[ticket/13280] Revert "Merge pull request #3107 from marc1706/ticket/13280"

This reverts commit a1b58d05d1, reversing
changes made to 0e772afb9d.

PHPBB3-13280

phpBB/phpbb/session.php

@@ -43,7 +43,7 @@ class session
 
 		// First of all, get the request uri...
 		$script_name = $symfony_request->getScriptName();
-		$args = explode('&', $symfony_request->getQueryString());
+		$args = explode('&', $symfony_request->getQueryString());
 
 		// If we are unable to get the script name we use REQUEST_URI as a failover and note it within the page array for easier support...
 		if (!$script_name)
@@ -61,8 +61,8 @@ class session
 
 		// Since some browser do not encode correctly we need to do this with some "special" characters...
 		// " -> %22, ' => %27, < -> %3C, > -> %3E
-		$find = array('"', "'", '<', '>', '&quot;', '&lt;', '&gt;');
-		$replace = array('%22', '%27', '%3C', '%3E', '%22', '%3C', '%3E');
+		$find = array('"', "'", '<', '>');
+		$replace = array('%22', '%27', '%3C', '%3E');
 
 		foreach ($args as $key => $argument)
 		{

phpBB/phpbb/symfony_request.php

@@ -30,12 +30,6 @@ class symfony_request extends Request
 			$type_cast_helper->set_var($value, $value, gettype($value), true);
 		};
 
-		// This function is meant for additional handling of server variables
-		$server_sanitizer = function(&$value, $key) use ($sanitizer) {
-			$sanitizer($value, $key);
-			$value = str_replace('&', '&', $value);
-		};
-
 		$get_parameters = $phpbb_request->get_super_global(\phpbb\request\request_interface::GET);
 		$post_parameters = $phpbb_request->get_super_global(\phpbb\request\request_interface::POST);
 		$server_parameters = $phpbb_request->get_super_global(\phpbb\request\request_interface::SERVER);
@@ -44,12 +38,10 @@ class symfony_request extends Request
 
 		array_walk_recursive($get_parameters, $sanitizer);
 		array_walk_recursive($post_parameters, $sanitizer);
+		array_walk_recursive($server_parameters, $sanitizer);
 		array_walk_recursive($files_parameters, $sanitizer);
 		array_walk_recursive($cookie_parameters, $sanitizer);
 
-		// Run special sanitizer for server superglobal
-		array_walk_recursive($server_parameters, $server_sanitizer);
-
 		parent::__construct($get_parameters, $post_parameters, array(), $cookie_parameters, $files_parameters, $server_parameters);
 	}
 }