mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-01-17 20:58:30 +01:00
Code Issues Releases Wiki Activity

#4661: Don't double-encode ampersand in e_form::thead()

Browse Source 
I guessed the `filter_var(…, FILTER_SANITIZE_STRING)` intention
mentioned in 20882920a0b68937570264949512acc0c4841dbd.  I guessed wrong.
This fixes the guess to be just HTML tag removal.

Fixes: https://github.com/e107inc/e107/issues/4661
This commit is contained in:
Nick Liu 2022-01-17 13:20:34 +01:00
parent f1a2f2e768
commit 754c29d230
No known key found for this signature in database
GPG Key ID: 1167C5F9C9897637
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
e107_handlers/form_handler.php
View File

@ -4457,12 +4457,12 @@ var_dump($select_options);*/
$tp = e107::getParser(); $tp = e107::getParser();
$text = ''; $text = '';
$querypattern = $tp->filter($querypattern, 'str'); $querypattern = strip_tags($querypattern);
if(!$requeststr) if(!$requeststr)
{ {
$requeststr = rawurldecode(e_QUERY); $requeststr = rawurldecode(e_QUERY);
} }
$requeststr = $tp->filter($requeststr, 'str'); $requeststr = strip_tags($requeststr);
// Recommended pattern: mode=list&field=[FIELD]&asc=[ASC]&from=[FROM] // Recommended pattern: mode=list&field=[FIELD]&asc=[ASC]&from=[FROM]
if(strpos($querypattern,'&')!==FALSE) if(strpos($querypattern,'&')!==FALSE)