From 2a39df1a53ae4d9798bcba9ceee610190702cc4b Mon Sep 17 00:00:00 2001
From: Oleg Pudeyev <oleg@bsdpower.com>
Date: Thu, 29 Nov 2012 13:36:00 -0500
Subject: [PATCH] [ticket/11095] Forward GET parameters into hidden fields for
 jumpbox.

PHPBB3-11095
---
 phpBB/includes/functions.php                  | 42 ++++++++++++++++++-
 phpBB/styles/prosilver/template/jumpbox.html  |  1 +
 phpBB/styles/subsilver2/template/jumpbox.html |  2 +-
 .../subsilver2/template/mcp_jumpbox.html      |  1 +
 4 files changed, 43 insertions(+), 3 deletions(-)

diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index 5d8a92b63b..ee5a1afd30 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -4940,13 +4940,47 @@ function phpbb_quoteattr($data, $entities = null)
 	return $data;
 }
 
+function phpbb_build_hidden_fields_for_query_params($request, $exclude = null)
+{
+	$names = $request->variable_names(phpbb_request_interface::GET);
+	$hidden = '';
+	foreach ($names as $name)
+	{
+		// Sessions are dealt with elsewhere, omit sid always
+		if ($name == 'sid')
+		{
+			continue;
+		}
+
+		// Omit any additional parameters requested
+		if (!empty($exclude) && in_array($name, $exclude))
+		{
+			continue;
+		}
+
+		$escaped_name = phpbb_quoteattr($name);
+
+		// Note: we might retrieve the variable from POST or cookies
+		// here. To avoid exposing cookies, skip variables that are
+		// overwritten somewhere other than GET entirely.
+		$value = $request->variable($name, '', true);
+		$get_value = $request->variable($name, '', true, phpbb_request_interface::GET);
+		if ($value === $get_value)
+		{
+			$escaped_value = phpbb_quoteattr($value);
+			$hidden .= "<input type='hidden' name=$escaped_name value=$escaped_value />";
+		}
+	}
+	return $hidden;
+}
+
 /**
 * Generate page header
 */
 function page_header($page_title = '', $display_online_list = true, $item_id = 0, $item = 'forum')
 {
 	global $db, $config, $template, $SID, $_SID, $_EXTRA_URL, $user, $auth, $phpEx, $phpbb_root_path;
-	global $phpbb_dispatcher;
+	global $phpbb_dispatcher, $request;
 
 	if (defined('HEADER_INC'))
 	{
@@ -5135,6 +5169,8 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0
 		$timezone_name = $user->lang['timezones'][$timezone_name];
 	}
 
+	$hidden_fields_for_jumpbox = phpbb_build_hidden_fields_for_query_params($request, array('f'));
+
 	// The following assigns all _common_ variables that may be used at any point in a template.
 	$template->assign_vars(array(
 		'SITENAME'						=> $config['sitename'],
@@ -5149,6 +5185,7 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0
 		'RECORD_USERS'					=> $l_online_record,
 		'PRIVATE_MESSAGE_INFO'			=> $l_privmsgs_text,
 		'PRIVATE_MESSAGE_INFO_UNREAD'	=> $l_privmsgs_text_unread,
+		'HIDDEN_FIELDS_FOR_JUMPBOX'	=> $hidden_fields_for_jumpbox,
 
 		'S_USER_NEW_PRIVMSG'			=> $user->data['user_new_privmsg'],
 		'S_USER_UNREAD_PRIVMSG'			=> $user->data['user_unread_privmsg'],
@@ -5507,7 +5544,8 @@ function phpbb_to_numeric($input)
 function phpbb_create_symfony_request(phpbb_request $request)
 {
 	// This function is meant to sanitize the global input arrays
-	$sanitizer = function(&$value, $key) {
+	$sanitizer = function(&$value, $key)
+	{
 		$type_cast_helper = new phpbb_request_type_cast_helper();
 		$type_cast_helper->set_var($value, $value, gettype($value), true);
 	};
diff --git a/phpBB/styles/prosilver/template/jumpbox.html b/phpBB/styles/prosilver/template/jumpbox.html
index 562c115495..dd793fbadc 100644
--- a/phpBB/styles/prosilver/template/jumpbox.html
+++ b/phpBB/styles/prosilver/template/jumpbox.html
@@ -17,6 +17,7 @@
 	<!-- ELSE -->
 		<fieldset class="jumpbox">
 	<!-- ENDIF -->
+			{HIDDEN_FIELDS_FOR_JUMPBOX}
 			<label for="f" accesskey="j"><!-- IF S_IN_MCP and S_MERGE_SELECT -->{L_SELECT_TOPICS_FROM}<!-- ELSEIF S_IN_MCP -->{L_MODERATE_FORUM}<!-- ELSE -->{L_JUMP_TO}<!-- ENDIF -->{L_COLON}</label>
 			<select name="f" id="f" onchange="if(this.options[this.selectedIndex].value != -1){ document.forms['jumpbox'].submit() }">
 			<!-- BEGIN jumpbox_forums -->
diff --git a/phpBB/styles/subsilver2/template/jumpbox.html b/phpBB/styles/subsilver2/template/jumpbox.html
index 0a11524813..e0603c6a6e 100644
--- a/phpBB/styles/subsilver2/template/jumpbox.html
+++ b/phpBB/styles/subsilver2/template/jumpbox.html
@@ -4,7 +4,7 @@
 
 	<table cellspacing="0" cellpadding="0" border="0">
 	<tr>
-		<td nowrap="nowrap"><span class="gensmall"><!-- IF S_IN_MCP and S_MERGE_SELECT -->{L_SELECT_TOPICS_FROM}<!-- ELSEIF S_IN_MCP -->{L_MODERATE_FORUM}<!-- ELSE -->{L_JUMP_TO}<!-- ENDIF -->{L_COLON}</span>&nbsp;<select name="f" onchange="if(this.options[this.selectedIndex].value != -1){ document.forms['jumpbox'].submit() }">
+		<td nowrap="nowrap">{HIDDEN_FIELDS_FOR_JUMPBOX}<span class="gensmall"><!-- IF S_IN_MCP and S_MERGE_SELECT -->{L_SELECT_TOPICS_FROM}<!-- ELSEIF S_IN_MCP -->{L_MODERATE_FORUM}<!-- ELSE -->{L_JUMP_TO}<!-- ENDIF -->{L_COLON}</span>&nbsp;<select name="f" onchange="if(this.options[this.selectedIndex].value != -1){ document.forms['jumpbox'].submit() }">
 
 		<!-- BEGIN jumpbox_forums -->
 			<!-- IF jumpbox_forums.S_FORUM_COUNT eq 1 --><option value="-1">------------------</option><!-- ENDIF -->
diff --git a/phpBB/styles/subsilver2/template/mcp_jumpbox.html b/phpBB/styles/subsilver2/template/mcp_jumpbox.html
index 0e3433e3d6..e6ef4ecdad 100644
--- a/phpBB/styles/subsilver2/template/mcp_jumpbox.html
+++ b/phpBB/styles/subsilver2/template/mcp_jumpbox.html
@@ -2,6 +2,7 @@
 
 <form name="jumpbox" method="get" action="{S_JUMPBOX_ACTION}">
 
+	{HIDDEN_FIELDS_FOR_JUMPBOX}
 	<span class="gensmall">{L_JUMP_TO}{L_COLON}</span>&nbsp;<select name="f" onChange="if(this.options[this.selectedIndex].value != -1 && this.options[this.selectedIndex].value != document.jumpbox.current_f.value){ document.forms['jumpbox'].submit() }">
 
 <!-- IF S_ENABLE_SELECT_ALL -->