Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/matomo-org/matomo.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/plugins/Diagnostics
diff options
context:
space:
mode:
authorStefan Giehl <stefan@matomo.org>2021-09-23 23:05:33 +0300
committerGitHub <noreply@github.com>2021-09-23 23:05:33 +0300
commit6b4d30090bf70690b2f29f11dddb5bbeedba22b1 (patch)
tree742418e30e19e69112a831986788ab12f5348530 /plugins/Diagnostics
parent3495f7af4c6031c71e47dcd0d882b3950486cfc9 (diff)
Fix escaping of html attribute (#18040)
Diffstat (limited to 'plugins/Diagnostics')
-rw-r--r--plugins/Diagnostics/Diagnostic/ForceSSLCheck.php8
-rw-r--r--plugins/Diagnostics/templates/force_ssl_link.twig1
2 files changed, 5 insertions, 4 deletions
diff --git a/plugins/Diagnostics/Diagnostic/ForceSSLCheck.php b/plugins/Diagnostics/Diagnostic/ForceSSLCheck.php
index 1cbb3c2b98..f85fa15067 100644
--- a/plugins/Diagnostics/Diagnostic/ForceSSLCheck.php
+++ b/plugins/Diagnostics/Diagnostic/ForceSSLCheck.php
@@ -11,6 +11,7 @@ use Piwik\Config;
use Piwik\ProxyHttp;
use Piwik\Translation\Translator;
use Piwik\Url;
+use Piwik\View;
/**
* Check that Matomo is configured to force SSL.
@@ -38,10 +39,9 @@ class ForceSSLCheck implements Diagnostic
return [];
}
- $message = $this->translator->translate('General_UseSSLInstall', [
- '<a href="https://'. Url::getCurrentHost() . Url::getCurrentScriptName(false) . Url::getCurrentQueryString() .'">',
- '</a>'
- ]);
+ $view = new View('@Diagnostics/force_ssl_link');
+ $view->link = 'https://' . Url::getCurrentHost() . Url::getCurrentScriptName(false) . Url::getCurrentQueryString();
+ $message = $view->render();
return [DiagnosticResult::singleResult($label, DiagnosticResult::STATUS_WARNING, $message)];
}
diff --git a/plugins/Diagnostics/templates/force_ssl_link.twig b/plugins/Diagnostics/templates/force_ssl_link.twig
new file mode 100644
index 0000000000..8d7c63a8b4
--- /dev/null
+++ b/plugins/Diagnostics/templates/force_ssl_link.twig
@@ -0,0 +1 @@
+{{ 'General_UseSSLInstall'|translate('<a href="' ~ link|escape('html_attr') ~ '">', '</a>')|raw }} \ No newline at end of file
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-20 15:16:53 +0300