Update docker/ui.php

sstidl · qodo-free-for-open-source-projects[bot] · web-flow · commit 6d31010feb46 · 2024-12-29T17:50:41.000+01:00
Co-authored-by: qodo-merge-pro-for-open-source[bot] &lt;189517486+qodo-merge-pro-for-open-source[bot]@users.noreply.github.com&gt;
diff --git a/docker/ui.php b/docker/ui.php
@@ -25,13 +25,9 @@ function I(i){return document.getElementById(i);}
 	$protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443) ? "https://" : "http://";
 
 	// Retrieve the host (e.g., www.example.com)
-	$host = $_SERVER['HTTP_HOST'];
-
-	// Retrieve the URI (path and query string)
-	$uri = $_SERVER['REQUEST_URI'];
-
-	// Combine them to get the full URL
-	$url = $protocol . $host . $uri;
+ $host = filter_var($_SERVER['HTTP_HOST'], FILTER_SANITIZE_STRING);
+ $uri = filter_var($_SERVER['REQUEST_URI'], FILTER_SANITIZE_URL);
+ $url = $protocol . htmlspecialchars($host) . htmlspecialchars($uri);
 	array_unshift($servers,
 			[
 				"name"=> "This Server",
