Typecasting URL GET parameters
When navigating to https://defendtheweb.net/help/contact it is possible to specify a GET parameter "message" which fills in the form. However, if one sends a URL like the following:
https://defendtheweb.net/help/contact?message[]=*
Then the result is that "message" is treated like an array. This causes unexpected results:
Related lines are as follows: https://gitlab.com/DefendTheWeb/website/-/blob/master/src/routes/help.php#L22 https://gitlab.com/DefendTheWeb/website/-/blob/master/src/templates/includes/form.twig#L105