From: garvinhicking <garvinhicking>
Date: Tue, 10 May 2005 10:11:05 +0000 (+0000)
Subject: This should be a better fix to not pass any bad characters into the $url.
X-Git-Tag: 0.8.1~15
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=0ed36214a1303d37cbdabc0aed35959b3bcb69ee;p=s9y.git

This should be a better fix to not pass any bad characters into the $url.
Anyone care to check? :)
---

diff --git a/include/functions.inc.php b/include/functions.inc.php
index 7778358..3a13173 100644
--- a/include/functions.inc.php
+++ b/include/functions.inc.php
@@ -655,9 +655,25 @@ function serendipity_currentURL() {
     }
     $uri['path'] = str_replace($serendipity['serendipityHTTPPath'], '', $uri['path']);
     $url = $serendipity['serendipityHTTPPath'] . $serendipity['indexFile'] . '?' . $uri['path'] . $qst;
-    $url = str_replace($serendipity['indexFile'] . '&amp;', '', $url); // Kill possible looped repitions which could occur
-
-    return strip_tags($url);
+    $url = str_replace(
+        array(
+            $serendipity['indexFile'] . '&amp;', 
+            '"',
+            "'",
+            '<',
+            '>'
+        ),
+        
+        array(
+            '',
+            '',
+            '',
+            ''
+        ),
+        
+        $url); // Kill possible looped repitions and bad characters which could occur
+
+    return $url;
 }
 
 function serendipity_getUriArguments($uri, $wildcard = false) {