From c23d1b27763f6e0a9b45264f85dde23df3f87e13 Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Fri, 23 Nov 2018 10:02:30 -0500 Subject: [PATCH] Urlencode /network file parameter --- include/conversation.php | 22 +++++++++++----------- mod/filerm.php | 2 +- mod/network.php | 17 ++++++++--------- 3 files changed, 20 insertions(+), 21 deletions(-) diff --git a/include/conversation.php b/include/conversation.php index 1b7b34e71a..2d613f0f38 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -462,17 +462,17 @@ function conversation(App $a, array $items, Pager $pager, $mode, $update, $previ . "\r\n"; } diff --git a/mod/filerm.php b/mod/filerm.php index 30a7f69df9..d240c2d6a7 100644 --- a/mod/filerm.php +++ b/mod/filerm.php @@ -36,6 +36,6 @@ function filerm_content(App $a) info('Item was not deleted'); } - $a->internalRedirect('/network?f=&file=' . $term); + $a->internalRedirect('/network?f=&file=' . rawurlencode($term)); killme(); } diff --git a/mod/network.php b/mod/network.php index 5bc5913cdb..594a557997 100644 --- a/mod/network.php +++ b/mod/network.php @@ -170,16 +170,15 @@ function network_init(App $a) function saved_searches($search) { - $srchurl = '/network?f=' - . ((x($_GET, 'cid')) ? '&cid=' . $_GET['cid'] : '') - . ((x($_GET, 'star')) ? '&star=' . $_GET['star'] : '') - . ((x($_GET, 'bmark')) ? '&bmark=' . $_GET['bmark'] : '') - . ((x($_GET, 'conv')) ? '&conv=' . $_GET['conv'] : '') - . ((x($_GET, 'nets')) ? '&nets=' . $_GET['nets'] : '') - . ((x($_GET, 'cmin')) ? '&cmin=' . $_GET['cmin'] : '') - . ((x($_GET, 'cmax')) ? '&cmax=' . $_GET['cmax'] : '') - . ((x($_GET, 'file')) ? '&file=' . $_GET['file'] : ''); + . ((x($_GET, 'cid')) ? '&cid=' . rawurlencode($_GET['cid']) : '') + . ((x($_GET, 'star')) ? '&star=' . rawurlencode($_GET['star']) : '') + . ((x($_GET, 'bmark')) ? '&bmark=' . rawurlencode($_GET['bmark']) : '') + . ((x($_GET, 'conv')) ? '&conv=' . rawurlencode($_GET['conv']) : '') + . ((x($_GET, 'nets')) ? '&nets=' . rawurlencode($_GET['nets']) : '') + . ((x($_GET, 'cmin')) ? '&cmin=' . rawurlencode($_GET['cmin']) : '') + . ((x($_GET, 'cmax')) ? '&cmax=' . rawurlencode($_GET['cmax']) : '') + . ((x($_GET, 'file')) ? '&file=' . rawurlencode($_GET['file']) : ''); ; $terms = DBA::select('search', ['id', 'term'], ['uid' => local_user()]); -- 2.39.5