From c649882fd9802ed34c60a99ac3b7cae767189690 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Wed, 10 Aug 2016 09:47:09 +0200 Subject: [PATCH] Some fixes: - also check REQUEST_URI array element as QUERY_STRING may not be always set - only sanitize when string is not empty MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Signed-off-by: Roland Häder --- libs/lib_general.php | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/libs/lib_general.php b/libs/lib_general.php index f4b956e..1b2b886 100644 --- a/libs/lib_general.php +++ b/libs/lib_general.php @@ -191,12 +191,15 @@ function crackerTrackerQueryString ($sanitize = FALSE) { // Is it there? if (!empty($_SERVER['QUERY_STRING'])) { - // Return NULL + // Get string escaped $query = crackerTrackerEscapeString(urldecode($_SERVER['QUERY_STRING'])); - } // END - if + } elseif (!empty($_SERVER['REQUEST_URI'])) { + // Get string escaped + $query = crackerTrackerEscapeString(urldecode($_SERVER['REQUEST_URI'])); + } // Sanitize it? - if ($sanitize === TRUE) { + if ((!empty($query)) && ($sanitize === TRUE)) { // Sanitize ... $query = crackerTrackerSanitize($query); } // END - if -- 2.39.5