summaryrefslogtreecommitdiff
path: root/includes
diff options
context:
space:
mode:
authorfisharebest <fisharebest@gmail.com>2010-11-24 11:14:08 +0000
committerfisharebest <fisharebest@gmail.com>2010-11-24 11:14:08 +0000
commitdd112157c8adf310ba739c2d874d3d039b626b84 (patch)
tree63e40c1e3b06b9839c0b7f7527def9c52733816b /includes
parent2c27f702765fbd6ba563323abd9193a989efd13b (diff)
downloadwebtrees-dd112157c8adf310ba739c2d874d3d039b626b84.tar.gz
webtrees-dd112157c8adf310ba739c2d874d3d039b626b84.tar.bz2
webtrees-dd112157c8adf310ba739c2d874d3d039b626b84.zip
Sanitise parameters when generating URLs
Diffstat (limited to 'includes')
-rw-r--r--includes/functions/functions.php26
1 files changed, 11 insertions, 15 deletions
diff --git a/includes/functions/functions.php b/includes/functions/functions.php
index 45dd8bd73a..9ddff54496 100644
--- a/includes/functions/functions.php
+++ b/includes/functions/functions.php
@@ -3086,27 +3086,23 @@ function get_query_string() {
$qstring = "";
if (!empty($_GET)) {
foreach ($_GET as $key => $value) {
- if ($key != "view") {
- if (!is_array($value)) {
- $qstring .= "&amp;{$key}={$value}";
- } else {
- foreach ($value as $k=>$v) {
- $qstring .= "&amp;{$key}[{$k}]={$v}";
- }
+ if (!is_array($value)) {
+ $qstring .= '&amp;'.rawurlencode($key)."=".rawurlencode($value);
+ } else {
+ foreach ($value as $k=>$v) {
+ $qstring .= '&amp;'.rawurlencode($key).'['.rawurlencode($k).']='.rawurlencode($v);
}
}
}
} else {
if (!empty($_POST)) {
foreach ($_POST as $key => $value) {
- if ($key != "view") {
- if (!is_array($value)) {
- $qstring .= "&amp;{$key}={$value}";
- } else {
- foreach ($value as $k=>$v) {
- if (!is_array($v)) {
- $qstring .= "&amp;{$key}[{$k}]={$v}";
- }
+ if (!is_array($value)) {
+ $qstring .= '&amp;'.rawurlencode($key)."=".rawurlencode($value);
+ } else {
+ foreach ($value as $k=>$v) {
+ if (!is_array($v)) {
+ $qstring .= '&amp;'.rawurlencode($key).'['.rawurlencode($k).']='.rawurlencode($v);
}
}
}