mirror of
https://github.com/e107inc/e107.git
synced 2025-07-18 05:21:20 +02:00
#4661: Don't double-encode ampersand in e_form::thead()
I guessed the `filter_var(…, FILTER_SANITIZE_STRING)` intention
mentioned in 20882920a0
. I guessed wrong.
This fixes the guess to be just HTML tag removal.
Fixes: https://github.com/e107inc/e107/issues/4661
This commit is contained in:
@@ -4457,12 +4457,12 @@ var_dump($select_options);*/
|
||||
$tp = e107::getParser();
|
||||
$text = '';
|
||||
|
||||
$querypattern = $tp->filter($querypattern, 'str');
|
||||
$querypattern = strip_tags($querypattern);
|
||||
if(!$requeststr)
|
||||
{
|
||||
$requeststr = rawurldecode(e_QUERY);
|
||||
}
|
||||
$requeststr = $tp->filter($requeststr, 'str');
|
||||
$requeststr = strip_tags($requeststr);
|
||||
|
||||
// Recommended pattern: mode=list&field=[FIELD]&asc=[ASC]&from=[FROM]
|
||||
if(strpos($querypattern,'&')!==FALSE)
|
||||
|
Reference in New Issue
Block a user