. "<script> var profile_uid = " . $_SESSION['uid']
. "; var netargs = '" . substr($a->cmd, 8)
. '?f='
- . ((x($_GET, 'cid')) ? '&cid=' . $_GET['cid'] : '')
- . ((x($_GET, 'search')) ? '&search=' . $_GET['search'] : '')
- . ((x($_GET, 'star')) ? '&star=' . $_GET['star'] : '')
- . ((x($_GET, 'order')) ? '&order=' . $_GET['order'] : '')
- . ((x($_GET, 'bmark')) ? '&bmark=' . $_GET['bmark'] : '')
- . ((x($_GET, 'liked')) ? '&liked=' . $_GET['liked'] : '')
- . ((x($_GET, 'conv')) ? '&conv=' . $_GET['conv'] : '')
- . ((x($_GET, 'nets')) ? '&nets=' . $_GET['nets'] : '')
- . ((x($_GET, 'cmin')) ? '&cmin=' . $_GET['cmin'] : '')
- . ((x($_GET, 'cmax')) ? '&cmax=' . $_GET['cmax'] : '')
- . ((x($_GET, 'file')) ? '&file=' . $_GET['file'] : '')
+ . ((x($_GET, 'cid')) ? '&cid=' . rawurlencode($_GET['cid']) : '')
+ . ((x($_GET, 'search')) ? '&search=' . rawurlencode($_GET['search']) : '')
+ . ((x($_GET, 'star')) ? '&star=' . rawurlencode($_GET['star']) : '')
+ . ((x($_GET, 'order')) ? '&order=' . rawurlencode($_GET['order']) : '')
+ . ((x($_GET, 'bmark')) ? '&bmark=' . rawurlencode($_GET['bmark']) : '')
+ . ((x($_GET, 'liked')) ? '&liked=' . rawurlencode($_GET['liked']) : '')
+ . ((x($_GET, 'conv')) ? '&conv=' . rawurlencode($_GET['conv']) : '')
+ . ((x($_GET, 'nets')) ? '&nets=' . rawurlencode($_GET['nets']) : '')
+ . ((x($_GET, 'cmin')) ? '&cmin=' . rawurlencode($_GET['cmin']) : '')
+ . ((x($_GET, 'cmax')) ? '&cmax=' . rawurlencode($_GET['cmax']) : '')
+ . ((x($_GET, 'file')) ? '&file=' . rawurlencode($_GET['file']) : '')
. "'; var profile_page = " . $pager->getPage() . "; </script>\r\n";
}
info('Item was not deleted');
}
- $a->internalRedirect('/network?f=&file=' . $term);
+ $a->internalRedirect('/network?f=&file=' . rawurlencode($term));
killme();
}
function saved_searches($search)
{
- $a = get_app();
-
$srchurl = '/network?f='
- . ((x($_GET, 'cid')) ? '&cid=' . $_GET['cid'] : '')
- . ((x($_GET, 'star')) ? '&star=' . $_GET['star'] : '')
- . ((x($_GET, 'bmark')) ? '&bmark=' . $_GET['bmark'] : '')
- . ((x($_GET, 'conv')) ? '&conv=' . $_GET['conv'] : '')
- . ((x($_GET, 'nets')) ? '&nets=' . $_GET['nets'] : '')
- . ((x($_GET, 'cmin')) ? '&cmin=' . $_GET['cmin'] : '')
- . ((x($_GET, 'cmax')) ? '&cmax=' . $_GET['cmax'] : '')
- . ((x($_GET, 'file')) ? '&file=' . $_GET['file'] : '');
+ . ((x($_GET, 'cid')) ? '&cid=' . rawurlencode($_GET['cid']) : '')
+ . ((x($_GET, 'star')) ? '&star=' . rawurlencode($_GET['star']) : '')
+ . ((x($_GET, 'bmark')) ? '&bmark=' . rawurlencode($_GET['bmark']) : '')
+ . ((x($_GET, 'conv')) ? '&conv=' . rawurlencode($_GET['conv']) : '')
+ . ((x($_GET, 'nets')) ? '&nets=' . rawurlencode($_GET['nets']) : '')
+ . ((x($_GET, 'cmin')) ? '&cmin=' . rawurlencode($_GET['cmin']) : '')
+ . ((x($_GET, 'cmax')) ? '&cmax=' . rawurlencode($_GET['cmax']) : '')
+ . ((x($_GET, 'file')) ? '&file=' . rawurlencode($_GET['file']) : '');
;
- $o = '';
-
$terms = DBA::select('search', ['id', 'term'], ['uid' => local_user()]);
$saved = [];
$o = Renderer::replaceMacros($tpl, [
'$title' => L10n::t('Saved Searches'),
'$add' => L10n::t('add'),
- '$searchbox' => HTML::search($search, 'netsearch-box', $srchurl, true),
+ '$searchbox' => HTML::search($search, 'netsearch-box', $srchurl),
'$saved' => $saved,
]);
'name' => "search-header",
'$title' => L10n::t("Search"),
'$title_size' => 3,
- '$content' => HTML::search($search,'search-box','search',((local_user()) ? true : false), false)
+ '$content' => HTML::search($search,'search-box','search', false)
]);
if (strpos($search,'#') === 0) {
*
* @return string Formatted HTML.
*/
- public static function search($s, $id = 'search-box', $url = 'search', $save = false, $aside = true)
+ public static function search($s, $id = 'search-box', $url = 'search', $aside = true)
{
$mode = 'text';