From b0f3ab4e0af8981ca066a54e5e0d2ea508ac8ac3 Mon Sep 17 00:00:00 2001
From: stickz <stickman002@mail.com>
Date: Thu, 27 Apr 2023 12:02:00 -0400
Subject: [PATCH] Resolve URL encoding bug

Closes #2495
---
 js/rtorrent.js | 3 ++-
 js/webui.js    | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/js/rtorrent.js b/js/rtorrent.js
index f8a76492e..6ec23db9b 100644
--- a/js/rtorrent.js
+++ b/js/rtorrent.js
@@ -317,7 +317,8 @@ rTorrentStub.prototype.list = function()
 
 rTorrentStub.prototype.setuisettings = function()
 {
-	this.content = "v="+encodeURIComponent(this.vs[0]);
+	// encodeURIComponent is called inside webui.js to avoid injection
+	this.content = "v="+this.vs[0];
 	this.mountPoint = theURLs.SetSettingsURL;
 	this.contentType = "application/x-www-form-urlencoded";
 	this.dataType = "text";
diff --git a/js/webui.js b/js/webui.js
index 9d552a78f..68270b05e 100644
--- a/js/webui.js
+++ b/js/webui.js
@@ -915,7 +915,8 @@ var theWebUI =
 			if((/^webui\./).test(i))
 				cookie[i] = v;
 		}
-		theWebUI.request("?action=setuisettings&v=" + JSON.stringify(cookie),reply);
+		// We must encode the URL here to avoid injection with the "&" symbol from search results
+		theWebUI.request("?action=setuisettings&v=" + encodeURIComponent(JSON.stringify(cookie),reply));
 	},
 
 //