Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Sanitize help URL
  • Loading branch information
orthagh authored and trasher committed Jan 24, 2023
1 parent eb3cf86 commit e3be02c
Showing 1 changed file with 9 additions and 10 deletions.
19 changes: 9 additions & 10 deletions src/Html.php
Expand Up @@ -41,6 +41,7 @@
use Glpi\Plugin\Hooks;
use Glpi\Toolbox\FrontEnd;
use Glpi\Toolbox\Sanitizer;
use Glpi\Toolbox\URL;
use ScssPhp\ScssPhp\Compiler;

/**
Expand Down Expand Up @@ -1737,11 +1738,6 @@ public static function header(
];
$tpl_vars += self::getPageHeaderTplVars();

$help_url_key = Session::getCurrentInterface() === 'central' ? 'central_doc_url' : 'helpdesk_doc_url';
$help_url = !empty($CFG_GLPI[$help_url_key]) ? $CFG_GLPI[$help_url_key] : 'https://glpi-project.org/documentation/';

$tpl_vars['help_url'] = $help_url;

TemplateRenderer::getInstance()->display('layout/parts/page_header.html.twig', $tpl_vars);

if (
Expand Down Expand Up @@ -1999,11 +1995,6 @@ public static function helpHeader(
];
$tpl_vars += self::getPageHeaderTplVars();

$help_url_key = Session::getCurrentInterface() === 'central' ? 'central_doc_url' : 'helpdesk_doc_url';
$help_url = !empty($CFG_GLPI[$help_url_key]) ? $CFG_GLPI[$help_url_key] : 'http://glpi-project.org/help-central';

$tpl_vars['help_url'] = $help_url;

TemplateRenderer::getInstance()->display('layout/parts/page_header.html.twig', $tpl_vars);

// call static function callcron() every 5min
Expand Down Expand Up @@ -2036,12 +2027,20 @@ private static function getPageHeaderTplVars(): array
$platform = $ua->platform();
}

$help_url_key = Session::getCurrentInterface() === 'central'
? 'central_doc_url'
: 'helpdesk_doc_url';
$help_url = !empty($CFG_GLPI[$help_url_key])
? $CFG_GLPI[$help_url_key]
: 'http://glpi-project.org/documentation';

return [
'is_debug_active' => $_SESSION['glpi_use_mode'] == Session::DEBUG_MODE,
'is_impersonate_active' => Session::isImpersonateActive(),
'founded_new_version' => $founded_new_version,
'user' => $user instanceof User ? $user : null,
'platform' => $platform,
'help_url' => URL::sanitizeURL($help_url),
];
}

Expand Down

0 comments on commit e3be02c

Please sign in to comment.