This should be a better fix to not pass any bad characters into the $url.

author garvinhicking <garvinhicking>

Tue, 10 May 2005 10:11:05 +0000 (10:11 +0000)

committer garvinhicking <garvinhicking>

Tue, 10 May 2005 10:11:05 +0000 (10:11 +0000)
author garvinhicking <garvinhicking>
Tue, 10 May 2005 10:11:05 +0000 (10:11 +0000)
committer garvinhicking <garvinhicking>
Tue, 10 May 2005 10:11:05 +0000 (10:11 +0000)
diff --git a/include/functions.inc.php b/include/functions.inc.php

index 777835853821c531b90ec418f9ad9bfe34bb65de..3a13173f055a21f3fda52d6446969fc35f8d9ef6 100644 (file)
--- a/include/functions.inc.php
+++ b/include/functions.inc.php
@@ -655,9 +655,25 @@ function serendipity_currentURL() {
      }
      $uri['path'] = str_replace($serendipity['serendipityHTTPPath'], '', $uri['path']);
      $url = $serendipity['serendipityHTTPPath'] . $serendipity['indexFile'] . '?' . $uri['path'] . $qst;
-    $url = str_replace($serendipity['indexFile'] . '&amp;', '', $url); // Kill possible looped repitions which could occur
-
-    return strip_tags($url);
+    $url = str_replace(
+        array(
+            $serendipity['indexFile'] . '&amp;', 
+            '"',
+            "'",
+            '<',
+            '>'
+        ),
+        
+        array(
+            '',
+            '',
+            '',
+            ''
+        ),
+        
+        $url); // Kill possible looped repitions and bad characters which could occur
+
+    return $url;
  }
  
  function serendipity_getUriArguments($uri, $wildcard = false) {
author	garvinhicking <garvinhicking>
	Tue, 10 May 2005 10:11:05 +0000 (10:11 +0000)
committer	garvinhicking <garvinhicking>
	Tue, 10 May 2005 10:11:05 +0000 (10:11 +0000)