replaced "Url::to()" with "Url::current()", fix issue with url encoding and reflected XSS vulnerabilities

marc7000 · web-flow · commit e5dd6c7d2486 · 2025-10-08T11:09:01.000+02:00
diff --git a/src/views/layouts/main.php b/src/views/layouts/main.php
@@ -189,7 +189,7 @@ class="btn btn-default btn-flat" data-method="post"><?php echo Yii::t('backend-m
                         </li>
 
                         <li class="expand-menu">
-                            <a href="<?= Url::to() ?>" target="_top">
+                            <a href="<?= Url::current() ?>" target="_top">
                                 <i class="fa fa-expand"></i>
                             </a>
                         </li>
