diff options
-rw-r--r-- | engine/lib/api.php | 6 | ||||
-rw-r--r-- | engine/lib/elgglib.php | 10 | ||||
-rw-r--r-- | engine/lib/input.php | 2 | ||||
-rw-r--r-- | engine/lib/mb_wrapper.php | 21 | ||||
-rw-r--r-- | engine/lib/pagehandler.php | 2 | ||||
-rw-r--r-- | mod/search/views/default/search/listing.php | 4 |
6 files changed, 32 insertions, 13 deletions
diff --git a/engine/lib/api.php b/engine/lib/api.php index ffb1e16af..d123ff360 100644 --- a/engine/lib/api.php +++ b/engine/lib/api.php @@ -560,7 +560,7 @@ function include_post_data() { $postdata = get_post_data(); if (isset($postdata)) { - elgg_parse_str($postdata, $query_arr); + $query_arr = elgg_parse_str($postdata); if (is_array($query_arr)) { foreach($query_arr as $name => $val) { set_input($name, $val); @@ -1342,7 +1342,7 @@ function list_all_apis() { /** * The auth.gettoken API. * This API call lets a user log in, returning an authentication token which can be used - * to authenticate a user for a period of time. It is passed in future calls as the parameter + * to authenticate a user for a period of time. It is passed in future calls as the parameter * auth_token. * * @param string $username Username @@ -1439,7 +1439,7 @@ function service_handler($handler, $request) { // setup the input parameters since this comes through rewrite rule $query = substr($_SERVER['REQUEST_URI'], strpos($_SERVER['REQUEST_URI'], '?')+1); if (isset($query)) { - elgg_parse_str($query, $query_arr); + $query_arr = elgg_parse_str($query); if (is_array($query_arr)) { foreach($query_arr as $name => $val) { set_input($name, $val); diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php index 52b4ecf32..91334821d 100644 --- a/engine/lib/elgglib.php +++ b/engine/lib/elgglib.php @@ -943,11 +943,11 @@ function get_submenu() { $item_params = array(); if (isset($uri_info['query'])) { $uri_info['query'] = html_entity_decode($uri_info['query']); - elgg_parse_str($uri_info['query'], $uri_params); + $uri_params = elgg_parse_str($uri_info['query']); } if (isset($item_info['query'])) { $item_info['query'] = html_entity_decode($item_info['query']); - elgg_parse_str($item_info['query'], $item_params); + $item_params = elgg_parse_str($item_info['query']); } $uri_info['path'] = trim($uri_info['path'], '/'); @@ -2521,7 +2521,7 @@ function elgg_validate_action_url($link) { $url = parse_url($link); if (isset($url['query'])) { - elgg_parse_str($url['query'], $query); + $query = elgg_parse_str($url['query']); } else { $query = array(); } @@ -2550,7 +2550,7 @@ function elgg_http_remove_url_query_element($url, $element) { $url_array = parse_url($url); if (isset($url_array['query'])) { - elgg_parse_str($url_array['query'], $query); + $query = elgg_parse_str($url_array['query']); } else { // nothing to remove. Return original URL. return $url; @@ -2577,7 +2577,7 @@ function elgg_http_add_url_query_elements($url, array $elements) { $url_array = parse_url($url); if (isset($url_array['query'])) { - elgg_parse_str($url_array['query'], $query); + $query = elgg_parse_str($url_array['query']); } else { $query = array(); } diff --git a/engine/lib/input.php b/engine/lib/input.php index a4ab696cc..89bab5853 100644 --- a/engine/lib/input.php +++ b/engine/lib/input.php @@ -190,7 +190,7 @@ function autop($pee, $br = 1) { */ function elgg_set_input_from_uri() { $query = parse_url($_SERVER['REQUEST_URI'], PHP_URL_QUERY); - elgg_parse_str($query, $query_arr); + $query_arr = elgg_parse_str($query); if (is_array($query_arr)) { foreach($query_arr as $name => $val) { diff --git a/engine/lib/mb_wrapper.php b/engine/lib/mb_wrapper.php index 8bd9ddb8b..9aa4aac4c 100644 --- a/engine/lib/mb_wrapper.php +++ b/engine/lib/mb_wrapper.php @@ -6,6 +6,24 @@ if (is_callable('mb_internal_encoding')) { ini_set("mbstring.internal_encoding", 'UTF-8'); } +/** + * Parses a string using mb_parse_str() if available. + * NOTE: This differs from parse_str() by returning the results + * instead of placing them in the local scope! + * + * @param str $str + * @return array + */ +function elgg_parse_str($str) { + if (is_callable('mb_parse_str')) { + mb_parse_str($str, $results); + } else { + parse_str($str, $results); + } + + return $results; +} + // map string functions to their mb_str_func alternatives // and wrap them in elgg_str_fun() @@ -13,7 +31,8 @@ if (is_callable('mb_internal_encoding')) { // only will work with mb_* functions that take the same // params in the same order as their non-mb safe counterparts. $str_funcs = array( - 'parse_str', + // can't wrap parse_str() because of its 2nd parameter. + //'parse_str', 'split', 'stristr', 'strlen', diff --git a/engine/lib/pagehandler.php b/engine/lib/pagehandler.php index 792ead84f..8d0f9abee 100644 --- a/engine/lib/pagehandler.php +++ b/engine/lib/pagehandler.php @@ -24,7 +24,7 @@ function page_handler($handler, $page) { if (strpos($_SERVER['REQUEST_URI'], '?') !== FALSE) { $query = substr($_SERVER['REQUEST_URI'], strpos($_SERVER['REQUEST_URI'], '?') + 1); if (isset($query)) { - elgg_parse_str($query, $query_arr); + $query_arr = elgg_parse_str($query); if (is_array($query_arr)) { foreach($query_arr as $name => $val) { set_input($name, $val); diff --git a/mod/search/views/default/search/listing.php b/mod/search/views/default/search/listing.php index 5142e1fe5..8825b7e8d 100644 --- a/mod/search/views/default/search/listing.php +++ b/mod/search/views/default/search/listing.php @@ -15,7 +15,7 @@ if (!is_array($entities) || !count($entities)) { return FALSE; } -$query = htmlspecialchars(http_build_query( +$query = http_build_query( array( 'q' => $vars['params']['query'], 'entity_type' => $vars['params']['type'], @@ -25,7 +25,7 @@ $query = htmlspecialchars(http_build_query( 'search_type' => $vars['params']['search_type'], //@todo include vars for sorting, order, and friend-only. ) -)); +); $url = "{$vars['url']}pg/search?$query"; |