href = window.location.pathname + window.location.search;
}
// FIDO2 functions