// Is it already cached?
if (!isset($GLOBALS['sql_strings']['' . $sqlString . ''])) {
- // Compile URI codes+config+expression code
- $sqlString2 = FILTER_COMPILE_EXPRESSION_CODE(FILTER_COMPILE_CONFIG(compileUriCode($sqlString)));
+ // Preserve escaping and compile URI codes+config+expression code
+ $sqlString2 = FILTER_COMPILE_EXPRESSION_CODE(FILTER_COMPILE_CONFIG($sqlString));
// Debug message
//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'sqlString2=' . $sqlString2);
- // Do final compilation
+ // Do final compilation and revert {ESCAPE}
$GLOBALS['sql_strings']['' . $sqlString . ''] = doFinalCompilation($sqlString2, FALSE, $enableCodes);
} else {
// Log message
// Generate arrays which holds the relevante chars to replace
$GLOBALS['security_chars'] = array(
// The chars we are looking for...
- 'from' => array('/', '.', chr(39), '$', '(', ')', '{--', '--}', '{?', '?}', '%', ';', '[', ']', ':', '--', chr(92)),
+ 'from' => array('/', '.', chr(39), '$', '(', ')', '{--', '--}', '{?', '?}', '%', ';', '[', ']', ':', '--', chr(92), chr(39)),
// ... and we will replace to.
'to' => array(
'{SLASH}',
'{CLOSE_INDEX}',
'{DBL_DOT}',
'{COMMENT}',
- '{BACKSLASH}'
+ '{BACKSLASH}',
+ '{SQUOTE}'
),
);
/*
- * Characters allowed in URLs
+ * Characters allowed in booked URLs
*
* Note: Do not replace 'to' with 'from' and vise-versa! When you do this all booked URLs will be
* rejected because of the {SLASH}, {DOT} and all below listed items inside the URL.