diff options
| author | fisharebest <fisharebest@gmail.com> | 2010-11-24 11:14:08 +0000 |
|---|---|---|
| committer | fisharebest <fisharebest@gmail.com> | 2010-11-24 11:14:08 +0000 |
| commit | dd112157c8adf310ba739c2d874d3d039b626b84 (patch) | |
| tree | 63e40c1e3b06b9839c0b7f7527def9c52733816b /includes | |
| parent | 2c27f702765fbd6ba563323abd9193a989efd13b (diff) | |
| download | webtrees-dd112157c8adf310ba739c2d874d3d039b626b84.tar.gz webtrees-dd112157c8adf310ba739c2d874d3d039b626b84.tar.bz2 webtrees-dd112157c8adf310ba739c2d874d3d039b626b84.zip | |
Sanitise parameters when generating URLs
Diffstat (limited to 'includes')
| -rw-r--r-- | includes/functions/functions.php | 26 |
1 files changed, 11 insertions, 15 deletions
diff --git a/includes/functions/functions.php b/includes/functions/functions.php index 45dd8bd73a..9ddff54496 100644 --- a/includes/functions/functions.php +++ b/includes/functions/functions.php @@ -3086,27 +3086,23 @@ function get_query_string() { $qstring = ""; if (!empty($_GET)) { foreach ($_GET as $key => $value) { - if ($key != "view") { - if (!is_array($value)) { - $qstring .= "&{$key}={$value}"; - } else { - foreach ($value as $k=>$v) { - $qstring .= "&{$key}[{$k}]={$v}"; - } + if (!is_array($value)) { + $qstring .= '&'.rawurlencode($key)."=".rawurlencode($value); + } else { + foreach ($value as $k=>$v) { + $qstring .= '&'.rawurlencode($key).'['.rawurlencode($k).']='.rawurlencode($v); } } } } else { if (!empty($_POST)) { foreach ($_POST as $key => $value) { - if ($key != "view") { - if (!is_array($value)) { - $qstring .= "&{$key}={$value}"; - } else { - foreach ($value as $k=>$v) { - if (!is_array($v)) { - $qstring .= "&{$key}[{$k}]={$v}"; - } + if (!is_array($value)) { + $qstring .= '&'.rawurlencode($key)."=".rawurlencode($value); + } else { + foreach ($value as $k=>$v) { + if (!is_array($v)) { + $qstring .= '&'.rawurlencode($key).'['.rawurlencode($k).']='.rawurlencode($v); } } } |
