From 7b0895f9afd3acc1278c24837e94e629bae7e6e1 Mon Sep 17 00:00:00 2001
From: yggverse <yggverse@project>
Date: Mon, 6 May 2024 18:04:50 +0300
Subject: [PATCH] sanitize request string

---
 src/Controller/Nex.php | 17 ++++++-----------
 1 file changed, 6 insertions(+), 11 deletions(-)

diff --git a/src/Controller/Nex.php b/src/Controller/Nex.php
index f252b84..7e1ded4 100644
--- a/src/Controller/Nex.php
+++ b/src/Controller/Nex.php
@@ -82,7 +82,10 @@ class Nex implements MessageComponentInterface
 
         // Filter request
         $request = trim(
-            $request
+            filter_var(
+                $request,
+                FILTER_SANITIZE_URL
+            )
         );
 
         // Build absolute realpath
@@ -165,16 +168,8 @@ class Nex implements MessageComponentInterface
                         (string) date('c'),
                         (string) $connection->remoteAddress,
                         (string) $connection->resourceId,
-                        (string) str_replace(
-                            '%',
-                            '%%',
-                            $request
-                        ),
-                        (string) str_replace(
-                            '%',
-                            '%%',
-                            $realpath
-                        ),
+                        (string) $request,
+                        (string) $realpath,
                         (string) mb_strlen(
                             $response
                         )