Fix referer escaping
This commit is contained in:
parent
757ea93393
commit
ad8750b40d
@ -13,7 +13,7 @@
|
|||||||
</button>
|
</button>
|
||||||
</div>
|
</div>
|
||||||
<div class="pure-u-1-2">
|
<div class="pure-u-1-2">
|
||||||
<a class="pure-button" href="<%= referer %>">
|
<a class="pure-button" href="<%= URI.escape(referer) %>">
|
||||||
<%= translate(locale, "No") %>
|
<%= translate(locale, "No") %>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
<% end %>
|
<% end %>
|
||||||
|
|
||||||
<div class="h-box">
|
<div class="h-box">
|
||||||
<form class="pure-form pure-form-aligned" enctype="multipart/form-data" action="/data_control?referer=<%= referer %>" method="post">
|
<form class="pure-form pure-form-aligned" enctype="multipart/form-data" action="/data_control?referer=<%= URI.escape(referer) %>" method="post">
|
||||||
<fieldset>
|
<fieldset>
|
||||||
<legend><%= translate(locale, "Import") %></legend>
|
<legend><%= translate(locale, "Import") %></legend>
|
||||||
|
|
||||||
|
@ -13,7 +13,7 @@
|
|||||||
</button>
|
</button>
|
||||||
</div>
|
</div>
|
||||||
<div class="pure-u-1-2">
|
<div class="pure-u-1-2">
|
||||||
<a class="pure-button" href="<%= referer %>">
|
<a class="pure-button" href="<%= URI.escape(referer) %>">
|
||||||
<%= translate(locale, "No") %>
|
<%= translate(locale, "No") %>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
|
@ -9,7 +9,7 @@ function update_value(element) {
|
|||||||
</script>
|
</script>
|
||||||
|
|
||||||
<div class="h-box">
|
<div class="h-box">
|
||||||
<form class="pure-form pure-form-aligned" action="/preferences?referer=<%= referer %>" method="post">
|
<form class="pure-form pure-form-aligned" action="/preferences?referer=<%= URI.escape(referer) %>" method="post">
|
||||||
<fieldset>
|
<fieldset>
|
||||||
<legend><%= translate(locale, "Player preferences") %></legend>
|
<legend><%= translate(locale, "Player preferences") %></legend>
|
||||||
|
|
||||||
|
@ -19,7 +19,7 @@
|
|||||||
</div>
|
</div>
|
||||||
<div class="pure-u-1-3" style="text-align:right">
|
<div class="pure-u-1-3" style="text-align:right">
|
||||||
<h3>
|
<h3>
|
||||||
<a href="/data_control?referer=<%= referer %>">
|
<a href="/data_control?referer=<%= URI.escape(referer) %>">
|
||||||
<%= translate(locale, "Import/export") %>
|
<%= translate(locale, "Import/export") %>
|
||||||
</a>
|
</a>
|
||||||
</h3>
|
</h3>
|
||||||
|
@ -11,7 +11,7 @@
|
|||||||
<div class="pure-u-1-3"></div>
|
<div class="pure-u-1-3"></div>
|
||||||
<div class="pure-u-1-3" style="text-align:right">
|
<div class="pure-u-1-3" style="text-align:right">
|
||||||
<h3>
|
<h3>
|
||||||
<a href="/preferences?referer=<%= referer %>"><%= translate(locale, "Preferences") %></a>
|
<a href="/preferences?referer=<%= URI.escape(referer) %>"><%= translate(locale, "Preferences") %></a>
|
||||||
</h3>
|
</h3>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
Loading…
Reference in New Issue
Block a user