diff --git a/core/timeline_inc.php b/core/timeline_inc.php index 4de924c8d0..f8db3e6b5b 100644 --- a/core/timeline_inc.php +++ b/core/timeline_inc.php @@ -47,6 +47,18 @@ $t_block_icon = $t_collapse_block ? 'fa-chevron-down' : 'fa-chevron-up'; $t_url_page = string_sanitize_url( basename( $_SERVER['SCRIPT_NAME'] ) ); +# Timeline shows shows next/prev buttons that reload the page with new timeline parameters +# we must preserve parent script query parameters +$t_url_params = array(); +if( !empty( $_GET ) ) { + # Sanitize request values to avoid xss + foreach( $_GET as $t_key => $t_value ) { + $t_url_params[$t_key] = htmlspecialchars( $t_value ); + } +} +# clear timeline own parameters, which will be added later as needed +unset( $t_url_params['days'] ); +unset( $t_url_params['all'] ); ?>