diff options
| author | Erich Eckner <git@eckner.net> | 2019-03-20 15:52:50 +0100 |
|---|---|---|
| committer | Erich Eckner <git@eckner.net> | 2019-03-20 15:52:50 +0100 |
| commit | ea8659f141fd14165af05bd9cd06bf95919447f2 (patch) | |
| tree | d06577157be2ca829e1d4ce664e246a7312e2783 | |
| parent | 20ce345c1dc2905878ec1a9828a75813a63cfbd3 (diff) | |
| download | archweb32-ea8659f141fd14165af05bd9cd06bf95919447f2.tar.xz | |
init.php: do not try to decode %## - it should never appear in valid queries - simply delete it
| -rw-r--r-- | init.php | 37 |
1 files changed, 19 insertions, 18 deletions
@@ -1,31 +1,32 @@ <?php define("BASE", __DIR__); -$old = ''; -while ($old != $_SERVER['QUERY_STRING']) { - $old = $_SERVER['QUERY_STRING']; - $_SERVER['QUERY_STRING'] = urldecode($_SERVER['QUERY_STRING']); -} $_SERVER['QUERY_STRING'] = str_replace('&', '&', - htmlspecialchars($_SERVER['QUERY_STRING']) + htmlspecialchars( + preg_replace( + '/%.?.?/', '', + $_SERVER['QUERY_STRING'] + ) + ) ); -$old = ''; -while ($old != $_SERVER['REQUEST_URI']) { - $old = $_SERVER['REQUEST_URI']; - $_SERVER['REQUEST_URI'] = urldecode($_SERVER['REQUEST_URI']); -} $_SERVER['REQUEST_URI'] = str_replace('&', '&', - htmlspecialchars($_SERVER['REQUEST_URI']) + htmlspecialchars( + preg_replace( + '/%.?.?/', '', + $_SERVER['REQUEST_URI'] + ) + ) ); foreach ($_GET as $key => $val) { - $old = ''; - while ($old != $_GET[$key]) { - $old = $_GET[$key]; - $_GET[$key] = urldecode($_GET[$key]); - } - $_GET[$key] = htmlspecialchars($_GET[$key]); + $_GET[$key] = + htmlspecialchars( + preg_replace( + '/%.?.?/', '', + $_GET[$key] + ) + ); } |