From 001f7c620bfbfa94d6000bb097f43c7965cc7e66 Mon Sep 17 00:00:00 2001
From: Josue-T <josue@tille.ch>
Date: Fri, 29 Dec 2017 15:25:59 +0100
Subject: [PATCH] Fix nginx security Issue

I found while I did a security check with gixy that using $uri instead of $request_uri is not good. So I replaced that.
I haven't checked if all part of the app run correctly after this patch, so check it before the merge.
---
 conf/nginx.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/conf/nginx.conf b/conf/nginx.conf
index d0361fa..bb07fed 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -58,7 +58,7 @@ rewrite ^ https://$server_name$request_uri? permanent;
 # by denying dot files and rewrite request to the front controller
  location ^~ /.well-known/ {
  allow all;
- rewrite ^/(.*) /index.php?pagename=$uri&$args last;
+ rewrite ^/(.*) /index.php?pagename=$request_uri&$args last;
  }
 
 #statically serve these file types when possible