diff options
author | sgiehl <stefan@matomo.org> | 2022-11-11 15:30:20 +0300 |
---|---|---|
committer | sgiehl <stefan@matomo.org> | 2022-11-11 15:30:20 +0300 |
commit | cf92bfa7ea84495efa4334ae193cd947f2137bdd (patch) | |
tree | 9bf9eb175b92a9860161f18c13d752b7aad571ca | |
parent | c9800fcb9746b3adb3b201b85280015c2346e087 (diff) |
Correctly escape email adresses in mailto linksescapeemail
-rw-r--r-- | core/Plugin/Controller.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/core/Plugin/Controller.php b/core/Plugin/Controller.php index 95034f0280..dd027c4575 100644 --- a/core/Plugin/Controller.php +++ b/core/Plugin/Controller.php @@ -832,7 +832,7 @@ abstract class Controller $emailSubject = rawurlencode(Piwik::translate('CoreHome_InjectedHostEmailSubject', $invalidHost)); $emailBody = rawurlencode(Piwik::translate('CoreHome_InjectedHostEmailBody')); - $superUserEmail = implode(',', Piwik::getContactEmailAddresses()); + $superUserEmail = rawurlencode(implode(',', Piwik::getContactEmailAddresses())); $mailToUrl = "mailto:$superUserEmail?subject=$emailSubject&body=$emailBody"; $mailLinkStart = "<a href=\"$mailToUrl\">"; @@ -966,7 +966,7 @@ abstract class Controller if (!Piwik::isUserIsAnonymous()) { $currentLogin = Piwik::getCurrentUserLogin(); - $emails = implode(',', Piwik::getContactEmailAddresses()); + $emails = rawurlencode(implode(',', Piwik::getContactEmailAddresses())); $errorMessage = sprintf(Piwik::translate('CoreHome_NoPrivilegesAskPiwikAdmin'), $currentLogin, "<br/><a href='mailto:" . $emails . "?subject=Access to Matomo for user $currentLogin'>", "</a>"); $errorMessage .= "<br /><br /> <b><a href='index.php?module=" . Piwik::getLoginPluginName() . "&action=logout'>› " . Piwik::translate('General_Logout') . "</a></b><br />"; |