Permalink
Browse files

Clean only urls that contain disallowed parameters so that other urls…

… are left unchanged. (#407)
  • Loading branch information...
bramley authored and samtuke committed Sep 28, 2018
1 parent 7ec8ab7 commit 616e8df0c02549eae42d3d902fe03b037b13aa03
Showing with 6 additions and 0 deletions.
  1. +6 −0 public_html/lists/admin/lib.php
@@ -1385,6 +1385,12 @@ function parseQueryString($str)
function cleanUrl($url, $disallowed_params = array('PHPSESSID'))
{
// process url only if it contains a disallowed parameter
$pattern = sprintf('/(%s)=/', implode('|', $disallowed_params));
if (!preg_match($pattern, $url)) {
return htmlspecialchars_decode($url);
}
$parsed = @parse_url($url);
$params = array();
if (empty($parsed['query'])) {

0 comments on commit 616e8df

Please sign in to comment.