Skip to content
Permalink
Browse files

adding defenses against urls with params that have no =

fixing mising quotes in preg_replace call.
  • Loading branch information
padams
padams committed May 11, 2012
1 parent d1b625c commit 149f3d3072ca0883110f63cbd9b968b4ef0ae51d
Showing with 12 additions and 4 deletions.
  1. +1 −1 modules/base/js/owa.tracker-combined-min.js
  2. +1 −1 owa_httpRequest.php
  3. +10 −2 owa_lib.php

Some generated files are not rendered by default. Learn more.

@@ -259,7 +259,7 @@ function strip_selected_tags($str, $tags = array(), $stripContent = false) {
$pattern = sprintf('#(<%s.*?>)(.*?)(<\/%s.*?>)#is', preg_quote($tag), preg_quote($tag));
$str = preg_replace($pattern,"",$str);
}
$str = preg_replace($pattern, ${2},$str);
$str = preg_replace($pattern, '${2}',$str);
}

return $str;
@@ -1172,8 +1172,16 @@ public static function parse_url( $url ) {
$arr = array();

foreach( $var as $val ) {
$x = explode('=', $val);
$arr[$x[0]] = urldecode($x[1]);

if ( strpos($val, '=') ) {
$x = explode('=', $val);

if ( isset( $x[1] ) ) {
$arr[$x[0]] = urldecode($x[1]);
}
} else {
$arr[$val] = '';
}
}
unset($val, $x, $var);

0 comments on commit 149f3d3

Please sign in to comment.
You can’t perform that action at this time.