aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2014-09-06 03:11:07 -0700
committerfriendica <info@friendica.com>2014-09-06 03:11:07 -0700
commit8cbeeb09da93c3e6515f532c4e42ca558538ef5d (patch)
tree246f85c14a67914ce0f366c7eb3fb6c9ce0d8420
parentb9f221637bc98cc64bcbc6becb4ffa4a2706cb87 (diff)
downloadvolse-hubzilla-8cbeeb09da93c3e6515f532c4e42ca558538ef5d.tar.gz
volse-hubzilla-8cbeeb09da93c3e6515f532c4e42ca558538ef5d.tar.bz2
volse-hubzilla-8cbeeb09da93c3e6515f532c4e42ca558538ef5d.zip
extra_query_args() restricted to $_GET only. $_REQUEST was adding cookies and this is undesired and potentially a security issue.
-rw-r--r--include/text.php9
1 files changed, 5 insertions, 4 deletions
diff --git a/include/text.php b/include/text.php
index 4fe9f9cde..097b02bbc 100644
--- a/include/text.php
+++ b/include/text.php
@@ -2033,13 +2033,14 @@ function normalise_openid($s) {
return trim(str_replace(array('http://','https://'),array('',''),$s),'/');
}
-// used in ajax endless scroll request to find out all the args that the master page was viewing
-
+// used in ajax endless scroll request to find out all the args that the master page was viewing.
+// This was using $_REQUEST, but $_REQUEST also contains all your cookies. So we're restricting it
+// to $_GET. If this is used in a post handler, that decision may need to be considered.
function extra_query_args() {
$s = '';
- if(count($_REQUEST)) {
- foreach($_REQUEST as $k => $v) {
+ if(count($_GET)) {
+ foreach($_GET as $k => $v) {
// these are request vars we don't want to duplicate
if(! in_array($k, array('q','f','zid','page','PHPSESSID'))) {
$s .= '&' . $k . '=' . $v;