makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 14:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

do not use parse_str because it could lead to "unexpected" output which could lead to XSS

Browse source 
git-svn-id: file:///svn/phpbb/trunk@6476 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen 2006-10-11 07:02:29 +00:00
parent e168cd2793
commit a765165cd1
1 changed files with 13 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
phpBB/includes/functions.php
View file

@ -1607,9 +1607,20 @@ function build_url($strip_vars = false)
} }
$query = $_query = array(); $query = $_query = array();
parse_str(substr($redirect, strpos($redirect, '?') + 1), $query);
$args = substr($redirect, strpos($redirect, '?') + 1);
$args = ($args) ? explode('&', $args) : array();
$redirect = substr($redirect, 0, strpos($redirect, '?')); $redirect = substr($redirect, 0, strpos($redirect, '?'));
foreach ($args as $argument)
{
$arguments = explode('=', $argument);
$key = $arguments[0];
unset($arguments[0]);
$query[$key] = implode('=', $arguments);
}
// Strip the vars off // Strip the vars off
foreach ($strip_vars as $strip) foreach ($strip_vars as $strip)
{ {
@ -1619,7 +1630,7 @@ function build_url($strip_vars = false)
} }
} }
// // Glue the remaining parts together... already urlencoded
foreach ($query as $key => $value) foreach ($query as $key => $value)
{ {
$_query[] = $key . '=' . $value; $_query[] = $key . '=' . $value;