diff options
| author | Paul S. Owen <psotfx@users.sourceforge.net> | 2002-11-21 22:25:03 +0000 |
|---|---|---|
| committer | Paul S. Owen <psotfx@users.sourceforge.net> | 2002-11-21 22:25:03 +0000 |
| commit | bb05d733eeae8c1a5c1a3d4fab17d3ed2e864fa5 (patch) | |
| tree | 454e48355a90f1bc961a402f42e0918156f07ab2 /phpBB | |
| parent | 25a3ef55be2122b7e6b8cea948fa27f34766b088 (diff) | |
| download | forums-bb05d733eeae8c1a5c1a3d4fab17d3ed2e864fa5.tar forums-bb05d733eeae8c1a5c1a3d4fab17d3ed2e864fa5.tar.gz forums-bb05d733eeae8c1a5c1a3d4fab17d3ed2e864fa5.tar.bz2 forums-bb05d733eeae8c1a5c1a3d4fab17d3ed2e864fa5.tar.xz forums-bb05d733eeae8c1a5c1a3d4fab17d3ed2e864fa5.zip | |
didn't urlencode highlighted url data ... tut tut
git-svn-id: file:///svn/phpbb/trunk@3077 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/viewtopic.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index c5c47d1c60..68c8b17a9a 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -276,7 +276,7 @@ $highlight_match = ''; if (isset($_GET['highlight'])) { // Split words and phrases - $words = explode(' ', trim(urldecode($_GET['highlight']))); + $words = explode(' ', trim(htmlspecialchars(urldecode($_GET['highlight'])))); foreach ($words as $word) { @@ -300,7 +300,7 @@ $topic_mod .= ($auth->acl_gets('m_split', 'a_', $forum_id)) ? '<option value="sp $topic_mod .= ($auth->acl_gets('m_merge', 'a_', $forum_id)) ? '<option value="merge">' . $user->lang['Merge_topic'] . '</option>' : ''; // If we've got a hightlight set pass it on to pagination. -$pagination = ($highlight_match) ? generate_pagination("viewtopic.$phpEx$SID&t=$topic_id&postdays=$post_days&postorder=$post_order&highlight=" . $_GET['highlight'], $topic_replies, $config['posts_per_page'], $start) : generate_pagination("viewtopic.$phpEx$SID&t=$topic_id&postdays=$post_days&postorder=$post_order", $topic_replies, $config['posts_per_page'], $start); +$pagination = ($highlight_match) ? generate_pagination("viewtopic.$phpEx$SID&t=$topic_id&postdays=$post_days&postorder=$post_order&highlight=" . urlencode($_GET['highlight']), $topic_replies, $config['posts_per_page'], $start) : generate_pagination("viewtopic.$phpEx$SID&t=$topic_id&postdays=$post_days&postorder=$post_order", $topic_replies, $config['posts_per_page'], $start); // Post, reply and other URL generation for // templating vars @@ -429,7 +429,7 @@ $template->assign_vars(array( 'S_MOD_ACTION' => "modcp.$phpEx$SID&t=$topic_id", 'S_WATCH_TOPIC' => $s_watching_topic, - 'U_VIEW_TOPIC' => "viewtopic.$phpEx$SID&t=$topic_id&start=$start&postdays=$post_days&postorder=$post_order&highlight=" . $_GET['highlight'], + 'U_VIEW_TOPIC' => "viewtopic.$phpEx$SID&t=$topic_id&start=$start&postdays=$post_days&postorder=$post_order&highlight=" . urlencode($_GET['highlight']), 'U_TOPIC' => $server_path . 'viewtopic.' . $phpEx . '?t=' . $topic_id, 'U_FORUM' => $server_path, 'U_VIEW_FORUM' => $view_forum_url, |