From a00b84e864ed3b855f7ee2be5d9d76688dc05bb0 Mon Sep 17 00:00:00 2001
From: "Andrew Davis (andyjdavis)" <andrew@moodle.com>
Date: Mon, 12 Sep 2011 21:23:22 +0800
Subject: [PATCH] MDL-28725 wiki: added urlencode around the section variable
 when it is being used to construct URLs

---
 mod/wiki/pagelib.php | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/mod/wiki/pagelib.php b/mod/wiki/pagelib.php
index 0ad777b0fe8e3..dd64702128e22 100644
--- a/mod/wiki/pagelib.php
+++ b/mod/wiki/pagelib.php
@@ -477,7 +477,7 @@ protected function check_locks() {
                 $params = 'pageid=' . $this->page->id;
 
                 if ($this->section) {
-                    $params .= '&section=' . $this->section;
+                    $params .= '&section=' . urlencode($this->section);
                 }
 
                 $form = '<form method="post" action="' . $CFG->wwwroot . '/mod/wiki/overridelocks.php?' . $params . '">';
@@ -523,7 +523,7 @@ protected function print_edit($content = null) {
 
         $url = $CFG->wwwroot . '/mod/wiki/edit.php?pageid=' . $this->page->id;
         if (!empty($this->section)) {
-            $url .= "&section=" . $this->section;
+            $url .= "&section=" . urlencode($this->section);
         }
 
         $params = array('attachmentoptions' => page_wiki_edit::$attachmentoptions, 'format' => $version->contentformat, 'version' => $versionnumber, 'pagetitle'=>$this->page->title);
@@ -990,7 +990,7 @@ protected function print_preview() {
 
         $url = $CFG->wwwroot . '/mod/wiki/edit.php?pageid=' . $this->page->id;
         if (!empty($this->section)) {
-            $url .= "&section=" . $this->section;
+            $url .= "&section=" . urlencode($this->section);
         }
         $params = array('attachmentoptions' => page_wiki_edit::$attachmentoptions, 'format' => $this->format, 'version' => $this->versionnumber);
 
@@ -1980,7 +1980,7 @@ protected function print_save() {
 
         $url = $CFG->wwwroot . '/mod/wiki/edit.php?pageid=' . $this->page->id;
         if (!empty($this->section)) {
-            $url .= "&section=" . $this->section;
+            $url .= "&section=" . urlencode($this->section);
         }
 
         $params = array('attachmentoptions' => page_wiki_edit::$attachmentoptions, 'format' => $this->format, 'version' => $this->versionnumber);
@@ -2305,7 +2305,7 @@ function print_content() {
         $args = "pageid=" . $this->page->id;
 
         if (!empty($this->section)) {
-            $args .= "&section=" . $this->section;
+            $args .= "&section=" . urlencode($this->section);
         }
 
         redirect($CFG->wwwroot . '/mod/wiki/edit.php?' . $args, get_string('overridinglocks', 'wiki'), 2);
@@ -2334,7 +2334,7 @@ private function print_overridelocks() {
         $args = "pageid=" . $this->page->id;
 
         if (!empty($this->section)) {
-            $args .= "&section=" . $this->section;
+            $args .= "&section=" . urlencode($this->section);
         }
 
         redirect($CFG->wwwroot . '/mod/wiki/edit.php?' . $args, get_string('overridinglocks', 'wiki'), 2);