aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMeik Sievertsen <acydburn@phpbb.com>2006-10-11 07:02:29 +0000
committerMeik Sievertsen <acydburn@phpbb.com>2006-10-11 07:02:29 +0000
commita765165cd1280c8f79d7ad99dbdf6dab05375dde (patch)
treeb7750a6dcd7ab9d57c78dfc40c7f166d61c50e97
parente168cd2793e975e12e9f13d916d99816571359bb (diff)
downloadforums-a765165cd1280c8f79d7ad99dbdf6dab05375dde.tar
forums-a765165cd1280c8f79d7ad99dbdf6dab05375dde.tar.gz
forums-a765165cd1280c8f79d7ad99dbdf6dab05375dde.tar.bz2
forums-a765165cd1280c8f79d7ad99dbdf6dab05375dde.tar.xz
forums-a765165cd1280c8f79d7ad99dbdf6dab05375dde.zip
do not use parse_str because it could lead to "unexpected" output which could lead to XSS
git-svn-id: file:///svn/phpbb/trunk@6476 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat
-rw-r--r--phpBB/includes/functions.php15
1 files changed, 13 insertions, 2 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index 3c6a80fc37..6092d8b0dc 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -1607,9 +1607,20 @@ function build_url($strip_vars = false)
}
$query = $_query = array();
- parse_str(substr($redirect, strpos($redirect, '?') + 1), $query);
+
+ $args = substr($redirect, strpos($redirect, '?') + 1);
+ $args = ($args) ? explode('&', $args) : array();
$redirect = substr($redirect, 0, strpos($redirect, '?'));
+ foreach ($args as $argument)
+ {
+ $arguments = explode('=', $argument);
+ $key = $arguments[0];
+ unset($arguments[0]);
+
+ $query[$key] = implode('=', $arguments);
+ }
+
// Strip the vars off
foreach ($strip_vars as $strip)
{
@@ -1619,7 +1630,7 @@ function build_url($strip_vars = false)
}
}
- //
+ // Glue the remaining parts together... already urlencoded
foreach ($query as $key => $value)
{
$_query[] = $key . '=' . $value;
generated by cgit v1.2.1 (git 2.21.0) at 2025-11-10 11:27:03 +0000