diff options
author | Andrew Dolgov <[email protected]> | 2021-03-02 08:16:41 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2021-03-02 08:16:41 +0300 |
commit | 70adfd4a742775f492bbf09afad2eebb67d4a150 (patch) | |
tree | 9dd347bb9dfd811ecdc26a7fe0811057a43e3189 /classes/pluginhost.php | |
parent | 6f835ded780cdc9e1a663667dd5221a0cc835571 (diff) |
* sanitize: never rewrite relative links to our own prefix
* use Config::get_self_url() instead of get_self_url_prefix() in a bunch
of places
Diffstat (limited to 'classes/pluginhost.php')
-rwxr-xr-x | classes/pluginhost.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/classes/pluginhost.php b/classes/pluginhost.php index 348c67bab..2708099c8 100755 --- a/classes/pluginhost.php +++ b/classes/pluginhost.php @@ -609,7 +609,7 @@ class PluginHost { // handled by classes/pluginhandler.php, requires valid session function get_method_url(Plugin $sender, string $method, $params = []) { - return get_self_url_prefix() . "/backend.php?" . + return Config::get_self_url() . "/backend.php?" . http_build_query( array_merge( [ @@ -622,7 +622,7 @@ class PluginHost { // shortcut syntax (disabled for now) /* function get_method_url(Plugin $sender, string $method, $params) { - return get_self_url_prefix() . "/backend.php?" . + return Config::get_self_url() . "/backend.php?" . http_build_query( array_merge( [ @@ -634,7 +634,7 @@ class PluginHost { // WARNING: endpoint in public.php, exposed to unauthenticated users function get_public_method_url(Plugin $sender, string $method, $params = []) { if ($sender->is_public_method($method)) { - return get_self_url_prefix() . "/public.php?" . + return Config::get_self_url() . "/public.php?" . http_build_query( array_merge( [ |