diff --git a/docker/ui.php b/docker/ui.php index 9682d908d..0f68f2c69 100755 --- a/docker/ui.php +++ b/docker/ui.php @@ -25,13 +25,9 @@ function I(i){return document.getElementById(i);} $protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443) ? "https://" : "http://"; // Retrieve the host (e.g., www.example.com) - $host = $_SERVER['HTTP_HOST']; - - // Retrieve the URI (path and query string) - $uri = $_SERVER['REQUEST_URI']; - - // Combine them to get the full URL - $url = $protocol . $host . $uri; + $host = filter_var($_SERVER['HTTP_HOST'], FILTER_SANITIZE_STRING); + $uri = filter_var($_SERVER['REQUEST_URI'], FILTER_SANITIZE_URL); + $url = $protocol . htmlspecialchars($host) . htmlspecialchars($uri); array_unshift($servers, [ "name"=> "This Server",