diff options
| author | friendica <info@friendica.com> | 2014-09-06 03:11:07 -0700 |
|---|---|---|
| committer | friendica <info@friendica.com> | 2014-09-06 03:11:07 -0700 |
| commit | 8cbeeb09da93c3e6515f532c4e42ca558538ef5d (patch) | |
| tree | 246f85c14a67914ce0f366c7eb3fb6c9ce0d8420 | |
| parent | b9f221637bc98cc64bcbc6becb4ffa4a2706cb87 (diff) | |
| download | volse-hubzilla-8cbeeb09da93c3e6515f532c4e42ca558538ef5d.tar.gz volse-hubzilla-8cbeeb09da93c3e6515f532c4e42ca558538ef5d.tar.bz2 volse-hubzilla-8cbeeb09da93c3e6515f532c4e42ca558538ef5d.zip | |
extra_query_args() restricted to $_GET only. $_REQUEST was adding cookies and this is undesired and potentially a security issue.
| -rw-r--r-- | include/text.php | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/include/text.php b/include/text.php index 4fe9f9cde..097b02bbc 100644 --- a/include/text.php +++ b/include/text.php @@ -2033,13 +2033,14 @@ function normalise_openid($s) { return trim(str_replace(array('http://','https://'),array('',''),$s),'/'); } -// used in ajax endless scroll request to find out all the args that the master page was viewing - +// used in ajax endless scroll request to find out all the args that the master page was viewing. +// This was using $_REQUEST, but $_REQUEST also contains all your cookies. So we're restricting it +// to $_GET. If this is used in a post handler, that decision may need to be considered. function extra_query_args() { $s = ''; - if(count($_REQUEST)) { - foreach($_REQUEST as $k => $v) { + if(count($_GET)) { + foreach($_GET as $k => $v) { // these are request vars we don't want to duplicate if(! in_array($k, array('q','f','zid','page','PHPSESSID'))) { $s .= '&' . $k . '=' . $v; |