summaryrefslogtreecommitdiff
path: root/init.php
diff options
context:
space:
mode:
Diffstat (limited to 'init.php')
-rw-r--r--init.php12
1 files changed, 9 insertions, 3 deletions
diff --git a/init.php b/init.php
index 1a978ff..993723e 100644
--- a/init.php
+++ b/init.php
@@ -6,14 +6,20 @@ while ($old != $_SERVER['QUERY_STRING']) {
$old = $_SERVER['QUERY_STRING'];
$_SERVER['QUERY_STRING'] = urldecode($_SERVER['QUERY_STRING']);
}
-$_SERVER['QUERY_STRING'] = htmlentities($_SERVER['QUERY_STRING']);
+$_SERVER['QUERY_STRING'] =
+ str_replace('&', '&',
+ htmlspecialchars($_SERVER['QUERY_STRING'])
+ );
$old = '';
while ($old != $_SERVER['REQUEST_URI']) {
$old = $_SERVER['REQUEST_URI'];
$_SERVER['REQUEST_URI'] = urldecode($_SERVER['REQUEST_URI']);
}
-$_SERVER['REQUEST_URI'] = htmlentities($_SERVER['REQUEST_URI']);
+$_SERVER['REQUEST_URI'] =
+ str_replace('&', '&',
+ htmlspecialchars($_SERVER['REQUEST_URI'])
+ );
foreach ($_GET as $key => $val) {
$old = '';
@@ -21,5 +27,5 @@ foreach ($_GET as $key => $val) {
$old = $_GET[$key];
$_GET[$key] = urldecode($_GET[$key]);
}
- $_GET[$key] = htmlentities($_GET[$key]);
+ $_GET[$key] = htmlspecialchars($_GET[$key]);
}