From dc0c3efda56f3e6b731dc9eb9b3d42c726f28878 Mon Sep 17 00:00:00 2001
From: garvinhicking <garvinhicking>
Date: Tue, 10 May 2005 10:11:05 +0000
Subject: [PATCH] This should be a better fix to not pass any bad characters
 into the $url. Anyone care to check? :)

---
 include/functions.inc.php | 22 +++++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/include/functions.inc.php b/include/functions.inc.php
index b154344..feb4e38 100644
--- a/include/functions.inc.php
+++ b/include/functions.inc.php
@@ -655,9 +655,25 @@ function serendipity_currentURL() {
     }
     $uri['path'] = str_replace($serendipity['serendipityHTTPPath'], '', $uri['path']);
     $url = $serendipity['serendipityHTTPPath'] . $serendipity['indexFile'] . '?' . $uri['path'] . $qst;
-    $url = str_replace($serendipity['indexFile'] . '&amp;', '', $url); // Kill possible looped repitions which could occur
-
-    return strip_tags($url);
+    $url = str_replace(
+        array(
+            $serendipity['indexFile'] . '&amp;', 
+            '"',
+            "'",
+            '<',
+            '>'
+        ),
+        
+        array(
+            '',
+            '',
+            '',
+            ''
+        ),
+        
+        $url); // Kill possible looped repitions and bad characters which could occur
+
+    return $url;
 }
 
 function serendipity_getUriArguments($uri, $wildcard = false) {
-- 
2.39.5