aboutsummaryrefslogtreecommitdiff
path: root/engine/lib
diff options
context:
space:
mode:
authorbrettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>2010-04-20 20:25:47 +0000
committerbrettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>2010-04-20 20:25:47 +0000
commit983038769541e74a04cc4a2063bb53b04cb89e23 (patch)
tree0a2884cdbd0f672caaeecb351e7df79099ed9bd0 /engine/lib
parent970048280219ea6449c42d300dd20b5ece18adc7 (diff)
downloadelgg-983038769541e74a04cc4a2063bb53b04cb89e23.tar.gz
elgg-983038769541e74a04cc4a2063bb53b04cb89e23.tar.bz2
Merge previous to trunk.
git-svn-id: http://code.elgg.org/elgg/trunk@5816 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine/lib')
-rw-r--r--engine/lib/elgglib.php11
1 files changed, 10 insertions, 1 deletions
diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php
index 77cc0d3a1..8bb7ff39e 100644
--- a/engine/lib/elgglib.php
+++ b/engine/lib/elgglib.php
@@ -249,6 +249,11 @@ function elgg_view($view, $vars = array(), $bypass = false, $debug = false, $vie
$viewtype = elgg_get_viewtype();
}
+ // Viewtypes can only be alphanumeric
+ if (preg_match('[\W]', $viewtype)) {
+ return '';
+ }
+
// Set up any extensions to the requested view
if (isset($CONFIG->views->extensions[$view])) {
$viewlist = $CONFIG->views->extensions[$view];
@@ -2396,7 +2401,11 @@ function full_url() {
$s = empty($_SERVER["HTTPS"]) ? '' : ($_SERVER["HTTPS"] == "on") ? "s" : "";
$protocol = substr(strtolower($_SERVER["SERVER_PROTOCOL"]), 0, strpos(strtolower($_SERVER["SERVER_PROTOCOL"]), "/")) . $s;
$port = ($_SERVER["SERVER_PORT"] == "80" || $_SERVER["SERVER_PORT"] == "443") ? "" : (":".$_SERVER["SERVER_PORT"]);
- return $protocol . "://" . $_SERVER['SERVER_NAME'] . $port . $_SERVER['REQUEST_URI'];
+
+ $quotes = array('\'', '"');
+ $encoded = array('%27', '%22');
+
+ return $protocol . "://" . $_SERVER['SERVER_NAME'] . $port . str_replace($quotes, $encoded, $_SERVER['REQUEST_URI']);
}
/**