Skip to content

Commit

Permalink
#4661: Don't double-encode ampersand in e_form::thead()
Browse files Browse the repository at this point in the history 
I guessed the `filter_var(…, FILTER_SANITIZE_STRING)` intention
mentioned in 2088292.  I guessed wrong.
This fixes the guess to be just HTML tag removal.

Fixes: #4661
  • Loading branch information
@Deltik
Deltik committed Jan 17, 2022
1 parent f1a2f2e commit 754c29d
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions e107_handlers/form_handler.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4457,12 +4457,12 @@ public function thead($fieldarray, $columnPref = array(), $querypattern = '', $r
$tp = e107::getParser();
$text = '';

$querypattern = $tp->filter($querypattern, 'str');
$querypattern = strip_tags($querypattern);
if(!$requeststr)
{
$requeststr = rawurldecode(e_QUERY);
}
$requeststr = $tp->filter($requeststr, 'str');
$requeststr = strip_tags($requeststr);

// Recommended pattern: mode=list&field=[FIELD]&asc=[ASC]&from=[FROM]
if(strpos($querypattern,'&')!==FALSE)
Expand Down

0 comments on commit 754c29d

Please sign in to comment.