diff options
-rw-r--r-- | phpBB/includes/functions.php | 3 | ||||
-rw-r--r-- | phpBB/includes/session.php | 14 |
2 files changed, 13 insertions, 4 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index cb2631d7b5..4155103eef 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1883,8 +1883,7 @@ function build_url($strip_vars = false) global $user, $phpbb_root_path; // Append SID - $redirect = (($user->page['page_dir']) ? $user->page['page_dir'] . '/' : '') . $user->page['page_name'] . (($user->page['query_string']) ? "?{$user->page['query_string']}" : ''); - $redirect = append_sid($redirect, false, false); + $redirect = append_sid($user->page['page'], false, false); // Add delimiter if not there... if (strpos($redirect, '?') === false) diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 9def5f1edf..d9cc85a154 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -51,18 +51,28 @@ class session $script_name = str_replace(array('\\', '//'), '/', $script_name); // Now, remove the sid and let us get a clean query string... + $use_args = array(); + + // Since some browser do not encode correctly we need to do this with some "special" characters... + // " -> %22, ' => %27, < -> %3C, > -> %3E + $find = array('"', "'", '<', '>'); + $replace = array('%22', '%27', '%3C', '%3E'); + foreach ($args as $key => $argument) { if (strpos($argument, 'sid=') === 0 || strpos($argument, '_f_=') === 0) { - unset($args[$key]); + continue; } + + $use_args[str_replace($find, $replace, $key)] = str_replace($find, $replace, $argument); } + unset($args); // The following examples given are for an request uri of {path to the phpbb directory}/adm/index.php?i=10&b=2 // The current query string - $query_string = trim(implode('&', $args)); + $query_string = trim(implode('&', $use_args)); // basenamed page name (for example: index.php) $page_name = basename($script_name); |