Permalink
Browse files

adding defenses against urls with params that have no =

fixing mising quotes in preg_replace call.
  • Loading branch information...
padams
padams committed May 11, 2012
1 parent d1b625c commit 149f3d3072ca0883110f63cbd9b968b4ef0ae51d
Showing with 12 additions and 4 deletions.
  1. +1 −1 modules/base/js/owa.tracker-combined-min.js
  2. +1 −1 owa_httpRequest.php
  3. +10 −2 owa_lib.php

Some generated files are not rendered by default. Learn more.

Oops, something went wrong.
View
@@ -259,7 +259,7 @@ function strip_selected_tags($str, $tags = array(), $stripContent = false) {
$pattern = sprintf('#(<%s.*?>)(.*?)(<\/%s.*?>)#is', preg_quote($tag), preg_quote($tag));
$str = preg_replace($pattern,"",$str);
}
- $str = preg_replace($pattern, ${2},$str);
+ $str = preg_replace($pattern, '${2}',$str);
}
return $str;
View
@@ -1172,8 +1172,16 @@ public static function parse_url( $url ) {
$arr = array();
foreach( $var as $val ) {
- $x = explode('=', $val);
- $arr[$x[0]] = urldecode($x[1]);
+
+ if ( strpos($val, '=') ) {
+ $x = explode('=', $val);
+
+ if ( isset( $x[1] ) ) {
+ $arr[$x[0]] = urldecode($x[1]);
+ }
+ } else {
+ $arr[$val] = '';
+ }
}
unset($val, $x, $var);

0 comments on commit 149f3d3

Please sign in to comment.