diff options
| author | cweiske <cweiske@b3834d28-1941-0410-a4f8-b48e95affb8f> | 2009-10-27 19:58:54 +0000 |
|---|---|---|
| committer | cweiske <cweiske@b3834d28-1941-0410-a4f8-b48e95affb8f> | 2009-10-27 19:58:54 +0000 |
| commit | f24a387cc95661ed724d4a51651a96a0f1b8c488 (patch) | |
| tree | 972c61dd832f597ae046f6cf0c4fb99e9ee77920 /src/SemanticScuttle/functions.php | |
| parent | af157c6bb72518f8ee3096f6370c920ef9b965a3 (diff) | |
| download | semanticscuttle-f24a387cc95661ed724d4a51651a96a0f1b8c488.tar.gz semanticscuttle-f24a387cc95661ed724d4a51651a96a0f1b8c488.tar.bz2 | |
Move URL redirection from URL to session parameter
git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@433 b3834d28-1941-0410-a4f8-b48e95affb8f
Diffstat (limited to 'src/SemanticScuttle/functions.php')
| -rw-r--r-- | src/SemanticScuttle/functions.php | 7 |
1 files changed, 1 insertions, 6 deletions
diff --git a/src/SemanticScuttle/functions.php b/src/SemanticScuttle/functions.php index 8823752..c03b3e0 100644 --- a/src/SemanticScuttle/functions.php +++ b/src/SemanticScuttle/functions.php @@ -95,8 +95,6 @@ function createURL($page = '', $ending = '') { /** * Creates a "vote for/against this bookmark" URL. * Also runs htmlspecialchars() on them to prevent XSS. - * We need to use ENT_QUOTES since otherwise we would not be - * protected when the attribute is used in single quotes. * * @param boolean $for For the bookmark (true) or against (false) * @param integer $bId Bookmark ID @@ -105,14 +103,11 @@ function createURL($page = '', $ending = '') { */ function createVoteURL($for, $bId) { - //FIXME: we need a "current url" variable that is - //filled with a safe version of the current url. - //all this specialchars stuff is bit of a hack. return htmlspecialchars( createURL( 'vote', ($for ? 'for' : 'against') . '/' . $bId - ) . '?from=' . urlencode($_SERVER['REQUEST_URI']), + ), ENT_QUOTES ); } |