diff options
Diffstat (limited to 'phpBB/phpbb/path_helper.php')
| -rw-r--r-- | phpBB/phpbb/path_helper.php | 30 |
1 files changed, 26 insertions, 4 deletions
diff --git a/phpBB/phpbb/path_helper.php b/phpBB/phpbb/path_helper.php index 38dbbab51e..4a446a5d9d 100644 --- a/phpBB/phpbb/path_helper.php +++ b/phpBB/phpbb/path_helper.php @@ -154,6 +154,7 @@ class path_helper return $this->web_root_path; } + // We do not need to escape $path_info, $request_uri and $script_name because we can not find their content in the result. // Path info (e.g. /foo/bar) $path_info = $this->filesystem->clean_path($this->symfony_request->getPathInfo()); @@ -203,9 +204,12 @@ class path_helper */ if ($this->request->is_ajax() && $this->symfony_request->get('_referer')) { + // We need to escape $absolute_board_url because it can be partially concatenated to the result. + $absolute_board_url = $this->request->escape($this->symfony_request->getSchemeAndHttpHost() . $this->symfony_request->getBasePath(), true); + $referer_web_root_path = $this->get_web_root_path_from_ajax_referer( $this->symfony_request->get('_referer'), - $this->symfony_request->getSchemeAndHttpHost() . $this->symfony_request->getBasePath() + $absolute_board_url ); return $this->web_root_path = $this->phpbb_root_path . $referer_web_root_path; } @@ -316,7 +320,7 @@ class path_helper * Glue URL parameters together * * @param array $params URL parameters in the form of array(name => value) - * @return string Returns the glued string, e.g. name1=value1&name2=value2 + * @return string Returns the glued string, e.g. name1=value1&name2&name3=value3 */ public function glue_url_params($params) { @@ -324,7 +328,15 @@ class path_helper foreach ($params as $key => $value) { - $_params[] = $key . '=' . $value; + // some parameters do not have value + if ($value !== null) + { + $_params[] = $key . '=' . $value; + } + else + { + $_params[] = $key; + } } return implode('&', $_params); } @@ -353,7 +365,17 @@ class path_helper { continue; } - list($key, $value) = explode('=', $argument, 2); + + // some parameters don't have value + if (strpos($argument, '=') !== false) + { + list($key, $value) = explode('=', $argument, 2); + } + else + { + $key = $argument; + $value = null; + } if ($key === '') { |