From bb05d733eeae8c1a5c1a3d4fab17d3ed2e864fa5 Mon Sep 17 00:00:00 2001
From: "Paul S. Owen" <psotfx@users.sourceforge.net>
Date: Thu, 21 Nov 2002 22:25:03 +0000
Subject: [PATCH] didn't urlencode highlighted url data ... tut tut

git-svn-id: file:///svn/phpbb/trunk@3077 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/viewtopic.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php
index c5c47d1c60..68c8b17a9a 100644
--- a/phpBB/viewtopic.php
+++ b/phpBB/viewtopic.php
@@ -276,7 +276,7 @@ $highlight_match = '';
 if (isset($_GET['highlight']))
 {
 	// Split words and phrases
-	$words = explode(' ', trim(urldecode($_GET['highlight'])));
+	$words = explode(' ', trim(htmlspecialchars(urldecode($_GET['highlight']))));
 
 	foreach ($words as $word)
 	{
@@ -300,7 +300,7 @@ $topic_mod .= ($auth->acl_gets('m_split', 'a_', $forum_id)) ? '<option value="sp
 $topic_mod .= ($auth->acl_gets('m_merge', 'a_', $forum_id)) ? '<option value="merge">' . $user->lang['Merge_topic'] . '</option>' : '';
 
 // If we've got a hightlight set pass it on to pagination.
-$pagination = ($highlight_match) ? generate_pagination("viewtopic.$phpEx$SID&amp;t=$topic_id&amp;postdays=$post_days&amp;postorder=$post_order&amp;highlight=" . $_GET['highlight'], $topic_replies, $config['posts_per_page'], $start) : generate_pagination("viewtopic.$phpEx$SID&amp;t=$topic_id&amp;postdays=$post_days&amp;postorder=$post_order", $topic_replies, $config['posts_per_page'], $start);
+$pagination = ($highlight_match) ? generate_pagination("viewtopic.$phpEx$SID&amp;t=$topic_id&amp;postdays=$post_days&amp;postorder=$post_order&amp;highlight=" . urlencode($_GET['highlight']), $topic_replies, $config['posts_per_page'], $start) : generate_pagination("viewtopic.$phpEx$SID&amp;t=$topic_id&amp;postdays=$post_days&amp;postorder=$post_order", $topic_replies, $config['posts_per_page'], $start);
 
 // Post, reply and other URL generation for
 // templating vars
@@ -429,7 +429,7 @@ $template->assign_vars(array(
 	'S_MOD_ACTION' 			=> "modcp.$phpEx$SID&amp;t=$topic_id",
 	'S_WATCH_TOPIC' 		=> $s_watching_topic,
 
-	'U_VIEW_TOPIC' 			=> "viewtopic.$phpEx$SID&amp;t=$topic_id&amp;start=$start&amp;postdays=$post_days&amp;postorder=$post_order&amp;highlight=" . $_GET['highlight'],
+	'U_VIEW_TOPIC' 			=> "viewtopic.$phpEx$SID&amp;t=$topic_id&amp;start=$start&amp;postdays=$post_days&amp;postorder=$post_order&amp;highlight=" . urlencode($_GET['highlight']),
 	'U_TOPIC'				=> $server_path . 'viewtopic.' . $phpEx  . '?t=' . $topic_id,
 	'U_FORUM'				=> $server_path,
 	'U_VIEW_FORUM' 			=> $view_forum_url,