From 983038769541e74a04cc4a2063bb53b04cb89e23 Mon Sep 17 00:00:00 2001
From: brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Tue, 20 Apr 2010 20:25:47 +0000
Subject: Merge previous to trunk.

git-svn-id: http://code.elgg.org/elgg/trunk@5816 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 engine/lib/elgglib.php | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'engine/lib/elgglib.php')

diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php
index 77cc0d3a1..8bb7ff39e 100644
--- a/engine/lib/elgglib.php
+++ b/engine/lib/elgglib.php
@@ -249,6 +249,11 @@ function elgg_view($view, $vars = array(), $bypass = false, $debug = false, $vie
 		$viewtype = elgg_get_viewtype();
 	}
 
+	// Viewtypes can only be alphanumeric 
+	if (preg_match('[\W]', $viewtype)) {
+		return ''; 
+	} 
+
 	// Set up any extensions to the requested view
 	if (isset($CONFIG->views->extensions[$view])) {
 		$viewlist = $CONFIG->views->extensions[$view];
@@ -2396,7 +2401,11 @@ function full_url() {
 	$s = empty($_SERVER["HTTPS"]) ? '' : ($_SERVER["HTTPS"] == "on") ? "s" : "";
 	$protocol = substr(strtolower($_SERVER["SERVER_PROTOCOL"]), 0, strpos(strtolower($_SERVER["SERVER_PROTOCOL"]), "/")) . $s;
 	$port = ($_SERVER["SERVER_PORT"] == "80" || $_SERVER["SERVER_PORT"] == "443") ? "" : (":".$_SERVER["SERVER_PORT"]);
-	return $protocol . "://" . $_SERVER['SERVER_NAME'] . $port . $_SERVER['REQUEST_URI'];
+
+	$quotes = array('\'', '"'); 
+	$encoded = array('%27', '%22'); 
+
+	return $protocol . "://" . $_SERVER['SERVER_NAME'] . $port . str_replace($quotes, $encoded, $_SERVER['REQUEST_URI']); 
 }
 
 /**
-- 
cgit v1.2.3