Some fixes:

- also check REQUEST_URI array element as QUERY_STRING may not be always set
- only sanitize when string is not empty

Signed-off-by: Roland Häder <rhaeder@cho-time.de>

diff --git a/libs/lib_general.php b/libs/lib_general.php
index f4b956ef385fed6d09cdd4030f86ce9402c47fdc..1b2b886c4e3dfaacf8c7d0145ba9d54241b158fe 100644 (file)
--- a/libs/lib_general.php
+++ b/libs/lib_general.php
@@ -191,12 +191,15 @@ function crackerTrackerQueryString ($sanitize = FALSE) {
 
        // Is it there?
        if (!empty($_SERVER['QUERY_STRING'])) {
-               // Return NULL
+               // Get string escaped
                $query = crackerTrackerEscapeString(urldecode($_SERVER['QUERY_STRING']));
-       } // END - if
+       } elseif (!empty($_SERVER['REQUEST_URI'])) {
+               // Get string escaped
+               $query = crackerTrackerEscapeString(urldecode($_SERVER['REQUEST_URI']));
+       }
 
        // Sanitize it?
-       if ($sanitize === TRUE) {
+       if ((!empty($query)) && ($sanitize === TRUE)) {
                // Sanitize ...
                $query = crackerTrackerSanitize($query);
        } // END - if